198 - Principle of Open Design
“The design should not be secret” — Smart contracts are expected to be open-sourced and accessible to everyone.
Security by obscurity of code or underlying algorithms is not an option.
Security should be derived from the strength of the design and implementation under the assumption that (byzantine) attackers will study their details and try to exploit them in arbitrary ways. (See Saltzer and Schroeder's Secure Design Principles)
- Open Design
- Saltzer & Schroeder 1975
- Open Design/Source
- Permissionless Participation
- Contract -> Open/Verified
- Security -> Design/Code
- No Security by Obscurity
- Byzantine Threat Model