Shima Capital CTO's Reflection on Curve: Why We Need Runtime Protection and Aspect?
TechFlow Selected TechFlow Selected
Shima Capital CTO's Reflection on Curve: Why We Need Runtime Protection and Aspect?
How to provide runtime protection?
Navigating Web3 tides with focused insightsAuthor: Carl Hua, Partner & CTO at Shima Capital
Translation: BlockBeats
Following the recent Curve reentrancy exploit, I reflected on my experience at JPL NASA, where I learned the core principles for developing reliable and resilient software. These insights are more critical than ever for the crypto industry, for the following reasons:
At the end of the day, people truly care about only two types of software: software that can kill you, and software that can make you lose money.
For any aerospace vehicle, the majority of the budget (over 80%) for critical software is not allocated to development itself, but rather to integration and testing. If the software fails, the vehicle falls out of the sky—fighters, drones, spacecraft, etc.
Most code in aerospace software—especially when classified as mission-critical—is subject to extremely rigorous testing and development standards such as DO-178B Level A. It's not enough to test every line of code; each logical condition within nested logic must also be individually tested.
At JPL NASA, the philosophy behind writing advanced aerospace software isn't about crafting the most elegant or clean code, but about writing code that's easy to unit test. Why? Simple: when you launch a spacecraft into space, you only get one chance. No one wants to take risks with a high probability of failure. This parallels blockchain logic—immutable code is a core feature, and we likewise have only one chance to correctly handle our funds in every transaction. So why aren't we taking dApp development more seriously?
Despite strict development, testing, and code auditing processes, these measures alone are clearly insufficient to prevent all errors and attacks. Eliminating all runtime bugs through testing and audits is nearly impossible in practice. So how do we protect our software from failure?
Runtime Protection
Runtime protection is a security technique that safeguards software applications during execution against malicious attacks. It works by performing real-time monitoring while the code runs, analyzing the program’s actual behavior to defend against malicious inputs and exploits.
Implementing runtime protection in high-reliability software requires significant investment and architectural planning, as it serves as the final safeguard preventing software from entering unknown or faulty states. This isn’t just theoretical—it’s a proven practice refined over decades.
In today’s Web3 landscape, I believe DeFi applications demand the same level of reliability and should adopt similar approaches. However, due to inherent limitations, the EVM wasn’t designed to handle complex tasks like runtime protection. So how can we deliver runtime protection in this environment?
One solution lies in Aspect programming—Aspects designed by the Artela blockchain network—which enables switching execution contexts at any point within a smart contract transaction lifecycle, allowing advanced checks on the program’s real-time state. By combining Aspects with EVM compatibility, Artela offers a unique architecture for runtime protection, positioning itself as a potential foundational layer for secure smart contracts in crypto.
Artela has published an article demonstrating exactly how Aspects could have prevented the Curve reentrancy attack. We welcome discussion and collaboration!
“Unsolvable Compiler Vulnerabilities? Runtime Protection Enables On-chain Risk Control for DeFi”
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
