Talks Tech #33: Blockchain Regulations and Security
Bhavya Batra, Product Manager at XponentsVentures and Blockchain Fellow at Women Who Code, interviews Neha Jain, Founder & CEO at IntelliBlock Technologies. They discuss the security risks and benefits of Web3 applications. Neha also shares the many opportunities available in blockchain technology.
How did you start with your journey in blockchain and Web3 as an emerging tech?
I started when I was on the verge of deciding on my Ph.D. topic. My guide asked me to explore this particular domain, the blockchain domain. It was pretty new, and it had a lot of possibilities then. That was the first time I thought about blockchain. At that point in time, so many things could be explored. I decided to move ahead with security, as it was my previous expertise. I did my master's in cryptography. It was so fascinating and a technology that could be a paradigm shift. That's how I completely jumped into this exploration. I joined a company as a software engineer. Then I was a researcher as well as a head of blockchain. Now I have founded my own company.
What role has community had in helping you grow in this space throughout your journey?
Without the community reaching the decision was impossible. In this particular domain, we have less literature available about the domain. The community is going on this journey along with you. They are facing the same challenges you are facing and discussing them, providing support to each other. I think this is the only way to master their field in blockchain. Communities, like the Ethereum Foundation, provide detailed guidelines on how to master blockchain. I admire their efforts.
What was the turning point that made you shift your career into the Web3 space?
It's a journey that I'm going through. Initially, I started with Web2 security and then entirely into the Web3 domain. When the world is growing, I'm growing. I would not say a turning point, but a milestone that I have achieved.
What is a smart contract audit, and why is it important?
It is a thorough, systematic inspection of the analysis of the code of the smart contract that we create. Now why this systematic, comprehensive, deep analysis is required? The only way where we can communicate with the blockchain is through smart contracts. Whatever we are writing in the smart contract is going to be communicated with the blockchain or with each other. There is no other intervention possible. If the business logic is not correct if there are bugs in the entire design of the smart contract, and if there are multiple security loopholes, all those things have to be defined. It must be understood before deploying the smart contract on the real chain. Most of the applications we are dealing with are financial applications or deal with financial assets or any other valuable items.
Apart from financials, financial assets, and risks, what are some of the other security concerns and challenges around Web3 as a technology application?
Web3 applications are not doing authentication and signing when dealing with APIs, which normally Web2 applications are doing. The end users, like you and me, who are using that particular webpage, might not be able to understand whether it is from the intended web service provider or a malicious hacker. There are other security concerns concerning the wallets. The wallets, especially these software wallets, are quite insecure. The single source on which they are lying is the private key. Once this has been hacked, the entire system can get disrupted. With normal Web2 security, we have a list of all kinds of vulnerabilities listed down by experts. We have a database called National Vulnerability Database, but there is no single source of truth for Web3. We don't know what challenges will come in the future, and multiple hacks are happening. We only have scattered information in the form of the DeFi Threat Matrix. We need some centralized repositories of all Web3 vulnerabilities at one place so that we can predict it.
How can Web3 help in data security, data confidentiality, and integrity?
The primary reason for Web3 to be considered as the savior of data confidentiality and integrity is that it is built on the blockchain. Blockchain, itself, is a security framework. It has an underlying assurance of providing confidentiality because of the cryptographic mechanism utilized in the entire operation. Authorized users can only access the smart contracts, and they can only access the application. We have the immutability of blockchain. Those features are making Web3 a support for improving data security. Web3 users have full control of their data.
Should we have some regulations around Web3 applications or should we keep it entirely decentralized? What's your opinion about it?
Anything which is unregulated can cause a threat to the community over a period of time. There should be something that is regulated. Although the decentralization part, I agree that countries that have a very small population and low, small geographical area can be managed very well. But in countries like India, where we have more than 1 billion people right now, unregulated things won't be helpful for the public. We should go for the regulated one.
The UN issued a brief in which they said unrestricted crypto adoption posed a risk to developing nations. However, it has said that cryptocurrencies serve as a safeguard against currency inflation and a means for enabling transfers. What is your opinion on this?
I'm repeating anything which is unregulated could become a threat in the coming future. Payments and settlements can be done by cryptocurrencies in a much easier way. I agree to that point definitely. That particular feature of cryptocurrency can be handled with other forms of decentralization. Digital currencies that multiple governments are working for, so they can also become the currency are a safeguard against currency inflation. CBDCs and other digital currencies can be another option for payment and settlements, and developing countries should consider it.
Would you have any recommendations for people looking to start in the blockchain space? Would you recommend specific resources to them or a roadmap, maybe?
There are many stages where they can enter into this particular field. They can become a Blockchain developer or an architect, where they can understand the core development of Blockchain protocol. They can build applications, and become a DAP developer or a solidity programmer, where they can write smart contracts. There is another field that is now linked with the blockchain, which is like Metaverse. You can become a UI/UX designer because this is the field, I guess, which is compromising a lot in terms of providing flexibility to the end users. The end users find blockchain very difficult to enter, the UI is not user-friendly. People who are experts in UI/UX can come up with and provide better solutions in this area. Apart from that, you can become a community manager, content writer, graphic designer, analysis, business analyst, or research analyst.