Yesterday I was on the NEXT.exchange telegram group when someone made a post about the NEXT.chain code needing to have an audit done. This conversation spiraled into a ton of misunderstandings that I think could be very important to others security.
It started off innocently enough with a quest about whether NEXT.exchange planned to have an audit done. Quickly it was realized that actually it was more of a question about NEXT.chain not Next.exchange.
I should mention at this point, NEXT has not really released any source code for their wallets, their exchange, nor their blockchain. I believe all three of these things seriously need to not only be audited but also released to the public.
Transparency of exchanges is highly important and very few, if any major exchanges don't release their source code and all top cryptocurrencies have released their source code. This is true for projects like bitcoin, ethereum and ripple coin and it is also true of exchange like binance (see binance github page).
In my opinion if an exchange expects to be a major player at this point, they NEED to release source code.
Setting this aside as its not really relevant to my post, this conversation lead me to the belief a lot of people misunderstand a lot of things about blockchain and cryptocurrency.
What was said next in the conversation took me by surprise and is what really sparked this post.
Believing a blockchain is a wallet is a huge problem in my mind. So this is where I want to start. I tried explaining that a blockchain is not a wallet and most agreed with me but quiet a few didn't and I am not sure I really explained it well enough, and I think its VERY IMPORTANT people understand a blockchain is not a wallet.
Yes its true that bitcoin core has an integrated wallet, but bitcoin itself is really just a blockchain ledger, nothing more and nothing less. Bitcoin could just have easily released the bitcoin blockchain without having released a wallet and relied solely on third parties to create wallets.
If one were to go to the electrum wallet github page, they would find all the source code for a fully working bitcoin wallet without the bitcoin blockchain at all. The reason is obviously because a wallet is not the same thing as a blockchain.
It is very important that people understand a blockchain and a wallet are actually separate pieces of code and not at all the same thing, especially when it comes to doing a code audit.
The reason this is so important is that a wallet could be coded perfectly yet the blockchain itself have potential insecure code in it. If the only thing you have audited is the wallet and the blockchain code is insecure you run a serious risk of losing your funds.
Take for example a security flaw in zcash that was fixed late last year. This flaw in no way related to wallets at all. One could have examined wallets all day long and never found this security flaw. The flaw could have potentially allowed anyone to create an unlimited amount of zcash.
This could potentially have caused a mass flow of zcash onto the market that would have devalued the entire currency.
This is just one example of hundreds that exist. So I think it's really important for end users to understand that a secure wallet does not mean a secure blockchain.
So what about using bitcoin as an example? Isn't the bitcoin core wallet and the bitcoin blockchain one in the same?
The answer is no.
In fact if you were to go to the bitcoin github page and look at the source, with a bit of effort a coder could actually entirely remove the wallet folder from the bitcoin source code and still compile bitcoin successfully without the wallet.
The fact is a wallet is merely an interface to work with a blockchain. It is not the blockchain itself nor it is specifically required to use a blockchain. A wallet is an interface to RPC commands. RPC commands have been built into blockchains and act as an API of sorts.
Pointing this out, lead to another series of comments about mining setups also being wallets.
I pointed out that this also was a flawed belief. Many blockchains do not mine from wallets. In many blockchains a miner has to enter the address where they want rewards to go as the wallet is not an integrated part of the mining process.
At this point I pasted the example php code from "A simple PHP-based blockchain" on github in an attempt to show that a blockchain does not specifically require a wallet to work.
Cryptocurrency coins do not exist
This lead to yet another string of comments which resulted in the next two comments.
This is perhaps the most important thing that was said in the conversation. It is something that seems to confuses the masses of people. There are no coins nor tokens in cryptocurrency. We use the terms to represent something that is not real and does not exist out of convenience.
It reminds me of one of the most famous quotes from the movie the matrix, "Do not try and bend the spoon, that's impossible. Instead, only try to realize the truth...there is no spoon. Then you'll see that it is not the spoon that bends, it is only yourself."
Cryptocurrencies are one thing and one thing only. They are a ledger system tied together from a series of blocks on a merkle tree. Nothing exists except a ledger in cryptocurrency. There are no coins. You are not sending anything from one person to another. There are no wallets. There is no mining. There is only a ledger system.
A ledger system in cryptocurrency is appended through a process known as mining. Mining is merely a process. It is not a actual thing. It is a process of guessing mathematical solutions. A process is not a thing that exists. A wallet is an interface to that blockchain for reading data in the same way that a blockchain explorer is an interface for that blockchain. None of these things are truly part of the blockchain because the blockchain is just a ledger.
What is a wallet?
A wallet is a convenient way of looking things up on the blockchain. Nothing more and nothing less.
It doesn't store any cryptocurrency coins or tokens because there are not cryptocurrency coins or tokens. This is why as long as you have your cryptocurrency keys you can completely delete your wallet. You can download a different wallet and you can still access your "coins".
As they don't exist, a new wallet need only look up data on a blockchain to be able to say "Oh, your keys relate to these transactions" and display information back to you that we perceive to be coins and tokens. The reality is, just like the spoon doesn't exist, neither do the coins and tokens - only records on a blockchain.
In the world of fiat money, if you have cash in your wallet and you through that wallet away your cash is gone. Why? Because your fiat currency is something real in that its tangible (don't confuse what I am saying the value of that real fiat currency is just as made up).
If you walk into some random bank that is not a bank holding your fiat currency and try to withdraw your money, you can't. Why? Because they don't have your money. It is something real and tangible.
With cryptocurrency this is not the case at all. There is a ledger, there is nothing except a ledger. Anything that appears to exist, is really just data on a ledger.
Again there are no coins and there are no tokens.
This is perhaps the most important article I have written to date.
I think audits are highly important for the future of cryptocurrency and I think end users need to be aware of what needs to be audited and what doesn't and what the order of precedence is when having audits done.
A wallet is not a blockchain. It is important the source code of a wallet is audited, but to believe a wallet being audited makes your coins secure from potential blockchain security flaws is a vast misconception that could be detrimental to a projects security.
Both wallet source code and blockchain source code need to be audited.
Unlike with fiat currency, cryptocurrency coins themselves cannot be audited. No one can audit your cryptocurrency coins and determine you went to the store and bought 10 eggs because the coins don't actually exist - only the ledger does. So your coins cannot be audited.
Understanding these basic principles of cryptocurrency could save you countless dollars in lost funds. So when you ask about audits, be sure you are getting the correct information before you start putting tons of money in a project.
Equally encourage all projects, even corporate projects, to release their blockchain source code to the public at large. If people cannot see the source code, they will not trust the cryptocurrency.