What is the value of performance?

Many project meetings debate development costs and reduce software testing efforts to expedite time to market. Performance and security testing are among these efforts that are removed from the project plan because these exceptional skills are not available, and everyone hopes that nothing will happen:)

There are prominent papers, such as "The Unforgivable Vulnerabilities," that provide insights into software quality problems that lead to severe security issues. Over the last 30 years, little progress has been made to eliminate these families of vulnerabilities. On the performance side, it's the same; we have these unforgivable performance failures that have existed for decades and have been repeated in generations of software development projects. 

The financial consequences of performance problems are challenging to measure because the technical debt created grows over time, and operational teams develop workarounds to bridge these gaps. Recently, I discovered a significant performance failure that caused severe damage, serving as a potent reminder of making thoughtful decisions in performance engineering.

What went wrong?

In recent years, cryptocurrency games have gained popularity. Known for their low transaction costs and lack of central oversight, blockchains promise that digital cash will become a reality. In 2022, Axie Infinity, a crypto game that utilized the Ronin Network, experienced a massive surge in new users. In the game (Axie Infinity), players fight cartoon pets called Axies to earn cryptocurrency. The game is hugely popular, with millions of players worldwide hoping to win cryptocurrency and collect the game's non-fungible tokens (NFTs). To keep up with this increasing demand, they removed security protocols.

Sacrificing Security to improve performance is a dangerous game. Ronin Network learned a bitter lesson by reducing the validator nodes to 9 and failed to discover that adversaries controlled the majority, allowing them to approve their fraudulent transactions. By nature, crypto transactions can't be undone once they are executed. Since malicious actors controlled 5 of 9 Ronin Networks Nodes, they approved their fraudulent transactions and stole $625 million.

Lessons learned in this hack?

• Never make shortcuts in performance tuning

• System design and architecture audits are crucial

• Real-time monitoring to expose adversarial activities

• Improving performance by losing Security is a bad choice

Crypto companies are sometimes so anxious to make 'loadsamoney', or accommodate high demand, that they put out poorly designed and tested code, compromise security, or place too much reliance on infrastructure. "

We are here to solve your performance and security concerns. Contact us anytime to get our support.

#Performance #Crypto #PerformanceEngineering #Tuning #Blockchain

References

https://www.bbc.com/news/technology-60933174