160   In many jurisdictions and following BIS leads, FMIs must maintain certain standards with respect to risk management
                and operations, have adequate safeguards and procedures to protect the confidentiality of trading information,
                have procedures that identify and address conflicts of interest, require minimum governance standards for boards of
                directors, designate a chief compliance officer, and disseminate pricing and valuation information.
            161   European Securities and Markets Authority (2019) Advice: Initial Coin Offerings and Crypto-Assets , available at https://
                bit .ly/ 2CXSjFc
            162   See examples thereof in ITU-T Focus Group Digital Currency including Digital Fiat Currency (2019) Reference
                Architecture and Use Cases Report, available at www .itu .int
            163   Coindesk (2015) What the 'Bitcoin Bug' Means: A Guide to Transaction Malleability, available at http:// bit .ly/ 2O3cpW4
            164   This is similar to but not ‘double spending. van Wirdum, A (2015)The Who, What, Why and How of the Ongoing
                Transaction Malleability Attack, available at http:// bit .ly/ 2xRZc7I
            165   ibid. The Mt. Gox hacked followed the following sequence: (i) the attacker deposits Bitcoins in a Mt. Gox wallet; (ii) the
                attacker requests withdrawal of the coins and the exchange initiates a transaction; (iii) the attacker modifies the TXID
                and the transaction is included in the blockchain; (iv) After the attacker receives the coins, the attacker complains to
                the exchange that the coins were not received; (v) After the exchanged searches but cannot find the exact transaction
                ID, the exchange reissues another send
            166   Bitcoin News (2015) Transaction Malleability: MtGox’s Latest Woes, available at http:// bit .ly/ 2GkwHnN
            167   See BIP 66, available at http:// bit .ly/ 2SxoLVn ; Bitcoin Transaction Malleability, available at
            167   http:// bit .ly/ 2SrbZaD and also BIP 141, available at http:// bit .ly/ 2LpCVal
            168   BitDegree (2019) What is SegWit and How it Works Explained, available at http:// bit .ly/ 2YgzSHc
            169   StackExchange (2018) Why Was Transaction Malleability Fix Required for Lightning Network?, available at http:// bit .ly/
                2XXIbnd
            170   Ambcrypto (2018) SegWit Fixed the Transaction Malleability Problem on Bitcoin and Litecoin, says Bitcoin Proponent,
                available at http:// bit .ly/ 2GiJ1VI; See also Zcash, available at http:// bit .ly/ 30I8dg5
            171   In essence, the recipient of funds (such as from an exchange) complains to the sender that a transaction had not
                occurred and requests a resend of the funds. The target, after checking for the original TXID and being unable to find it,
                resends the same amount again to the attacker. This problem is solved by senders searching for both the original TXID
                and equivalents. The attack is described well here: http:// bit .ly/ 2O3cpW4 and here: http:// bit .ly/ 2YgzSHc. See also a
                technical analysis of Transaction: SF Bitcoin Devs Seminar: Transaction Malleability: Threats and Solutions, available at
                http:// bit .ly/ 2y0cIWN; See also BIP 62, available at http:// bit .ly/ 2Y0sE6f

            172   For example, a multi-signature smart contract calling for a payment from one party to another should the local weather
                drop below a certain temperature on a certain date will need to use an oracle to retrieve the daily temperature details
                from an external data source, such as through the use of an API provided by a weather source.
            173   Image source:  https:// www .smartcontract .com/
            174   See https:// www .oraclize .it/  which redirects to https:// provable .xyz/
            175   ‘Oraclize purports to solve the ‘walled garden’ limitation — it provides a secure connection between smart contracts
                and the external world, enabling both data-fetching and delegation of code execution. The data (or result) is delivered
                to the smart contract along with a so-called ‘authenticity proof’, a cryptographic guarantee proving that such data
                (or result) was not tampered with. By verifying the validity of such authenticity proof, anybody at any time can verify
                whether the data (or result) delivered is authentic or not.’ Oraclize (2017) Authenticity Proofs Verification: Off-chain vs
                On-chain, available at http:// bit .ly/ 2XO0FLH
            176   ‘‘TLSnotary’ allows a client to provide evidence to a third party auditor that certain web traffic occurred between
                himself and a server. The evidence is irrefutable as long as the auditor trusts the server’s public key.’ TLSNotary (2014)
                TLSnotary – a Mechanism for Independently Audited Https Sessions, available at http:// bit .ly/ 2SqOYon
            177   http:// bit .ly/ 2XSUCWn
            178   http:// bit .ly/ 30Dq081
            179   http:// bit .ly/ 2LukqS2
            180   http:// bit .ly/ 30DkH8H
            181   https:// intel .ly/ 2xUvOOo
            182   http:// bit .ly/ 2GiUEM6





           68    Security Aspects of Distributed Ledger Technologies