A study has found 34,200 vulnerabilities in Ethereum-based smart contracts. With almost one million contracts checked, this corresponds to 3% of the Smart Contracts tested. What does this mean for future investments in ICOs?
Bitcoin news: Smart Contracts are probably the first feature associated with Ethereum
The concept behind Smart Contracts was defined long before by Nick Szabo in 1994. According to Bitcoin news, a smart contract is an automatic process that is contractually regulated. Withdrawing money from ATMs is an illustrative example of such a smart contract.
So far, so banal. Thanks to blockchain technology, however, these smart contracts become additionally transparent and can fully exploit their potential. They can be viewed during the term, whereby an open source system becomes an open execution system and a smart contract can really be a contract due to this transparency.
At the time of the DAO, a decentralized venture fund in 2016, a frequently heard bon mot was “The Code is the Law”.
The downside of this statement unfortunately had to be discovered in the course of the DAO exploit: A person or group of people still unknown today has stolen DAO Ether worth 60 million US dollars. This was not made possible by a hack, but by a security hole in the Smart Contract behind the DAO.
And that was by no means the only vulnerability: The Smart Contract underlying the Parity Multi Signature Wallet was accidentally deleted, freezing US$230 million worth of ether.
3% of Smart Contracts have security holes
Nikolic et al have now written a paper on “Security gaps in Smart Contracts”. Various news portals have skilfully chosen titles to focus on 34,200 security vulnerabilities. The market reacted promptly and the Ethereum share price fell by 9%. Although the articles discuss the total number of smart contracts examined, a percentage in the headline would probably be less dramatic.
In any case, security gaps were found in 34,200 Smart Contracts – in a sample of 971,000 examined codes. This corresponds to a percentage of 3%.
That doesn’t sound like much in itself – at least much more banal than data on 30,000! In various industries, manufacturers could live with a failure rate of 3%. For the ICO investor and the user of Smart Contracts, however, this means that caution should be called for. In this context, publication serves to raise awareness, but not to panic.