Ethereum smart contracts are hot technology as of right now. While many companies see merit in this technology, there are security issues a swell. Researchers discovered several vulnerabilities which put millions of Dollars at risk. This is worrisome news, although there is a positive side to it as well.
Security Flaws in Smart Contracts
There are many different aspects to smart contracts. Templates can be used, but any additional code is always a security risk. Considering how there are so many Ethereum-based contracts out there, it is good to know if they are secure or not. According to new research, the future isn’t looking all that bright as of right now.
Through a new approach to sniff out vulnerabilities, researchers aim to improve the security standards. Unfortunately, they already discovered over 3,000 vulnerable contracts in existence right now. These contracts have a combined value of nearly $6m at current Ether prices. If someone were to take advantage of these flaws, things can get out of hand pretty quickly.
The main problem is how smart contracts are used to manage other people’s money. While it sounds convenient, there is always a trade-off to be made. The fact existing contracts cannot be amended is a big problem. Especially if a security flaw is discovered, there is nothing to be done about it. For some reason, this is a major design flaw which never was much of an issue, until now.
Analyzing the Code is Difficult
Even though smart contracts are designed to simplify operations, their code is pretty complex. Every contract is written by a human coder, yet their input is difficult to analyze. As such, it can take months, if not years, until major security flaws come to light. The researchers explained they use a different approach to find flaws:
“Assume we put a few coins in the machine, and just start randomly pushing buttons hoping that the inner workings of the vending machine—which we have no knowledge about, springs and whatnot—eventually releases the latch so you can take the candy.”
By creating a private fork of the Ethereum chain, the researchers can execute permutations of interactions. As such, they can monitor these creations for abnormal behavior. It is not the most convenient approach, but it seems to work just far. No specific information regarding the nature of these flaws has been disclosed as of right now. Rest assured criminals are already probing for weaknesses by the time the information goes public.
