Over 3,000 Ethereum Smart Contracts Contain Major Security Flaws

JP Buntinx | February 24, 2018 | 11:06 pm

Over 3,000 Ethereum Smart Contracts Contain Major Security Flaws

JP Buntinx | February 24, 2018 | 11:06 pm

Ethereum smart contracts are hot technology as of right now. While many companies see merit in this technology, there are security issues a swell. Researchers discovered several vulnerabilities which put millions of Dollars at risk. This is worrisome news, although there is a positive side to it as well.

Security Flaws in Smart Contracts

There are many different aspects to smart contracts. Templates can be used, but any additional code is always a security risk. Considering how there are so many Ethereum-based contracts out there, it is good to know if they are secure or not. According to new research, the future isn’t looking all that bright as of right now.

Through a new approach to sniff out vulnerabilities, researchers aim to improve the security standards. Unfortunately, they already discovered over 3,000 vulnerable contracts in existence right now. These contracts have a combined value of nearly $6m at current Ether prices. If someone were to take advantage of these flaws, things can get out of hand pretty quickly.

The main problem is how smart contracts are used to manage other people’s money. While it sounds convenient, there is always a trade-off to be made. The fact existing contracts cannot be amended is a big problem. Especially if a security flaw is discovered, there is nothing to be done about it. For some reason, this is a major design flaw which never was much of an issue, until now.

Analyzing the Code is Difficult

Even though smart contracts are designed to simplify operations, their code is pretty complex. Every contract is written by a human coder, yet their input is difficult to analyze. As such, it can take months, if not years, until major security flaws come to light. The researchers explained they use a different approach to find flaws:

“Assume we put a few coins in the machine, and just start randomly pushing buttons hoping that the inner workings of the vending machine—which we have no knowledge about, springs and whatnot—eventually releases the latch so you can take the candy.”

By creating a private fork of the Ethereum chain, the researchers can execute permutations of interactions. As such, they can monitor these creations for abnormal behavior. It is not the most convenient approach, but it seems to work just far. No specific information regarding the nature of these flaws has been disclosed as of right now. Rest assured criminals are already probing for weaknesses by the time the information goes public.

Tags: , ,
  • lez


  • Sypher

    just fud

  • wolfystrade

    What happened to just good old digital currency, how about get step 1 right first.

  • James Willert

    Great, thanks for the FUD inducing title on an obviously unwarranted hit-piece given the details and prior public knowledge about this potential issue. My alt portfolio thanks you as well, you f#@%.

  • David Dunn

    Yeah, this was a super-FUD article…

  • Gareth Smith

    I am guessing this is “Transfer on behalf of” which the peer to peer exchanges like ED utilise but a number of recent ICO have disabled on advice from security auditors.

    Total guess, could be wrong.

  • No sources. No person associated with the quote. This article goes down in my book as rumor.

  • JayDoe


  • Voz de Arroto


NewsBTC is a news service that covers bitcoin news, technical analysis & forecasts for bitcoin and other altcoins. Here at NewsBTC, we are dedicated to enlightening people all around the world about bitcoin and other cryptocurrencies. We cover news related to bitcoin exchanges, bitcoin mining and price forecasts for various virtual currencies.

Get the app

Featuring live charts, price analysis, breaking news, currency converter and more. The only bitcoin app you need!