VKontakte
A smart contract is an automatable, enforceable agreement. Their benefits are becoming increasingly well-known, and some people are even suggesting that they have the potential to replace professions that have traditionally been designed to provide services as middlemen, such a notaries and even lawyers.
This article is provided by Vanbex Group
As a result, more and more people are using them to carry out transactions. However, there are still some glaring holes in the security of smart contracts .
Many people have claimed that scalability is currently the biggest roadblock preventing mass adoption of smart contracts . However, a far bigger issue—and one that it is becoming increasingly important for us to focus on—could actually be smart contract security. Why is Smart Contract Security Such a Big Issue?
One of the key features of smart contracts —and one that makes them so suitable for their purpose—is the fact that they are immutable. This means that once the smart contract has been deployed, it is impossible to change.
On one hand, this prevents them from being tampered with by third parties. However, it can also have disastrous consequences if there are bugs in the code, as it means that any discovered bugs can’t be fixed, and the smart contracts are left vulnerable, open for hackers to take advantage of them.
We only have to look as far as The DAO hack or the multiple Parity wallet hacks for examples of the kind of disastrous consequences even the smallest bugs can have.
Unfortunately, it’s very easy to make such small mistakes.
A smart contract has many complex requirements. For example, they must be able to record all terms and conditions in explicit detail, execute transactions very quickly, and store recorded information in a suitable way that allows it to be backed up.
Because there are so many different requirements that must be implemented, there is a lot of room for error and small mistakes.
To complicate matters further, many of the developers who are responsible for designing and programming these features into smart contracts are anonymous and remote, and therefore unaccountable. This allows them to be less meticulous when doing their job, as they know that it will likely take a while for small errors to be found, so they’ll still be paid.
More importantly, because they are not officially part of the team, they know they won’t be the ones to face the repercussions if things go wrong. Smart Contracts That Have Gone Disastrously Wrong
The DAO hack in June 2016 resulted in over $150 million Ether being drained into a ‘child DAO’ account by a hacker.
The hack was a result of a recursive call bug in the smart contract.
This hack was so prolific that members of the community voted for a hard fork for the Ethereum (ETH) cryptocurrency.
This ultimately led to the creation of Ethereum Classic (ETC).
There were also the Parity Wallet smart contract hacks.
Parity was hacked for the first time in July 2017.
This resulted in a hacker stealing 153,037 ETH (valued at approximately $30 million) from three of the high-profile multi-signature contracts that had been used to store the funds from past token sales.
This was the result of an error in the code that made all of the public functions from the library to be callable by anyone. The attacker exploited this bug by setting themselves as the ‘owner’ of the contract, then invoking the execute function to send all of the funds in the wallet to their own account.
The second hack took place in November 2017, and was known as the ‘Parity wallet freeze’.
This affected over 500 multisig wallets and rendered over $150 million worth of Ethereum completely unusable. Including the wallets of many high-profile blockchain platforms that had used Parity to store the funds from their ICO. Etherparty Ensures Safe Smart Contracts
The DAO hack and the Parity wallet hack are just the tip of the iceberg.
We’ve witnessed so many security breaches over the past few months that we can no longer afford to risk being even slightly lax on the security of our smart contracts.
But the industry has been learning from its painful experiences, and companies such as Vancouver-based Etherparty is one of the key smart contract platforms committed to implementing industry-leading security standards to ensure complete protection for all of its users. Twitter .
