When Smart Contracts Go Wrong; How to Ensure Your ICO Smart Contract is Secure & Reliable Guest Author | July 23, 2018 | 8:00 am When Smart Contracts Go Wrong; How to Ensure Your ICO Smart Contract is Secure & Reliable Guest Author | July 23, 2018 | 8:00 am
Smart contracts have amazing potential applications. They can be used for proving identity, sharing data securely and for managing tokens and funds raised in an ICO/token sale.
There are more than 1500 dApps on the Ethereum network, using smart contracts for a spectrum of applications. However, smart contracts are code-based and mistakes, if any, can have disastrous consequences.
In this article, we look at some of the biggest smart contract failures and their causes.
What is a smart contract?
A smart contract is a code that contains a set of rules.
If the rules are met, the contract is automatically executed.
For example, a smart contract could be made for selling a car. When the money for the car is deposited in the correct account, the contract could pass the ownership of the car to the buyer. These contracts do not need third parties to validate that the conditions have been met as the contract does it automatically.
Unlike a paper contract which is enforced through third parties, a smart contract is written in code. If the code is secure, the smart contract will behave as anticipated. But if there is a bug or weakness in the code, the entire transaction (or funds) could be at risk of being stolen or manipulated in one way or another.
When smart contracts went wrong
The Decentralized Autonomous Organization (The DAO) was one of the biggest examples of an organization based on smart contracts.
It was designed to provide funding for crypto projects that were not determined by any one person or small group. Each owner of DAO tokens was allowed to vote on whether or not a project should receive funding.
The hype around this idea led to the total purchases of DAO tokens to reach $250 million worth of Ether the day before the hack.
However, two sections of code resulted in the collapse of the highly anticipated DAO project and led to a controversial hard fork of the Ethereum blockchain into Ethereum and Ethereum Classic.
The two functions of ‘splitDAO’ and ‘withdrawRewardFor’ were not vulnerable by themselves, but together, allowed the hacker(s) to siphon off 4 million Ethers, which would have been worth $5.5 billion at the peak price of Ether. The chaos which ensued resulted in the Ethereum community performing a 51% ‘attack’ and re-writing the blockchain as though the funds were never stolen.
More recently, a bug in the smart contract used by Parity was exploited causing the loss of half a million Ether, worth $169 million. The error in the code led to the freezing of more than 70 wallets and the loss of access to the money held in each of them. Parity admitted to having been warned about the flaw in August, months before the bug was triggered but had not fixed the issue.
Parity later said:
“However, rather than just having more audits, we strongly believe that more extensive and formal procedures and tooling around the deployment, monitoring and testing of contracts will be needed to achieve security.
We believe that the entire ecosystem as a whole is in urgent need of such procedures and tooling to prevent similar issues from happening again, in particular, if and when the number and complexity of live contracts grows.”
This was not the only Parity hack due to smart contract flaws. In June 2017, a vulnerability was found which led to the theft of 150,000 Ether ($32 million). In a blog post at the time, Parity said that the functions were supposed to be usable in only one specific circumstance but were ‘entirely unguarded’ allowing a hacker to change the ownership of the wallets. The wallet had not been audited outside of the Ethereum and Parity communities.
The problem with Ethereum smart contracts
One of the main issues with Ethereum is that it’s built on an advanced coding language called Solidity. This requires programmers to learn an entirely new coding language to create smart contracts on the platform.
In doing so, it opens up more risks of coding mistakes due to unfamiliarity with the language, exposing user funds. This also creates the need for better, external audits.
The majority of ICOs issue tokens on the Ethereum network called ERC20 tokens. Prominent examples include EOS, TRON, and VeChain which have all recently migrated onto mainnets.
The total ICO funding has almost hit $20 billion this year, but researchers found 3,000 vulnerable smart contracts which could put a lot of this funding at risk.
Managed ICO solutions and smart contract development
Since most new ventures are either inexperienced or don’t have the time or resources to develop and audit their smart contracts, a fully managed ICO dashboard solution like COINAdmin can help ICOs with complete smart contract development and security auditing to ensure they are bug-free and reliable.
COINAdmin , with its dedicated team of blockchain developers, specializes in developing smart contracts for ERC-20 and ERC-223 standards and supports extensive third-party audits – handling all the technical aspects and allowing ICO teams to focus on the business side.
Given how the entirety of a token sale’s collected funds and distribution of tokens depends on the reliability of the smart contract, it makes sense for ventures to opt for a dedicated, professionally developed solution, rather than going down the trial and error route.
The full solution provided by COINAdmin allows projects to issue ICO tokens without requiring a solidarity programmer, saving time and money.
To date, the COINAdmin team has worked with a range of crypto and blockchain ventures, which have collectively secured over $70 million in funding.
If you’re looking for a one-stop solution for your ICO’s management, book a call today with one of our experts for a free consultation. .