Cybersecurity researchers from the United Kingdom and Singapore have conducted a research regarding smart contracts and the results are alarming. Poor coding and encryption happen more often than one might expect, meaning millions of dollars are exposed to hackers.
Cybersecurity researchers from the United Kingdom and Singapore have conducted a research regarding smart contracts and the results are alarming. Poor coding and encryption happen more often than one might expect, meaning millions of dollars are exposed to hackers. The news come in the same month when several major hackers’ attacks happened around the globe and we have to admit it is disappointing to see that even smart contracts may not be as safe as once deemed.
The scientific paper outlines three major smart contract categories, vulnerable to hacking. Contracts that hold funds indefinitely (Greedy), contracts that leak funds to arbitraries (Prodigal) and Suicidal, meaning anyone can destroy them. Researchers discovered that 34.200 out of 970.898 smart contracts have weak security measures implemented. A great portion of those 34.200 is built on the Ethereum network. However, this does not mean the problem is Ethereum. It means that developers did a poor job when creating the smart contracts. Because of them, currently $4.4 million are at risk.
Often hailed as incorruptible, smart contracts gained popularity last year during the crypto boom. And this should not come as a surprise considering how easy it is to use them and how cheap they are, compared to regular contracts. According to Bitcoin.com, as much as $500 million was lost last year thanks to poor coding. Ilya Sergey, one of the authors of the paper says, “We’re dealing with applications that have two very unpleasant traits: They manage your money, and they cannot be amended.”
The lack of proper security measures in those 34.200 smart contracts puts 4905 Ethereum tokens at risk. At today’s price, this is approximately $4.4 million. Furthermore, posthumous contracts have 6.239 Ethereum frozen, or some $5.5 million. In one way or another, investors managed to send 313 coins to dead contracts. So in total, more than $10 million is probably forever lost on the blockchain.
In order to protect that money, researchers did not reveal which are those high-risk contracts. Despite that hackers can still find them and it wouldn’t be that hard. As Ilya Sergey pointed, “If someone wants to exploit this idea, they’ll have to do at least as much work as we did.”
The full text of the report is available here.