25% of All Smart Contracts Contain Critical Bugs

25% of All Smart Contracts Contain Critical Bugs

For every problem that smart contracts solve, they seem to introduce another. In a week in which EOS has made news for all the wrong reasons over a RAM vulnerability, a code auditor has revealed the prevalence of smart contract bugs. Security firm Hosho, which has forged a new partnership with community managers Amazix, has found that one in four projects contains critical vulnerabilities.

Also read: Researchers Find Discrepancies With Top Exchange Volumes

Ethereum, the ICO economy’s go-to launchpad, has been the worst affected, with stories abounding of exploitable code that’s led to hundreds of millions of dollars of ether being stolen or locked up. While smart contract platforms such as Stratis are pushing the availability of debugging deployment suites and professional decompilers that come with using C#, Ethereum’s Turing-complete system leaves greater margin for error. Identifying and eliminating all potential security holes is a Sisyphean task, and one which even experienced Solidity developers struggle with. Enlisting the support of a third party specializing in smart contract audits, while not foolproof, is the best bet against shipping bug-filled code.

While it is industry practice to have smart contracts audited ahead of a tokensale, projects that have yet to raise funds may be tempted to cut corners and skimp on this task. Doing so can prove fatal, however, with the worst bugs leading to wallets being drained, or buffer overflow exploits being manipulated to alter account balances. Several Ethereum-based projects have been forced to conduct token swaps after screwing up their first attempt at a smart contract.

In EOS land this week, all energies have been focused on patching a RAM exploit that’s recently been detected. It allows a malicious user to “install code on their account which will allow them to insert rows in the name of another account sending them tokens. This lets them lock up RAM by inserting large amounts of garbage into rows when dapps/users send them tokens.”

Proponents of cryptocurrencies see smart contracts eventually infiltrating everything from insurance to dispute resolution. Before that can happen, developing trust in the code that governs them will be crucial.

Do you think smart contracts will eventually become bug-proof, or will exploitable vulnerabilities persist? Let us know in the comments section below.

Images courtesy of Shutterstock.

Need to calculate your bitcoin holdings? Check our tools section.

The post 25% of All Smart Contracts Contain Critical Bugs appeared first on Bitcoin News.

 

source: https://news.bitcoin.com/25-of-all-smart-contracts-contain-critical-bugs/

Share your thoughts, add a comment!

You must be logged in in order to place a comment.

Article comments

Loading...
No comments yet, be the first to comment this article