In BriefIn an analysis of one million smart contracts, a new analysis tool found that 34,200 had security vulnerabilities. Before we transition to a blockchain-based digital economy, we need to address the flaws in this system.
Blockchain has the potential to transform our world. Experts insist the technology is “bigger than the internet,” but we may want to take a beat before we put everything from our money to our health records on blockchains. According to a new study, the technology isn’t nearly as secure as we thought.
Back in 2009, Bitcoin set the blockchain revolution in motion giving any two parties, anywhere, a way to quickly and securely transfer money.
Some blockchains, most notably Ethereum, take the utility of Bitcoin to the next level by incorporating smart contracts, which automate the process.
For example, say you want to buy 10 ether tokens, but only if the price drops below $600 per token. Smart contracts are set up to execute specific actions when they encounter a specific situation, so you could set one up to buy 10 ether when the price drops.
That’s not all they can do: while smart contracts can be as simple as the above, they can also be far more complicated. You could also set up a smart contract to buy ether if the cost hits below $600 per token, and you have an account balance above $10,000, and it’s a Friday.
Smart contracts are essential for industries outside of finance that want to take advantage of the blockchain technology. For example, if healthcare systems wanted to put medical records on a blockchain, it could use smart contracts to ensure only medical professionals are granted access to them.
While it all sounds good in theory, there is some bad news: a team of computing experts from the National University of Singapore and University College London published a study that details a surprising number of security flaws in smart contracts.
The group analyzed roughly one million smart contracts using a custom-built tool called MAIAN. The team was looking for contracts attackers could manipulate to lock funds indefinitely, force to leak funds randomly, or simply kill.
Their analysis tool flagged 34,200 contracts. It even found the flaw in the Parity blockchain app that rendered $169 million worth of ether inaccessible to owners back in July 2017. The team then manually analyzed 3,759 contracts and found they could exploit vulnerabilities in 3,686 of them.
Determining that roughly 3.4 percent of smart contracts could be vulnerable to attackers is huge. Sure, the centralized technologies we currently use to manage our finances and other important records aren’t ironclad. However, if we’re going to go through all the trouble of transitioning to a blockchain-supported digital economy, building a better system for record keeping isn’t enough.
We should strive to build the best system. Using tools like MAIAN to expose current weaknesses is a good place to start.
Disclosure: Several members of the Futurism team, including the editors of this piece, are personal investors in a number of cryptocurrency markets. Their personal investment perspectives have no impact on editorial content.