You’ve probably heard by now that smart contracts are not flawless. Among the core issues facing various smart contracts is the fact that they’re only as good as the programmer who coded them. While loopholes in smart contracts can happen by accident, latest reports show an increasing number of bad actors wrecking havoc within this niche’ digital space
Blockchain security firm Hosho is dedicated to smart contract auditing and ethical hacking. It is the type of white hat hacking that serves to test how good your defenses are against a cyber attack. They tested the smart contracts behind ICO projects that raised more than $1 billion collectively… and their findings are a little unnerving:-
Over one in four smart contracts contain critical vulnerabilities
Three in five smart contracts contain at least one security issue
As one of the largest smart contract auditors in this sector, Hosho claims to have audited more smart contracts than any other company operating in this industry today. They’re also the firm behind Kraken’s crypto exchange architecture.
Hosho’s findings reveal that while this nascent technology is, without doubt, a gamechanger, its rapid growth needs to be coupled with higher security standards.
We’ve already seen the types of situations that can occur from a smart contract hack, including the infamous DAO Hack of 2016 and the Parity wallet exploits. But as governments begin to debate over the concept of smart governance, and blockchain for voting and documentation, the issue of smart contract vulnerabilities must be thrust front and center.
Smart Contract Loopholes May Be Intentional
While in some cases, a loophole in a smart contract may be caused by a tired or novice programmer making a mistake, in others, the smart contract is maliciously coded by a bad actor. On top of Hosho’s research, a combined effort between three universities from the US, UK, and Singapore found that, in March of 2018 alone, more than 34,000 smart contracts out of 1 million (over 3%) had coding vulnerabilities.
We often find ourselves engaged in a debate about when cryptocurrencies will make it to the mainstream or when this ‘much-hyped technology’ will fix all of the world’s pressing issues. But it’s essential not to push this technology to run before it can even walk. Smart contracts are still a work in progress and tougher security measures need to be established first and foremost.