34 Thousand Vulnerabilities Are In Ethereum Smart Contracts

34 Thousand Vulnerabilities Are In Ethereum Smart Contracts

Currently, in the Ethereum blockchain, there are hundreds of thousands of smart contracts that manage wallets, tokens, applications or used to store funds. A group of British researchers alone was able to identify 34,200 vulnerable smart contracts, writes Motherboard .

The assistant professor from the University College London Ilya Sergey and his colleagues conducted a large-scale study to detect all possible vulnerabilities of smart contracts on the Ethereum blockchain. To do this, they downloaded the blockchain Ethereum, in effect creating its fork for personal use, and began to launch a variety of scenarios, trying to achieve undesirable consequences. When these consequences came, they marked a smart contract "with a tracked vulnerability."

Analyzing about a million smart contracts in this way, the researchers found that 34,200 of them contained critical vulnerabilities. They tested their assumptions on 3,000 smart contracts, and in 89% of cases they caused the most undesirable consequences. In theory, this could allow them to steal $ 6 million in Ethereum.

According to experts, early detection of vulnerabilities helps to prevent possible negative consequences. So, for example, in November 2017, a user under the pseudonym DevOps19 found a vulnerability in the code of the Ethereum-purity library Parity and accidentally blocked $ 150 million.

We are working with applications that have two very unpleasant features: they are used to manage your money, and they can not be fixed.

Attempts to find the creators of vulnerable, smart contracts were in vain. But since researchers do not say which vulnerabilities were discovered in smart contracts, they can be considered conditionally safe.

If someone wants to take advantage of our idea, he, at least, will have to do as much work as we did.

Information Source: Motherboard