Technologist - The FindLaw Legal Technology Blog

Reports: Ethereum Smart Contracts Are Far From Secure

So, some smart contracts are not so smart after all.

According to a new study, about 34,000 smart contracts built on blockchain technology are vulnerable to hackers. An "accidental bug" in an Ethereum blockchain, for example, cut off users from $150 million to $280 million in their virtual wallets last year.

It's hardly a death knell to the wildly popular technology, but it does raise some second thoughts. Like, what is going on?

Is Blockchain Hype?

MIT Technology Reviews says Ethereum smart contracts are "full of holes." Part of the problem is the hype about a new field; another problem is that security researchers are just beginning to understand its vulnerabilities.

Ilya Sergey, a computer scientist at the University of London, co-authored a study that analyzed nearly one million Ethereum smart contracts. They flagged 34,000 as vulnerable.

"I believe that a large number of vulnerabilities are still to be discovered and formally specified," Sergey says.

In non-tech terms, that means vulnerable to theft.

The Parity Event

Last November, a smart contract user triggered a "major vulnerability" in the Parity Wallet. The user inadvertently became the owner of the smart contract controlling user wallets in the blockchain.

"In a panic, the user then wiped out some of the core library code, freezing Ethereum belonging to approximately 500 wallets and worth roughly $150 million," reported ZDNet. "This may only be the first indicator of a wider problem, however."

In Sergey's research, a team found they were able to compromise 89 percent of the vulnerable contracts they discovered. If they were exploited by criminals, it would translate to about a $6 million theft.

Related Resources: