As per a study, 1 in 20 smart contracts are compromised. What are the risks of smart contracts? Find out!
Smart contracts are the digital replacement for the middleman. They are decentralized digital agreements between two parties without any intermediaries. Previously, you would require a third party to create and oversee an agreement; now, with some blockchains, you require none.
There are many advantages to smart contracts. For one, you can rest assured that no single party is in control of the contract. Secondly, once uploaded onto the blockchain, the contract cannot be tampered with. You cannot modify or amend it, since everyone on the blockchain gets a copy of it. There’s a promise of security, speed and transparency. However, the smart contract being visible to all is a double-edged sword.
While both parties to the transaction can view the contract at any time, so can hackers. And in doing so, they can discover vulnerabilities that can be used to exploit the blockchain. Given that, smart contracts are not as safe as they seem.
And that’s primarily due to bugs in the code
Smart contracts are self-executing codes that cannot be modified once uploaded. Often, these codes are poorly-written, thus featuring bugs that make them vulnerable to attacks. These bugs can trigger unintended tasks that can result in tremendous losses for investors. In fact, a 2018 study found that 1 in 20 smart contracts are at risk of being attacked. Additionally, there have already been instances in the past where vulnerabilities in smart contracts have resulted in huge financial losses.
For instance, in 2016, the infamous Genesis DAO cyberattack took place where a hacker found and exploited a bug in the smart contract. They discovered that you could request funds multiple times before the contract registers it and updates the balance, allowing the hacker to request significant amounts again and again. This led to losses to the tune of millions of dollars worth of Ether.
You cannot fix a contract
In the case of traditional agreements, if any party feels that they want to modify the contract or update it, they can do so with ease. It would probably involve the signatures of both parties and someone to edit the document. With smart contracts, on the other hand, you simply cannot modify an agreement. Instead, you will need to deploy another contract to interact with—and, ideally, rectify—the existing one. While being unable to edit a smart contract has its perks (read: security), it also has its drawbacks (read: errors!).
The legal gray area
Another issue with smart contracts is regulation. The lack of any governing laws surrounding cryptocurrency leaves signers all the more vulnerable, with no safety net in case of attacks, like the ones aforementioned. Legal liability becomes a gray area, with no single party being held responsible for any mishaps.
How can you prevent smart contract attacks?
There are some ways to make smart contracts safer. At the outset, set up regular audits and automated security scans that will help point out any bugs before and after you upload the contract. Plus, this way, you won’t end up putting too much pressure on your developers.
That said, the second tip is to give due attention to the code. Read, re-read and then re-read the code to ensure that the smart contract has no bugs. Make sure you haven’t included any clauses that might allow users to exploit it. For instance, in the Parity Attack in 2017, the hacker emptied several wallets of US$31 million in Ether by making themselves the owner of multiple multi-signature wallets, enabled by a glitch in the smart contract.
Thirdly, utilize trusted blockchain tools when creating your smart contracts. While Ethereum is arguably the most popular platform for smart contracts (given that it was the first to introduce them), there are other options, like Hawk and Hyperledger Fabric. So, do your research!
Lastly, incentivize your users to point out bugs by offering “bug bounties”. For every bug they spot and tell you about, reward them with cryptocurrency. This way, you would reduce the odds of people exploiting your platform.
Are smart contracts the future?
Given that smart contracts have numerous use-cases—from enabling voting mechanisms to taking on the task of monthly employee payments and more—many industries might turn to smart contracts for safer and faster deployment of their features. That said, for smart contracts to truly thrive in the blockchain environment, changes are in order. For one, blockchains will have to set up a way to update smart contracts, in case of bugs, without having to deploy a whole new contract. Secondly, companies would need to up their smart contract validating systems to ensure that there are no loopholes. Lastly, given its fast adoption, the area demands urgent legal attention to protect investors from attacks.
- What Is Regulatory Clarity For Crypto and How Can We Achieve It?
- What Is a SMART Contract?
- How Safe Is DeFi and Should You Invest in It?
- What Are ERC Standards? Common ERC Standards You Need to Know About!
- Is It Possible to Regulate Cryptocurrency?
- Why Is the IMF Concerned about Cryptocurrency?
Header Image by Freepik