A report prepared by various scholars from the National University of Singapore exposed vulnerabilities in smart contracts that exist ethereum platform. The document specifies that such problems are found in the semantics of the programming language used.
Doctoral students and teachers who prepared the report , developed a tool to identify potential security bugs in smart ethereum contracts whose vulnerabilities are capable of being exploited for the benefit of a potential attacker.
This tool was named after Listener and, according to the document, managed to identify 8,519 intelligent contracts as vulnerable a total of 19,366 existing ethereum. This represents almost 44% of all smart contracts registered on the platform.
THE RISKS OF SMART CONTRACTS ETHEREUM
Although the report focuses on the platforms of smart general contracts, the Listener tool was executed in the network ethereum to be the most popular in the field of smart Contracts. However, references were also made to other platforms such as Rootstock and Counterparty .
Smart contracts can handle a large number of virtual coins valued at tens and even hundreds of dollars each, making them financial incentives to attract high enough attackers. Unlike traditional distributed application platforms, intelligent platforms as ethereum contracts operate in open networks (or access without permission) in which participants can join arbitrary. Therefore, implementation is vulnerable to manipulation attempts by opponents. A threat that merely accidental failures traditional centralized restricted networks such as cloud services.
The report groups the security bugs contracts ethereum into three main categories: the dependence of the order of transactions, dependence on timestamps and exceptions for mishandling Where for each of the cases the authors of the document presented. concrete and easy to understand that help us visualize potential vulnerabilities examples.
Using design mechanisms has ethereum, an attacker with appropriate expertise could develop algorithms that allow them to exploit such vulnerabilities of the platform and take advantage unfairly, although permitted in certain cases.
IMPROVING INTELLIGENT CONTRACTS
The report was presented with a clear intention of constructive criticism, where in addition to identifying vulnerabilities that the Listener tool found on the platform ethereum also concrete measures to be implemented in the platform and improve the security of smart contracts solutions were presented.
According to the three factors that have security bugs on the platform, researchers from the National University of Singapore presented monitored transactions, deterministic time marks and better exception handling and possible solutions.
In addition, they made a presentation of the Listener tool relative to its design, implementation ethereum platform, quantitative analysis of the results obtained and subsequently made public checks. All this to provide tool developers of these platforms smart contracts in seeking more robust and secure systems.
ETHEREUM RECEIVES THE COLLABORATION AND SUPPORT OF THE COMMUNITY
Recent events related to the DAO project that runs on the platform ethereum, have raised the voices of the community of criptocurrency both for and against the team of developers led by Vitalik Buterin. Although the attack was made to accommodate a DAO contract vulnerability of the Autonomous Decentralized Organization, they have subsequently emerged signs that provide language “Solidity” as vulnerable to similar situations.
Despite some strong criticism towards the platform took popularity, something has become clear in all this: the developer community and cryptography experts has supported ethereum amidst all this. Research like this and previous analyzes as presented by the portal team Hacking Distributed attest to the importance of this intelligent platform for the development of new technologies and applications contracts.
It is almost obvious that ethereum being the pioneer in the world of smart project contracts, all the risks and criticisms fall on it. As this platform is the main reference, it is that it has collected as much collective support and is the greatest ambition has shown so far. Therefore, failure to submit ethereum may well be expected, and also needed more in these early years which are developing the first innovative applications.
Reports like these certainly should be considered not only for the team ethereum, but also by developing other intelligent platforms contracts. By identifying vulnerabilities and potential security bugs, it is forced to pause and, most importantly, a stakeout seek immediate improvement of the platform in order to provide better technological alternatives not only to users, but to humanity in general.