One of the things that makes the Ethereum network unique and special is the fact that it offers a number of smart contracts. These smart contracts are basically coded operations which are executed upon a specific input being sent. Basically, they get executed once certain conditions are met with. There are millions of smart contracts on the Ethereum network. However, as the number of smart contracts rise, there are bound to be some smart contracts which aren’t coded as securely.
A team of researchers scanned almost a Million smart contracts recently, finding out that about 34,200 of them are vulnerable to security breaches. Basically, users could have their assets frozen, stolen or deleted by attackers. Smart Contracts are one of the biggest reason for the popularity and success of the Ethereum network.
However, before blaming the coders and the Ethereum network, it must be understood that smart contracts, at the end of the day, are just pieces of code. There is a possibility that codes can be vulnerable. No piece of coding can claim to be 100% hack proof. In 2016, the DAO organization was the target of one such attack where the smart contracts were exploited, stealing $50 Million from the organization.
It was after the aforementioned DAO incident that a tool named Oyente was created, which can scan smart contracts and detect potential vulnerabilities and code flaws. Out of almost 19,400 smart contracts that this tool scanned in 2016, over 8800 of them were found to be vulnerable. However, this tool had the problem of scale. A new tool, Maian was then created which helped scanning at a large-scale.
Last November, a Github user (accidentally or intentionally) managed to lock $285 Million worth ETH inside parity wallets using a bug that he came across. This prompted the creation of Maian, which can scan for security bugs and flaws in smart contracts at a larger level. After scanning about a million smart contracts on the Ethereum Network, it was discovered that about 3.5% of all smart contracts had some kind of a security flaw.
The National University of Singapore (NUS) research team working on this project is now warning users about the dangers of trusting smart contracts blindly. While the blockchain technology presents itself as a tamper-proof solution for record keeping, codes on apps that are built upon it are still susceptible to attacks.