A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a “scalable technique” to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process.
Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met based on the encoded terms of the agreement. They allow trusted transactions and agreements to be carried out between anonymous parties without the need for a central authority.
In other words, the code itself is meant to be the final arbiter of “the deal” it represents, with the program controlling all aspects of the execution, and providing an immutable evidentiary audit trail of transactions that are both trackable and irreversible.
This also means that vulnerabilities in the code could result in hefty losses, as evidenced by hacks aimed at the DAO and more recently, MonoX, where adversaries exploited loopholes to illicitly siphon funds, a scenario that could have catastrophic consequences given the burgeoning adoption of smart contracts over the past few years.
“Since smart contracts are not easily upgradable, auditing the contract’s source pre-deployment, and deploying a bug-free contract is even more important than in the case of traditional software,” the researchers detailed in a paper.
images from Hacker News