Bitcoin may be monopolizing headlines, but one of the real stars of the blockchain revolution is the smart contract. Originally pioneered by Ethereum, the smart contract was intended to eliminate many of the barriers and processes that raise the costs of doing business.
By building an automated contract that is pre-programmed, steps like arbitration can be effectively be removed from the equation, giving two entities a faster and more trustless means to transact. However, despite the positive hype surrounding smart contracts, they might not be as smart as they first appeared. In fact, recent misconduct has illuminated some of the glaring problems with the technology. With this new information, the future of smart contracts remains unclear.
Smart Contracts as A Breeding Ground for Fraud
The enormous returns witnessed across the blockchain ecosystem have attracted participants and investors from far and wide. Its gravitational pull has also served as a catalyst for an explosion of blockchain-based businesses and ideas, backed by capital raised through crowdfunding.
Apart from the valuation gains, though, a more dangerous force has been lurking in the background, remaining an ever-present concern for companies seeking to deploy blockchain’s capabilities: hackers.
Complete our SAP x Data Natives CDO Club survey now, and help us to help you
Although blockchain, by design, is meant to be more difficult to break into, code exploits and other malicious activities have resulted in hundreds of millions in losses for investors, exchanges and companies themselves.
Recent figures published by Ernst & Young suggest that in excess of 10% of the total amount raised through initial coin offerings (ICOs) has been lost due to fraud or coding errors, especially as the perceived quality of new issues declines.
Many companies co-opted the mania surrounding cryptocurrencies to take a slice of the growing pie, rushing to publish white papers that often neglected to cover key points or address significant discrepancies in the code. Leaning on strong PR and a fear of missing out that overshadowed the need for comprehensive due diligence, many individuals also tend to overlook the more critical aspects of a potential investment in favor of speculating, which has also driven the mania even further.
However, even some of the largest blockchain companies have suffered from flaws and high-profile attacks. One example is Parity, a smart contract coding company with a vulnerability that resulted in the theft of $30 million worth of Ethereum during the summer of 2017.
This was not the end of the story; another bug resulted in an additional major blunder for Parity’s multi-signature contract that held Ethereum for users. In November of 2017, a user found a way to gain ownership over this smart contract. By making himself an owner, the user accidentally deleted one of the functions of the contract that allowed contract parties to transfer the Ethereum held in the contract. The user effectively locked the contract, preventing holders from accessing their funds. This fatal error cost an estimated $150-300 million in losses.
Identifying Vulnerabilities to Improve Transparency
One of the attributes of many new successful blockchain launches is the willingness of project owners to reward the community with bounties for bug hunting. This uncovers vulnerabilities that might translate to losses.
However, apart from smart contracts, even associated websites should be reviewed, as evidenced by the CoinDash ICO hack. Intruders changed the wallet address on the company’s website, luring crowdfunding participants into sending their Ethereum to a different address than the one officially used by the company. Again, this resulted in millions of dollars in losses.
Ultimately, the point of regularly conducting audits is not only for spotting vulnerabilities, but also demonstrating a commitment to transparency while reassuring the community that the safety of their funds and contracts is paramount.
One aspect highlighted by these events is the need for the entire industry to focus more on fixing the associated problems with the technology that may be preventing more widespread adoption. Up until now, much focus has been on chasing speculative returns and high valuations.
Companies like Hosho are leading the charge on this front, with a more holistic view towards blockchain security. Unlike competitors like Experfy and Solidified (which focus their attention on evaluating the efficacy of smart contracts and uncovering potential weaknesses), Hosho is adding value by generating 360-degree audits that also cover penetration testing and providing other services designed to ensure better contract security.
New dedicated services are sprouting up to tackle the challenges associated with smart contracts, helping to build a friendlier ecosystem that will enable greater institutional participation. For businesses specifically to begin embracing blockchain-based smart contracts and their automation capabilities, dependability is crucial.
As the Parity issues revealed, penetration testing and regular audits may not necessarily solve every problem. However, they do go a long way towards reassuring platform participants and investors interested in contributing to an ecosystem that is increasingly fraught with risks. Without greater efforts towards highlighting the seriousness of the problem, overall adoption will slow.
Minimizing Risks While Maximizing Credibility
The need to constantly be on the hunt for bugs and vulnerabilities is vital towards building smart contract platforms that are both capable and reliable. While the smart contract revolution is still in its early phases, the number of firms recognizing the potential is immense, contributing to great progress towards identifying and fixing flaws.
As the industry increasingly depends on transparency to win funding and overcome participant reluctance stemming from past fiascoes, it is essential that companies start implementing smart auditing and penetration testing.
Like this article? Subscribe to our weekly newsletter to never miss out!