Hosho Security Research: Quarter of All Blockchain Smart Contracts Contain Errors
Quarter of Smart Contracts Found to Contain Errors
Hosho has audited more than $1 Billion in smart contracts with some very sad discoveries made. The popularly trusted security firm has broken down more smart contracts than any other company on the planet. Findings by Hosho have shown that more than 25% of all smart contracts have significant problems within their codebase, so much error in fact that the code is damaging to the contract. To clarify, more than 25% of all smart contracts have critical bugs, and at least 60% have no less than one security problem inside the code.
Ethereum, as safe as many people think it is – turns out to be the most damaged platform – which is actually more dangerous to use than any other cryptocurrency network as far as smart contracts are concerned. The unfortunate problems in Ethereum’s code are said to be so severe that literally hundreds of millions of dollars have been either lost or stolen as a result. Several different platforms are pushing developers to remove the bugs from within their code to improve security. The first step is to identify the problems inside the platform's code than to remove them. To effectively find code strings that contain bugs than successfully remove them from the platform, several companies are opting to pay for help from outside resources. Using third parties to audit smart contracts, research code and find bugs is at this time, the most effective method in use for debugging a system.
It’s normal for smart contracts to be audited prior to a crowdsale or ICO, but it’s a good guess that a lot of companies bypass this step or cut corners to get through the tokensale. Several issues happen when corners start getting cut, it’s an obvious mistake to everyone in the industry and can be detrimental to the health of a company. Some of the most voracious bugs will steal all the content of a wallet or at least a portion of them. Other bugs allow for the manipulation of wallet code so that any money supposed to be sent to one wallet, is instead directed to another. After the initial sale, the wallet locks up, so an investigation is complicated at best.
Another company to partner with Hosho has their view on the problem:
“In the absence of industry standards, we see smart contract auditing and penetration testing to be essential components of good security in blockchain systems,” said Amazix CMO Kenneth Berthelsen. “In our view, there are no better-qualified people to do this than Hosho engineers.” He followed up with.
Smart contracts are used for everything imaginable, so a resolution to the current problem must be found. Until the system is fixed and infallible, no one will be able to trust smart contracts entirely, making them too problematic for mainstream use.
Can smart contracts ever be completely foolproof? The answer question remains unanswered. What do you think will happen in the future of smart contracts? Leave your opinions in the comment section below.