Research Report: Most of the smart contracts based on Ethereum use potentially vulnerable code

Researchers from the University of Maryland and Northeastern University have recently analyzed smart contracts based on Ethereum to determine "how users and contracts interact with each other".

Collaborative research required changes to the Ethereum Geth client in order to retrieve bytecodes from all contracts issued on the Ethereum blockchain. Bytecodes are "compact numerical codes, constants and references" that can be "performed efficiently".

Using bytecode to analyze smart contracts

According to TheBlock, the information obtained by the bytecodes "covered almost three years of blocks" and came from the "first five million blocks" produced and recorded on the Ethereum network.

After carefully examining the bytecodes, the researchers found that the majority, 60%, of all the smart contracts issued on Ethereum had "never interacted". This indicates that there may be a large amount of dormant (or unused) code and encryption tokens on the main Ethereum network.

Furthermore, the bytecode data revealed "an extremely high level of code reuse and code similarity on Ethereum". In fact, the researchers were able to reduce the 1.2 million smart contracts created on Ethereum to 5,877 "clusters" of contracts because they contain "very similar bytecodes."

Reuse bad, unsafe code

Although code reuse is a very common practice because there are models for routine procedures, the "high level of code reuse" (in this case) suggests that potential security bugs or vulnerabilities found in certain contracts could also affect " thousands of similar contracts that have reused their code. "

The researchers noted that in 2017 the number of transactions on Ethereum has increased significantly from around 40,000 per day to over 1 million per 24 hours. It is important to note that the Ethereum network is still processing a large number of transactions despite the fall in the price of its native token, ether (ETH).

At the moment, the transaction termination rate on Ethereum is about 0.01% -0.1% and about a third of all smart contracts are executed only by other contracts, rather than being initiated by users.

Series vulnerabilities, common misunderstandings

As reported by CryptoGlobe in June, an intelligent contract bug on the ICON network (ICX) allowed anyone, except the contract owner, to suspend transactions on the cryptocurrency platform blockchain.

Although the technical problem of the software was solved later, social media users have criticized the ICON developers for not being more careful. At the time, the market capitalization of the platform's native token, ICX, was around $ 800 million.

In particular, there is a common misconception that smart contracts are able to reduce transaction costs and eliminate intermediaries or third parties. As explained by Bitcoin developer, Jimmy Song, "the execution of the agreed consequences is what makes smart contracts powerful, not in the innate intelligence of the contract."

Song added that smart contracts were written primarily by people who were not lawyers or qualified legal experts. These "neophytes" usually do not understand how to write appropriate contracts – which can potentially lead to vulnerabilities or defects in their construction.