The Smart Contracts of Ethereum lack diversity, putting the entire network at risk


Although Ethereum is the second most popular cryptocurrency, with a market capitalization of $ 21.47 billion and has the strongest developer network, a university research paper recently discovered that most of the contracts on the Ethereum network are direct copies or almost direct from other contracts. Having a widely available code can be the driving force behind the popularity of Ethereum. However, it puts the entire network at risk, especially if there are vulnerabilities and bugs in the original code.

Substantial reuse of the code in Ethereum

According to the document entitled "Analyzing the Ethereum contract topology,"Published by Northeastern University and the University of Maryland on October 31, 2018, while the Ethereum platform is very popular with developers, there is substantial reuse of code within the network.

Analysts have found that 1.2 million contracts created by users can be reduced to clusters of 5,877 contracts that have a very similar code. The lack of diversity and variation shows that a small bug in a contract could have a widespread impact on the community of users and developers of Ethereum. These bugs and vulnerabilities in the system have been discovered in the past, which unfortunately led to attacks, costing the community of Ethereum hundreds of millions of dollars in loss of value. At the rate of growth of the network, the lack of different code on the part of Ethereum becomes an increasingly urgent problem.

To reach these conclusions, analysts from both universities collected the bytecode from all contracts published on the Ethereum blockchain during the first 5 million blocks that took place three years ago, in 2015 during the first version of Ethereum. They also collected modified data from the Ethereum virtual machine, known as Geth, and recorded all interactions between contracts and users.

Lack of diversity regarding the etereum

Ethereum is currently the most popular blockchain platform for developers. Market capitalization and exchange rate of Ethereum, which has grown over 1,000 times since its inception. There are also about three times more smart contracts on the Ethereum network than any other blockchain network. The use of Ethereum, measured by the number of transactions in the system, also increased exponentially, with the average number of transactions per day rising from 40,000 to over 1 million.

Although Ethereum recorded a price fall from its historical highs in January 2018 to $ 1,477, to $ 208.09 in November 2018, as seen on CoinmarketCap, the document noted that growth and the number of transactions per day remained relatively stable.

ICO 2017 report by Ernst and Young has shown similar results. While NEM, NEO, Waves and Stellar have attracted much attention in 2017, no other blockchain platform has managed to rival Ethereum. The Ethereum developer community remains the strongest on Github and has the highest social media activity on Facebook, Twitter and Reddit.

At the current pace, the Ethereum platform will continue to attract more contracts. The research paper, however, emphasized their concern to repeatedly use very similar code. They noted that the few creators compared to the total number of contracts will involve the reuse of the code extensively, affecting the overall reliability of the contract ecosystem. Also, in a blockchain system like Ethereum, smart contracts can not be changed because they separate themselves from the blockchain state. The creators have to make new contracts and migrate the old or the existing old.

Analysts interested in the attacks of the past

The university research paper found that Ethereum has suffered numerous attacks in the past due to code vulnerabilities. A great example is the hack Decentralized Autonomous Organization (DAO). Known as "the mother of all hacks of smart contracts"The DAO was a venture capital fund for cryptocurrency companies that operated without a central government authority, and they completed everything through smart contracts and codified all the rules and financial transactions on the blockchain.

While the DAO collected 12.7 million Ether (about $ 150 million at the time) in May 2016, becoming one of the biggest crowdfunding projects, it was soon hacked a month later, in June 2016. Unfortunately, there was a bug and a loophole in the DAO code, which allowed the hackers to drain funds from the company. In the early hours, the hacker stole 3.6 million ETHs (about 79.6 million dollars at the time).

The DAO hack is unfortunately just one example. Others include Parity hack, an incident in July 2017, in which a hacker attacked the Parity Wallet organization and stole 150,000 Ethereums (about $ 30 million at the time) despite being examined by a solidity expert and subjected to a comprehensive audit and peer review process.




Shutterstock foreground image.

[blokt] is a leading independent blockchain news source that maintains the highest professional and ethical journalistic standards. Journalists are required to meet our editorial policies and guidelines.

Source link