Smart Contract Vulnerabilities

Given the importance of smart contracts on major block-chain platforms such as Ethereum, EoS, Tezos, Monero, etc. there has been a renewed understanding and focus on security vulnerabilities in smart contract space. Given the recency of this domain, firms such as trail of bits have created a niche in detecting, analyzing, and preventing vulnerability exploitation. The problems with smart contract vulnerabilities are multi-fold and specific to the blockchain’s design itself.

Since smart contracts – once launched onto the main-network have no mechanism to be reverted back, except to be stopped or killed, they are unlike any other software that is amenable to be changed once bugs are found. Another issue with smart contracts is its dependence on data or programming interfaces outside its own binary executable. With this kind of external dependence, it is not entirely within the control of the smart control developer that the program being written in itself is self-contained and all conditions that could ever occur with the data are tested before releasing the smart contract onto the blockchain’s main-net. Very often this data or programming interfaces themselves are not reliable thereby causing problems wherein the smart contract logic, though executing appropriately are themselves subject to a lot of flaws.

Several of these issues have recently been analyzed by firms such as trail of bits as given above and have been disclosed in the form of academic research. A detailed catalog backed by academic research supported by Trail of bits demonstrates about 246 different types of findings therein.