A new research was carried out over nearly 1 million Ethereum accounts , which has led to the discovery that 34,200 smart contracts are in a vulnerable position ready to be stolen or exploited in order to steal Ether. This can further be extended to freezing and even deleting assets from contracts that attackers don’t own or have proper virtual access to thanks to this new bug.
Cryptocurrency itself presents a unique and complicated problem for those that are unaware of the problems related to them. Not only is the dealing of cryptocurrencies a complex problem on its own, but many of the complicated procedures related to its security and its transactions can be a worry too. Smart contracts are a similar such tale.
Smart contracts are basically a set of complex coded operations that are executed automatically once an input is sent to the contract. This allows the user or the holder of this contract to set a limit on what kind of bids he wishes to accept on his coin. In an auction of this Ethereum coin, X is the number of bids that have been made on the object. By setting a function of X>100 the owner can prolong the bidding process before eventually selling it off to the highest bidder. The winner is automatically sent a sales order to validate the purchase. These smart contracts are what make Ethereum so reliable and desirable. These are used by almost all other cryptocurrencies during ICOs.
After a hacker exploited a bug which led to a theft of nearly $50 million, researchers at the National University of Singapore began looking for bugs in these smart contracts. This led to the development of a tool named Oyente that was capable of scanning contracts for bugs. Of the 19,366 contracts scanned, 8,833 were showed to be volatile and prone to being stolen.
Their discovery didn’t get much attention while their warnings were not heeded at all. However, another incident that led to the loss of $285 million in Ether sparked another outraged. Another more powerful tool named Maian was launched to carry out an even greater in-scale scan of all contracts. A whopping 34,200 showed signs of being vulnerable to further attacks. Further research is under way to come up with a way to eradicate these bugs and to spot other similar vulnerabilities in smart contracts.
