Currently, hundreds of thousands smart contracts are operatingin Ethereum blockchain, managing wallets, tokens, applications or are used for storaging data. The group of British researchers independently could identify 34 200 vulnerable smart contracts.
Professor’s assistant from the University College of London Ilya Sergey and his colleagues has conducted a large-scale research for detection of all possible vulnerabilities of smart contracts on Ethereum blockchain. For this purpose they downloaded Ethereum blockchain, had created its fork for private use, and began to lauch various scenarios, trying to achieve undesirable consequences. When these consequences came, they marked the smart contract “with the traced vulnerability”.
They analysed about one million smart contracts and found out that 34 200 of them contained critical vulnerabilities. They checked the assumptions on 3000 smart contracts, and in 89% of cases caused those undesirable consequences. In theory, it could allow them to steal $6 million in Ethereum.
According to experts, early detection of vulnerabilities allows to prevent possible negative consequences. For example, in November, 2017 the user with DevOps19 nickname found vulnerability in a code of library of an Ethereum-wallet Parity and accidentally blocked $150 million.
Attempts to find creators of vulnerable smart contracts were vain. But as researchers don’t report in what smart contracts vulnerabilities had been found, conditionally they can be considered as safe.