Smart Contract Are Not Safe By Nature
Not all smart contracts are “smart” like we think they are. Smart contracts, such as the ERC-20 token standard, contained over $4 billion in digital assets by early 2018. These assets are not always as secure as we would like them to be, as evidenced by multiple hacking incidents.
This represents a significant burden for the crypto community, especially for new investors who buy the hype without adequate due diligence. Unfortunately, whenever hacks occur, or vulnerabilities are discovered, the media tends to report only these negative aspects of smart contracts instead of their capabilities or what they can accomplish.
We will mention a few attacks in this article and why we believe we should make smart contract auditing a requirement.
Why Do We Need Smart Contract Auditing?
The biggest smart contract hack happened approximately two years ago, known as the DAO attack. The DAO was a decentralized venture capital fund where investments were based on community votes. The DAO was hacked by exploiting a combination of vulnerabilities in the DAO smart contract. The media has already reported extensively how the DAO was hacked so that I will spare you the details.
In summary, the DAO hacker stole a total of 3.6 million Ether (Ethereum). At the time of the theft, the approximate value of 3.6 million Ether was $50 million. Based on the current market value, this is approximately $2.1 billion. As a result of the attack, Ethereum forked, and thus, Ethereum Classic was born, which was presented as the real Ethereum blockchain.
More recently, a bug known as Parity “oops I accidentally killed it” was discovered. Parity was a major vulnerability. Through this simple delete, $300 million in assets were frozen. To this day, there is still no solution to recover the frozen funds. Parity was initially pushing for a hard fork but now seems to be relenting due to community uproar.
Last but not least, the POWH coin: the self-sustaining pyramid scheme that paid its early users a dividend of 10%. Speaking of pyramid schemes, the developers introduced an even more attractive version of their contract (PoWH Coin Shadow), which had a 20% dividend and collapsed shortly after launch, resulting in the loss of several hundred Ether. A White Hat hacker immediately found another vulnerability in the original POWH Coin smart contract and posted it in Discord, resulting in a total loss of 2,000 Ether. The hacker exploited an unsigned integer underflow, making it possible to remove an infinite number of POWH tokens.
We have only mentioned three attacks above, but there are hundreds of other hacks and bugs in smart contracts and cryptocurrency. Smart contract attacks and bugs such as these can create a distorted image of the crypto space, leading investors, users, regulators, and the general public to conclude that it is immature for investment and dangerous.
At the moment of writing, 90% of ICOs are still using the Ethereum chain. However, new protocols and token standards will soon appear on the market, increasing the demand for a structured auditing process of smart contracts across different chains.
Safety as a Driver For Smart Contracts Adoption
Given the exponential growth of digital assets and their application in every imaginable aspect of a company, the need for smart contract security will only increase. This is particularly true in sensitive sectors such as aviation and banking, where smart contract security isn’t optional. Vulnerabilities with smart contracts in these sectors can endanger not only investors but entire economies.
The more smart contracts are deployed across different platforms, the higher the danger. Therefore, users should require an audit of the smart contract or the currency in which they invest.
Smart contracts security is the fundamental driving force for the development of cryptocurrencies, which is why we formed the Callisto Security Department. By providing a solution that allows developers to easily and affordably verify the security of their smart contracts, we believe that we will help prevent attacks such as those described above.
Audit your smart contracts with Callisto Network!
Trust the Blockchain, Audit the Smart Contracts.
Follow Callisto’s Security Department on Twitter to get our latest news and updates!