Smart Contracts as a Threat to a Blockchain Startup’s Security

Ethereum smart contracts, according to the platform’s official web page, “run exactly as programmed without any possibility of downtime, censorship, fraud or third-party interference.” That sounds good, but is it true?

In this article, I examine whether things are actually so nice and neat by dissecting some issues encountered by smart-contract users. In the final section of the post, I will also recap my thoughts with a brief guidance on creating safe smart contracts.

The article is going to cover Ethereum smart contracts only. The community has wordlessly associated “smart contracts” with “Ethereum smart contracts.” Nevertheless, the former is more of a concept, while the latter denotes an implementation, and the question of how accurately this implementation corresponds to the concept is debatable. (And so is the smart contract concept proper as well as other implementations. This subject matter is complex, underestimated by many and captivating — those interested can peruse the materials by Nick Szabo.) Long story short, by mentioning “smart contracts” in this post I mean “Ethereum smart contracts.”

The article will only touch on the Solidity contract-oriented programming language as the most common one in the Ethereum ecosystem and, effectively, the only language of its kind at this point.

Let’s take a moment to shed some light on the issues that smart contract developers come across, rather than the security of the platform itself. (Although a little bit of the latter will be mentioned, too.) It makes sense to break these issues down into the following types:

  1. Issues with smart contract code
  2. Development issues
  3. Language issues
  4. Concept issues

1. Issues With Smart Contract Code

When discussing coding issues, I refer to the ones that can be solved by editing the .sol file. These include:

  • Known vulnerable constructions (for example, re-entrancy). Even well-documented (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by David Balaban. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/I8np7uol7GQ/