Singapore researchers find 34,200 vulnerable Ethereum smart contracts
Block Asia catches up with one of the researchers, Aashish Kolluri
Author: Wang Yanhua
Nearly 100 million Ether (ETH) is in circulation, but more than 4.2 million of it has already been compromised.
Yet, more than 99% of initial coin offerings still happen on the Ethereum blockchain.
Five researchers from Singapore and the United Kingdom working in the National University of Singapore’s (NUS) Security Lab analysed one million Ethereum smart contracts. They discovered that 34,200 may be vulnerable to exploitation.
Their research paper, published in March this year, gained wide attention.
The researchers developed a tool called Maian which takes approximately 10 seconds to analyse one smart contract. Maian only requires the byte code of the smart contracts and not their source code.
One of the researchers Aashish Kolluri, an incoming NUS PhD student from India, told Block Asia, “It’s only been over a month and people are recognising it. We have a good response. Even though we are still facing some maintenance issues, it has been fairly popular.”
The tool Maian checks smart contracts for three categories of bugs: greedy, prodigal, and suicidal. These vulnerable contracts lock funds indefinitely, leak them to arbitrary users, or are susceptible to be killed by any user respectively.
Kolluri said, “A lot of people write bad code. There are nuances in the smart contract, and people don’t take a lot of care when writing the code.
“Blockchain is different from any other coding environment, so you need to consider how your code will run on the blockchain. And once you put the code out there you can’t change it unless there’s a fallback option.”
Kolluri told Block Asia that the team’s goal is to “reduce ETH loss in the whole ecosystem”.
Last year, a mishap by Ethereum wallet provider Parity saw USD 160 million in cryptocurrency code frozen, and still no solution has been pursued to free up the funds.
“To fight high level and critical bugs like the one that attacked Parity, we need a practical and scalable tool which detects vulnerabilities,” said Kolluri.
Maian is now on GitHub for users to try. Kolluri told Block Asia that the team of researchers has plans for the promising tool, “We do plan to make it large scale in the future, and make the user interface much better.”
Visit www.blockasia.io for more Blockchain and Cryptocurrency news in Asia and around the world.
Follow us at Facebook.com/BlockAsia.io and Twitter.com/block_asia today for the latest updates!
Originally published at www.blockasia.io on May 17, 2018.
