Codifying Smart Contract Vulnerabilities

A team of blockchain researchers from the National University of Singapore have codified three Ethereum smart contract vulnerabilities in a research paper titled “Finding the Greedy, Prodigal, and Suicidal Contracts at Scale.”

The team analyzed a sample of almost a million Ethereum smart contracts, flagging around 34,000 (about 4%) as vulnerable. As Tysan O’Han explains in a recent article, “This rate may sound small, but value is stored directly on many of these contracts, which is a massive incentive to find and exploit that fraction.”

The researches separated these “trace vulnerabilities” into three categories — greedy, prodigal, and suicidal — all of which permanently debilitate the intended behavior of their host smart contracts. However, how the balance on the contract is executed differs as follow:

• Greedy contracts remain alive, but lock funds indefinitely allowing them to be released under no conditions
• Prodigal contracts leak funds to arbitrary users
• Suicidal contracts cease functioning entirely and are susceptible to being killed by any user. The Parity Wallet hack is an example.

The article illustrates that the vulnerabilities of smart contracts are still being defined by researchers. Ilya Sergey, an author of the paper, was quoted in MIT Technology Review saying, “I believe that a large number of vulnerabilities
are still to be discovered and formally specified.” We already know now that 45% of smart contracts on Ethereum are vulnerable to being hacked.

At the same time, organizations, such as Firmo, are working to create infrastructure from a technology-perspective that will enable the secure execution of smart contracts, particularly in the realm of financial derivatives.

Join the conversation! Ask questions, comment, and chat directly with the Firmo Network team here in our Telegram Community group.