You have probably heard that smart contracts are going to change our lives. Smart contracts are in fact a nascent technology with amazing potential applications. They can be used for managing funds raised in a Token sale or transfer of crypto-tokens between users, according to agreed-upon conditions. They can do many other things as well. However, despite their use, handling billions of USD through smart contracts still carries loads of security worries and questions related to the trust of automated contract.
When smart contracts went wrong
While a public blockchain can be considered secured by design, Smart Contracts are written and coded by humans, making them exposed to bugs and leaks. Code exploits and other malicious activities have resulted in hundreds of millions in losses for investors, exchanges and companies themselves. A research made during 2018 analyzed by British and Singaporean students in 2018 showed that, out of almost one million smart contracts, 34,200 were found to be vulnerable. That means that around 3.4% of all smart contracts are potentially vulnerable to being hacked or otherwise broken.
Moreover, the blockchain hype has created an always increasing need for smart contract developers (Mainly solidity). As highlighted by research published on Techcrunch: “Upwork saw blockchain rise to the fastest-growing skill out of more than 5,000 skills in terms of freelancer billings — a year-over-year increase of more than 35,000%”. As a result, this skyrocketing demand has been satisfied by hiring inexperienced developers.
Recent numbers published by Ernst & Young reported that in excess of 10% of the total amount raised through initial coin offerings (ICOs) has been lost due to hacking or coding errors. This way, smart contracts are a very temptatious goal for motivated hackers, and unless the auditing process for smart contracts is really solid, risks of an incident are definitely high. However, reliable auditing companies may ask for a lot of money in order to perform full auditing with testing. Definitely more than what a startup that is up to launch a token sale is rationally willing to spend on the very first stage.
“We were shocked by the quality of some clear coding errors and we see conflicts of interest between the companies issuing tokens and the community of token holders”: said Paul Brody, global innovation leader for blockchain technology at Ernst & Young (EY).
How to improve smart contracts?
Unfortunately, whenever hacks occur or vulnerabilities are discovered, the media reports mainly those negative aspects of smart contracts, instead of their potential. It’s undoubted that, if smart contracts are to become a core feature and a paradigm of the new financial system we are building, security has to be improved. Faulty or careless development or not careful hiring can lead to hackers attacks.
Particularly, when launching a brand new project, you’re not only risking your money but also your reputation as the technology you’re using is not bulletproof. Not all smart contracts are as “smart” as we think they are.
We at Noku, try our best to keep us most up to date with the latest security practices. The TokenRaise smart contracts have been through 7 months of penetrations tests, performed by external companies with experience in Auditing and Security such as Yoroi and Deepit. We believe that our audits will help prevent attacks like the ones described above by providing an already tested solution.
In the following articles, we will follow other aspects regarding smart contracts, focusing particularly on what’s needed for a trustable token sale.