Smart Contracts: Risky or Dishonest Code Leads to Losses

Unaudited smart contracts may come with surprising side effects.

Smart contracts on the Ethereum network sound like the best option to trust in sending and receiving coins or tokens. After all, there are no third parties involved. However, a closer look uncovers many smart contracts which do their work poorly, or are in fact designed to divert funds in a dishonest way.

If there’s one thing everyone in crypto agrees on, it’s that security audits are essential. But how do you judge the quality of your smart contract audit? #NoVulnerabilities#SmartContract #ICO #TokenSale #SecurityAudit #DAOHack

— New Alchemy (@newalchemy) February 8, 2018

Intuitively, smart contracts are like vending machines. But what if someone designed a vending machine that had an intentional error and never actually dispensed the product?

One Reddit user found an array of smart contracts, mostly an attempt at fintech, which had serious faults, quite possibly intentional.

The contracts, discovered by user brenjerman, include a lottery service, a dividend distribution contract, an automated private bank, a lottery, and a gifting service. This is just a small sample, and according to experts, at this point most smart contracts remain without an audit.

Smart contracts are, for some ICOs, the central part of their promise and technology. Lotteries and gaming services often hinge around a simple smart contract. But just like the quality of ICOs differs, so the smart contracts may have hidden, or intentional, flaws.

Immutability Comes First

In a recent discussion of the Ethereum community, the question of errors and rollbacks came up.

To those who thought that the DAO fork set an unbounded slippery slope and lasting precedent, I encourage you to see the reactions on this thread:

— Vitalik Buterin (@VitalikButerin) February 16, 2018

The problem is, that tools for rolling back errors would open another can of worms, and the possibility for new frauds.

But in the case of seemingly simple smart contracts, users see a troublesome trend of launching a live product performing immutable operations, where a better preview process should be in place for a pre-production stage, or a peer review.

Ethereum smart contracts also enable the distribution of multiple pyramid schemes, hidden from view and indeed operating like a vending machine. On the Reddit thread, the creator of an attempt at a transparent Ponzi scheme, fully open source, believes smart contracts can have a positive side, but also make people behave foolishly:

“This may be naive, but I like to imagine that if people run an honest system (as terrible a financial decision as it may be for some due to the zero-sum nature of pyramid schemes), it sucks SOME of the air out of the Bitconnects and DavorCoins where a lot of handwaving exist(s/ed),” wrote Redditor norsefire.

The list of verified smart contracts is available here. Yet if in doubt, it is better to pass up a proposal, given that “smart contract” does not automatically ensure fairness, and despite the open source, is not easily understood by the ordinary user.

Source: Read Full Article

Leave a Reply