en
Back to the list

Smart Contracts: Russian Roulette With Four Bullet Rounds

03 September 2018 18:58, UTC
Denis Goncharenko

Time goes on while the problems are still here. This is the current situation in the smart contract area. An article published by News.bitcoin.com states that every fourth smart contract is compromised and critically vulnerable. It refers to the report of the security company, which audited the contracts $1 bln worth. The most problematic part is Ethereum-based contracts, but this is quite obvious as it is the most popular platform for now. The earlier report made by the research group from the University of Singapore, stated that 44% of Ethereum-based contracts were vulnerable.

Technics in the hands of a savage

The security of smart contracts is always a hot topic for the developers: one of the comments to the original article says the report is not representative and irrelevant. Forums and blog posts are full of criticism, and this is not about some specific smart contracts, but about the technology in general. Some even say smart contract might be a threat to blockchain startup as a whole, and, you know, this is not senseless. The developers and security specialists argue hard on the smart contract phenomenon, about its practical implementation and adaptation into modern realities.  

But let us avoid the discussion of the problem from the technical point of view and proceed with the global economy level. If the smart contract is to become an arrangement for the development of the financial area, economy and new legislation, then one should understand the responsibility given to the technology. There is a good proverb which sounds like “Technics in the hands of a savage is just a piece of metal”. Isn’t it so, that the instrument is not perfect enough; thus it is overestimated and can be compromised? What if the negative level destroys its reputation irrevocably? Well, the market is the savage here. If it would become tired of playing with the delicate and inferior instrument and suffer losses — it eventually will go mad, throw it away and never come back to try again.

Financial institutes want safety, not a lottery

Let us model up a situation: imagine you’re a top manager wishing to implement smart contracts in your business. Would you pin your hopes on a technology, which is reported to have six vulnerable implementations out of ten, while every fourth implementation may endanger digital assets of the company?

Well, there is risk and reward, they say, but nowadays statistics are against smart contracts. Like one of the users of Habrahabr portal ironically asked whether “smart contracts are really smart enough”. No financial institute will risk letting this technology out of a “sandbox” yet. The Russian roulette is played in other places.

The work of Sisyphus or “Tetris”?

It’s not that bad though. Bug hunting and fixing is a common thing for a market today. And business, of course. Auditing smart contracts is a good thing to earn money on the blockchain market.

Kai Sedgwick, the author of the original article about smart contracts vulnerability, described the situation as “Sisyphean task”. I’m more optimistic and would like to compare the process with the Tetris game, where you fill the gaps with new figures, and you’d better find a proper one: risk of facing new levels of the problem grows with every improper brick. The expertise and experience will improve after all, in contrary to notorious Sisyphus who started everything from the very beginning. I still hope that the market won’t see that ‘Game Over’ tab.