A Quarter of All Smart Contracts Have “Critical Vulnerabilities”

John Medley

Research by Las Vegas-based blockchain security firm Hosho reveals that more than one in four smart contracts have “critical vulnerabilities”, and three in five contain at least one security flaw.

The cybersecurity company, which has joined forces with AmaZix to bring smart contract auditing to the crypto space, discovered the widespread security flaws by analysing the smart contracts of projects that have collectively raised over $1 billion in funding.

Kenneth Berthelsen, AmaZix CMO, said:

Keeping communities safe is a longstanding priority of AmaZix. Education and awareness is part of that, but so is proactive diligence in the technical aspects of partner projects. In the absence of industry standards, we see smart contract auditing and penetration testing to be essential components of good security in blockchain systems. In our view, there is no better qualified people to do this than Hosho engineers.

Smart contracts are designed to permit trusted transactions and agreements to be carried out between anonymous parties without the need for a central authority, legal system, or external enforcement mechanism. However, the rapid growth of this new technology is being hamstrung by a distinct lack of standards by which to measure security.

Hosho co-founder and CEO Yo Sub Kwon said:

It is Hosho’s goal to push the blockchain industry towards maturation by improving the overall s ecurity awareness and guidance. Partnering with AmaZix is a natural fit because their philosophy aligns with our own, striving towards the long-term development of a strong and secure ecosystem.

This news follows the partnership announcement between AmaZix and AI-augmented cyber intelligence firm BrandShield, to fight crypto-related fraud and scams for some 470,000 users across more than 130 community channels that AmaZix manages.

It’s time for Smart Contracts to Smarten Up

The high-profile exploits of smart contracts on blockchain networks, typically on Ethereum, have shown that smart contracts are extremely vulnerable to hacking attempts.

The most famous example is that of the DAO hack in 2016, which took advantage of a loophole in the DAO coding to drain over 3.6 million ETH – equivalent to $70 million at the time. The DAO hack – and subsequent fork of Ethereum and Ethereum Classic to rectify the problem – has gone down in crypto folklore.

However it’s clear that the Ethereum fork was a one-off and is unlikely to be repeated. Only recently in April, the Ethereum community voted down a proposal that would restore over 500,000 ETH accidentally frozen in 2017 through an error in the Parity Multi-Sig wallet code.

Smart Contract exploits are notorious and an existential threat to crypto. Projects need to be held accountable for auditing their smart contract code before it is released into the wild.