Over 1.2 million Ethereum (ETH)-based decentralized applications (dApps) have reportedly used a security software program, developed by Amerdata (in October 2018), to prevent potential software bugs from adversely affecting their operating systems.
Amberdata’s free security tool may be used to detect vulnerabilities in dApps launched on the Ethereum blockchain. In the past year, vulnerabilities in smart contracts have resulted in huge losses for users - with some accounts losing hundreds of millions of dollars.
High Level Of Code Reuse Between Smart Contracts
As explained on its official website, Amberdata’s automated software scans dApps for the most commonly occurring software bugs (usually found in smart contracts). Based on its findings, the company’s security program assigns a letter grade (A, B, or C) which is used to assess how secure (or insecure) a dApp platform might be.
According to a research report published in early November 2018 (by the University of Maryland), most Ethereum-based smart contracts had been using potentially vulnerable code. Notably, 1.2 million contracts issued on Ethereum were “reduced” by the researchers to 5,877 clusters - as most contained similar code. The research team had said that due to the high level of code reuse between smart contracts, there were chances that even a greater number of such programs contained critical vulnerabilities.
As noted by Shawn Douglass, the CEO at Amberdata, the cybersecurity firm aims to provide "greater access and enhanced visibility into smart contracts.” Douglass remarked:
We hope that by providing these tools to the community, we can reduce outside dependencies and enable the community to develop faster and more safely.
13 Main Types Of Vulnerabilities Searched For In Smart Contracts
Commenting on the 13 different types of vulnerabilities that Amberdata’s software has been programmed to detect, Joanes Espanol, the firm’s CTO, said that each smart contract bug is comparable to “engine lights on [a vehicle’s] dashboard.” Espanol added:
It just means that I need to check what’s going on with the car. Any of these can result in security error.
Elaborating on how Amberdata’s grading system used works, Espanol mentioned that the greater the number of bugs detected in an app, the lower the grade assigned to the app. For instance, a dApp that may have an excessive amount of vulnerabilities might be assigned the letter “F” (lowest grade). Meanwhile, a dApp with zero or almost no vulnerabilities detected could receive a grade of “A+.”
TrueUSD-Related Vulnerabitlies Not "Critical"
In January, security researchers found that stablecoin platform TrueUSD had a potential vulnerability related to its “message call” function. Other issues found earlier this year with TrueUSD included one in its delegate call - which was used to issue smart contracts. Developed by blockchain firm, TrustToken the 1-to-1 USD-backed TrueUSD stablecoin is based on the Ethereum platform. At present, TrueUSD has been assigned a “C” security grade.
However, William Morriss, a security specialist at TrustToken, has claimed that the vulnerabilties were not critical. Morriss also said:
The vulnerabilities that are being reported are not ways in which we can be attacked. We are aware of them and when people bring vulnerabilities to us we treat them very seriously.