Blockchain technology is governed and controlled by smart contracts. Unfortunately, smart contracts are not quite as tamper-proof as the blockchain community would like. They are mostly written by humans, and humans make errors. Due to the youthful nature of the industry and smart contracts, developers are still learning the ropes and figuring out what smart contract bugs look like.
Even independent auditors have missed glaring bugs in smart contracts, costing firms millions in hacks. One EOS Casino has felt the horrors of bugs in a smart contract, reportedly losing around $240,000 in EOS. While this might not seem like a large amount, it still means that the casino took a huge hit.
Smart Contract Exploited
One of the casino’s smart contracts was exploited by a hacker, who was then able to place bets with fake EOS, but when his bets won the contract paid out real EOS. In addition to this, whenever the hacker lost, no EOS was removed from his balance, giving the hacker the freedom to play away without a care in the world.
Once the casino realized it took the platform offline to patch the bug and then pushed the site back live. While the casino in question is now reassuring its players that the platform is secure, both its auditing team and an external security auditing firm missed the glaring bug – meaning there could be many more still to exploit.
AxLang Lending a Helping Hand
In light of the numerous bugs in smart contracts, a software development firm called Axoni has come up with a novel solution – it created its own smart contracting language. AxLang is designed to be intuitive, meaning that it pretty much writes itself. This minimizes the amount of errors in the code and therefore minimizes chances of bugs. In addition to being intuitive, the compiler will test the code upon every test run of the smart contract and will look to exploit it wherever possible. Reports will then be generated so developers can fix the issues.
Smart Contracts Costing Billions
Unfortunately, it isn’t just online casinos that are failing to properly test their smart contracts. Back in June, Bancor – a popular decentralized crypto exchange – had one of its smart contracts hacked and as a result suffered a loss of more than $23 million. The smart contract bug gave the hacker a window into a hot wallet that facilitates trades. From there, the hacker could simply drain the wallet of its funds. There have been countless cases of similar hacks on crypto exchanges and blockchain projects due to bugs in their smart contracts.
Bug Bounties Are Vital
Bug bounties are making a comeback thanks to smart contract issues. Companies are starting to reward hackers that report bugs to the firm rather than exploiting them. It’s designed to reduce the number of attacks on the site, while making general use safer. It works out to be more cost-effective than employing a full-time team of code auditors too. However, many firms believe that their code is perfect and don’t offer these bounties. Hackers then go wild and steal vast sums of cash from these projects.
Not all smart contracts have huge vulnerabilities like this unfortunate casino, but a large number do – it’s just a matter of finding these bugs. It’s a natural process and often bugs can take years to discover. For example, a bug that lets hackers inject cryptojacking scripts into Windows OS has only just been discovered – years after it was released. These bugs are part and parcel of a growing industry, the factor that makes a difference is how the bugs are handled.