Lack of Diversity in Ethereum Smart Contracts Pose Risks to Whole Ecosystem, Report Says
A lack of diversity in Ethereum smart contracts poses a threat to the Ethereum blockchain ecosystem if a buggy code is copied, a report finds.
A lack of diversity of Ethereum (ETH) smart contracts poses a threat to Ethereum blockchain ecosystem, according to research by a group of analysts from Northeastern University and the University of Maryland released on Oct. 31.
The paper, entitled “Analyzing Ethereum’s Contract Topology,” claims that most Ethereum smart contracts are “direct- or near-copies of other contracts,” which represents a potential risk if a copied smart contract contains a vulnerable or a buggy code.
Partially supported by the U.S. National Science Foundation, the study has analyzed Ethereum smart contracts’ bytecodes during its first 5 million blocks, which covers almost a three-year time frame from the cryptocurrency’s inception in 2015. The researchers have also collected and modified data via Ethereum’s virtual machine, dubbed geth, in order to log all interactions between contracts and their users.
To date, Ethereum smart contracts are “three times more likely to be created by other contracts” than by users, the study found. Moreover, over 60 percent of contracts “have never been interacted with,” while less than 10 percent of users-backed contracts are unique. The research stated that there is a significant reuse of code on Ethereum, which can allegedly have a “widespread impact on the Ethereum user population,” despite the fact that it is also likely a “driving force behind Ethereum’s success.”
Considering the low diversity of smart contracts on Ethereum as a potential risk to its whole blockchain ecosystem, the researchers mentioned that Ethereum has become a subject of “high-profile bugs” several times, resulting in over $170 million worth of cryptocurrency being frozen. The research concluded that multiple implementations of “core contract functionality” on Ethereum would eventually provide “greater defense-in-depth to Ethereum.”
Developed by Vitalik Buterin, Ethereum is a public, open-sourced blockchain-based platform that features smart contracts as well as its native cryptocurrency Ether. Launched on July 30, 2015, Ethereum is now the second biggest cryptocurrency by market cap at around $20.6 billion, with its price standing at $200 as of press time.
In mid-October, Cointelegraph reported on a security breach of Ethereum smart contracts that caused a loss of around $38,000 for adult entertainment platform SpankChain and its users.
In April 2018, the now second largest crypto exchange by trade volume OKEX suspended all ERC20 token deposits after detecting a “new smart contract bug,” which reportedly allowed hackers to “generate an extremely large amount of tokens, and deposit them into a normal address.”