Smart contracts are actively taking over the technology market. Proponents believe that a new era is coming where smart contracts are one of the key technologies in the new digital world, which will become a universal solution for all industries seeking to automate their work for simplicity, reliability, and efficiency. Opponents of smart contracts are either skeptical, pointing at some smart contract vulnerabilities, or don't take smart contracts seriously and consider them a fashionable trend.
The interesting thing about all this is that each is right to some extent. Smart contracts are really designed to solve the problems of many industries. At the same time, vulnerabilities in smart contracts can create problems far greater than those they are designed to solve, from irreparable commercial and reputational losses for a particular company to critical problems in the work of industries on which people's lives depend. So why can smart contracts be an ambiguous solution in different cases? What is the cost of failing in smart contract development? And most importantly, what specific steps should be taken to avoid possible vulnerabilities in smart contract development.
Just in case, let's outline what smart contracts are. Smart contracts are computer algorithms, one of the main purposes of which is to generate, manage and provide information about the ownership of digital assets on the blockchain network. The active use of smart contracts comes from the Ethereum blockchain, or more precisely, its distributed virtual machine for creating and executing smart contracts called EVM.
Speaking of which, we have an excellent article about EVM. We explain in detail the principles, features, and implementation of EVM and how to build successful projects with EVM. Enjoy reading!
The main benefits of smart contracts strongly echo the benefits of blockchain but greatly expand them. Let's take a look at the main ones.
- Automation. Smart contracts allow you to automate the execution of transactions when the terms of transactions are met, preventing only one party from failing to comply with the terms or third parties from checking the terms unfairly.
- Savings. By simplifying and automating many processes, smart contracts save a tremendous amount of time and funds on third-party approvals and transactions.
- Durability. Smart contracts are not stored in one place but multiple copies on multiple distributed devices, making it impossible to simply destroy or modify. They are also stored encrypted, further increasing security.
- Anonymity. Smart contracts can give anonymity if a person doesn't want to track the movement of their funds. Smart contracts alone don't make a person anonymous, but with additional tools, this anonymity can be real.
- Authorship. The flip side of smart contracts is that they make digital assets unique and assign an actual owner to them. It allows expressing the asset's true value, allowing the author not to worry about piracy.
Smart contracts are imperfect and have some disadvantages that still limit their use in some cases or introduce skepticism about their acceptance in conservative institutions. Of course, these disadvantages are being actively worked on, but they are worth considering.
- Immutability. While this is an advantage of smart contracts, it imposes additional responsibility on their creators. They need to think in advance about the perfect logic of a smart contract for any scalability. And even with this kind of attitude, an unexpected error can occur, which the creators still have no right to make.
- The Imperfection of the Code. There are no perfect people and, therefore, no perfect systems. A trivial error in the code is bound to be exploited by hackers, who will always know how valuable assets your smart contract works with.
- Undefined Legal Status. Smart contracts, including legal ones, have not yet taken on a solid status. So far, it cannot be called a solution reckoned with at all levels, up to and including government institutions. The active development and application of smart contracts have already shown that the world is in dire need of them. But how soon and in what form the whole world will accept them, and not only by cutting-edge companies and enthusiasts, is still a question.
Can smart contracts fail? Like any other system, smart contracts are not immune to various failures if the creators of a smart contract did not take into account all the details when creating it. And some of the most unpleasant failures are those that strike right to the heart, calling into question the security of smart contracts. Because the security of smart contracts is the main criterion by which it is chosen to be used by industries such as financial, transportation, or even medical. Let's try to outline common smart contract failures for most industries.
Of course, the first thing that comes to mind, and is remembered in some cases, is financial loss. As mentioned earlier, smart contracts are primarily designed to change and improve the financial industry. The more successful a financial company becomes and the big amounts are managed by their smart contract, the greater the risks. If there is a vulnerability in a smart contract, millions and billions of assets can be frozen, misdirected, or simply stolen, as we have seen many times recently.
For example, remember the story of Wormhole, where an attacker used the bridge between the Ethereum and Solana blockchains and minted 120,000 wETH that look like Wormhole's "wrapped" ETH on the Solana blockchain. Or the Parity Ice Age, where one library removal resulted in frozen ETH worth over $150 million, and the problem remains unsolved today. Or the story with The DAO hack, which also allowed to steal $150 million worth of ETH as a result of finding an exploit in a smart contract. However, in this case, the money was recovered, but the reputation suffered.
It's essential to understand that smart contracts are not a website or an app in which vulnerabilities can be patched with an update at any time. Because a smart contract's result is a blockchain network record, it cannot simply be rolled back or updated, unlike off-chain classic systems. Any fundamental fixes will likely require a complete rewrite of the smart contract without backward compatibility and the ability to migrate data from the old smart contract to the new one. Therefore, the integrity of smart contracts must be built into their very foundation and be at the highest level from the outset.
Surely the company which proposed the development of a smart contract was offering this as a secure, stable, and safe solution, of which it is the expert. If the smart contract didn't meet its key points, the customer would immediately question the whole company and its attitude toward those points. In such a case, the company would have to pay the customer financial damages and thereby only minimize reputational losses. After all, the customer may be too lazy to write a review about the poor service in the restaurant, but not too lazy to dissuade a friend from ordering development from this company and risk losing millions of dollars.
If big companies have enough resources to pay out any compensation, spend a huge budget on marketing, and so on, this may be the first and last chance for many startups. Investors are unlikely to continually invest in startup founders who constantly fail and don't meet basic requirements. And the failure of a startup is an extremely painful experience because, as a rule, most startups are trying to do something worthwhile. Losing the chance to change the world feeling it was so close can really shake the founders' initiative.
All of the previously mentioned failures can occur due to various vulnerabilities, and each project needs to be considered individually. However, some common smart contract vulnerabilities wander from project to project. Let's take a closer look at the main ones.
Obviously, at the heart of smart contracts is a large number of calculations that must be exceptionally accurate. After all, even the smallest inaccuracy in calculations can lead to the loss of huge funds. And when it is your funds, it is a big mess, but if it is investors' funds, it is a complete disaster.
So testing the calculation accuracy of smart contracts needs to be the broadest and most rigorous at all levels, from the mathematical formulas to the code base, taking into account all the engineering specifics of the language and platform.
This also applies to testing for the ability to influence calculations with other smart contracts. That is, if attackers want to take advantage of an imperfect mathematical formula or code base. We will not bring completely technical examples here, but the detailed technical examples and their solutions can be found on GitHub, where a separate section is devoted to it.
It is an anti-fraud mechanism so that any attempt to overload Ethereum blocks requires too much gas, after which it is either not commercially viable or not wholly feasible. However, this is one of the most common Ethereum smart contract vulnerabilities.
If data is stored in variable value arrays and accessed via loops, the access or traversal may require more gas than restrictions allow. So the transaction may not be completed even though the gas will be used up. The worst thing about this vulnerability is that it is problematic to detect with testing since the test data is often smaller than the real data. Moreover, it may not even be noticeable at first in a production run, but it is a clear demonstration of smart contract vulnerabilities at scale.
It is a result of the design itself if not handled carefully enough. You always need to write validation tests before starting a transaction to make sure you have everything you need to run it. Starting from function arguments, optional variables, and ending with a trivial check of the necessary balance for the transaction. There can be many such examples, and experienced programmers know about them and always write all the required checks to ensure that the operation will be run to the end or not run at all before the necessary conditions are met.
The problem of an unconfirmed transaction overtake is a vulnerability that has become actively exploited by various services, and it requires a thorough approach to prevent it. The problem is that blocks are open, and everyone can see the transaction before it is written to the block. Seeing this allows you to pay higher transaction fees, encouraging network members to spend their processing power on your transaction first. It could even be called spiking if we were talking about the stock market. But there is no exact regulation or universal solution for that yet, and each implementation solves this problem on the level of system design.
There are various ways to avoid problems created by smart contract vulnerabilities. Some of them can be quite trivial, such as paying more attention to writing the code itself from the beginning. There are more advanced ones, such as the smart contract security platform CertiK, which checks the smart contract code for vulnerabilities. And then there are the more expensive and complex ones, like hiring smart contract security audit services, which will take many different actions to identify all the possible vulnerabilities.
Our long experience with EVM-compliant smart contracts has taught us that the cost of failing smart contracts is too high, so we have to use every way possible. Here we have put together a consistent checklist that includes Ethereum smart contract security best practices:
- Make sure you have unit tests covering 80 to 100% of the code.
- Make sure you have integration tests and critical path tests.
- Make sure that all of your tests work seamlessly in the fork.
- Make sure the integrations are solid and well debugged.
- Make sure you have a deployment plan detailing all the parameters and steps, including a list of what to do in an emergency.
- Before deployment, use smart contract security audit services and review the audit report. Also, use a security audit tool for your smart contracts, such as CertiK.
- Make sure that the deployed smart contracts are properly configured and that you have the tools to verify this at any time.
No one is perfect, and nothing is perfect. But the difference between people is whether they take it as a challenge or desperation. Whether it becomes the basis for constant striving and achievement or an excuse for inaction. The people who made smart contracts possible are definitely in the first category. They did not like the imperfection of current institutions and technologies, and they are not afraid of the scale of work it takes to create an alternative. So they decided to try to do better, and they have succeeded. Moreover, they inspired many people to do even better than they did. So smart contracts have a lot of enthusiasm to keep going and a lot of potential to reach out to more and more industries.
Of course, smart contracts remain a young technology that still has a lot of work to do to change the whole world. There are some questions about the accuracy of the mathematical operations, the speculation of gas use, and so on. But even now, the most important thing here is the attitude of the developers of smart contracts, which mostly determines how safe and efficient they really are. There are also many tools and entire companies, like Mad Devs, who have a lot of experience and are always happy to help with the development and auditing of smart contracts of the highest level of quality.
Previously published at maddevs.io/blog.