34,200 Ethereum smart contracts are vulnerable to hacking, according to report
A computer security investigation has revealed that out of almost one million Ethereum smart contracts, 34,200 are vulnerable to hacking that could result in the theft of Ethers from users, or removal of assets in contracts that are not in the possession of hackers.
As we have previously reported, smart contracts consist of a series of coded operations that are executed automatically when an entry is sent to the contract. Many companies, governments and non-governmental institutions have decided to implement this solution based on Blockchain technology in order to optimize their administration and governance processes, promote transparency and the security of their processes.
However, when talking about security in the computer sector, nothing is written. In this sense, researchers often reveal failures or vulnerabilities in order to warn developers of the protocol, software or hardware, in order to correct the problem and improve their products and solutions.
In the case of the Ethereum network, smart contracts are code (software), and as such, they can include vulnerabilities and failures that can be exploited by hackers. In fact, several robberies have been perpetrated from the Ethereum network, such as the one we reported last July, where US $ 30 million was stolen from Ethers thanks to a vulnerability of the Parity portfolio.
Another $ 50 million theft from Ethers prompted the University of Singapore (NUS) team to investigate Ethereum's smart contracts for errors. Since 2016 they have been detecting security errors in these contracts through a tool called Listener, with which they found 8,883 vulnerable intelligent contracts.
At that time the investigation did not capture the attention of the press, but now, NUS researchers have created a new tool to analyze intelligent contracts called Maian, which was used to scan 970,898 contracts, of which 3.5% ( 34,200) were affected by a vulnerability that would allow hackers to steal users' funds or freeze their assets.
This bug detection tool has not been released by researchers, for fear that hackers can use Maian to perpetrate theft, however, for those who want to detect this type of vulnerability, it has the Mythril tool, also created by the NUS and available through GitHub.