Ethereum Smart Contract Uniformity Centralizes Threat To Ecosystem
A group of researchers has identified the lack of diversity in Ethereum (ETH)’s smart contracts as a potential threat to the Ethereum blockchain ecosystem.
As per the famous proverb, don’t put all your eggs in one basket. In the context of Ethereum smart contracts, the fact that most contracts are copies of each other and that there are few contract creators relative to the number of contracts issued potentially poses a significant risk to the ecosystem.
The analysts from Northeastern University and the University of Maryland, released a paper published on October 31, 2018, titled “Analyzing Ethereum’s Contract Topology,” in which they point out that most of the smart contracts on the Ethereum blockchain are:
“Ethereum’s smart contract ecosystem has a considerable lack of diversity. Most contracts reuse code extensively, and there are few creators compared to the number of overall contracts.”
Although they acknowledge that this “copying” could be helping more smart contract to launch, they warn that the practice represents a potential risk, in cases where copied smart contracts have a certain vulnerability or have “a buggy code.”
According to the study, more than a third of the Ethereum smart contracts are “likely to be created by other contracts” rather than by the new issuer.
The group concludes that most of the contracts that are “contract-created” observed from April 2017 onwards, suggesting an increase in ICO token contracts or Ethereum-based custom currencies that implement specific functionality via such contract-created code.
Reuse of code
Additionally, the analysts state that less than 10 percent of smart contracts created by users are unique.
In the paper, the scholars contend that the massive reuse of code on the blockchain could have extensive “impact” on the user population of cryptocurrency’s most popular smart contracts platform.
The group speculates that the extensive reuse of code on the network could be the reason behind the boom that Ethereum enjoyed in the last second half of last year. Even then, as the report alleges, more than 60 percent of the contracts on the Ethereum network “have never been interacted with,” via transactions or call.
The researchers had the support of the U.S. National Science Foundation, and have indicated that their study covered a timeframe of almost three years, beginning 2015.
In the report, the authors state that the research focused on bytecodes in the Ethereum smart contracts that cover the platform’s first five million blocks.
The researchers also collected and modified data using the Ethereum virtual machine (EVM), which allowed them to monitor all the interactions that have occurred between the network’s users and the contracts.
High profile bugs
One concern the researchers pointed out had to do with the little variety in the smart contracts deployed on the Ethereum blockchain.
The report states that this has exposed the ecosystem to security risks, with Ethereum suffering from exposure to “high-profile bugs,” resulting in the freezing of over $170 million in crypto assets.
Ethereum launched in 2015 as a public, open-sourced blockchain platform and is currently the second most valuable cryptocurrency platform after Bitcoin based on market capitalization.
A number of breaches have affected the blockchain, most recently the mid-October security breach that hit an Ethereum-based smart contract for SpankChain, an adult entertainment platform.
SpankChain said that the hacker had exploited a “reentrancy” bug their smart contracts, making off with over $38,000 in crypto. Surprisingly, the hacker returned all the stolen ETH and helped the platform unfreeze its BOOTY tokens that were frozen during the attack.
Earlier in the year, crypto exchange OKEX had to suspend deposits for all ERC20 tokens after it detected a “smart contract bug,” that allowed hackers to mint massive amounts of tokens and ostensibly deposit into normal-looking accounts.
Despite these vulnerabilities, the researchers conclude that multiple implementations of Ethereum’s core contract functionality will bolster the blockchain’s defense, limiting exposure to buggy code.