Page 48 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 48

EVM has been criticized as being non-Turing Com-  tract invocation and execution of directives. Ineffi-
               plete as a result of not having a predictable out-  cient programming which can call for unnecessary
               put.                                              operations and can result in a substantial amount
                  352
            •  Immutable Bugs/Mistakes: If a contract contains   of needlessly wasted Gas. Existing tools have been
               a bug, there is no way to patch it. As a result, smart   criticized for being inadequate at spotting and
               contracts must be programmed with an ability      suggesting remedies for underoptimized code. 357
               to terminate. An attacker using this functionality   •  Reentrancy:   Perhaps the most notorious of all
                                                                            358
               can make Ether stranded or unusable or even sto-  Ethereum vulnerabilities, reentrancy is an error
               len. And once this happens, there is no recourse   in recursive functions (looping activity.) It occurs
               except for the rare possibility of a hard fork of   when a first smart contract interacts with second
               the blockchain to reverse the results of a serious   contract and (i) calls for a transfer of Ether to sec-
               error. Hard forks are generally shunned (such as   ond; and (ii) also transfers control from the first
               occurred to correct The DAO bug, which result-    contract to the second contract before the con-
               ed in miners refusing to do so and which resulted   tract is fully executed in its entirety. In essence,
               in the creation of Ethereum Classic, an alternate   recursive  activity  can  occur  without  reaching  a
               blockchain. )                                     critically  important  instruction which  would  end
                         353
            •  Ether lost in transfer: Ether which is sent to an   the process. The second contract can perform
               ‘orphan’ address is lost forever, such as to an   undesirable activities such as emptying the funds
               address that is unable to be used or accessed such   held by the first contract prior to its full execution.
               as one that doesn’t belong to an existing user or   This is the error which was responsible for the
               contract. At present, such a condition is unable to   DAO exploit which resulted in a loss of over USD
               be prior detected.                                150 million and resulted in a fork of the Ethereum
            •  Difficulty of writing correct smart contracts:    network.
               Development environments should provide pro-    •  Out-of-gas send: The Ethereum smart contracts
               grammers with reasonably good expectations as     environment incentivizes miners/validators by
               to the outcomes of the code they craft.  The sig-  compensating them in proportion to the compu-
               nificant number of contracts with vulnerabilities   tational effort required to execute the instructions
               (such as is reflected above in Section 8.1) com-  in the smart contract. Ethereum uses  a unit  of
               bined with staggering losses without recourse     measure called ‘Gas’ which operates in a similar
               suggests to some observers that there is an inher-  manner as in the physical world. The amount of
               ent difficulty in writing safe, secure smart con-  Gas needed to execute tasks such sending a pay-
               tracts with a high degree of confidence that they   ment of ETH or storing a value on the blockchain,
               will act as examples include the DAO attack which   etc. can be estimated using the Ethereum Yellow
               led to an  unauthorized transfer of  over USD 60   Paper as well as online tools.  Metering’ the prop-
                                                                                          359
               million of Ether to an account of a bad actor. The   er amount of Gas needed for a contract is a com-
               Parity Wallet ‘newbie error’ led to over USD 200   plex, complicated process.  A contract must also
                                                                                        360
               million of stranded Ether and a vote that almost   be initially funded with sufficient Ether (deposit-
               had a consensus in favor of justifying a hard fork   ed into the contract address) in order to execute,
               to right a security oversight.                    which must be sufficient to ‘purchase’ Gas at the
                                       354
            •  Inability  to  modify  smart  contracts:  As  stat-  current Gas price, which is dynamically generat-
               ed  above, the  aspiration  for  immutability of the   ed.  The contract must allow for an appropriate
                                                                    361
               blockchain results in contracts which have easi-  deposit of Gas or the contract may not execute as
               ly correctible bugs needing to be killed and rec-  anticipated or at all. Failure to program correctly
               reated with a new address. Modification of the    can result in substantial failures, as described in
               existing contract is not possible. As there was no   greater detail below.
               ability to revive killed contracts or modify exist-
               ing bugs (and avoid self-destruction), substantial   Risks: Potential risks to smart contract
               errors cannot be easily remedied such as the Par-  technology include:
               ity multi-sig wallet where user error (or mischief)
               stranded 513,736 ETH  worth nearly USD  330     •  Flaws in the smart contract code; or the
                                   355
               million at the then-current exchange rate.      •  Reliance on an external ‘off chain’ event or person
                                                   356
            •  Lack  of  support to  identify under-optimised    - to integrate with and execute - the embedded
               smart contracts: Gas is required for smart con-   terms of the smart contract.
                                                                                          362


           46    Security Aspects of Distributed Ledger Technologies
   43   44   45   46   47   48   49   50   51   52   53