Page 49 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 49
While Solidity has been hailed as a Turing-Complete a failure to make requisite efforts and take adequate
programming language, this characteristic has also precautions can increase errors and vulnerability.
been a source of criticism in making the environ- Contracts may not operate as expected, may be
ment inherently unsafe, providing boundaries too manipulated by the open audience in a permission-
far reaching and without adequate security so as to less public blockchain and can result in substantial
lead to monetary losses of seemingly unprecedent- losses of value.
ed size which should not have occurred in a more Once a smart contract is deployed in the EVM, it
controlled, responsible environment. 364 ostensibly cannot be modified or altered which is
370
363
In either of these scenarios, the consensus neces- intended to provide ‘trust’ in the system. This con-
sary for the blockchain to be in sync may be bro- cept presents a new and unfamiliar environment for
ken. Three possible solutions have been proposed - a number of developers and inexperience can lead to
multi-signature transactions, prediction markets, errors and vulnerabilities. SC feature the ability for
371
366
365
and oracles – but all require the intervention of a SC owner to ‘kill’ the SC. Here if you want to stop
367
humans, in a group or individually. This need does the execution of the smart contract, simply include
368
undermine the DLT goal of a decentralized auto- (and then call) the ‘self-destruct’ operation in a SC.
372
mated system. Automated performance also does This sends all of the current SC balance to a desti-
not guarantee that parties will always, or even often, nation address – in this case to the owners address
be capable of determining all eventualities, as what - which is stored in the owner variable. At the same
happens after parties strike a deal is often unpredict- time, the contract’s data is cleared, freeing up space
able. 369 in the Ethereum blockchain and potentially lowering
your gas price. This security feature is now built into
Mitigation & Recommendations: many SCs.
Development and use of the Ethereum smart
contract environment has a high learning curve and,
Security Aspects of Distributed Ledger Technologies 47