Page 49 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 49

While Solidity has been hailed as a Turing-Complete   a failure to make requisite efforts and take adequate
            programming language, this characteristic has also   precautions can increase errors and vulnerability.
            been a source of criticism in making the environ-  Contracts may not operate as expected, may be
            ment inherently unsafe, providing boundaries too   manipulated by the open audience in a permission-
            far reaching and without adequate security so as to   less public blockchain and can result in substantial
            lead to monetary losses of seemingly unprecedent-  losses of value.
            ed size which should not have occurred in a more     Once a smart contract is deployed in the EVM, it
            controlled,  responsible environment.  364         ostensibly cannot be modified or altered  which is
                                                                                                   370
                      363
               In either of these scenarios, the consensus neces-  intended to provide ‘trust’ in the system. This con-
            sary for the blockchain to be in sync may be bro-  cept presents a new and unfamiliar environment for
            ken. Three possible solutions have been proposed -   a number of developers and inexperience can lead to
            multi-signature transactions,  prediction markets,    errors and vulnerabilities.  SC feature the ability for
                                                                                     371
                                                         366
                                     365
            and oracles  – but  all require the intervention of   a SC owner to ‘kill’ the SC. Here if you want to stop
                       367
            humans, in a group or individually.  This need does   the execution of the smart contract, simply include
                                           368
            undermine the DLT goal of  a decentralized  auto-  (and then call) the ‘self-destruct’  operation in a SC.
                                                                                           372
            mated system. Automated performance also does      This sends all of the current SC balance to a desti-
            not guarantee that parties will always, or even often,   nation address – in this case to the owners address
            be capable of determining all eventualities, as what   - which is stored in the owner variable. At the same
            happens after parties strike a deal is often unpredict-  time, the contract’s data is cleared, freeing up space
            able. 369                                          in the Ethereum blockchain and potentially lowering
                                                               your gas price. This security feature is now built into
            Mitigation & Recommendations:                      many SCs.
            Development  and  use  of  the  Ethereum  smart
            contract environment has a high learning curve and,















































                                                                   Security Aspects of Distributed Ledger Technologies  47
   44   45   46   47   48   49   50   51   52   53   54