It was not supposed to be like this. Ethereum smart contracts were developed using blockchain technology to provide a better and more secure way to do business. The inherent security of blockchain, melded into an automated contacting platform would allow transactions to move forward far more quickly as barriers and trust issues would be smoothed over.
But the picture is not all rosy. Smart contract problems are occurring as thousands of such contracts have been found to be embedded with flaws or malicious codes. It is not the blockchain technology that’s flawed, but the code that is written around it to allow transactions to take place.
This was the case with the CoinDash ICO hack in July 2017. Less-than-scrupulous coders have introduced bugs and malware into the engagement code, which is undermining the value proposition of smart contracts as a whole. Couple this with the fear many have of cryptocurrency and a tool that was supposed to revolutionize business becomes synonymous with risk.
Mediating Smart Contract Risks
So how, from a business and legal standpoint, can this be cleaned up and how can trust be returned to the process? It seems like it should be easy. The same way you would hire a lawyer to review the details of a real estate transaction or business deal, you bring in a code tester to review the makeup of a smart contract and clear out any embedded bugs and malware. Right?
Unfortunately, it’s not that simple. Smart contract vulnerabilities are very difficult to detect as the contract requires extensive coding to perform its duties. A simple scan or single tester or two is not likely to solve the problem.
Some companies have begun to open up the process and acknowledge smart contract risks. This type of transparency, as well as added vigilance, is one of the ways that smart contract problems can be met and overcome.
Transparency and the Redevelopment of Trust
It is important to note that smart contracts are still a new technology. The issues around it are not very different than other technologies face during launch phase. That said, with losses rising into the billions and a rising negative perception, something must be done.
Testing and doing diligence will always be a major part of smart contract security.
Some enterprising companies realize what is at stake in the battle for the integrity of smart contracts. As part of the launch process they are inviting the public to test the code and providing rewards for those who do so. This action, while increasing user trust, also helps expose smart contract vulnerabilities that could morph into significant losses. But such actions are only the tip of the iceberg. They take care of the symptoms, but not the root of the problem.
Finding, identifying and outing companies and concerns that produce or accept flawed code must become an industry-wide standard. Only then will smart contracts be allowed to reach their full potential.