CATEGORIES
home News

Researchers Uncover Ethereum Contract Vulnerabilities Putting Millions Of Dollars At Risk

by Shane McGlaunFriday, February 23, 2018, 04:15 PM EDT

Last November a hacker going by the name "DevOps199" found and exploited a flaw in the code for a subset of Ethereum wallets. That user was able to exploit teh vulnerability and take ownership of an Ethereum code library known as a smart contact. Once the hacker owned that smart contract, it was destroyed leaving about $150 million of Ethereum sitting in users' wallets inaccessible.

Researchers have now found a new approach that will find vulnerabilities in smart contracts such as the one exploited last year and patch it before a nefarious user could take advantage of the situation. The researchers claim that they found 3,000 vulnerable contracts with a total worth of about $6 million.

ethereum

"We’re dealing with applications that have two very unpleasant traits: They manage your money, and they cannot be amended," Ilya Sergey, an assistant professor of computer science at University College London and co-author of the work, told Motherboard.

A smart contract is a bit of code stored on the Ethereum blockchain that self-executes. This code is run during the mining process, and people are able to send the smart contracts instructions in a transaction. The challenge for researchers is that the human-readable source code for these smart contracts is often unavailable making it hard to analyze for vulnerabilities. The solution according to the team is to treat Ethereum like a vending machine.

"Assume we put a few coins in the machine, and just start randomly pushing buttons hoping that the inner workings of the vending machine—which we have no knowledge about, springs and whatnot—eventually releases the latch so you can take the candy," said Sergey.

To make this happen the researchers downloaded a copy of the entire Ethereum blockchain that is said to be akin to creating a private fork that could be run locally. The team then executed different permutations of interactions with the smart contracts live on the blockchain at the time they created the fork. Each time the researchers found an undesired action in the chain of instructions, they flagged it.

As of now, the researchers are mum on what contracts are vulnerable giving up little in the way of detail on how they found the vulnerabilities or how they might be exploited.

If you want to mine Ethereum, be sure to check out our NVIDIA Titan V mining coverage and our Ethereum Mining Optimization Guide.

Tags:  Hack, cryptocurrency, ethereum, vulnerabiltiy
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment