Are Ethereum’s new-fangled smart contracts the ultimate point of the blockchain or a risky experiment whose vulnerabilities presage trouble?
Right now, few doubt that smart contracts – instruction workflows in a language called Solidity that automate complex, profitable processes on Ethereum – require close scrutiny.
The latest security flaw was discovered by smart contract developers Level K – a ‘minting’ flaw that would allow an attacker to drain Ethereum exchanges initiating smart contracts.
There are several scenarios in which the vulnerability could be exploited, which has already been revealed to most of the exchanges the researchers thought might be affected.
Explaining gas
Before getting to the weakness, it’s necessary to understand that on the Ethereum network sending Ether cryptocurrency from one address to another means paying a minimum fee to miners in a unit called ‘gas’.
This rewards miners according to the amount of computation involved in executing each set of Solidity smart contract instructions.
Recently, someone had the idea of turning gas into a sort of tokenised currency of its own – GasTokens – generated thanks to Ethereum’s complicated storage refund system (blockchains desire storage efficiency).
GasTokens are a new thing but seem to have taken off because gas price varies according to smart contract demand (and some think Ethereum gas is too expensive in the first place).
So, the Ether cryptocurrency being moved around the blockchain has a fluctuating value, but so do the computational units that fuel the transactions on this blockchain.
The bad bit
To simplify, the weakness found by the researchers is one in which an exchange could be made to pay very high gas transactions fees by sending Ether to an address controlled by the attacker (i.e. the exchange pays the gas) using a smart contract ‘fallback function’ that eats computer cycles.
This would require that the exchange had set no limits on gas and the attacker was able to set up lots of receiving addresses thanks to poor know your customer (KYC) controls.
Alternatively, an attacker could use the same setup to generate GasTokens using the refund system while making the exchanges pay for the computations generating them.
The researchers’ solution:
Implement reasonable gas limits on all transactions. If any expensive transactions are made, ensure that the user bears the cost. Fees for a given withdrawal should always cover the gas needed.
Far from being bad news, the discovery of this and other flaws is, arguably, a necessary step if blockchains such as Ethereum are ever going to thrive.
Previous vulnerabilities have included a problem with smart contracts from the Coinbase exchange that could have allowed attackers to reward themselves with infinite Ether.
Then there was the infamous DAO hack of 2016 where an attacker siphoned off 3.5 million Ether (worth at least $50 million) – not exactly a confidence boost for a system that’s still only three years old.
If Ethereum, smart contracts and the blockchain overcome this bad press, they will need to counter the view that their inscrutable complexity isn’t hiding a system ripe for double-dealing and chicanery.
Developers understand this but do the customers and users?