最有看点的互联网金融门户

最有看点的互联网金融门户
区块链国际资讯

智能合约真的智能吗?一份报告让它落下神坛

区块链国际资讯

智能合约真的智能吗?一份报告让它落下神坛

理论上来说,智能合约当然应该是智能的。然而,目前流通的一些智能合约并没有达到这个标准,价值数百万美元的以太币也因此面临着被盗取的风险。

智能合约属于计算协议,旨在以数字的方式推动、验证或执行合约。智能合同的部分或完全自我执行能力使得在完成交易时不需要经过第三方——因此与传统承包相比,智能合约安全性更高、成本也更低。

然而,并不是所有智能合约的创建水平都是一样的,一些合约存在着严重安全漏洞。

第一个警告信号出现在去年11月,当时一个化名为“devops 199”的人控制了一个以太坊智能合约,将其销毁,并永久锁定了价值1.5亿美元的ETH——理论上说,这一事件根本不应该发生。

而近日,来自新加坡国立大学、新加坡耶鲁大学学院和伦敦大学学院的一组研究人员发布了一份报告,声称已经发现了超过34,200个不安全的智能合约。他们还声称其中大约3000个不安全的智能合约可能会造成价值600万美元的以太币被盗。

该团队表示,目前他们还没有成功对这些不安全智能合约的创建者发出警告,而且跟更严重的时,上述漏洞被修复的可能性并不特别大。

报告原文下载,请点击

Smart contracts are supposed to be just that: smart. However, some smart contracts currently circulating aren’t quite making the grade — with vulnerabilities exposing millions of dollars worth of Ethereum to potential theft.

HOW SMART ARE SMART CONTRACTS?

Smart contracts are computer protocols meant to digitally facilitate, verify, or enforce the execution of contracts. Smart contracts’ ability to partially or fully self-execute and self-enforce makes third parties unnecessary when completing transactions — and thus provides superior security and lower costs when compared to traditional contracting.

However, not all smart contracts are created equal, and some house rather serious security vulnerabilities.

According to Motherboard, upwards of 34,200 smart contracts in circulation currently feature coding bugs, potentially exposing millions of dollars to potential theft.

The first warning sign came last November, when an individual known as “DevOps199” took control of an Ethereum smart contract, destroyed it, and permanently locked up $150 million worth of cryptocurrency — a feat which, theoretically, should never have been allowed to happen.

MILLIONS OF DOLLARS AT RISK

Now, a team of researchers from the National University of Singapore, Yale-NUS College in Singapore, and University College London claim to have discovered 34,2oo more unsecured smart contracts. They also claim that $6 million worth of Ether (ETH) could be stolen from roughly 3,000 of those not-so-smart contracts — which doesn’t bode well for the other 31,200.

One of the report’s authors, Ilya Sergey, told Motherboard:

We’re dealing with applications that have two very unpleasant traits: They manage your money, and they cannot be amended.

Sergey also put breaking into smart contracts into layman’s terms, likening the process to breaking into a vending machine. He told Motherboard:

Imagine your goal isn’t to interact with the vending machine in a proper way, but rather you want to break it or get it to serve you for free. Assume we put a few coins in the machine, and just start randomly pushing buttons hoping that the inner workings of the vending machine—which we have no knowledge about, springs and whatnot—eventually releases the latch so you can take the candy.

The researchers’ report — which claims they were able to “reproduce real exploits at a true positive rate of 89 percent” — is currently being peer-reviewed.

The team was unsuccessful in their attempts to notify the creators of the unsecured smart contracts, and the likelihood that said vulnerabilities will be fixed isn’t particularly strong. Said Sergey:

If someone wants to exploit this idea, they’ll have to do at least as much work as we did.

With millions of dollars at stake, cyber thieves doing just that is far from inconceivable.


用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

创新谷朱波:该归零归零,该出局出局,区块链价值投资者该入场了

投中网 | 投中网 1天前

STO大爆发是通证经济学的福音还是区块链的末日?

李虹含 1天前

用区块链打造新一代P2P平台

信而富研究院 2天前

蚂蚁上链:阿里的区块链野望

周峰 | 新浪科技 2天前

首单区块链信贷资产证券化项目发布

朝阳 | 证券日报 10-15

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1