More than one in four smart contracts behind projects that have raised $1bn or more have critical vulnerabilities, according to audits by blockchain security firm Hosho.
The findings emerged in the announcement of a partnership between Hosho and AmaZix, which aims to bring additional security services to the crypto community, including smart contract auditing and penetration testing.
AmaZix claimed that Hosho’s engineers have audited more smart contracts than any other company. During these audits, they found that projects that have collectively raised more $1bn had more than one in four vulnerabilities, while three out of five have at least one security issue.
Smart contracts – the digital protocols that help verify conditions of a contracts and execute them – are proliferating with the onset of new blockchain projects, but their growth has been marred by a lack of standards by which to measure their security.
High-profile exploits of smart contracts on blockchain, typically on Ethereum, have shown that smart contracts can be extremely vulnerable to hacking attempts. Most recently, those have manifested themselves in cyberattacks via electronic wallets, such as that of the exchange Bancor, which resulted in the loss of $23.5m (£17.8m) when a hacker targeted a compromised wallet used to upgrade certain smart contracts on its network.
Hosho’s findings follow those of the National University of Singapore, Yale-NUS College and University College London in March this year, which found that over 34,000 smart contracts out of one million surveyed contained coding vulnerabilities .
“In the absence of industry standards, we see smart contract auditing and penetration testing to be essential components of good security in blockchain systems,” commented AmaZix CMO Kenneth Berthelsen on the rationale behind the latest collaboration.
A report this week by PwC found that while 85% of companies claims to be dabbling with blockchain, a lack of trust in the technology remains to be a core impediment of its adoption among 45% businesses internationally.
No comments:
Post a Comment