Research claims that the security of the Ethereum platform could be compromised by the super simple and blatant copying of smart contracts done by people and other contracts.
According to the published report, there is little diversity in the origin of smart contracts, which means that all vulnerabilities found in contracts have possibly been reproduced thousands of times.
Entitled “Analyzing Ethereum’s Contracts Topology” research by Luciana Kiffer and Alan Mislo of Northeastern University and Dave Levin of the University of Maryland examined how smart contracts are created and how Ethereum users interact with each other. This exploration revealed that most of the smart contracts on the network that supports this important ecosystem cryptocurrency “come from direct or very close copies” of previous contracts.
According to Kiffer, Mislo and Levin, who had already studied Ethereum’s decentralized network, “code reuse” is a risky practice, because due to the “little diversity” in contracts, copying them may have replicated code errors. To reach that conclusion, the researchers used a modified version of Ethereum’s client, geth, with which they analyzed five million blocks of the chain, which covers the network’s activity since its inception in 2015.
Among those five million blocks, 125,177 smart contracts were analyzed. The report revealed that more than 100,000 contracts come from just 16,373 clusters. Researchers also claim that 51.1% of the contracts analyzed come from the first 5 clusters, with the number one responsible for 26,144 token contracts, while the second is “composed of contracts involved in the October 2016 DDoS attack.
In addition to the “significant reuse of code,” the results of interactions recorded in the geth client, known as the Ethereum Virtual Machine, establish that contracts are currently “three times more likely to be created by other contracts than by users,” and 60% of these “have never been linked. On the other hand, the percentage of contracts created by the user barely reaches 10%.
(…) We find that today’s contracts are three times more likely to be created by other contracts than by users, and that more than 60% of contracts have never been related. Additionally, we get the default bytecode of all contracts and look for similarity; we find that less than 10% of the contracts created by the user are unique, and less than 1% of the contracts created by the contract are unique.
Kiffer, Mislo and Levin
Analyzing the Topology of Ethereum Contracts
According to the researchers, the simplicity with which an smart contract can be copied is “probably the driving force behind Ethereum’s success”. However, possible errors in contracts are risks to be taken into account, mainly because Ethereum has its own history of bugs or technical failures.
Let’s remember that in 2016, after DAO hacking, the appearance of Ethereum Classic and DDoS attacks on its platform, a vulnerability was discovered in smart contracts. The bug was linked to the storage variables of the smart contracts, and left open the possibility of exceeding the size of the contracts and overwriting certain types of contracts.
That bug was fixed with an update to Solidity, the Ethereum programming language, and marked the end of a complex year for Ethereum developers. A scenario similar to the current one, as during 2018 the proposed reduction of rewards per block, the fall in price and the changes announced for the last quarter of the year, have called into question the current state of “the blockchain computer”.