Be thankful that some researchers are discovering early vulnerabilities within Smart Contracts

There is no such thing as a real-world building that is burglar-proof, and there is likewise no such thing as a computer-based technology which is 100% protected from hackers & crackers & malware.

Researchers have discovered what they are calling trace vulnerabilities within blockchain-based Smart Contracts (a trace being the electronic version of a paper trail containing a list of every instantiation of a particular contract). They created three explanatory categories for such potential vulnerabilities:

  • Suicidal — there exists a theoretical possibility that any arbitrary intruder (e.g. a hacker/cracker) could destroy a Smart Contract altogether (note that it is possible for a creator or similar trusted administrator of a contract to execute a SUICIDE bytecode instruction on the blockchain’s virtual machine for purposes of voiding that contract)
  • Prodigal — there exists a theoretical possibility that any arbitrary intruder (e.g. a hacker/cracker) could leak details of a Smart Contract, including “coin” payments for services rendered, to arbitrary parties
  • Greedy — there exists a theoretical possibility that any arbitrary intruder (e.g. a hacker/cracker) could lock parties within a Smart Contract (i.e. make it impossible to execute a SUICIDE bytecode instruction on the blockchain’s virtual machine for purposes of negating that contract)

As a concept, Smart Contracts remain immature yet promising. They are still difficult to test, or to revise once established within a blockchain’s public ledger. Current trace vulnerabilities appear to crop up after multiple invocations of this or that contract, although this might be due to the relative obscurity of contracts which have not seen much use.

https://arxiv.org/pdf/1802.06038.pdf (PDF)