“One in four smart contracts have critical security vulnerabilities and three in five have at least one security issue.”
That is the startling claim coming from blockchain security specialists Hosho after an audit performed on a portfolio of ICOs who have collectively raised over $1 billion USD between them.
Smart contracts are sets of blockchain-secured instructions manifested in code which generally contribute to the management and delivery of products and services offered by ICOs.
“Smart contract proliferation is underway, but its rapid growth has also been marked by a distinct lack of standards,” a Hosh spokesman stated, adding that “smart contracts on blockchain, typically on Ethereum … can be extremely vulnerable to hacking attempts.”
It is not the first time that security concerns have been raised in relation to the current deployment of smart contracts in the ICO space.
In March of this year, a number of academic institutions including Yale-NUS and University College London collaborated in the creation of an automated audit of over 1 million smart contracts, and identified 34,000 among these whose behaviour they described as potentially “suicidal”.
A further hands-on analysis of a sample of 3,759 of these contracts subsequently concluded that 3,686 among these (89%) did indeed contain real security flaws.