Get Smart – Ending Crypto’s Over-Reliance on Contract Audits
Last year was a rollercoaster for the crypto market. It experienced aggressive regulatory actions, high-profile criminal convictions, and shocking thefts. However, despite these challenges, the total cryptocurrency market capitalization rose to over $1.4 trillion in 2023, marking a year-over-year growth of over 70.7%. This growth has attracted new users and institutions to enter the market.
2023 witnessed a significant increase in the number of crypto investors, growing by 2.8% per month. Goldman Sachs even declared it as the year when crypto became institutionalized. While there is immense opportunity in the market, there are also alarming risks that should not be ignored.
The Vulnerabilities of Smart Contracts
When it comes to crypto transactions, the risk is not only due to market volatility or criminal actions but is also embedded within the mechanisms of crypto transactions themselves. One vulnerable aspect is smart contracts.
A smart contract is a self-executing contract used in blockchain transactions where the terms are written directly into the code. These contracts are attractive targets for hackers because they handle large sums and high-value tokens. If a hacker can manipulate a smart contract, they can direct tokens as they please.
To protect themselves, blockchain entities conduct smart contract audits where independent reviewers inspect the contract for design flaws, security vulnerabilities, efficiency, and other coding issues. The auditors then issue public reports detailing any issues found and steps taken to mitigate them.
While audits help ensure smart contracts’ security and inform investors’ decisions, they are far from foolproof. There are no widely adopted standards for smart contract verification, and audits cannot guarantee that a contract is bug-free. As a result, vulnerabilities often go unnoticed until they are exploited, leading to devastating consequences.
Examples of Smart Contract Exploits in 2023
Here are a few examples of smart contract exploits that occurred in 2023:
- LendHub – $6 million exploit: LendHub left a depreciated version of the IBSV token in its smart contract during an update. Attackers bought the old version and swapped it for the new, resulting in a $6 million loss.
- BonqDAO – $120 million exploit: Attackers manipulated the ‘update price’ function in BonqDAO’s smart contract, changing the price of AllianceBlock’s ALBT token. This led to devaluation and liquidation, causing a $120 million loss.
- Euler Finance – $197 million exploit: A flaw in Euler Finance’s smart contract allowed an attacker to execute a flash loan attack, withdrawing nearly $200 million worth of ETH-based assets.
Even with multiple audits conducted on Euler Finance’s smart contract, it still fell victim to one of the largest hacks of the year. This demonstrates that audits alone are not enough to prevent vulnerabilities and attacks.
The Limitations of Audits and the Role of AI
Audits are backward-facing and focus on known vulnerabilities, making them insufficient in identifying novel exploits. To address this, AI may have potential in enhancing the smart contract audit process. Experiments using OpenAI’s GPT-4 showed promising results in identifying vulnerabilities. However, real-world smart contracts are more complex and diverse than controlled environments like hacking games.
While we wait for AI to advance further in smart contract security, additional measures can be implemented at the wallet level to vet transactions before they are sent on-chain. These measures include inspection to prevent rogue actors from executing contracts, smart contract history to trace changes, and front-running to stop suspicious transactions before tokens are transferred.
By introducing more friction into transactions, we can make them safer and less attractive to bad actors who rely on speed for their exploits.
Hot Take: Prioritizing Security in Blockchain Transactions
The year 2024 began with crypto in a strong position, but smart contract vulnerabilities have cast a shadow over this progress. This is an inflection point where the promise of blockchain meets the realities of its risks. It is crucial for the crypto community to take security seriously at every stage of blockchain transactions.
About the Author:
Daniel Chong is the CEO and co-founder of Harpie, a crypto security platform. With a background in Mathematics and experience as a development and security consultant for various crypto companies, Daniel is dedicated to ending the threat of crypto theft and making smart contracts safe and accessible to all.
By
By
By
By
