Though blockchain-native software is in its infancy, the technology races forward to meet more and more use cases. But the community doesn’t seem to have taken software security principles seriously, as we can see from the recent scan of Ethereum smart contracts that identified 34,200 vulnerable contracts.
For added perspective, a smart contract is a piece of software which contains business logic for moving around balances, or changing the key-value-pairs stored on the blockchain.
Poor choices in the architectural design of the Ethereum Virtual Machine and smart-contract programming languages (e.g., Solidity) mean that even security-conscious developers are susceptible to making simple mistakes with severe consequences. With huge amounts of money being invested in blockchain software startups, the community must make a greater effort to improve the platforms the software is built on.
Traditional tooling for secure software development has not yet adapted to blockchain-centric software. Highly distributed and trustless systems introduce entirely new threats and require new ways of reasoning about software flaws.
New research papers and accompanying tools are released every week, but the community has not yet reached consensus on best practices for developers to work from. Once a vulnerability is found, the unalterable nature of blockchain technology can make patching existing contracts difficult or effectively impossible. Given this inflexibility, we must adopt a more forward-looking approach to security and develop tools and best practices for eliminating bugs before they make their way into the blockchain.
The following software security activities are likely to make their way into every smart-contract development cycle:
Developers need audited and proven frameworks for creating secure code from common patterns. This may include safe math operations, authentication and authorization, or monetary transaction handling.
Tools today can identify common code smells and eliminate low-hanging-fruit bugs in Solidity code. In the future these tools must be framework-aware and contain more security-related rulesets.
The Maian tool used by National University of Singapore researchers to find the vulnerable smart contracts is an example of hybrid static analysis with concrete execution, which discovers complex flaws that would be missed by traditional static analysis tools lacking symbolic execution. Many new smart-contract analysis tools do not need source code and can be used to scan the entire public blockchain for potentially vulnerable contracts.
For nontrivial applications deployed on blockchain technology, organizations need a threat modeling process to systematically identify all components of the system, potential threat actors, and controls provided by the platform. Security teams can then draw conclusions about the overall security of the system and where additional security measures can be added to compensate for identified threats.
Traditionally, blockchain contracts were inalterable, and users put their trust in the veracity of contract code. Today, no contract is safe from hacks and bugs, so contract vendors need to create policies around consumer and asset protection. Smart-contract developers also must consider policies for patching live contracts and methods for handling incident response.