Lack of Code Diversity in Cryptocurrency Ethereum May be Propagating Bad Code
Ethereum, one of the most popular cryptocurrencies with a market cap of more than $21.8 billon, is causing serious anxiety in the cryptocurrency marketplace.
Code integrity concerns have resulted in $170 million in cryptocurrency being frozen, and one recent security compromise caused $38,000 in losses to users. New research has further heightened concerns about the coin’s ecosystem itself.
On October 31, 2018, researchers from Northeastern University and the University of Maryland released their findings showing that a lack of diversity of smart contracts in the Ethereum blockchain may represent a substantial vulnerability.
In their article “Analyzing Ethereum’s Contract Topography,” the researchers analyzed three-years worth of smart contracts and concluded that the majority are “direct- or near-copies of other contracts.” Their research showed that less than only 10 percent of user-backed contracts are uniquely created. Since most Ethereum smart contracts have never interacted with users, but have instead been created by other contracts, the presence of bad code within those contracts could affect the entire Ethereum ecosystem.
This lack of diversity in smart contracts in the Ethereum blockchain means insecure or unreliable code may be propagated with each new copy. According to the researchers, “[w]hat sets Ethereum apart from other cryptocurrencies is that it uses the blockchain to not only store a record of transactions, but also smart contracts and a history of calls made to those contracts.” Thus, their findings potentially cut to the core of Ethereum’s popularity, endangering the future of the platform.
If your organization has been impacted by cryptocurrency vulnerabilities, contact a member of Lewis Brisbois’ Data Privacy & Cybersecurity Practice.