{"id":16625,"date":"2018-08-21T01:33:06","date_gmt":"2018-08-21T01:33:06","guid":{"rendered":"https:\/\/monitorchain.com\/?p=16625"},"modified":"2018-11-19T01:34:38","modified_gmt":"2018-11-19T01:34:38","slug":"why-smart-contract-auditing-isnt-enough","status":"publish","type":"post","link":"https:\/\/monitorchain.com\/why-smart-contract-auditing-isnt-enough\/","title":{"rendered":"Why Smart Contract Auditing Isn\u2019t Enough"},"content":{"rendered":"
[et_pb_section bb_built=”1″ fullwidth=”on” specialty=”off” next_background_color=”#212121″ _builder_version=”3.17.6″ background_image=”https:\/\/monitorchain.com\/wp-content\/uploads\/2018\/11\/FAQ2.jpg” background_color=”#212121″][et_pb_fullwidth_header _builder_version=”3.17.6″ title=”Why Smart Contract Auditing Isn\u2019t Enough” background_color=”rgba(0,0,0,0)” background_video_pause_outside_viewport=”off” text_shadow_color=”rgba(0,0,0,0.5)” title_text_color=”#1f8ee2″ title_text_shadow_style=”preset1″ title_text_shadow_color=”rgba(0,0,0,0.5)” text_shadow_vertical_length=”0.1em” text_shadow_blur_strength=”0.1em” title_font=”|700|||||||” \/][\/et_pb_section][et_pb_section bb_built=”1″ specialty=”off” prev_background_color=”#212121″ _builder_version=”3.17.6″ background_color=”#212121″ inner_shadow=”on” box_shadow_style=”preset6″ box_shadow_spread=”10px” box_shadow_color=”rgba(0,0,0,0.5)” background_image=”https:\/\/monitorchain.com\/wp-content\/uploads\/2018\/11\/BlogBG3.jpg”][et_pb_row admin_label=”Top Image – Hide Row if None” _builder_version=”3.17.6″ background_color=”#212121″ background_image=”https:\/\/monitorchain.com\/wp-content\/uploads\/2018\/08\/QuestionnaireT.jpg” width_unit=”off” custom_width_percent=”100%”][et_pb_column type=”4_4″][et_pb_divider admin_label=”Desktop + Tablet + Phone” _builder_version=”3.17.6″ show_divider=”off” height=”100px” disabled=”off” disabled_on=”off|off|off” \/][et_pb_divider admin_label=”Desktop + Tablet” _builder_version=”3.17.6″ show_divider=”off” height=”100px” disabled=”off” disabled_on=”on|off|off” \/][et_pb_divider admin_label=”Desktop” _builder_version=”3.17.6″ show_divider=”off” height=”100px” disabled=”off” disabled_on=”on|on|off” \/][et_pb_divider admin_label=”Desktop” _builder_version=”3.17.6″ show_divider=”off” height=”100px” disabled=”off” disabled_on=”on|on|” \/][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”3.17.6″][et_pb_column type=”2_3″][et_pb_divider _builder_version=”3.17.6″ show_divider=”off” height=”10px” \/][et_pb_text _builder_version=”3.17.6″ text_text_color=”#e0e0e0″ background_layout=”dark”]<\/p>\n
Smart contracts are used to control billions of dollars\u2019 worth of digital assets and execute a vast array of agreements including electoral voting, ICOs and supply chain management among others. Considering that Ethereum and other blockchain platforms allow developers to access their services at a reasonable cost, further growth in the size and significance of smart contracts is investable.
Nonetheless, just like all other emerging technologies, smart contracts have their own share of challenges. In a smart contract your funds are the mercy of the code. Since there are no undo buttons or central authority to ensure everything is fair and clean, there is little you can do if things go south. Should someone exploit a vulnerability in the code, all funds can vanish in an instant!
Therefore smart contract audits to optimize performance and take care of any security concerns are indispensable. But one question remains: are smart contract audits enough? Let\u2019s delve in and explore:<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”3.17.6″ text_text_color=”#e0e0e0″ background_layout=”dark”]<\/p>\n
Smart contract auditing is simply a scrutiny of the code used to underwrite the terms of a smart contract. This gives developers a chance to identify inefficiencies, vulnerabilities and potential bugs in the smart contract before it is deployed.
Usually, the audits are conducted by third parties to make sure that the code is inspected as exhaustively as possible. Depending on the budget and complexity of a smart contract, a company may opt to procure the services of a specialist smart contract team to conduct the audit.<\/p>\n
<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”3.17.6″ text_text_color=”#e0e0e0″ background_layout=”dark”]<\/p>\n
Clearly, smart contract audits alone are not enough. Smart contract auditing isn\u2019t about writing code that is so watertight that it locks out all the hackers- the crypto sphere is known to have some of the best hackers in the world. It is more about catching dangerous bugs that would cause devastating effects if left in the smart contract.<\/p>\n
Since smart contacts are immutable, it is very difficult to correct mistakes once the code goes live. And this is not the only problem. When a buggy smart contract suddenly begins to misbehave, the confidence of those looking to leverage on the benefits of Blockchain technology is severely eroded.<\/p>\n
vulnerable code that leaves room for manipulation not only puts substantial amounts of money at risk of being stolen but also leaves the reputation of Blockchain technology in jeopardy. A good example is the DAO fiasco where a hacker exploited a weakness in the code and drained over $50 million from the DAO. Luckily most of the funds were restored through a hard fork.<\/p>\n
Another example that illustrates the consequences of a bug left in a smart contract code is the Parity Wallet hack of 2017. In this attack, a malicious agent discovered a bug in their smart contract and manipulated it to gain exclusive rights to a multi-signature wallet. He then used the rights to transfer the funds to his wallet.\u00a0 Digital assets worth millions of dollars were stolen! According to Parity, the bug was missed during an internal audit. This demonstrates that while auditing can reduce potential attack surfaces and ensure that the code is in line with the best practices, it is not enough.<\/p>\n
<\/p>\n
<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”3.17.6″ text_text_color=”#e0e0e0″ background_layout=”dark”]<\/p>\n