Sometimes, smart contracts aren’t so smart. Now, EY wants to fix that. The company has released a tool that analyzes these blockchain-based programs for security flaws.
Smart contracts are a kind of computer program that runs on a blockchain. They first hit the scene with post-bitcoin blockchain projects like Ethereum around five years ago. They have spread to other blockchains since then.
Bitcoin’s blockchain technology validated transactions to its entire network of users and made them tamper-proof. Smart contracts apply the same principles to computer programs.
Smart contracts run on multiple participants’ computers in the blockchain. That makes them resilient, because they could still run even if several computers went down. It also makes them transparent, because everyone can verify their results. It makes them productive, because they can send cryptocurrency between blockchain participants as part of their programming. Smart contracts also eliminate the need for a central ‘middle man’ like an eBay, or AirBnB, to manage transactions and take a commission. Instead, they let people create contracts with each other.
Smart contracts now power everything from insurance contracts to gambling sites, but there is a downside. Someone who finds a loophole in their code can still exploit them.
This has happened several times in the past. In the most famous case, the DAO—an ambitious project to create an entire company using nothing but Ethereum smart contracts—lost over $50m thanks to poorly written code. In another, a hacker walked away with over $24,000 after finding a loophole in an online gambling site’s smart contract.
EY’s Smart Contract Analyzer, which entered a private beta test last week, subjects contracts to a battery of over 250 tests that look for a range of malware and coding errors to help close these loopholes.
The software also lets organizations subject smart contracts to simulated tests using real-world data.
Later this year, EY will integrate the tool into its EY Blockchain Analyzer, which analyzes transactions and handles tax calculations for cryptocurrency assets.
The analyzer tool will help organizations who are preparing their smart contract-based startups for an initial coin offering (ICO), in which they sell their crypto-tokens to early adopters.
Code analysis tools are a long-standing tool in traditional software development. Now, with tools like this hitting the market, the relatively nascent world of smart contract development world may mature.
The topic of Governance, Risk and Compliance will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Governance, Risk and Compliance here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.
