Securing Smart Contracts
Smart contracts, based on blockchain technology, are software programs that offer a very secure and transparent way of documenting and automating business processes. But as software programs, they are not immune to security vulnerabilities, as Professor Alexandra Dmitrienko explains.
© suphakit73 | istockphoto.com
Prof. Dr. Alexandra Dmitrienko
Watch the 4-minute video above or on YouTube, or read the transcript below:
Transcript
dotmagazine: Just how secure are smart contracts?
Prof. Alexandra Dmitrienko: Security is usually an issue when it comes to software systems and because smart contracts are also pieces of software which are executed on the blockchain, this problem also applies to them. And nowadays you hear of many security incidents related to smart contracts, starting with the DAO hack which happened in 2016. And today we have newer and newer reports popping up, and those problems happened because smart contracts can have vulnerabilities in a similar manner to any other pieces of software.
But unfortunately unlike with normal software, we cannot patch software on the blockchain because blockchains are immutable. And this is a contradiction which makes a solution to this problem very difficult
dot: What needs to be done to make smart contracts more secure, and where should the responsibility lie?
Prof. Dmitrienko: It is not an easy question to answer. Definitely the resolution is possible and we see several directions in solving this problem. Researchers are definitely looking into this problem. For example, they are developing new smart-contract languages which are less prone to vulnerabilities, which are more usable for automatic verification of code. We also see tools which are developed quite recently which help to improve quality of smart-contract code. But this is what we see in research and hopefully it will be deployed in practice quite soon.
But I don't think we can make someone responsible for this progress. Researchers are, of course, one party who are in charge of progress in this, but we also hope that the community behind blockchain is also interested in this problem. Because when we talk about smart contracts, we are talking not just about vulnerabilities. We are talking about people losing money. So this is a really important problem and we hope that the community will join the whole effort towards finding solutions.
Alexandra is a university professor at the Department of Computer Science at the Julius-Maximilian University (JMU) Würzburg. She combines an excellent academic track record in system security and privacy with extensive industrial experience in leading many successful industrial technology transfer projects. Her research agenda includes various topics ranging from secure software engineering and system security to security of cyber-physical and distributed systems (e.g., blockchains).
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.
