Topic: [2018-08-29] 25% of All Smart Contracts Contain Critical Bugs (Read 122 times)

i also have the same hopes but sadly enough i don't think it is going to happen anytime soon.
so far the only thing that people have cared about has been to create something as fast as possible with spending as little resources as possible. aka ICOs. and since people care about pump and dumps and money making nobody really cares about the security of these coins. they don't even care about the security of their ETH tokens otherwise they wouldn't have been using web wallets to store them!!!

well, as we all know, now more coin spammers and even the ethereum platform are already filled with junk coins just like waves. Hopefully in the future the smart contract platform is even better

As I know that these types of coins for challenging ideas are good. On the other hand  not to grip like bitcoins. It will never set its position as like as bitcoin.

this is a very interesting article that have scared me a little bit... if there are so many bugs potentially noone is safe. I hope that major bugs will be fixed even if I know that programmers always do mistakes.

I concur with your point Programmers commit errors some place The advantage of which the programmers raise I think it needs a ton of change to have some sort of courage to stay in this market. They should focus on their work of doing and make these things feasible enough to compete in this market.

These coins for testing thoughts are great, however not to hold like bitcoins, they will never go to the status like bitcoin. Because is far higher than all of this, it is updating itself according to the market situation and I believe it is on the right track.

Ok, EOS. I don't know how engineers of Alt tasks can live with themselves, uncovering all their tech deficiencies regardless of raising such a great amount to make vapourware. As long as the folks out there are mass creating savvy contracts without appropriate associate audit and development testing, it's just excessively unfeasible for standard utilize.

Kudos to Amazix, really great initiative they have brought here. After the recent bugs whichs were found in EOS, a lot of investors lost their interest in the smart contracts. But, Amazix emerging at such a time will surely give them more hope of receiving bug free smart contracts in the future.

Good to see that someone has really come up with the solution of testing the smart contracts before they get released or even after they are already released in the market. This will not only help the existing users to be more sure about where they are investing but also build the trust of a lot of newcomers who have perceived the crypto space to be filled with bugs and scams.

Hell I would say over 25% of the Smart Contracts are scams.  25% seems like a lot on the surface but probably is really damn good considering what we are up against.  It seems to me there is a very talented bunch of programmers working in crypto. 

I haven't been really fascinated with the smart contracts to say the least. So, these smart contracts having critical faults in them won't really matter to me. However, I had high hopes with EOS and thought that they are here to stay once I saw their bull run during mid August. But now, it looks like just another faulty project that people are abandoning.

Your finding is really helpful and it has focused on very important issues of the recent projects. It should be taken in the consideration by the programmer as such weakness and fault open the door for the scammer to do scam.

The over all coin testing idea is a good one. It will even make us aware of coins which got all the attention due to the hype such as EOS. But it will be futile to put a test on BTC because we all know that this is the bet coin in the market.

This is really an impressive and valuable finding. Actually many and many projects are coming to this market daily. Most of these do not focus on quality and so such programming mistake is expected. This is also the reasons for hacking as the hackers takes this as advantage to hack.

These coins for testing ideas are good, but not to hold like bitcoins, they will never go to the status like bitcoin.

Ah, EOS. I don't know how developers of alt projects can live with themselves, exposing all their tech shortcomings despite raising so much to create vapourware.

I'm not a fan of smart contracts just yet, even if the possibilities for me are exciting for very practical uses (like for example, how about a simple escrow smart contract for Bitcoin!), but as long as the guys out there are mass producing smart contracts without proper peer review and maturity testing, it's simply too unfeasible for mainstream use.

Would be particularly useful if Hosho actually spent some of their time helping validate/examine open source contracts out there.

I agree with your point Programmers make mistakes somewhere The benefit of which the hackers raise I think it needs a lot of improvement

For every problem that smart contracts solve, they seem to introduce another. In a week in which EOS has made news for all the wrong reasons over a RAM vulnerability, a code auditor has revealed the prevalence of smart contract bugs. Security firm Hosho, which has forged a new partnership with community managers Amazix, has found that one in four projects contains critical vulnerabilities.

$1 Billion Is No Guarantee Against Bugs

$1 billion. That’s the amount raised by the projects whose smart contracts Hosho has audited. The security company claims to have audited more smart contracts than any other industry player. Despite the significant human and financial resources at their disposal, many of these projects would have been crippled had they neglected to have their code thoroughly scrutinized. A quarter of the projects Hosho has audited were found to have critical bugs, and some 60% of all projects they saw had at least one security issue.

Ethereum, the ICO economy’s go-to launchpad, has been the worst affected, with stories abounding of exploitable code that’s led to hundreds of millions of dollars of ether being stolen or locked up. While smart contract platforms such as Stratis are pushing the availability of debugging deployment suites and professional decompilers that come with using C#, Ethereum’s Turing-complete system leaves greater margin for error. Identifying and eliminating all potential security holes is a Sisyphean task, and one which even experienced Solidity developers struggle with. Enlisting the support of a third party specializing in smart contract audits, while not foolproof, is the best bet against shipping bug-filled code.

Continue reading >> https://news.bitcoin.com/25-of-all-smart-contracts-contain-critical-bugs/