Author

Topic: Could Ethereum & automated transactions spread viruses/malware? (Read 1720 times)

legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Couldn't someone use some kind of memory overflow, to then make the computer execute code on the machine? So it would need some sort of bug - but since bugs tend to exist, such things have been done on other systems routinely.

In the case of AT it would only really be possible via the AT API having a bug (which is why it is purposely not a very large API).

Thorough testing of API functions should ensure that there is no "deadly memory leak" or the like but of course "complete coverage" isn't so easy (so constant reviewing of the API source code would be required).
sr. member
Activity: 252
Merit: 250
Couldn't someone use some kind of memory overflow, to then make the computer execute code on the machine? So it would need some sort of bug - but since bugs tend to exist, such things have been done on other systems routinely.
full member
Activity: 137
Merit: 100
AT - Automated Transactions - CIYAM Developer
Thus writing a Virus Smart Contract is not feasible, but exploiting the underlying implementation somehow by founding a bug is a different story.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
ATs cannot execute any code outside of their own machine code and its API has been kept intentionally very minimal so that it isn't possible to create anything more nefarious than a smart contract that fails to work properly.

For example - it cannot create files, it cannot create or use internet connections but can only operate within its very limited sandbox.

Although I haven't studied Ethereum in detail I would expect it is also safe from this sort of issue.

Of course a "bug" in a particular implementation (of the API in particular) could present a huge problem and that is why such things need extensive testing.
legendary
Activity: 2142
Merit: 1010
Newbie
Forgive my ignorance but would this be possible?

Yes, if there is a bug/feature that gives a chance to execute code outside of the virtual machine running smart contracts.
full member
Activity: 137
Merit: 100
AT - Automated Transactions - CIYAM Developer
I will speak on behalf the AT smart engine that is currently live on burst coin. No you cannot infect the host pc with virus using AT contracts. But for sure someone can create an AT contract that says it does x but it does y and you end up loosing money if you send coins to the AT, but at least anyone can check the code the AT is executing.
sr. member
Activity: 406
Merit: 250
Forgive my ignorance but would this be possible? I admit I know very little about this but from what I understand, Ethereum and a few other coins are developing automated transactions and Turing complete scripting engines that interpret code/applications uploaded to the blockchain. Could applications written in this manner execute in the users' machine or are they confined to the blockchain?
Jump to: