Most smart contracts in Ethereum use the vulnerable code


In accordance with the latest research, most smart contracts on Ethereum are using the vulnerable code.

Researchers from northeastern University and the University of Maryland published a joint report entitled “analysis of the topology of Ethereum contracts”. The study showed some alarming results, according to which, the majority of smart contracts on Ethereum are using potentially vulnerable code.

The analysis included a modification of the Ethereum client Geth to compile bitcode contracts issued on the blockchain. Bitcode is a software code compiled from source in lower-level software for interpretation.

Analysis bitcode gave unexpected results

A team was assembled bytecode of all contracts published on the Ethereum blockchain for the first 5 million units, in approximately three years. Analyzing bitcode, the researchers found that “more than 60% of the contracts never interacted”, which indicates that software development can be a large amount of unused code and tokens to the network.

In addition, less than 10% of user contracts are unique, and less than 1% of the contracts based on them unique. This means that there is a greater likelihood of code reuse. The researchers were able to isolate from 1.2 million created smart contracts, 5877, having almost identical bitcode.

This high level of identity means that bugs or vulnerabilities that have appeared in these contracts can potentially affect thousands more. Hackers use these vulnerabilities have already resulted in the theft of cryptocurrency millions of dollars.

If you find a mistake on please highlight the text and press Ctrl+Enter.


Please enter your comment!
Please enter your name here

2 × 1 =