Although Ethereum is the second most popular cryptocurrency, with a market capitalization of $21.47 billion, and has the strongest developer community network, a University-based research paper recently discovered that most contracts on the Ethereum network are direct or near-direct copies of other contracts. Having widely available code may be the driving force behind Ethereum’s popularity. However, it puts the entire network at risk, especially if there are vulnerability and bugs in the original code.
Substantial Code Re-use in Ethereum
According to the paper titled, “Analyzing Ethereum’s Contract Topology,” published by the Northeastern University and the University of Maryland on October 31, 2018, while the Ethereum platform is very popular with developers, there is substantial re-use of code within the network.
The analysts found that the 1.2 million user-created contracts can be reduced to clusters of 5,877 contracts that have a highly-similar code. The lack of diversity and variation shows that a small bug in a contract could result in a wide-spread impact on the Ethereum user and developer community. These bugs and vulnerabilities in the system have been discovered in the past which have, unfortunately, led to attacks, costing the Ethereum community hundreds of millions of dollars in lost value. At the rate of the network’s growth, Ethereum’s lack of different code becomes an increasingly pressing issue.
To reach these conclusions, the analysts from both Universities collected the bytecode from all the contracts published to the Ethereum blockchain during the first 5 million blocks which occurred three years ago, in 2015 during Ethereum’s initial release. They also collected modified data from Ethereum’s virtual machine, known as Geth, and logged all interactions between contracts and users.
Lack of Diversity Concerning As Ethereum Grows
Ethereum is currently the most popular blockchain platform for developers. Ethereum’s market capitalization and exchange rate, which has grown over 1,000-fold since its inception. There are also approximately three times more smart contracts on the Ethereum network than any other blockchain network. Ethereum’s usage, measured by the number of transactions in the system has also increased exponentially, with the average number of transactions per day rising from 40,000 to over 1 million.
Although Ethereum experienced a drop in price from its all-time high in January 2018 at $1,477, to $208.09 in November 2018 as seen on CoinmarketCap, the paper noted that the growth and number of transactions per day have remained relatively stable.
Ernst and Young’s ICO 2017 Report demonstrated similar findings. While NEM, NEO, Waves, and Stellar attracted a lot of attention in 2017, no other blockchain platform managed to rival Ethereum. The Ethereum developer community remains strongest on Github and has the highest social media activity across Facebook, Twitter, and Reddit.
At the current rate, the Ethereum platform will continue to attract more contracts. The research paper, however, stressed their concerns of repeatedly using highly-similar code. They noted that the few creators compared to the number of overall contracts will result in code being reused extensively, affecting the overall reliability of the contract ecosystem. Furthermore, in a blockchain system like Ethereum, smart contracts cannot be changed as it becomes apart of the blockchain state. Creators need to make entirely new contracts and migrate existing or old code over.
Analysts Concerned Due to Past Attacks
The University research paper noted that Ethereum suffered many attacks in the past due to vulnerabilities in their code. A great example is the Decentralized Autonomous Organization (DAO) hack. Known as “the mother of all smart contract hacks,” the DAO was a venture capital fund for cryptocurrency companies that operated without a central Governing Authority. They completed everything through smart contracts and encoded all rules, and financial transactions on the blockchain.
While the DAO raised 12.7 million Ether (approximately $150 million at the time) in May 2016, making it one of the largest crowdfunding projects, it was soon hacked a month later in June 2016. Unfortunately, there was a bug and loophole in the DAO’s code, which allowed the hacker to drain funds from the company. In the first few hours, the hacker stole 3.6 million ETH (approximately $79.6 million at the time.)
The DAO hack is unfortunately just one example. Others include the Parity hack, an incident in July 2017, where a hacker attacked the Parity Wallet organization and stole 150,000 Ethereum (approximately $30 million US at the time.) despite being reviewed by a solidity expert and undergoing extensive auditing and peer review process.