Buterin Contemplates on Smart Contract Security


The Ethereum Community have crowdsourced a list of all of the major bugs with smart contracts on Ethereum, including both the DAO as well as various smaller 100-10000 ETH thefts and losses in games and token contracts.

Based on their preliminary findings, the DAO holds the number one spot on the major bugs list, followed by FirePonzi, a casino with a public RNG seed and several other issues or "bugs."

There have been many solutions proposed to smart contract safety, ranging from better development environments to better programming languages to formal verification and symbolic execution, and researchers have started developing such tools. 

Progress in smart contract safety is necessarily going to be layered, incremental, and necessarily dependent on defense-in-depth. There will be further bugs, and we will learn further lessons; there will not be a single magic technology that solves everything. - Buterin Vitalik

The Action Plan

Buterin further enumerates the action steps that can be taken by the community:


  • Taking on the project of making a superior development environment, as well as a superior block/source code explorer, that includes some of these features
  • Standardization of as many components as possible
  • Taking on the project of experimenting with different smart contract programming languages, as well as formal verification and symbolic execution tools
  • Discussing coding standards, EIPs, changes to Solidity, etc that can mitigate the risk of accidental or deliberate errors
  • If you are developing a multimillion-dollar smart contract application, consider reaching out to security researchers and work with them on using your project as a test case for various verification tools
You may read more about this on Ethereums blog.