You can’t have software without bugs. Every major piece of code is subject to extensive debugging, which is an inevitable part of the development process. But when that code controls digital assets worth millions of dollars, ensuring it’s free of critical errors isn’t just desirable – it’s imperative. As this week’s Bancor hack and this year’s spate of smaller smart contract fails has shown, creating bug-free code is virtually impossible.
Also read: Only 12 out of 23 Korean Crypto Exchanges Pass Probe – Inspector Under Fire
Bugs Have Cost a Lot of People a Lot of Crypto
Cryptocurrencies, even those that don’t permit smart contracts, are susceptible to bugs. Even bitcoin, the benchmark by which other coins are measured, has had its share, like the overflow bug in 2010 that created 180 billion bitcoins in block 74638. It was quickly fixed though without anyone gaining or losing coins. Ethereum users haven’t always been so lucky. Incidents such as the DAO, Parity, and most recently Bancor, whose $12.5 million loss has been attributed to a permissioned backdoor in their smart contract, have pushed the amount of crypto lost to coding errors towards $1 billion.
As a turing complete blockchain, the Ethereum Virtual Machine can be used to enact smart contracts that use extremely sophisticated logic. The trouble is, the more complex that logic, the greater the likelihood of an exploitable bug creeping in. Solidity, the main language used to code Ethereum smart contracts, is notoriously tricky to master. The smart contract-enabled blockchains that have since emerged have been intent on eliminating such mistakes. This entails moving away from Solidity, and often from turing completeness, in favor of a more restrictive system with less margin for error.
