Resources

What is a Smart Contract & Why Should You Audit It?

Written by: Stephen Nelson

What Is a Blockchain?

To explain what a blockchain is, let’s first break down what a block and a chain are. A block is akin to a piece of paper that records transactions and a chain is a link that connects the last block to the current block. The first block, also called the genesis block, contains the first transaction that is then stored on block two, and then block three contains all the transactions from block 2, and so on. This is called a blockchain, which is a decentralized, public ledger that exists across a network and promises transparency and immutability.

The most popular blockchain technologies that you have probably heard of are Bitcoin and Ethereum, which have been leveraged into cryptocurrencies. Both blockchains are vastly different, but one of the main points is that Ethereum utilizes smart contracts to convert traditional contracts into digital parallels. So, what is a smart contract? Let’s break it down. A contract is an agreement between two people or entities. We use contracts to make agreements. whether they be verbal or pen-and-paper agreements. You may ask yourself, “I’m not a lawyer! Why would I care about any sort of contract or legal terminology?” And you would be right. Contracts contain some boring and needlessly long terms that we don’t need to bore ourselves with. This is where smart contracts come into play.

A smart contract
is a “self-executing contract with the terms of agreement between buyer and seller being directly written into lines of code.”

* Source: Investopedia

What Is the Purpose of a Smart Contract?

A smart contract is defined by Investopedia as a “self-executing contract with the terms of agreement between buyer and seller being directly written into lines of code.” Think of smart contracts like a vending machine – you have a desired input (money), and you want to choose a desired output (snack selection). If both of those conditions are satisfied, the desired output is placed onto the blockchain (snack dispensed).

Why Do We Audit Smart Contracts?

So, why do we need to audit a vending machine? Well, a vending machine is not without flaws:

  • The vending machine may dispense more than the allotted number of snacks, robbing the vending machine owner.
  • The vending machine may break down.
  • The vending machine may not work and not dispense anything, frustrating the user.

You get the picture. The vending machine may not always give you the desired output and that’s why it should be audited.

Conclusion

What happens if a smart contract isn’t audited? A recent ArsTechnica article, “Really stupid ‘smart contract’ bug let hackers steal $31 million in digital coin,” answers the question in the headline. Additionally, Be In Crypto recently ran an article explaining how hackers have stolen more than $1.22 billion from the DeFi market in the first three months of 2022. These smart contracts are being taken advantage of through poor sanitization of code, developers building code but not ensuring that the code is secure, poor error handling for external calls, etc. Many smart contracts seen on the blockchain have security issues including, but not limited to:

  • Reentrancy attacks
  • Denial of service attacks
  • Integer underflow/overflow
  • Insecure arithmetic
  • Oracle manipulation
  • Force feeding
  • Timestamp dependencies

With Ethereum being the second-largest cryptocurrency platform, malicious actors abusing these poor security practices could result in the loss of millions of dollars and diminishment of the reputation of any organization involved. Ensuring that smart contracts are audited helps to secure our financial investments. Without the proper security measures in place, including audits, we could see these incidents repeated.