Thirty-four thousand two hundred active Ethereum smart contracts hold 4.4 million dollars in ether and contain code defects that allow theft.
Five researchers from University College London and the National University of Singapore classified the defective contracts into three groups.
Greedy contracts freeze balances forever. Prodigal contracts send ether to any caller. Suicidal contracts accept a kill command from any address.
Smart contracts reside on the Ethereum blockchain, a distributed ledger that records every transaction in sequential blocks.
âPrograms that guard money yet forbid updates pose a permanent hazard,â said Ilya Sergey, assistant professor of computer science at University College London.
The study âFinding The Greedy, Prodigal along with Suicidal Contracts at Scaleâ examined 970,898 smart contracts and flagged 34,200 as vulnerable. One in twenty contracts carries exploitable flaws.
âThe maximal amount of Ether that could have been withdrawnâ¦is nearly 4,905 Ether,â the authors wrote. At an exchange rate of 894 dollars per ether, the figure equals 4.4 million dollars.
The report added: â6,239 Ether, worth 5.6 million dollars, sits in contracts that have already self destructed. 313 Ether reached those contracts after their termination.â
The researchers withheld the addresses of the vulnerable contracts – attackers must repeat the full analysis to locate targets. Sergey remarked, âAnyone who wants to exploit the flaws must invest the same effort we did.â
Trading in cryptocurrencies or initial coin offerings carries high risk. The article does not constitute investment advice. Prospective investors should consult a qualified professional before committing funds. The author held no cryptocurrency at the time of writing.