ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Saturday Nov 25th 2017
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Event

Submit an event for consideration on ETHNews

Submit Event

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Events
Contact Us

Smart Contract Analyzer to Appear at DEVCON2

By

Danielle

Meegan

WriterETHNews.com

Oyente is designed to identify any issues smart contracts have in their coding.

Oyente, a tool intended to calculate and report any vulnerabilities within smart contracts, is set to debut at DEVCON2.

Loi Luu, a Ph.D. student, and a researcher at Oyente, are scheduled to present their future open source tool on September 20.

A group of researchers from the National University of Singapore analyzed the security and stability of thousands of smart contracts and determined many of the issues were repeated. Using Oyente, the researchers were able to detect flaws that would allow an attacker to manipulate the contract for their personal gain.

In their white paper, Oyente discovered 8,833 smart contracts out of 19,366 were vulnerable. This included the DAO bug which led to the hack and eventual demise of the smart contract in June.

During their analysis, they found these flaws could be caused by a semantic gap. This problem, according to the white paper, is led “by the assumptions contract writers make about the underlying execution semantics and the actual semantics of the smart contract system. Specifically, we show how different parties can exploit contracts which have differing output states depending on the order of transactions and input block timestamp.”

Four major issues kept recurring in their research. These issues included transaction-ordering dependence (where a miner can control the order of transactions after mining the block), timestamp dependence (where a miner can “precompute” a timestamp for their own benefit), mishandled exceptions (an attack deliberately causes a send transaction to fail), and reentrancy (a call where the attacker can drain a contract that has not been “zeroed”). Reentrancy may sound familiar, as it was the bug that led to the DAO hack (3.6 million Ether was drained by hackers).

In order to test your smart contract for vulnerabilities, users must input it into Oyente. Their analysis will not only allow for better-executed contracts but it will also prevent any questionable ones.

Since the DAO hack, security has been the main focus in repairing future smart contracts. In that, Hrishi Olickel, a researcher for the Oyente analysis, points out that we rely too much on the programming language for smart contracts, and that we assume with the right computations that nothing will go wrong.

“Unfortunately, when ‘Code Is Law,’ autopilots are no longer an option. There needs to be a new language for smart contracts which requires at least a cursory understanding of the underlying system,” Olickel says.

Oyente is not the only company attempting to solve smart contracts’ security problems. Microsoft has joined forces with Harvard University to strengthen, and possibly change, the programming language.

Oyente does not plan to focus solely on Ethereum smart contracts. The tool will be platform agnostic and aims to work with platforms such as Counterparty and Rootstock.

Danielle Meegan

New Hampshire native, Danielle Meegan, is a writer based in Los Angeles. She has been published in a couple of sports and entertainment magazines and newspapers throughout the years and has dabbled with multiple virtual currency exchanges to understand the 'ins and outs' of trading. Danielle has invested in over 15 different virtual currencies, including Ether.

ETHNews is commited to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Smart Contracts, Devcon2 or other Ethereum application news.