While it is usually quite easy to build software that works as expected, it is much harder to check that nobody can use it in a way that was not anticipated.

In response to these growing security concerns, members of our Cisco Research & Open Innovation team attended the IC3 ETH bootcamp event at Cornell University to focus on improving smart contract development standards. The event brought together the top cryptocurrency and security experts from IC3, as well as notable attendees from both the Ethereum Enterprise Alliance and the Ethereum Foundation.

Vitalik Buterin presenting at IC3 ETH Bootcamp at Cornell University

Our team began the week-long coding and learning session by first discussing the adolescent smart contract landscape and the important security considerations that come along with it.

“Progress in smart contract safety is going to be layered, incremental, and necessarily dependent on defense-in-depth.” -Vitalik Buterin

When developing smart contracts in Solidity, Ethereum’s contract-oriented programming language, it is important to step back and consider how much is at stake. Most contracts handle monetary transactions, and sometimes even more valuable transaction data such as health records or land registry ownership. Before releasing your code into the wild, you want to first make sure that your contract has been properly audited by security experts and laymen alike so that there are no obvious vulnerabilities present. Also, it is important to note that even if your smart contract may seem bug-free, vulnerabilities in the compiler or the platform itself may contribute to some sort of unforeseen exploit.

Fortunately, there are already some verified code examples and standardized frameworks that are starting to emerge from the community. One example is the ERC20 token standard which allows anyone to create and publish their own secure token asset on the Ethereum blockchain. However, as more individuals release their tokens and launch their crowd sales, scammers, phishers, and exploiters are taking advantage of this token sale hysteria.