Smart Contract Risk

Since smart contracts typically cannot be stopped or reversed, vulnerabilities in their programming can have damaging effects. For example, in June 2016, a vulnerability in the smart contracts underlying The DAO, a distributed autonomous organization for venture capital funding, allowed an attack by a hacker to syphon approximately $60 million worth of Ethereum from The DAO’s accounts into a segregated account. In the aftermath of the theft, certain developers and core contributors pursued a “hard fork” of the Ethereum network in order to erase any record of the theft. Despite these efforts, the price of Ethereum dropped approximately 35% in the aftermath of the attack and subsequent hard fork. In addition, in July 2017, a vulnerability in a smart contract for a multi-signature wallet software developed by Parity led to a $30 million theft of Ethereum, and in November 2017, a new vulnerability in Parity’s wallet software led to roughly $160 million worth of Ethereum being indefinitely frozen in an account. More recently, in February 2022, a vulnerability in a smart contract for Wormhole, a bridge between the Ethereum and Solana networks, led to a theft of $320 million worth of Ethereum.

Flaws in the source code for digital assets have been exposed and exploited, including flaws that disabled some functionality for users, exposed users’ personal information and/or resulted in the theft of users’ digital assets. The cryptography underlying the Protocol could prove to be flawed or ineffective, or developments in mathematics and/or technology, including advances in digital computing, algebraic geometry and quantum computing, could result in such cryptography becoming ineffective. In any of these circumstances, a malicious actor may be able to take assets from the Protocol or attack the operability of the Protocol. Any such exploits or hacks could results in a total loss of digital assets for a Protocol user.

Last updated