Holes in smart contracts - Blockchain does not release anyone from the need to be accurate
The security vulnerabilities in smart contracts that have been found in Ethereum environments do not mean that Blockchain per se is insecure, but they do show the importance of an early integration of security into the programming process.
A recent study discovered a whole lot of security vulnerabilities in smart contracts on the Ethereum network. A team led by computer scientist Ilya Sergey at the University College London analyzed one million smart contracts with the help of a tool and detected around 34,000 insecure contracts. By the way, smart contracts are much older than Bitcoin or Blockchain - the concept of mapping contractual relationships (which are often nothing more than "if this then that" processes) into software was first described by Nick Szabo in 1994.
The research results have found a strong response in the media and have been understood as a reminder that Blockchain is not secure (e.g. see the report in the MIT Technology Review magazine).
In fact, the story is a clear contradiction to the exaggerated expectations by some that Blockchain could be the solution for all security problems. The truth is that Blockchain is indeed safe and counterfeit-proof, however, if the smart contracts stored on it are poorly-programmed, this does not help either. Even in blockchain environments, the well-known rule applies: garbage in, garbage out.
It is still unclear what kind of smart contracts the research team has analyzed. One example the report mentions is smart contracts for ICOs (Initial Coin Offerings), where investors can purchase shares in the form of tokens (that are nothing more or less then new cryptocurrencies) to finance new business models. However, ICOs are highly speculative investments that respectable institutions warn against (e.g. BaFin, the German Federal Financial Supervisory Authority). Nevertheless, ICOs are currently experiencing a boom, so many ICOs are launched in a hurry to exploit the current momentum; therefore, it is likely that many improperly-programmed smart contracts will be used in the ICO sector.
But also in other areas, we see a lot of experimenting with new business models and service offerings based on Ethereum and smart contracts, which would explain why many smart contracts are not yet mature, secure and invulnerable.
The situation should, however, definitely not be glossed over. The research results on insecure smart contracts once again underline the importance of conscientious programming, business process know-how and security that is implemented at an early stage of development. A secure technology like Blockchain does not release anyone from the duty of care.