{"id":229711,"date":"2021-04-18T10:13:00","date_gmt":"2021-04-18T07:13:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/smart-contract-exploits-are-more-ethical-than-hacking-or-not\/"},"modified":"2021-04-18T10:13:00","modified_gmt":"2021-04-18T07:13:00","slug":"smart-contract-exploits-are-more-ethical-than-hacking-or-not","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/smart-contract-exploits-are-more-ethical-than-hacking-or-not\/","title":{"rendered":"# Smart contract exploits are more ethical than hacking&#8230; or not?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2623602fa18\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2623602fa18\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/smart-contract-exploits-are-more-ethical-than-hacking-or-not\/#The_differences_between_an_exploit_and_a_hack\" >The differences between an exploit and a hack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/smart-contract-exploits-are-more-ethical-than-hacking-or-not\/#Are_exploits_more_ethically_justifiable_than_hacks\" >Are exploits more ethically justifiable than hacks?<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># Smart contract exploits are more ethical than hacking&#8230; or not? <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDQvZTE5Mjc4ZjgtMThmYy00NmJlLWI4ZDEtZTQxODEyNTAzMDRkLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a136f3a>There has been a lot of talk about the recent \u201chacks\u201d in the decentralized finance realm, particularly in the cases of Harvest FInance and Pickle Finance. That talk is more than necessary, considering hackers stole more than $100 million from DeFi projects in 2020, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/ciphertrace.com\/half-of-2020-crypto-hacks-are-from-defi-protocols-and-exchanges\/\">accounting for<\/a> 50% of all hacks this year, according to a CipherTrace report.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Roundup of crypto hacks, exploits and heists in 2020<\/em><\/strong><\/p>\n<p>Some point out that the occurrences were merely exploits that shined a light on the vulnerabilities of the respective smart contracts. The thieves didn\u2019t really break into anything, they just h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ened to casually walk through the unlocked back door. By this logic, since the hackers exploited flaws without actually hacking in the traditional sense, the act of exploiting is ethically more justifiable. <\/p>\n<p>But is it? <\/p>\n<h2><span class=\"ez-toc-section\" id=\"The_differences_between_an_exploit_and_a_hack\"><\/span>The differences between an exploit and a hack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.enisa.europa.eu\/topics\/csirts-in-europe\/glossary\/vulnerabilities-and-exploits\">Security vulnerabilities<\/a> are the root of exploits. A security vulnerability is a weakness that an adversary could take advantage of to compromise the confidentiality, availability or integrity of a resource. <\/p>\n<p>An exploit is the specially crafted code that adversaries use to take advantage of a certain vulnerability, and to compromise a resource.<\/p>\n<p>Even mentioning the word \u201chack\u201d in reference to blockchain might baffle an industry outsider less familiar with the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a>, as security is one of the centerpieces of distributed ledger technology\u2019s mainstream appeal. It\u2019s true, blockchain is an inherently secure medium of exchanging information, but nothing is totally unhackable. There are certain situations in which hackers can gain unauthorized access to blockchains. These scenarios <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.epiqglobal.com\/en-us\/thinking\/blog\/blockchain-can-be-hacked\">include<\/a>:<\/p>\n<ul>\n<li><strong>51% attacks<\/strong>: Such hacks occur when one or more hackers gain control of over half of the computing power. It\u2019s a very difficult feat for a hacker to achieve, but it does happen. Most recently in August 2020, Ethereum Classic (ETC) faced three successful 51% attacks in the span of a month.<\/li>\n<\/ul>\n<ul>\n<li><strong>Creation errors<\/strong>: These occur when security glitches or errors go overlooked during the creation of the smart contract. These scenarios present loopholes in the most potent sense of the term.<\/li>\n<\/ul>\n<ul>\n<li><strong>Insufficient security<\/strong>: When hacks are done through gaining undue access to a blockchain with weak security practices, is it really as bad if the door was left wide open?<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Are_exploits_more_ethically_justifiable_than_hacks\"><\/span>Are exploits more ethically justifiable than hacks?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Many would argue that doing anything without consent cannot possibly be considered ethical, even if worse acts could have been committed. That logic also raises the question of whether an exploit is 100% illegal. For example, having a U.S. company registered in the Virgin Islands can also be seen as performing a legal tax \u201cexploit,\u201d though it isn\u2019t considered outwardly illegal. As such, there are certain gray areas and loopholes in the system that people can use for their own benefit, and an exploit can also be seen as a loophole in the system.<\/p>\n<p>Then there are cases such as <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.investopedia.com\/terms\/c\/cryptojacking.asp\">cryptojacking<\/a>, which is a form of cyberattack where a hacker hijacks a target&#8217;s processing power to mine cryptocurrency on the hacker&#8217;s behalf. Cryptojacking can be malicious or nonmalicious.<\/p>\n<p>It may be safest to say that exploits are far from ethical. They are also entirely avoidable. In the early stages of the smart contract creation process, it\u2019s important to follow the strictest standards and best practices of blockchain development. These standards are set to prevent vulnerabilities, and ignoring them can <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/medium.com\/better-programming\/the-encyclopedia-of-smart-contract-attacks-vulnerabilities-dfc1129fdaac\">lead<\/a> to unexpected effects. <\/p>\n<p>It is also vital for teams to have intensive testing on a testnet. Smart contract audits can also be an effective way to detect vulnerabilities, though there are many audit companies that issue audits for little money. The best approach would be for companies to get several audits from different companies.<\/p>\n<p class=\"post-content__disclaimer\"><em>The views, thoughts and opinions expressed here are the author\u2019s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.<\/em><\/p>\n<div>\n<div style=\"background: rgb(239, 239, 239); border: 1px solid rgb(204, 204, 204); padding: 10px;\"><strong>Pawel Stopczynski<\/strong> is the researcher and R&amp;D director at Vaiot. He was previously the R&amp;D director and a co-founder at Veriori and at UseCrypt. Since 2004, Pawel has been involved in the development of 18 IT projects in Poland and the United Kingdom, focusing on the private sector. He was a speaker at several IT conferences, and the organizer of two TEDx conferences. For his work, Pawel was awarded a gold medal at the Concours L\u00e9pine International Innovation Fair 2019 in Paris, and a gold medal of the French minister of defense.<\/div>\n<\/div>\n<p><template data-name=\"subscription_form\" data-type=\"consulting_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/smart-contract-exploits-are-more-ethical-than-hacking-or-not\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Smart contract exploits are more ethical than hacking&#8230; or not? &#8221; There has been a lot of talk about the recent \u201chacks\u201d in the decentralized finance realm, particularly in the cases of Harvest FInance and Pickle Finance. That talk is more than necessary, considering hackers stole more than $100 million from DeFi projects in&#8230;<\/p>\n","protected":false},"author":1,"featured_media":229712,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDQvZTE5Mjc4ZjgtMThmYy00NmJlLWI4ZDEtZTQxODEyNTAzMDRkLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74882,75434,70375,70944,72287,4965],"class_list":["post-229711","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-hacks","tag-smart-contracts","tag-cybersecurity","tag-hackers","tag-security","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/229711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=229711"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/229711\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/229712"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=229711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=229711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=229711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}