Swiss startup identifies security flaws in Ethereum


The recent Ethereum upgrade was brought to a halt after ChainSecurity identified a security loophole in Ethereum’s smart contracts. The upgrade would have enabled hackers to steal from users. The ETH spinoff offers automated scanning programs for auditing smart contracts.


Established in 2017 by Martin Vechev, a professor at ETH Zurich, and two students, Hubert Ritzdorf and Petar Tsankov, ChainSecurity is devoted to making blockchain technologies more secure. The ETH spinoff develops and operates automated scanning programs for auditing smart contracts. Through its audit platform, the startup is able to check for vulnerabilities and certify the functional correctness of smart contracts and blockchain projects. Upon successful auditing of a client, the startup issues certification for the security of contracts.

Auditing is essential for companies that bring cryptocurrency on the market and for providers of blockchain products, including trading platforms and insurance companies. More than 30 clients around the world have already joined ChainSecurity’s client base.

Ethereum upgrade stopped in the last minuteLast week, ChainSecurity’s alert prevented the release of Ethereum upgrade. Ethereum is an open-source, public, blockchain-based distributed computing platform and developer of ether, the second largest cryptocurrency after Bitcoin. The platform also enables users to link transactions to contractual conditions, known as smart contracts.

In the new upgrade, Ethereum had planned to decrease fees its users would pay for carrying out smart contracts to make the platform more user-friendly. However, the change would have allowed users, who are seeking to exploit the system, to create nested executions of smart contracts that would process a transaction multiple times instead of just once. Moreover, this would have made it possible for hackers to steal from the ether accounts of Ethereum users. Until now, a combination of higher contract prices and a maximum fee per transaction makes it impossible to carry out such nested transactions.

Prior to the release upgrade, ChainSecurity identified this security issue, which called for an immediate halt and suspension of the upgrade. ChainSecurity’s CTO Hubert Ritzdorf commented that, “If the upgrade had gone ahead as planned, malicious users could have attacked certain contracts and then been able to raid the accounts of other users.”

Through this incident, CyberSecurity has attracted attention from numerous media channels worldwide as well as from players in the blockchain industry. (ran)