Smart contract exploits are more ethical than hacking!

Smart contract exploits are more ethical than hacking!

Disclosure News
April 21, 2021 by Delnia
There has been much talk about recent decentralized hacks, especially in Harvest Finance and Pickle Finance. According to CipherTrace, this argument is too much to bear, as hackers stole more than $ 100 million from Defi projects in 2020, accounting for 50% of all hacks this year.
Smart contract exploits are more ethical than hacking!

What is certain is that smart contracts exploit gain points only to reduce the destructive nature of their sample.

Some point out that these events were merely exploits that shed light on the vulnerabilities of the relevant smart contract. The thieves didn’t penetrate anything, and they just happened to walk behind the locked door. By this logic, since hackers exploited a flaw in the traditional sense without actually hacking, the act of exploitation is morally justifiable.

But is that so?

The differences between an exploit and a hack

Security vulnerabilities are rooted in exploitation. A security vulnerability is a weakness that an enemy can use it. So, when the enemy uses this he or she can compromise the confidentiality, availability, or integrity of a resource.

Exploitation is a specially created code and used by enemies to exploit a specific vulnerability and compromise a resource.

Even the mention of the word “hack” referring to the Blockchain may cause a stir in a foreign industry that is less familiar with the technology, as security is one of the main thrusts of head office distribution technology. True, Blockchain is an intrinsically safe substance for exchanging information, but nothing is entirely controllable. There are certain conditions under which hackers can gain unauthorized access to Blockchains. These scenarios are:

51% Attacks: Such hacks occur when one or more hackers control more than half of the computing power. Achieving it is a complicated task for a hacker, but it happens. Most recently, in August 2020, Ethereum Classic (ETC) faced three 51% success attacks in one month.

  • Errors: These occur when security bugs or errors are ignored when creating a smart contract. These scenarios provide holes in the meaning of the most important term.

Insufficient security

When hacks are carried out through improper access to the Blockchain with inadequate security measures, is it bad if the door is left entirely open?

Are exploits more ethically justifiable than hacks?

Many believe that doing anything without consent cannot be considered moral, even if worse actions have been taken. This logic also raises the question of whether exploitation is 100% illegal this year. For example, registering an American company in the Virgin Islands can also be considered a “tax” operation of the tax, although it is not regarded as illegal. Likewise, there are gray areas and unique holes in the system that people can use to their advantage, and also exploitation can be seen as an opening in the system.

Then there are cases such as Cryptographic juggling, a type of cyber attack in which a hacker has stolen the target processing power to extract the cryptocurrency by the hacker. Cryptojackings can be malicious or non-malicious.

Can Cryptojacking be non-malicious?

The Coinhive extraction script has been shown in several Cryptojacking events, which has certainly not been as destructive as the above-detailed cases.

In September last year, it was discovered that the pirate site, The Pirate Bay, was secretly extracting Monroe from visitors’ computers without their knowledge. Following the news, The Pirate Bay defended itself, asking users whether they would prefer to see the site’s ads or whether they would use their computers to extract encryption by the company. Most respondents voted for mining.

A little over a week later, that revealed US mainstream cable network Showtime to secretly run Coinhive to extract Monroe using a visitor’s computer. Showtime also explained that instead of showing ads to users, it used Coinhive as an alternative source of revenue.

Permission-based Cryptojacking: The Salon case has turned to cryptocurrency by giving its users an option that allows to access its “unused computing power” as an alternative to viewing ads. While FAQs about the new option do not explicitly mention the word “extraction” or “Coinhive,” the Financial Times notes that a pop-up in the salon about the new process has the text “designed by Coinhive.

The ethics of Cryptojacking

In the case of malicious encryption. When users’ computer process power lost without their permission or knowledge. It can be classified as immoral and illegal. However, both Salon and UNICEF-licensed cryptography offer an ethical discussion of user ethics. An option that may not fully understand the consequences.

Concordia University’s study of Cryptojacking discussed earlier discusses the issue of ethics and raises whether an average Internet user can understand what he or she agrees with to avoid advertising. Or access to paywall content, encrypt to prevent ads, definition videos, etc.

It is quite possible that many users will not realize that they are registering for the possibility of high power bills. Slower computer and Internet performance, and shorter device life. This is especially true in cases such as Salon.Com when the language of the license applicant is intentionally vague or misleading.

Concordia report about smart contract

On the other hand, the Concordia report cites the idea that many Internet users already agree with things they don’t read or fully understand online. Such as privacy disclosure and cookie tracking. In conclusion to the ethical principles of non-destructive Cryptography. Reports indicate that nothing is “clear”. And that should discuss those nuances for potential adjustments.

Perhaps it is safest to say that exploitation is immoral. They are also entirely avoidable. In the early stages of the smart contract process. It’s essential to follow the strictest standards and best practices for Blockchain development. These standards set to stop any weakness that may lead to unexpected effects. It is also crucial for teams to conduct intensive testing on a test network. Smart contract audits can also be an effective way to identify vulnerabilities. Although many audit firms audit for a small fee. The best approach would be for companies to get several audits from different companies. So, the smart contract is available for all people to read them. Don’t forget to submit your Request ICO analysis.


1 Comment

Add a comment