smart-contractsBugs are a normal part of software, but on ethereum, they may be uniquely hazardous.

That may be the takeaway from an ethereum programming language bug found this week that affects a specific style of smart contract and, because of how ethereum works (it promises applications will run exactly as programmed), most of the contracts affected can’t be taken down or changed.

In short, owners of decentralized smart contracts (those that aren’t able to be upgraded by one owner) can’t do anything to fix the bug. Two days after the bug report was issued, developers rolled out a fix in Solidity version 0.4.4. But the bug affects some of the addresses and types of data in these contracts so that they still can’t be changed with the upgrade.  The good news is that the bug may not have affected many smart contracts.

Solidity creator Christian Reitwiessner told CoinDesk he ran a “semi-automated” analysis of every ethereum program listed by a popular block explorer and found that of 12,000 contracts, just four were exploitable.

Reitwiessner said none of these contracts have any ether in them, as they were likely used for testing purposes. But it’s worth noting that not all contracts are shown on Etherscan, the selected block explorer. (There are more than 200,000 contracts total, so it’s hard to say how safe the remaining contract funds are).

To read the full story click on this link