Blockchain is not bulletproof: Why companies are auditing platforms
More companies are turning to third-party tech vendors, not lawyers, to detect potentially costly blockchain coding errors.
The risks and potential significant losses tied to blockchains can be lost in the hype of large companies deploying smart contracts, cryptocurrencies and other blockchain-powered programs. However, as companies leverage blockchain for valuable work, more are auditing those platforms to detect any coding errors that could lead to losses, lawyers contacted by Legaltech News said.
But they aren’t turning to their lawyers for that service. Instead, they look to third-party technology vendors.
Fenwick & West payment systems chair Dan Friedberg said he hasn’t seen many circumstances for lawyers to initiate an audit of a client’s blockchain. He said companies commonly enlist a third-party tech vendor to audit a new smart contract of significant value to detect any potential errors that could be exploited.
As smart contracts become a more crucial aspect of a business’s bottom line, Friedberg foresees blockchain audits possibly being required.
He added that over time, “if smart contracts are significant to a company’s financial position, I think we will start to see CPAs [certified public accountants] more often require audits of smart contracts for them to render their opinions in financial audits.”
Indeed, as market demand increases for smart contracts, more technology companies are releasing auditing tools to detect smart contracts’ security risks. Last November, Legaltech News covered the release of Mythril, NRI Secure Technologies’ software that scans smart contracts hosted on Ethereum for security risks. NRI security engineer Teruhiro Tagomori said at the time that companies need to understand the security differences between blockchain and traditional software.
“They need to know those [differences] well and prepare some mechanism like circuit breakers based on the premise that some vulnerabilities will be found after deploying smart contracts on public blockchain,” Tagomori said.
Likewise, as more companies leverage cryptocurrencies, Big Four accounting firm PricewaterhouseCoopers released its cryptocurrency auditing add-on to its data analysis suite dubbed Halo.
In a June 20 press release, PwC described the add-on as proving “private key and public address pairing” needed to established cryptocurrency ownership and examines the blockchain to validate its transactions and balances.
While the mystique of blockchain being an impenetrable technology still exists for some, companies are realizing their blockchain-backed system can be hijacked and the audits provide some assurance that it is coded properly.
“It’s often what the companies are concerned about it. The smart thing is for companies to avoid those vulnerabilities,” Friedberg said.
Related:
- How blockchain redefines the insurance customer experience
- How carriers can adopt InsurTech innovation right now
- The risks and rewards of cybersecurity
This article first published on Law.com, a sister publication of PropertyCasualty360.