While the EVM is revolutionary, it’s design creates some challenges for developers, which should be well understood before a mainnet launch can be considered.
Because all smart contracts are processed by each node on the network, all data that they use is visible to any participant. As a result, sensitive business data can often not be stored on chain, which complicates the design of such systems. Some solutions, such as Enigma, have proposed ways to handle this computation privately, but these are still in the early stages.
The code of the contracts is also public on the EVM, which means that an attacker can read the code that they’re trying to compromise to identify weaknesses.
Because Smart Contracts cannot be edited once deployed, it’s extremely important to carefully audit the code for any potential issues. Smart contract audits should be conducted by third-party firms before any financial systems are managed by them. Furthermore, all data inputs should be carefully examined to ensure that they cannot be manipulated by potential attackers to exploit the contract code.
As we’ve already discussed, Oracle Networks can provide a way for smart contracts to use data from external sources. These resources, while versatile, can lead to an increased risk of manipulation. Generally speaking, Ooracles can be subverted much more easily than the overall network, and as a result this information must be closely monitored to detect potential abuse.