Could Ethereum & automated transactions spread viruses/malware?

[Lorenzo]

Forgive my ignorance but would this be possible? I admit I know very little about this but from what I understand, Ethereum and a few other coins are developing automated transactions and Turing complete scripting engines that interpret code/applications uploaded to the blockchain. Could applications written in this manner execute in the users' machine or are they confined to the blockchain?

[vbcs]

I will speak on behalf the AT smart engine that is currently live on burst coin. No you cannot infect the host pc with virus using AT contracts. But for sure someone can create an AT contract that says it does x but it does y and you end up loosing money if you send coins to the AT, but at least anyone can check the code the AT is executing.

[Come-from-Beyond]

Forgive my ignorance but would this be possible?

Yes, if there is a bug/feature that gives a chance to execute code outside of the virtual machine running smart contracts.

[CIYAM]

ATs cannot execute any code outside of their own machine code and its API has been kept intentionally very minimal so that it isn't possible to create anything more nefarious than a smart contract that fails to work properly.

For example - it cannot create files, it cannot create or use internet connections but can only operate within its very limited sandbox.

Although I haven't studied Ethereum in detail I would expect it is also safe from this sort of issue.

Of course a "bug" in a particular implementation (of the API in particular) could present a huge problem and that is why such things need extensive testing.

[vbcs]

Thus writing a Virus Smart Contract is not feasible, but exploiting the underlying implementation somehow by founding a bug is a different story.

[ThomasVeil]

Couldn't someone use some kind of memory overflow, to then make the computer execute code on the machine? So it would need some sort of bug - but since bugs tend to exist, such things have been done on other systems routinely.

[CIYAM]

Couldn't someone use some kind of memory overflow, to then make the computer execute code on the machine? So it would need some sort of bug - but since bugs tend to exist, such things have been done on other systems routinely.

In the case of AT it would only really be possible via the AT API having a bug (which is why it is purposely not a very large API).

Thorough testing of API functions should ensure that there is no "deadly memory leak" or the like but of course "complete coverage" isn't so easy (so constant reviewing of the API source code would be required).