Staying safe with smart contracts
There has been a lot of buzz about smart contracts — and not all of it has been good. One analyst claims that nearly half of all hacks on the Ethereum ecosystem come down to poorly designed smart contracts.
Yet, executed properly, smart contracts are not just for token sales: they have the power to facilitate agreements in thousands of existing and new contexts. But they won’t break through to the mainstream if the headlines remain full of scare stories.
Where are we now?
Well, online banking was once seen as terrifying by many customers but now it’s commonplace. If you go far enough back, you can imagine how scary it must have seemed to ride in a vehicle powered by an engine rather than pulled by horses.
Smart contracts deserve the same — and have the same potential. Contract Vault is part of the response to some of those challenges, so let’s try to cut through some of the noise.
Smart contracts aren’t complex and they aren’t new. The term “smart contracts” was first termed in 1994 by computer scientist Nick Szabo. At its most simple, the term means automated, self-executing contracts, created, enabled and transacted through the use of technology. And now blockchain — the distributed ledger technology that underpins cryptocurrencies — is opening up huge possibilities for smart contracts to carry out an ever-growing range of processes in our daily lives.
At its heart, smart contracts rely on ITTT (if that, then this) thinking: so that when one set of conditions are fulfilled, a reaction is triggered.
A simple example is that of the vending machine (relying on the original ‘token’: cash!). You want a can of Coke. You put cash in the machine. The machine registers that you have fulfilled the first part of the contract and fulfils its end by dropping your product into the tray.
Smart contracts operate in the same way. They are contracts that are based upon code that is designed to trigger responses when agreed conditions are met. But thanks to a raft of emerging technologies (AI, the Internet of Things etc.) we’ll be able to do much more than get a can of Coke.
The opportunities are unlimited — because we use agreements with conditional outcomes in lots of scenarios. When buying a car, you can envisage the manufacturer uploading the ownership documents and assigning them when a purchaser fulfils the conditions of ownership — not just a payment, but also identity verification and perhaps a customised set of warranties and extras; all validated on the blockchain.
Or consider the automation of more complex commercial relationships, like that between an author and a publisher. A smart contract can ensure that a specification and non-disclosure agreement are in place before an advance is paid out to the author. Data from book sales can trigger royalty payments (in real-time if appropriate) and transfers of rights for e-books, movies or foreign-language editions — including complex percentages and tiered entitlements — can all be made transparent and seamlessly executed.
Smart contracts will also power completely new business models — like securing new peer-to-peer transactions. So what’s the downside?
Like all embryonic transformative new ways of doing business, there is trial and error. Late last year, for example, coding errors led to the freezing of 500,000ETH in the Parity wallet architecture.
And this is just the start. Between June 2017 and October 2017, the number of smart contracts internationally grew from 500,000 to 2 million, with that number expected to hit 10 million by the end of 2018. And with potentially large assets being traded under the new protocol, there is every temptation for hackers to try to break the code.
It’s important, then, to stay safe with smart contracts. Here’s a checklist.
- Initial coding: smart contract developers are few and far between, but you will need code that is verified and optimally protected. Part of the Contract Vault offering is a marketplace that will reduce the barriers to participation by allowing tried-and-tested code to be re-used.
- Auditing: every smart contract should be audited by an independent and unbiased third-party validation institution. Contract Vault is working with multiple independent partners, including industry-leading companies such as Validity Labs and providers of ground-breaking automated auditing, such as ChainSecurity.
- Protect yourself: in the same way that everyone knows now to keep passwords secret and avoid phishing attacks, it’s up to you to keep yourself safe online. The old adage that “if something seems to be good to be true, it probably is” applies here as much as in other aspects of your online life. Contract Vault’s ratings-and-review system signposts contract quality in the same way as, say, eBay seller reviews: it won’t guarantee protection for every consumer, but it creates an environment of trust.
- Harness the community: open-source code is tested and refined so that it is constantly improving. The website Investopedia explains this beautifully: “One of the most unique aspects of public blockchains is their degree of transparency. Most companies release all or at least part of their code, and in some cases even the smart contracts… The DAO is a perfect example of why companies must listen to its community. The company’s open source code was available for review on major repositories, and several developers warned that the files had a major security vulnerability. Instead of patching the code, the DAO ignored the warnings, and millions of dollars were lost as a result.” Code is pretty opaque for non-coders (although developments in Ricardian contracts are making things a little more transparent), so Contract Vault is redressing the balance with an environment in which developers and legal professionals can collaborate for the benefit of the community.
Contract Vault brings together lawyers, coders, businesses and individuals to demystify and deploy smart contracts. It offers both a platform and a marketplace for legal and technical expertise, which will allow those with little or no legal or technical knowhow to build legally-enforceable customisable smart contracts with simple but powerful drag-and-drop tools.
In short — Contract Vault is providing the very tools that will make smart contracts as worry-free and easy-to-use as online banking or driving a car.
Join us in transforming the world of legal and smart contracts! Get updates on our movement to make (smart) contracts “truly smart”.