A Non-technical Overview of Smart Contracts
WHAT
Smart contract is computer software code that follows a set of business rules. It can allow the performance of credible transactions without third parties. These transactions are traceable and irreversible. Smart contracts were first proposed by Nick Szabo, who coined the term, in 1994.
Proponents of smart contracts claim that many kinds of contractual clauses may be made partially or fully self-executing, self-enforcing, or both. The aim of smart contracts is to provide security that is superior to traditional contract law and to reduce other transaction costs associated with contracting. Various cryptocurrencies have implemented types of smart contracts.
HOW
“smart contract” is mostly used more specifically in the sense of general-purpose computation that takes place on a blockchain or distributed ledger. In this interpretation, used for example by the Ethereum Foundation or IBM, a smart contract is not necessarily related to the classical concept of a contract, but can be any kind of computer program.
KEY ELEMENTS
Objects of a Smart Contract
Signatories: Two or more people involved in the agreement who make a pact and code down rules they agree or disagree to. This can be between registered companies, individuals, group, community, you name it. Anyone can use it.
Subject
The subject on which the agreement lies, an object that’s within in the smart contract — encoded inside. There was a problem when smart contracts were a lone survivor in 1996. The problem was that the smart contract needed the exclusive access to this object. However, this problem was overcome to a great extent since cryptocurrency happened in 2009.
Rules or Terms
Unlike traditional agreement, where you write the rules or terms in the native language. Smart Contracts needed the rules to be mathematically described. Additionally, this mathematical description should be further spoon-fed to the blockchain by using a programming language. This included everything you’d include in the traditional agreement. Like rules, terms, rewards/fees (if any) time limit, parties involved etc.
Prominent Blockchains or Platforms for Smart Contracts
Ethereum
EOS
Hyperledger Fabric
BENEFITS of Smart Contracts
Hypothesized advantages of a smart contract over its equivalent conventional financial instrument include minimizing counter-party risk, reducing settlement times, and increased transparency.
RISKS and SECURITY ISSUES
Because a public blockchain-based smart contract is visible to all users of said blockchain it leads to a situation where bugs, including security holes, are visible to all yet may not be quickly fixed.
Such an attack, difficult to fix quickly, was successfully executed on The DAO in June 2016, draining US$50 million in Ether while developers attempted to come to a solution that would gain consensus. The DAO program had a time delay in place before the hacker could remove the funds; a hard fork of the Ethereum software was done to claw back the funds from the attacker before the time limit expired.
Issues in Ethereum smart contracts, in particular, include ambiguities and easy-but-insecure constructs in its contract language Solidity, compiler bugs, Ethereum Virtual Machine bugs, attacks on the blockchain network, the immutability of bugs and that there is no central source documenting known vulnerabilities, attacks and problematic constructs.
GOVERNANCE
There are also significant legal issues that need to be resolved before smart contracts can be used in anything but the most rudimentary of applications, “This limitation is based, at least in part, on their current inability to account for implied expectations or deal with unforeseen circumstances.”
- Ethereum Hard Fork
Because DAO was hacked and $50 million worth of ether was stolen, Vitalik Buterin and the Ethereum developers and the community successfully forked the Ethereum blockchain to force the stolen ether to be returned.
- Jurisdictional issues
Blockchain has the ability to cross jurisdictional boundaries as the nodes on a blockchain can be located anywhere in the world. This can pose a number of complex jurisdictional issues which require careful consideration in relation to the relevant contractual relationships.
The principles of contract and title differ across jurisdictions and therefore identifying the appropriate governing law is essential. In a conventional banking transaction, for example, if the bank is at fault then irrespective of the transacting mechanism or location, the bank can be sued, and the applicable jurisdiction will most likely be contractually governed. However, in a decentralized environment, it may be difficult to identify the appropriate set of rules to apply.
At its simplest level, every transaction could potentially fall under the jurisdiction(s) of the location of each and every node in the network. Clearly, this could result in the blockchain needing to be compliant with an unwieldy number of legal and regulatory regimes. In the event a fraudulent or erroneous transaction is made, pinpointing its location within the blockchain could be challenging.
The inclusion of an exclusive governing law and jurisdiction clause is therefore essential and should ensure that a customer has legal certainty as to the law to be applied to determine the rights and obligations of the parties to the agreement and which courts will handle any disputes.
- Contract Signatories
Signatories: Two or more people involved in the agreement who make a pact and code down rules they agree or disagree to. This can be between registered companies, individuals, group, community, you name it. Anyone can use it.
- Breach of Contract
the breaches could potentially lead to court injunctions over blockchains.
The Parallel Computing and Optimization Group proposes Probability based Factor Model (PFM) that can be implemented over the blockchain to automatically identify breaches that can cause substantial damage and have high probability for recurrence. PFM can also issue court injunctions for the breaches. The underlying concept in PFM is built upon the notion of unsupervised machine learning and stochastic modeling from the discipline of Data Science.
- Smart Contract Security
Smart contract is written in a software programming language, if the code has any bug it would pose security threat. Absolutely zero bug for any software program is extremely challenging to achieve.
“Progress in smart contract safety is necessarily going to be layered, incremental, and necessarily dependent on defense-in-depth. There will be further bugs, and we will learn further lessons; there will not be a single magic technology that solves everything.
“ — Vitalik Buterin
- Cyber-attacks Against Smart Contracts
- Human Error
The most obvious risk for a smart contract is that there is a coding error. Everyone, even the most brilliant engineer, is liable to make a typo here and there. Since the overwhelming majority of people cannot read code, they are unable to audit their own smart contracts. They are forced simply to trust the skill and attention to detail of the programmer.
Smart contract is immutable. In the meantime, as humans have the tendency of making errors when creating smart contracts, some of these binding agreements can contain errors which cannot be reversed.
- Unavoidable Security Flaws
- Security Holes
Level Cause of vulnerability Attacks
Solidity / EVM / blockchain
For Solidity,
Cause of vulnerabilities:
- Call to the unknown
- Gasless send
- Exception disorders
- Type casts
- Reentrancy
- Keeping secrets
For EVM (Ethereum Virtual Machine),
Cause of vulnerabilities:
- Immutable bugs
- Ether lost in transfer
- Stack size limit
For blockchain
- Cause of vulnerabilities:
- Unpredictable state
- Generating randomness
- Time constraints
For additional information, refer to
https://brage.bibsys.no/xmlui/bitstream/handle/11250/2479191/18400_FULLTEXT.pdf?sequence=1
p15
Conceptually, we have four key smart contract issues; codifying issues, security issues, privacy issues, and performance issues.
- Performance
In a text-based contractual relationship, a party may be willing to accept, on an ad hoc basis, partial performance to be deemed full performance. This might be because of an interest in preserving a long-term relationship or because a party determines that partial performance is preferable to no performance at all.
By ceasing performance, or threatening to take that step, a party may bring the counter-party back to the table to negotiate an amicable resolution. Smart contracts do not yet offer analogous self-help remedies.
- Oracles
An oracle, in the context of blockchains and smart contracts, is an agent that finds and verifies real-world occurrences and submits this information to a blockchain to be used by smart contracts.
Smart contracts contain value and only unlock that value if certain pre-defined conditions are met. When a particular value is reached, the smart contract changes its state and executes the programmatically predefined algorithms, automatically triggering an event on the blockchain. The primary task of oracles is to provide these values to the smart contract in a secure and trusted manner.
Blockchains cannot access data outside their network. An oracle is a data feed — provided by third party service — designed for use in smart contracts on the blockchain. Oracles provide external data and trigger smart contract executions when pre-defined conditions meet. Such condition could be any data like weather temperature, successful payment, price fluctuations, etc.
In the context of Ethereum, computation can be outsourced to oracles, third parties that push external data onto the blockchain. Oracles can be categorized into
· Data carrier oracles that relay query results from a trusted data source to a smart contract
· Computation oracles that not only relay query results, but also perform the relevant computation themselves. Computation oracles can be used as building blocks to construct off-chain computation markets
Both types of oracles can be used to connect smart contracts with the results of arbitrary computations (with the caveat that data carrier oracles must support and have access to an existing data source that is capable of performing the computation).
- Checklist for Smart Contract Implementations
◦ Logic Bugs
◦ Failed Sends
◦ Recursive Calls
◦ Integer Arithmetic Overflow
◦ Poison Data
◦ Exposed Functions
◦ Exposed Secrets
◦ Denial of Service / Dust Spam
◦ Miner Vulnerabilities
◦ Malicious Creator
◦ Off-chain Safety
◦ Cross-chain Replay Attacks
◦ Tx.Origin Problem
◦ Solidity Function Signatures and Fallback Data Collisions
◦ Incorrect use of Cryptography
◦ Gas Limits
◦ Stack Depth Exhaustion
For further information, refer to the following URL,
https://www.kingoftheether.com/contract-safety-checklist.html ?
- Constrains
technological and legal constraints
- Audits
security and legal audits
- Governance
In addition to an above section on Governance, following are some specifics on governance. They include operators, gatekeepers and administrators,
100% of operators in the sample own their network and act as gatekeepers/
administrators
Gatekeepers and administrators often take a variety of different roles within the network that go beyond permission assigning and on-boarding of new participants
Software vendors predominantly maintain the codebase while operators approve
software upgrades
- Metrics
In general Smart Contracts metrics tend to suffer from blockchain limited resources constraints, since they tend to assume limited upper values. There is not the ubiquitous presence of fat tail distributions where there are values very far from the mean, even order of magnitude larger, as typical in traditional software. In Smart Contract software metrics large variations from the mean are substantially unknown and all the values are generally in a range of few standard deviations from the mean.
Finally the Smart Contract lines of code is the metric which more closely follow the statistical distribution of the corresponding metric in traditional software system and shows a truncated power law in the tail and an overall distribution which is well explained by a Log normal distribution.
For further information, refer to the following URL, https://www.researchgate.net/publication/322978386_Smart_Contracts_Software_Metrics_a_First_Study
- Obstacles
adoption curve
learning curve
reality of legal and regulatory environment
complexity of business ecosystem
standardization
data privacy
USE CASES:
Property & Casualty Insurance
i.e. Wheelysure is currently developing a peer-to-peer, automatic pay-out insurance based on blockchain technology and smart contracts for cyclists
HealthCare
Smart Contracts Could Revolutionize Care Delivery
As it is, the healthcare system is bloated with cost, bureaucracy, and middlemen.
Healthcare Blockchain: Smart Contracts Remove Middlemen
HealthCare Insurance
The length of time and the expense involved in processing insurance claims has long been the bane of an industry with a reputation of being slow to embrace change. Blockchain technology offers the hope of drastically cutting down processing times by granting access to health records to those who need it in a secure way.
https://www.tearsheet.co/blockchain/how-blockchain-could-change-the-health-insurance-industry
Real Estate
property search, faster and lower transaction cost, prevent fraud
Supply chain
food delivery tracking for safety, ie. Walmart.
luxury good tracking ie jewelry to prevent fraud
global trade logistics, ie. Maersks
Energy
Decentralized energy supply and transaction system
https://medium.com/ethereum-dapp-builder/how-blockchain-will-re-write-the-energy-sector-b19d7ad8e7d3
powerledger
Compliance
ie. export control compliance
Intellectual Property
Music
Movies
Books
Patents
Trademarks
While copyright law protects your work, until now there hasn’t been a definitive registration system to prove ownership. But blockchain, smart contract can.
https://www.lexology.com/library/detail.aspx?g=edeffa75-b081-4392-98aa-04ae8f893543
Smart City
Ricardian Contract
Last but not least, let’s take a minute to visit Ricardian Contract.
A Ricardian contract “a digital contract that defines the terms and conditions of an interaction, between two or more peers, that is cryptographically signed and verified. Importantly it is both human and machine readable and digitally signed”.
It places all information from the legal document in a format that can be executed by software.
It’s possible to implement a Ricardian contract as a smart contract, but not every Ricardian contract is a smart contract. Accordingly, not any smart contract is a Ricardian contract. Smart contracts refer to a type of digital agreement that has already been agreed and can be executed automatically.
