A Closer Look at ICO Smart Contracts
Smart contracts are the backbone of your ICO. They enable not just the minting of your new tokens, but their distribution, resale, any inflation mechanics you choose to include, equity amount, future earnings, responsibilities, and so on…
They are essentially small decentralised applications that facilitate transactions on your blockchain — open and transparent to all. As such, they provide assurances to investors that their money won’t be stolen or misused while facilitating direct transactions without the need for a middleman.
Writing your ICO smart contract is one of the most important steps in your ICO journey and you should leave enough time and resource to both code and test your smart contracts. Once they are published it is impossible to make changes to them (which is what makes them so trustworthy), so any mistakes can sink your entire endeavour.
We advise you leave at least one month to write and test your smart contracts. It is also advisable to use a specialist to write the contract for you given their importance to your ICO and the challenge in getting them right.
Whenever Tokeny take on a new ICO project, we complete a full SICOP audit of the business, including their smart contracts. This is what we look for…
Clarity and Accessibility
As smart contracts are relatively new, not everyone will understand the code being used, which can concern some investors. Making sure the contract is easy to understand should be a key priority to reassure investors.
The keyword here is: transparency. The smart contract is an agreement between you and your investors, so everybody should be able to see and understand it properly.
Adding comments and explanations of each function within the smart contract code is a great start, but we also recommend including documentation explaining the contract details in plain English. The best way to achieve this is to include comments from independent reviewers of the contract — including the power held by the owner, token features, and upgrade mechanisms — in order to reaffirm trust.
We always recommend prioritising simplicity and clarity over performance when it comes to ICO smart contracts. Complexity increases the likelihood of errors and may confuse investors. By modularising the code and keeping functions small, you make it easier to review and interpret, even if the code is less elegant and runs slightly slower.
Finally, the smart contract must be available on blockchain scanners (Etherscan for example) to make it as widely usable as possible.
Transactions and Payments
A key mechanic of smart contracts is to control the price of ETH-backed tokens during your ICO and the mechanics for transactions thereafter. As such, information on the token price in the blockchain currency you are using should be made clear.
In the spirit of transparency, every single transaction during sale and presale must be recorded on the blockchain. This ensures that the token isn’t being sold twice or secret sales aren’t devaluing the token. Additionally, a transaction notice should be sent to each investor after payment has been made — a personal receipt of the transaction that matches the blockchain ledger.
Contributors should be able to pay their tokens with the currency of the blockchain protocol used for the ICO. The majority of ICOs are still using the Ethereum platform to facilitate their blockchain protocols and Ether (ETH) is the only currency that works with decentralised smart contracts, but that doesn’t mean you can only use Ether.
In fact, it is possible to facilitate payments in any currency — crypto or fiat — by proposing bridges with those currencies. Additional centralised smart contracts will be required to handle these currencies and maintain transparency on the blockchain, as well as to ensure simplicity of an individual smart contract.
If you are planning to accept additional currencies, it is important to ensure things like exchange rates, fees, payment methods, and third-party service providers are made clear in each of the relevant smart contracts in order to be as transparent as possible.
Maintaining Token Integrity
Smart contracts are there to provide assurances to investors in your project. As such, they want to know that their tokens will hold their expected value (at least until the end of the ICO) and that project managers aren’t going to run off with their money or devalue their token holdings.
As such, raised funds must be locked up in an escrow system during sale and pre-sale to ensure and protect contributors’ rights and investment. A smart contract vault can store all of your Ether payments until the end of your crowdraise project, otherwise there are a range of escrow systems that can be used for other currencies (although these aren’t executable in a decentralised smart contract).
You should also clearly declare your min. and max. cap for your ICO. The min. cap is your lower level goal for the raise — the amount of money you need at minimum to feasibly continue with the project. The max. cap represents the maximum amount of money the project will need. Going over the max. cap will lead to token devaluation, so the ICO smart contract should stop the crowdsale once the max. cap is reached.
If you fail to reach your min. cap, the smart contract should refund investors’ money and the project should be cancelled.
Prepare for failure
No one sets out expecting to fail, but it is important to consider what happens if things don’t go to plan. Investors will want to know that your code is able to respond to bugs and vulnerabilities gracefully. A few things to consider including in your ICO smart contract include:
- Pausing the contract when things are going wrong (‘circuit breaker’). This can limit the damage done and allow you to publish a new smart contract relatively quickly, recovering the ICO and getting your back on track quickly.
- Managing the amount of money at risk (rate limiting, maximum usage) helps limit your exposure should things go wrong.
- Having an effective upgrade path for bug fixes and improvements. Bugs and areas of improvement are common. Having a plan for addressing these issues will reassure investors that the platform is solid yet adaptable.
- Test contracts thoroughly and add tests whenever new attack vectors are discovered. As I mentioned at the start of this article, it is impossible to change your smart contract once it is published. Auditing and testing is essential and should involve a testnet environment to simulate the live blockchain as well as independent third-party auditors to spot any mistakes your team could have missed.
- Provide bug bounties starting from alpha testnet releases. The ICO and blockchain community is very active and involved. Use the power of the crowd to find and fix bugs by offering bounties.
Smart contracts are still in their infancy, yet their innovation has allowed for ICOs to flourish without the need for middlemen. Developing your ICO smart contract can be cumbersome, especially if you are new to it, which is why we recommend using an expert supplier or a trusted platform.
Additionally, just because you have a clear smart contract in place, it doesn’t mean that investors will automatically trust you. It can be hard for investors to spot functions that would allow for a project leader to run off with the cash, especially in what is still an unregulated market.
To help establish trust, make sure to use a reliable ICO platform with a good reputation. If their reputation is on the line, you can be confident that their due diligence and ICO auditing will be second-to-none.
At Tokeny, we use our Sustainable ICO Protocol (SICOP) auditing process to ensure that all of our projects maintain the highest standards. It’s what we stake our reputation on!
