The Dark Side Of Smart Contracts
Smart contracts aren't as smart as you think.
9 min read
Besides cryptocurrencies, smart contracts are probably the most talked-about concepts in blockchain. The benefits of smart contracts have been widely touted by many articles claiming the technology will disrupt every industry from insurance to supply chain to healthcare.
But, are smart contracts really a game-changing technology as claimed? There's no doubt smart contracts will be useful, but it's important to separate reality from hype.
I dug in a bit to understand the applications and limitations of smart contracts. And here's what I found: while smart-contract technology has lots of potential, successful implementation is constrained by technological and legal factors—for now.
Let's dive in, shall we?
Understanding Smart Contracts
Smart contracts are blockchain-based programmes that execute agreements once certain criteria are fulfilled by all parties involved. A smart contract uses conditional programming to execute a predefined set of actions. The closest analogy is the popular If This Then That (IFTTT) software that automatically performs actions once triggers are activated.
If you're technically inclined, then you may understand a smart contract as a self-executing piece of code. Developers write the 'logic' guiding the smart contract's operation before deploying it on the blockchain. Thus, smart contracts can work independently, without needing external control.
The autonomous quality inherent in smart contracts is partly why they are so appealing. Just like blockchain, smart contracts are "trustless," meaning they are not controlled by a third party. It also means the programme can enforce the provisions in the contract in absence of a trusted intermediary.
How Do Contracts Work?
To understand how smart contracts operate in real-life applications, you must understand how contracts work. A contract has three elements: offer, acceptance, and transaction. Say you sign a contract with your landlord to lease an apartment for two weeks at $25 per week. The three parts of the contract are:
The offer: The offer is the promise of a two-week lease on an apartment in exchange for $25 per week or $50. An offer specifies the rights and responsibilities of both parties and further indicates the exchange of value between two parties.
The acceptance: An agreement to the terms offered by the other party. In this case, the landlord agrees to lease you the apartment for two weeks and you agree to pay the $25-a-week asking price.
The transaction: The act of each party fulfilling their obligations. You pay $25, and the landlord hands you keys to the apartment. This can be seen as the performance of the contract.
Now, if you paid the money, but the landlord refuses to release the keys, that's a violation of the contract. Similarly, you violate the contract if you refuse to pay for the second week after using up the first week's rent.
Per contract law, any party can sue in court if the other fails to satisfy their part of the bargain. Contracts allow people who may or may not trust themselves to do business since there's a trusted intermediary (the court) to enforce the agreements.
So, how do smart contracts fit into the picture?
Being a trustless mechanism, smart contracts remove the need for an intermediary to enforce the agreements. Instead, the code serves as the principal arbitrator here. Once each part meets the specified conditions, the code or 'business logic' automatically processes clauses contained in the agreement.
Let's use the example of a vending machine used by computer scientist Nick Szabo, who first explained the idea of smart contracts in 1994:
You pay coins into a vending machine and receive a drink. You don't need an operator to give you a drink; the mechanism is programmed to release it once you pay and select a snack
So, are smart contracts really just digital vending machines? Yes. But they can obviously do more things than process payments, such as powering decentralised finance (DeFi) systems, exchange of non-fungible tokens (NFTs), and many more.
Why are Smart Contracts Popular?
Because smart contracts operate on the blockchain, they offer the benefits of a blockchain-based system. For example, transactions between parties in a contract can be monitored on the blockchain, promoting transparency.
Smart contracts are immutable, which means they cannot be modified. No party, not even the smart contract's creator, can rewrite the rules once the contract is live on the blockchain.
Think of shady companies who may want to change terms of agreement after signing a contract. That's impossible with a smart contract hosted on the blockchain ledger, which makes it useful for managing transactions.
Because smart contracts rely on simple logic (if x, then y), they can process transactions faster. A commonly cited application of smart contracts is insurance, where supporters believe smart contracts can simplify the claims process and encourage faster payouts.
With smart contracts, people won't need costly lawyers to set up agreements—at least in theory. That means reduced paperwork and less time spent on pre-contract talk.
If smart contracts are so useful, why are they problematic? That's exactly what we're about to find out.
What are the Problems With Smart Contracts?
1. Reliance on External Data Sources
Smart contracts need information to run. Say a smart contract specifying that Mr. X should receive money from Mr. Y after paying for a watch. The smart contract needs to know when the watch arrives before it can process the payment to Mr. X.
But the blockchain cannot communicate with the outside world, which creates problems for smart contracts.
To solve this problem, smart contract developers rely on "oracles"—applications that pull data from the real world and feed it on-chain for smart contracts to use. In our example, an oracle might tap into a data feed from FedEx or UPS to know if the product has been successfully delivered.
However, relying on oracles highlights another limitation of smart contracts:
We must trust the oracle to provide accurate data, or the smart contract will produce errors. Smart contracts are prone to the "Garbage In, Garbage Out" (GIGO) problem in software development.
We could solve this problem by using information from different oracles, but this will only increase transaction costs because oracles must be paid. Additionally, using information from different oracles undermines consensus.
Remember that all nodes in the system must agree on the state of the contract, or else the transaction won't be considered valid. With nodes getting different information from oracles, consensus may be impossible to achieve.
One of the problems with smart contracts stems from their immutability. In blockchain-speak, "immutability" means the rules in a protocol cannot be unilaterally changed once deployed on the blockchain.
While this helps check bad actors who may wish to manipulate contract information, it makes smart contracts harder to use. Say Mr. X needs to amend the contract to reflect a change in the agreement, the immutable nature of the smart contract would prevent it.
This rigid system also makes it hard to fix an error in the code. If a bug happens to affect a smart contract's functionality, developers may be unable to implement any solution.
3. Confidentiality of Information
All information on the blockchain is accessible to everyone since nodes hold a copy of the blockchain's history. Again, this helps with transparency and fraud protection since the data is there for everyone to see.
But not everyone wants confidential contractual information out there. That's why lawyers are bound by law not to reveal details of proceedings between clients.
Think of it as hiding information in the HTML of a webpage. Users won't see the information in their browser windows, but a simple CTRL + U (View Source) function will reveal it.
It's the same with a smart contract—anyone can tweak blockchain software to display the full state of the contract. And like that, all the private information goes into the public domain. For enterprises and individuals wanting full privacy, the lack of secrecy is a massive disadvantage of using smart contracts.
4. Legal Status
For all the talk of smart contracts putting lawyers out of business, there's no official law protecting the legality of a smart contract. Let's imagine one party defaults on contractual obligations. How does the party ensure that they don't lose out in the transaction?
Sure, they could sue—but only if the court deems a smart contract legally binding. And for now, smart contracts aren't enforceable in court, although this may change in future. The lack of legal protection is perhaps the biggest disadvantage of using smart contracts right now.
This isn't saying that smart contracts will never receive legal status. If smart contracts usage grows, we can expect judicial authorities to review their legality. For instance, digital signatures weren't legally binding in the US until the government passed the Electronic Signatures in Global and National Commerce Act (ESIGN)law in 2000.
However, the question remains: if we still have to depend on courts, i.e., a trusted intermediary, to enforce smart contracts, then what's the value of using them?
4. Security Flaws
Like any program, smart contracts can—and will—often develop bugs. However, the difference between a smart contract and a regular program is that bugs in a smart contract's code can have costlier effects.
Today, smart contracts power the DeFi industry, estimated to be worth over $100 billion. A simple loophole in a smart contract's functionality can mean millions lost to malicious individuals who may exploit such errors.
And we've seen that happen on more than one occasion. Just last week, Wormhole, a cross-chain bridge that allows users to send and receive crypto between the Solana and Ethereum blockchains, lost $320 million to hackers.
According to this breakdown from Chainlysis, the hacker exploited a vulnerability in the bridge's smart contract that allowed them to drain the Solana network of 120,000 Wrapped Ethereum (WETH). This is the latest in a string of attacks on DeFi platforms, all of which depend on smart contracts for their operations.
This is not saying smart contract security won't improve over time. However, in true Silicon Valley-esque "fail fast and early" fashion, most projects are mostly concerned about marketing and acquiring users and put less attention on working out the kinks in the system.
5. Simplistic Operation
When people hear "smart contracts," they conjure a myriad possible applications. In reality, smart contracts are fairly simplistic and cannot work in most of these imaginary cases—unless some radical upgrade happens.
Code cannot cover ambiguous terms in contracts that cannot be written into binary code. Which is yet another problem with smart contracts.
Sure, a smart contract enforcing the payment for and transfer of a particular product is easy to program.The problems start when you try to include terms like "goods must arrive in good condition" or "goods must arrive within reasonable time."
How do you determine the meaning of "good condition" or calculate "reasonable time" and write it into the code?
Put simply, smart contracts are hardly useful in situations that demand an interpretation of terms in an agreement. They can, however, work for simpler applications like cryptocurrency transactions, where the data (price data, signatures, addresses, etc) is on the blockchain and the terms are easy to comprehend.
Smart Contracts Need to Be Smarter
Despite the limitations of smart contracts, they have their uses. But they need massive development before the dreamy-eyed aspirations of blockchain evangelists becomes a reality.
Developers must work to address the biggest problems with smart contracts. For example, a protocol that allows for a smart contract's modification—provided all parties agree to it—would improve the applications of this technology.
Perhaps with time, smart contracts can get truly smart and achieve all possibilities identified by experts. For now, there's still a long way before smart contracts can transform the world.