iThe application of smart contracts has been growing in a multitude of industries, from financial services to healthcare, allowing users the ability to customize agreement terms between parties through automated source codes and transparent pathways on decentralized blockchains.
Unlike text-based agreements written in natural language, smart contracts comprise limited sets of contract terms stored on blockchains through the use of programming code to represent agreements between parties, and are automatically executed through deterministic variables.
As a result of the automated and decentralized process, smart contracts have several advantages, including lowering legal fees, increasing accuracy, speeding up business transactions, reducing execution errors, and diminishing the risk of potential manipulation and counterfeits.
However, due to the evolving nature and lack of regulatory standards, parties negotiating and executing transactions via smart contracts may risk exposure to potential losses and liabilities that do not arise in traditional contracts. The following are a few considerations parties should be aware of before entering into smart contracts.
Programming Errors
Smart contracts may be susceptible to coding errors resulting from poorly written codes and unintended flaws. Once entered into a blockchain ledger, smart contracts cannot be modified in most systems, leaving them potentially vulnerable to malware and hacking attacks.
The exploitation of weakness in certain codes on the former decentralized autonomous organization in 2016, The DAO, an early-stage investment fund under a digital decentralized autonomous organizational structure, resulted in millions in loss. 1 Due to a lack of recursive function, an attacker was able to repeatedly withdraw funds from the smart contract. Open-source smart contracts like that used by The DAO demonstrate the need for recursive codes, including functions that can prevent reentrancy attacks, should coding errors occur.
Additionally, research done by Singapore's Yale-NUS College, University College London in United Kingdom and the National University of Singapore in 2018 discovered that thousands of smart contracts contain trace vulnerabilities, including errors that could cause the smart contracts to inadvertently terminate, improperly withdraw funds, or send cryptocurrency to an arbitrary sender. 2
Addressing coding errors and implementing recursive functions in smart contracts will help resolve execution issues and reduce the occurrence and severity of flaws.
Weak Consensus Protocols
Blockchain platforms are built on consensus protocols, processes by which the user community helps to verify the accuracy of the algorithms by reaching a consensus. Various platforms such as Ethereum and Bitcoin have developed different consensus protocols, including proof-of-work, proof-of-authority, or proof-of-stake. The use of consensus protocols helps to provide reliability in the blockchain network without the need for third-party intermediaries or a centralized authority.
Blockchain contains nodes, which act like communication endpoints to perform various functions. When there is a weak consensus protocol on a blockchain platform, attackers may be able to release malicious nodes, making it difficult for peers to communicate. 3
As a result, a strong consensus protocol in a blockchain platform would minimize the potential harm affecting the fundamental reliability of peer-to-peer platforms exercising smart contracts.
Pseudonymous or Anonymous Nature of Stakeholders
Another characteristic of certain blockchain platforms is the ability for stakeholders to add blocks in a decentralized ledger pseudonymously or anonymously. This poses a potential risk for parties who may be unable to seek legal remedies under current law without the ability to identify malicious stakeholders or resolve disagreements. 4
However, other blockchain platforms are built on a peer-to-peer verification process allowing only access to participants who have been verified by the network operators. Identification of participants allows users to seek traditional legal remedies should there be disagreements in a smart contract. 5
Modification and Upgrading Smart Contracts
In text-based agreements, parties may amend or modify the terms of an agreement, when the terms do not reflect the intent of the parties. However, by default, smart contracts on a blockchain network are immutable, as codes become permanently written in the blockchain. As a result, parties in a smart contract are unable to amend or modify the terms once it has been executed.
Current trends in several blockchain platforms have adapted to the commercial nature of business transactions and developed mechanisms for correcting or replacing codes and allowing for the ability to terminate a smart contract.
Further, it would be prudent for smart contracts to include functions to address the non-performance by a party and allocation of risks resulting from coding errors.
Takeaways for Implementation
Due to the multitude of technical issues surrounding smart contracts and blockchain platforms, individuals and entities should be mindful of their usage to minimize potential losses and liabilities. Until regulatory standards evolve, it is prudent to be knowledgeable and wary of the cyber vulnerabilities and potential exposure of sensitive information, in light of various risks, from pseudonymous stakeholders to coding errors. Businesses should implement ongoing security procedures to address coding errors and use platforms with strong consensus protocols, as well as account for and take measures to prevent cyber attacks on their smart contracts.
FOOTNOTES
1 See Larry D. Wall, “‘Small Contracts’ in a Complex World,’ Notes from the Vault,” Federal Reserve Bank of
Atlanta (July 2016) (https://www.frbatlanta.org/cenfis/publications/notesfromthevault/1607).
2 Ivica Nikolic, et. al., Finding The Greedy, Prodigal, and Suicidal Contracts at Scale (March 14, 2018)
https://arxiv.org/pdf/1802.06038.pdf.
3 Howard Poston, Targeting the blockchain node (October 7, 2020),
https://resources.infosecinstitute.com/topic/targeting-the-node/.
4 David Siegel, Understanding The DAO Hack for Journalists, MEDIUM (June 19, 2016),
https://pullnews.medium.com/understanding-the-dao-hack-for-journalists-2312dd43e993.
5 [Cite Jenny Cieplak and Simon Leefatt, Smart Contract: Smart Way to Automate Performance (2017)]
