by Ralph Tkatchuk

Smart contracts still miles away from living up to their name

Feb 13, 2018
E-commerce SoftwareFinancial Services IndustryInternet

Smart contracts seemingly create automatically enforceable agreements but the reality is this blockchain technology still has a long way to go.

smart contract primary2
Credit: Thinkstock

One of the best developments to come from blockchain was not the rampant speculation that has accompanied the rapid price gains in cryptocurrencies over the last year, but rather its unique ability as a platform to disrupt many established business practices. In their drive for greater embrace and adoption, blockchain-based utilities have sprouted up as the missing piece of the puzzle for streamlining operations and optimizing efficiency. Whether deploying the decentralized ledger to coordinate logistics through the entire chain of custody or connecting IoT devices to more easily analyze data in real-time, blockchain’s advantages are numerous and far-reaching.

Institutional adoption is gradually accelerating thanks to a flourishing ecosystem that has led to the rise of countless beneficial applications. Amongst the best innovations derived from blockchain is smart contract functionality, which promises to uproot many entrenched processes while reducing overheads and redundancies. However, despite their dazzling capabilities, smart contracts are not as intelligent as their proponents would like to believe. While it is certainly true that smart contracts hold vast potential to create trustless agreements between parties that are automatically enforceable, the current reality is much more complicated than the name would imply.

Failing to match intentions and meet expectations

For all intents and purposes, smart contracts have a worthwhile role to play in modern businesses. They can handle everything from rental agreements, employment contracts, deals between business parties, and much more. More importantly, they promise to eschew the need for intermediaries, arbitrators, and other rent-seeking parties. However, looking at the related publicity towards smart contracts, the accompanying scandals, thefts and hacks have overshadowed their immense possibilities. 

“The number of successful high-profile attacks and data breaches are indicative of the security weaknesses that many companies and organizations have. Companies preparing for a Token Generation Event should get at least one third party technical audit of their smart contracts. In addition, a penetration test of their website is crucial, so that situations such as what happened to CoinDash can be avoided. Companies need to allocate time and capital towards security,” Hartej Sawhneyat, founder of smart contract auditor and penetration testing platform Hosho, told me at a recent crypto conference in London.

When Ethereum first launched its platform, becoming the first blockchain-based entity powering the spread of smart contract functionality, developers carefully scoured the code hoping to eliminate potential weaknesses and vulnerabilities. After all, widespread adoption demanded a foolproof product, especially to pique the interest of institutional users.

Even in the aftermath of their efforts, what has transpired since their introduction though has been anything but smart. Smart contracts have been found to be easily exploitable as evidenced by the notable hacks and losses suffered throughout the ecosystem.  While Ethereum itself has not been hacked, the smart contracts hosted on its platform have been notable targets since inception. One of the earliest attacks was carried out against The DAO, after a vulnerability discovered in the smart contract enabled a hacker to drain nearly 15 percent of the total amount of circulating Ethereum at the time into another smart contract. With no likelihood of taking simple steps towards recovery considering the immutability of the blockchain, Ethereum took a hard fork to return the stolen funds. 

Apart from the hacks associated with Ethereum, smart contracts have also been tied to compromised wallets and other fraudulent activities, underscoring an ongoing discussion amongst community members concerning how to avoid such pitfalls. Though forks and other consensus-driven solutions have been suggested, there is a certain amount of resistance coming from legacy users that believe firmly in the immutability of the blockchain. These groups argue against rewinding to earlier blocks to restore lost funds like what transpired with Ethereum, claiming its negates the idea of building confidence in legitimately autonomous systems. Furthermore, the negative publicity arising from these events has eclipsed the progress made towards fixing errors, both coding and human. In response, the community has put forth several potential solutions.

The rising role of auditing and testing

Some of the newer chains being introduced like Qtum are designed to overcome many of the flaws associated with Ethereum’s smart contracts by building a new, more hybrid model.

In Qtum’s case specifically, the chain combines the strength of the Bitcoin Core chain alongside the Ethereum virtual machine, helping facilitate better compatibility.  Furthermore, thanks to built-in protective clauses, it is intended to reduce the possibility of coding errors that can cost smart contract participants billions in lost funds. Nevertheless, this highlights just one nascent solution. Due to the perceived problems regularly associated with smart contracts, an array of new businesses have emerged to provide smart contract auditing services.

One rising star in the space is Hosho, which is rapidly winning over some of the new entrants in the blockchain ecosystem like smart contract platform RSK. Hosho focuses its attentions towards all potentially vulnerable points, building tests designed to analyze contract execution matches its purpose, verifying functionality, and even investigating the potential network processing power associated with running these smart contracts. By delivering a holistic approach towards investigation, users can be more comfortable engaging other parties and building more impenetrable contract solutions.

Other associated services have tried to take the matter in a different direction, attracting developers, hackers, and other participants with bug bounties by crowdsourcing talent to identify faulty code and provide solutions.

Transitioning from scrutiny to improved safety

Even though smart contracts may not yet be as intelligent as hoped, the solutions emerging to help ensure greater security across the blockchain universe have landed on this specific function as the next target for improvement. There have been considerable flaws attributed to the young ecosystem, mainly driven by the collective shortage of smart contract coders, developers, and hackers working to expose flaws in the system.

However, thanks to the introduction of more robust smart contract solutions with built-in features designed to overcome Ethereum’s flaws combined with increased facilities intended to engage in testing and more robust contract authentication, the problems currently overwhelming greater adoption could gradually disappear. If anything, these advances hold the promise of relegating high profile smart contract errors to the dustbin of history, described as growing pains instead of near fatal events.