5 Min Read
Smart contracts are the engines of blockchain: the core of the trustless technology that brought us Bitcoin, Cryptokitties, and endless snake-oil ICOs. The quality and the usefulness of a blockchain application stands or falls by the quality of the smart contracts encoded within. How smart are your contracts? Can you be absolutely sure that they are effective, efficient, and secure?
Backtracking for newer readers, smart contracts are not legal documents. It’s a clunky term for what is actually the encoding of transaction rules within a blockchain. The original smart contract sits within the Bitcoin blockchain. This historical snippet of code wasn’t the first piece of software to encode business rules - every piece of ledger software does this - but it was the first to create an immutable transaction in a transparent block which was validated by consensus and not by a centralised authority. Smart contracts enable transactions to be completed without establishing a relationship with the processor. Instead of putting trust in your bank to process a payment, for instance, you rely on the smart contract in the blockchain of your chosen cryptocurrency to execute the transfer of coin.
The potential of smart contracts to process more complex business transactions was first realised by the Ethereum blockchain. Its powerful virtual machine allows flexible application programming to run on top of the base technology. Smart contracts encode the rules of everything from Initial Coin Offering (ICO) investments to property register updates. The technology is exciting, but there are plenty of potential pitfalls. What kind of thing should you watch out for as users and developers?
Smart contract efficiency: gas prices and cautionary tales
Cryptokitties is a great example of a set of smart contracts managing digital asset transactions (plus, the kitties are cute). The buying and selling of kitties are simple transactions between two parties with no intermediary. Breeding kitties involves more complex rules, taking account of the inherited genetic traits of the parents and determining the final makeup of the offspring. The game was an instant hit with the crypto community, so much so that it put considerable pressure on the functioning of the Ethereum blockchain. In so doing, it not only tested the robustness and scalability of the whole blockchain very effectively but also opened the eyes of users to the transaction costs beneath smart contracts.
Every smart contract on a public blockchain comes with a cost. This is part of the cryptoeconomics of the blockchains themselves: there has to be a reward to miners which makes it worth their while to validate transaction blocks. The transaction fee is dependent on the functions executed by the smart contract, and the price of gas. A simple transfer of an asset (let’s say a payment in ETH) would be charged at 21,000 units of gas. A *COPY operation in a smart contract would be charged at 3 units of gas per word. (If you’re interested, this is all in Appendix G of the Ethereum paper.) For those who are writing smart contracts, how efficient is your code? Have you minimised the potential transaction cost for your users?
The gas price is variable: when Cryptokitties first exploded onto the scene, this multiplier was correspondingly high (it’s now settled down to a fraction of the earlier cost). The rules of demand and supply meant that only those people paying top ETH for gas would have their transactions successfully validated - but crucially, costs are incurred up front. Some of my own attempts to breed my kitties at too low a gas price cost me a few quid in ETH with nothing to show for it. That’s a trivial loss, but something you don’t want your users or your investors to experience.
Possibly the greatest transaction fee disaster to date relates to the ICO for AirSwap in October 2017. This is well documented on the blog of smart contract security specialists Hosho Group. TL;DR: a potential investor attempted to buy a very large value of tokens and set the gas price ridiculously high, possibly to ensure that their transaction had top priority for validation. Unfortunately, a glitch resulted in the transaction being cancelled. The investment ETH was not transferred, but 237 ETH in transaction fees were charged - worth about $70,000 at the time.
Computer says yes: The DAO
The daddy of all smart contract disasters was the DAO hack in June 2016. A successful ICO was launched, and the team sat back and watched the ETH roll in. Unfortunately, the premise of the platform was investment by consensus, and a hacker succeeded in manipulating the contracts beneath the platform to pull around $50 million of the funds straight out again. The horrified DAO team could only watch as their own smart contract executed immutable transactions in favour of the hacker. They could do nothing to stop the code running, and the transactions were irreversible.
In this case, as you may know, the Ethereum community reached a consensus to roll back the blockchain to before the ICO. This fork also created Ethereum Classic which still incorporates those transactions. The whole DAO affair was the final straw for the US Securities and Exchange Commission (SEC) who are now working on the question of regulation of ICOs and the protection of investors.
Work smart with smart contracts
Users and developers both have a part to play in ensuring that smart contracts are increasingly efficient, effective and secure. Considering investing in an ICO? Take a good hard look at the smart contract and make sure it corresponds with the claims made in the white paper. If you don’t know what you’re looking at, ask someone who does. Running an ICO or developing a system to manage business processes? Get another developer to check your code. Better yet, get two or three. Once those transactions start rolling, they can’t be changed. Let’s get this right first time: efficient, effective, and secure.
Kate Baucherel BA(Hons) FCMA is a business development and strategy consultant specialising in emerging tech, particularly blockchain and distributed ledger technology. She has held senior technical and financial roles in businesses across multiple sectors, leading several enterprises through start-up and growth. She is a published author of non-fiction and sci-fi.