10 must-answer questions about smart contracts



Fred Stawitz
04/01/2019

Signing a contract

When a new technology such as smart contracts broaches the public sphere, it’s not unusual to focus in on its possibilities. It’s going to revolutionize the way we do business! It’s going to disrupt everything; nothing will ever be the same! But then the hype fades and the attention inevitably shifts to thinking seriously about actually using it. What problems might we encounter as we implement the technology and are there ways to address those problems?

What are Smart Contracts?

“A smart contract is a set of promises, specified in digital form,” explains Nick Szabo, [1] the computer scientist who originated the concept in 1996. A smart contract is an agreement between various parties just as any traditional written contract except that smart contracts are written in computer code and are usually embedded in a blockchain where many of the stages of the transaction are self-executing.

A unique characteristic of a smart contract is that it can be programmed to accept input from IoT and other parametric devices which can verify transactional steps in an automated fashion, thereby eliminating some elements of human interaction. So, rather than having to wait for pieces of paper to be signed and shuffled from hand-to-hand, the smart contract tracks confirmations that the terms of the contract have been fulfilled and automatically take actions, such as releasing a  payment.

Consider the delivery of a shipping container with an IoT device containing a GPS tracker that communicates via the Internet. When the container arrives at the proper destination, this device could automatically communicate its arrival to the smart contract which in turn would initiate a payment to the shipper. This could chop months from the time it takes with a paper-based system. Maersk, the world’s largest container shipping company, and IBM are already piloting blockchain technology in a project called TradeLens being executed in concert with the Port of Rotterdam Authority. “The new blockchain-enabled shipping solution is designed to promote more efficient and secure global trade, bringing together various parties to support information sharing and transparency, and spur industry-wide innovation.” [2]

The barriers to entry for a blockchain system are also significantly smaller, enabling small businesses, start-ups, and think tanks to build solutions comparable to, if not better than Maersk and IBM are developing using the exact same technology. [3]

As a result, smart contracts on blockchains hold a tremendous amount of potential for streamlining verification of contractual obligation fulfillments allowing for automatic, real-time payment. Faster cycling of capital provides the opportunity for multiple transactions to be enacted in a fraction of the time it took in a paper-based system.

Operating on a blockchain platform with tokens  and smart contracts could facilitate end-to-end transactions between contractual parties regardless of where on the globe either party resided. All this with no intermediary parties required. The possibilities for fully exploiting this technology for commercial purposes are endless but there are some issues that remain unresolved.

 

Can Smart Contracts Be Trusted?

In a presentation by Nick Szabo entitled Smart Contracts [4], a smart contract is likened to a coin-operated vending machine where the payment is held in a type of escrow by the vending machine until the desired item is selected then the money is transferred to the vendor as the commodity is dispensed to the purchaser, all without the human intervention of a third party. The vending machine itself, similar to a smart contract, serves as the third party.

That works fine when the transaction is driven by a simple purchase arrangement where we know if we insert the proper amount of money in the coin slot, the vending machine will dispense the desired product. We may lack knowledge of the internal processes employed by the machine’s manufacturer to produce this result but we know that government regulators attest to the accuracy of how the vending machine functions by the inspection sticker placed on the front. Therefore, we know what to expect every time we drop our money into the machine.

Suppose, however, that rather than a standard vending machine, the transactional device is a slot machine. We insert our money, pull the handle, and wait to see what happens. In this case, the internal process is a “black box,” as far as the average citizen is concerned, and the outcome of the transaction is an uncertain result. With a slot machine, sometimes we win but often we receive nothing.

Legal slot machines are audited by government regulatory agencies and given a seal of approval if the PAR sheets appear to match the PAR settings of the machine. The PAR sheet or Probability Accounting Report details “how a particular slot machine is programmed, such as the payout rules”[5] and typically documents the payback percentage, the hold percentage, the confidence interval, and the volatility index.[6] The “house edge” may vary with the various types of gaming machines but “with a few notable exceptions, the house always wins - in the long run - because of the mathematical advantage the casino enjoys over the player.”[7]

Slot machines can be viewed as the smart contract and the PAR sheet as the paper contract. Without a government auditor, the consumer of the services provided by the slot machine has no way of telling if the machine is behaving as indicated on the PAR sheet. The consumers have to trust the government auditors. Now suppose there were no such audits? Should the consumer blindly trust the slot machine manufacturer or the entity that housed the machine?

Smart contracts can reside anywhere along the spectrum from vending machines to slot machines depending on a variety of factors. It may be very difficult to determine for any given smart contract whether it operates more like a vending machine or more like a one-armed bandit—a type of slot machine with a handle that is pulled to activate the transaction.

Some of the first smart contracts were cryptocurrency casinos, where all the house rules were transparent to the gamblers. In fact, the smart contracts were provably fair, which simply means that the gambling contracts said what they did, did what they said, and were backed up by a lot of math. In addition, the smart contracts didn’t require blind trust because the code was transparent on a Blockchain. [8]

 

Can Smart Contracts Communicate with External Parties?

Yes! However, “the executing logic in a smart contract cannot do anything outside of the blockchain,” explains Adam Gall writing for DecentCrypto. “The only way to update blockchain state is to trigger that state change by sending a new transaction into the system.” The way information regarding fulfillment of elements of a smart contract is inserted is through use of an oracle, a web service that “provides ‘trusted’ data to a smart contract, through transactions.” [9]

Smart contracts “whitelist” or contain approval for websites that are allowed to provide information or receive information via an oracle. The smart contract cannot initiate the action but upon receipt of approved data can perform an action that sends data via an oracle to an external entity.

Factors impacting transactional outcomes also include the complexity of the transaction being coded. “Too many moving parts is the enemy of reliability and trust,” advised Rob Hitchens, an Expert Instructor with B9Lab. [10] The greater the complexity of the computer code that comprises the smart contract, the higher the risk that an audit may not reveal how the code might perform under all curcumstances.

 

Are There Standards for Smart Contracts?

Other problematic factors include the trustworthiness and competence of the party developing the code. Unlike legal slot machines, there are currently no standards and no government agencies that test and certify the accuracy of smart contracts in terms of the code mirroring the written agreement.

Therefore, a certain level of trust must exist between the contracting parties. But suppose that trust is unfounded? “Errors or security exploits in smart contracts are particularly dangerous because the blockchain directly carries value or rights to assets.” [11] A corrupt or problematic smart contract could potentially provide unjustified and potentially irrevocable access to valuable assets.

This is best illustrated with the case of the DAO (decentralized autonomous organization), where the code was not properly reviewed by participants, a loophole was found and executed, human intervention reset the Ethereum blockchain (responding to an outcry from participants), and an entirely new currency (Ethereum Classic) was created as the result of disagreement with that human intervention. [12]

 

Are There Auditing Entities for Smart Contracts?

Certain large consulting agencies are beginning to offer services that include auditing smart contracts but there is no legal requirement for this level of authentication. Even so, remember Arthur Andersen, LLP, the large accounting firm that served Enron? What is known today as the Big 4 Accounting firms were once known as the Big 5 which included Arthur Andersen. “Despite Enron's poor accounting practices, Arthur Andersen offered its stamp of approval, signing off on the corporate reports for years,” reported Troy Segal writing in Investopedia. [13] Soon after the Enron collapse, Arthur Andersen, “disgraced by the scandal,” went out of business as an accounting firm.

Quantstamp, identified as the first security-audit protocol, “audits smart contracts using formal verification in order to find bugs before contracts are published to the blockchain." [14] Such a scan doesn’t guarantee the code is matched exactly to the paper contract or to the intentions in the paper contract. While this approach is still new to the scene, it may well offer a glimpse into how the process of auditing smart contracts will itself become an automated “Smart Audit” in the future.

 

Are Smart Contracts Legally Binding?

An additional issue resides in the fact that smart contracts can be considered legally binding contractual agreements. Drop a coin in a candy machine. If the candy doesn’t fall into your hand, you potentially have legal recourse against the vendor and machine manufacturer.

In terms of a smart contract, you may have legal recourse against all parties involved in the development and deployment of  the smart contract, including the individual programmer if you could show the code was inconsistent with your agreement. Leveraging action based on those potential legal rights requires a cost-benefit analysis.

Smart contracts have a large range of potential applications. They are not limited to the dispensing of candy from a vending machine. They could be used for multimillion dollar real estate deals, commodities purchases, energy transfers, and many other transactions. But what would it take for you to prove intentional theft, fraud or negligence in a court of law. And how would you identify the jurisdiction? Is it where the smart contract was coded, where one or other of the parties to the agreement resides, or where the majority of the blockchain nodes are located? The answer to these questions is not currently clear.

What if the smart contract differs from the written contract? Which one prevails? If they were promoted as being equivalent, who is liable for the discrepancies? What if the code developer was negligent? What if a third-party auditor missed something? What if there was no third-party auditor?  

Discrepancies such as these may be controlled for in a strong implementation plan or resolved with arbitration, mediation, or litigation, which will carry their own costs. An effective implementation strategy is critical to reduce conflict resolution costs. [15]

In the content of an online course, Citlali Mora Catlett and Elias Haase, head of Special Projects and Founder of B9Lab, respectively, indicate that “business activities offering smart contract services should be wary of the consequences of programming mistakes, those mistakes could touch upon the areas of product liability, breach of contract, and/or deceptive trade charges, as well as other security aspects of smart contract implementation.” [16]

The American Bar Association presents the opinion that “although many advances have been made in smart contract technology, it is still in an early development stage. There are issues such as scalability, centralization risk, and usability that must be addressed before mass adoption by the general public.” [17]

 

Are Smart Contracts Susceptible to Regulatory Oversight?

Even if there is no government agency that audits smart contracts, are these transactions susceptible to regulatory agency oversight? They might be. The Commodity Futures Trading Commission (CFTC)—a US government agency whose mission is to foster open, transparent, competitive, and financially sound markets--indicates that “depending on its structure, operation, and relevant facts and circumstances, a smart contract could be a: Commodity, Forward Contract, Futures Contract, Option on Futures Contract, Swap. You should consult competent counsel when considering whether a smart contract may be a product subject to CFTC jurisdiction." [18]

The CFTC also indicates that some Smart Contracts could:

  • Unlawfully circumvent rules and protections.
  • Diminish transparency and accountability.
  • Impair market integrity.
  • Introduce risk, including operational, technical and cybersecurity.
  • Be subject to fraud and manipulation.

CFTC documentation indicates that “existing law and regulation apply equally regardless of what form a contract takes. Contracts or constituent parts of contracts that are written in code are subject to otherwise applicable law and regulation.”

So how do we really know that one of the parties to a complex smart contract transaction didn’t insert nefarious code, “backdoors” or “kill switches” into the code in an effort to defraud or manipulate the other party? Does it have an unintentional “bug” that could produce unpredictable results? The bottom line is we probably don’t know until the smart contract is already enshrined in the blockchain. We must trust the entity that generated the code or ensure each party has the opportunity to test that code in a testing environment, such as an Ethereum Testnet. This testing mimics the traditional opportunity where parties are allowed to have an attorney review a contract before they sign it; without that opportunity for review, the contract and any actions taken referencing it may be void.[19]

After all, “actions taken as the result of a contract as well as the contract itself are what draw oversight and litigation,” explains Dorothy Haraminac, Forensics Partner with GreenVets, LLC, and the first U.S. court-qualified expert in bitcoin asset and cryptocurrency tracing. “Whether that action is an internal accounting process written in SAP, an external bill pay agreement executed with a bank, or a smart contract executed on a blockchain, oversight, testing, and verification are required before live implementation. Otherwise, parties to the contract may be more prone to error and more susceptible to litigation.” [20]

 

Who Guarantees the Accuracy of a Smart Contract?

Let’s return for a moment to the idea of the blockchain. “The [Bitcoin] blockchain is an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.” [21] Blockchain operates in a trustless environment where multiple parties on a network have open and easy access to information. This potentially leaves the information vulnerable; however, Bitcoin’s blockchain implementation employs a distributed network, hash codes, and cryptographic keys that create an immutable record where tampering is easily detected. This is why blockchain operates well in a trustless environment. Parties to a Bitcoin transaction don’t need to trust each other. The Bitcoin blockchain documents the transaction, period.

So once a smart contract is posted in a blockchain, it is an immutable record where tampering is easily detected. That’s not what we’re talking about here. We’re talking about what happens when the smart contract is being developed before it’s posted to the blockchain and how we would know the smart contract represents the actual verbal or written agreement between the parties, and their intentions.

 

How many lawyers understand computer code?

The problem is that smart contracts and any other items documented in a blockchain are not created in a trustless environment. Obviously, static documents are easier for the average individual or legal counsel to evaluate than smart contracts. The fact that smart contracts are eventually embedded within the immutable, tamper-detectable, trustless environment of the blockchain does not purge them of any prevailing sins they might already be carrying when they were immortalized on the blockchain. Smart contracts should also not be tasked with the responsibility to eliminate all issues prevalent in any type of contracting agreement.

A good smart contract, just like a good automated business process, does one specific task when specific criteria are met. In the event criteria are not met, the process pauses and waits for input. Determining when to wait and which party decides what action to take in that event is a necessary consideration for smart contracts, just as it is for a paper contract, an automated business process, and any other contractual interaction. [22]

 

Should Smart Contracts Be Banned?

“Some argue that the term ‘smart contract’ is misleading,” state Citlali Mora Catlett and Elias Haase of B9Lab. “There are significant areas in the contractual process that cannot be executed by a smart contract.”[23]

There is also a significant misunderstanding about the term; many people believe they know exactly what a smart contract is because they know what the words smart and contract mean. In fact, smart contracts are nothing more than automated business processes; people engage with smart contracts every day. Setting up an automatic bill pay rule with your bank is a smart contract that accomplishes a specific task: when a bill comes in from Company A; check the balance in my account; if my account has more money than the bill; send a payment to Company A. The term smart contract has come to imply execution on a blockchain but it is a new means to the same ends as any internal or external automated business process and the same care must be taken in its implementation as is taken when converting from one system to another (from SAP to Oracle, for instance) or when introducing a new process or control mechanism. [24]

This is not to say that smart contracts do not have their place and are not useful tools for automating transactions or that they should be banned. They certainly do have a beneficial role mostly in common, well-established, and easily verifiable commercial transactions. But until further refinements for the development of smart contracts are in place, it might be useful especially in regard to complex transactions to consider the legal term Caveat Utilitorlet the user beware!  [25]

References:

[1] Nick Szabo, “Smart Contracts: Building Blocks for Digital Markets” (1996), http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html

[2] World Maritime News, August 9, 2018. https://worldmaritimenews.com/archives/258600/maersk-ibm-unveil-blockchain-shipping-solution/.

[3] Dorothy Haraminac, Forensics Partner, Green Vets, LLC, and the first U.S. court-qualified expert in bitcoin asset and cryptocurrency tracing, personal communications with author.

[4] Nicholas J. Szabo, “Smart Contracts”, http://w-uh.com/download/WECSmartContracts.pdf

[5] “PAR Sheet” (Casinopedia), https://www.casinopedia.org/terms/p/par-sheet

[6] Sheryl  L. Ashley, “Understanding Slot Machine Math Basics,” (Indian Gaming Magazine, December 2015) , http://www.indiangaming.com/istore/Dec15_Ashley.pdf

[7] Robert Hannum, “Casino Mathematics” (Center for Gaming Research, UNLV), https://gaming.unlv.edu/casinomath.html 

[8] Dorothy Haraminac, Forensics Partner, Green Vets, LLC, and the first U.S. court-qualified expert in bitcoin asset and cryptocurrency tracing, personal communications with author.

[9] Adam Gall, “Building your first Ethereum Oracle” (DecentCrypto, June 20, 2018), https://medium.com/decentcrypto/building-your-first-ethereum-oracle-1ab4cccf0b31

[10] Rob Hitchins, Expert Instructor, B9Lab, personal communications with author.

[11] Kevin Werbach, “Trust, But Verify: Why the Blockchain Needs the Law” (Wharton School of the University of Pennsylvania, 2018), http://btlj.org/data/articles2018/vol33/33_2/Werbach_Web.pdf 

[12] Dorothy Haraminac, Forensics Partner, Green Vets, LLC, and the first U.S. court-qualified expert in bitcoin asset and cryptocurrency tracing, personal communications with author. 

[13] Troy Segal, “Enron Scandal: The Fall of a Wall Street Darling” (Investopedia), https://www.investopedia.com/updates/enron-scandal-summary/

[14] “Quantstamp Protocol FAQ” (Quantstamp), https://quantstamp.com/faq

[15] Dorothy Haraminac, Forensics Partner, Green Vets, LLC, and the first U.S. court-qualified expert in bitcoin asset and cryptocurrency tracing, personal communications with author.

[16] Citlali Mora Catlett and Elias Haase, “Blockchain Essentials: An Introduction for Non-Developers, Smart Contracts”. (R9Lab).

[17] Tsui S. Ng, “Blockchain and Beyond: Smart Contracts” (American Bar Association, September 19, 2018), https://www.americanbar.org/groups/business_law/publications/blt/2017/09/09_ng/

[18] “Smart Contract Primer” (LabCFTC, November 27, 2018), https://www.cftc.gov/sites/default/files/2018-11/LabCFTC_PrimerSmartContracts112718.pdf 

[19] Dorothy Haraminac, Forensics Partner, Green Vets, LLC, and the first U.S. court-qualified expert in bitcoin asset and cryptocurrency tracing, personal communications with author. 

[20] Dorothy Haraminac, Forensics Partner, Green Vets, LLC, and the first U.S. court-qualified expert in bitcoin asset and cryptocurrency tracing, personal communications with author. 

[21] Don & Alex Tapscott, Blockchain Revolution: How the Technology Behind Bitcoin and Other Cryptocurrencies Is Changing the World (Portfolio, June 12, 2018)

[22] Dorothy Haraminac, Forensics Partner, Green Vets, LLC, and the first U.S. court-qualified expert in bitcoin asset and cryptocurrency tracing, personal communications with author.

[23] Citlali Mora Catlett and Elias Haase, “Blockchain Essentials: An Introduction for Non-Developers, Smart Contracts”. (R9Lab).

[24] Dorothy Haraminac, Forensics Partner, Green Vets, LLC, and the first U.S. court-qualified expert in bitcoin asset and cryptocurrency tracing, personal communications with author.

[25] “Caveat Utilitor Law and Legal Definition” (USLegal.com), https://definitions.uslegal.com/c/caveat-utilitor/.

RECOMMENDED