Introduction

This article is a complete guide to Smart Contracts-definition, use cases, benefits, platforms used for creating Smart Contracts, security of Smart Contracts and measures to be taken to make Smart Contracts more secure. Besides, you can also check this article to understand Smart Contracts from a beginner’s perspective. We will first learn a bit about Ethereum which is the most popular and the first Blockchain platform on which Smart Contracts were created. Ethereum which was created as a result of a hard fork in Bitcoin, introduced the concept of Smart Contracts for automating legal transactions. Let us understand the concepts one by one in detail.

What is Ethereum?

  • Ethereum is the first generic Blockchain platform, that allows users to create and deploy decentralized and trustless applications on it.

Bitcoin vs Ethereum

  • Ethereum was created in 2015 as a result of a hard fork from Bitcoin.
  • Ethereum’s creator Vitalik Buterin (a Russian-Canadian programmer and writer) found some flaws in the Bitcoin architecture. He suggested changes which resulted in Ethereum.
  • The sole purpose of Bitcoin is to have a digital currency which is secure, transparent and can be transferred peer-to-peer without the involvement of any third parties.
  • Ethereum, besides being a digital currency (Ether), has its prime objective to facilitate and monetize the development of Decentralized Applications (Dapps) and Smart Contracts (we will learn these concepts later).

Turing Complete

  • A system-computational machine or a programming language is considered ‘Turing Complete‘ if it can solve any computational problem given appropriate algorithm is implemented and the system is given required runtime, memory and processing power.
  • This means that it might happen that the system runs out of power or memory while solving the problem. But had it been given adequate of memory and power it could have solved the problem.
  • Else try to understand it this way. When a system is Turing Complete, theoretically, it will be able to solve any computational problem, come what so ever. Might be that it can go on solving the problem for a long time, 2 days, 3 days, indefinitely. Hence as long as the memory and power requirements are fulfilled the system can solve any problem.
  • But this poses a threat with Turing Complete systems. They can exhaust all the memory and power to solve a problem in hand. There should be a hard stop after a certain defined point. We will discuss these things in the following sections.

Ethereum Virtual Machine (EVM)

  • The EVM is a virtual machine maintained by different computers or nodes running the Ethereum client. These nodes are connected directly to each other (peer-to-peer).
  • At any given time, the state of EVM is the same at every member node. Each node consists of a copy of the Ethereum Blockchain. Every time a new transaction is made, it gets broadcasted to the entire network, verified, validated and then added to all the Blockchain of all the nodes.
  • The EVM is a Turing Complete system or framework, as it can solve any computational problem by writing codes or contracts programming languages. You can write codes (Smart Contracts) which are decoded into bytecodes by the Ethereum network nodes.
Ethereum Virtual Machine

Decentralized Autonomous Organizations (DAO)

  • A traditional organization like the Microsoft, Facebook, etc. , works with a higher management responsible for taking important decisions. These CEOs and CFOs refer to the legal papers, management booklets, company policies to take the decisions. We trust these people for the important decisions pertaining to the organizational workings. This is a Trust Based Model.
  • What if we do not want to trust anyone or any bodies? Specifically in cases where we have not known the other party well.
  • The concept of DAOs comes here. In DAOs the decisions are made not by people, but by pre-written protocols in the form of codes. Different parties do not trust each other but rather trust the protocols defined by the code called Smart Contracts.
A Traditional Organization and a DAO

Smart Contracts

Smart Contracts are self-executing legal contracts. They differ from the traditional contracts, such that rather than been written on paper (or computer typed), Smart Contracts are defined by computer codes. These codes are self-executed once some pre-defined conditions are met.

Since Smart Contracts are self executing, we do not need any middlemen, like legal, management, etc. for their implementation.

Hence, Smart Contracts enable trustless transactions between two disparate parties. This means any two anonymous and disparate parties from anywhere in the world can have a transaction, just by agreeing to a Smart Contract, without the need for any middlemen.

For instance, let us take the example of an Exchange where you get Bitcoin in exchange of fiat money like USD. Traditionally you needed a third party to facilitate the exchange of fiat money with Bitcoin. But when we implement a Smart Contract it eliminates the need of any third party to facilitate the transaction. In this case, when the buyer transfers fiat money.

Benefits of Smart Contracts

Reiterating, Smart Contracts are pre-agreed pieces of code between two parties, which get self-executed when certain pre-set conditions are met, as a result enforcing the negotiations which are copied in the Ethereum Blockchain (or other Blockchains which we will mention later).

Smart Contract

Due to these Smart Contracts have the following benefits.

  • Transparency and Immutability: The code and all transaction related data resides in the Blockchain, which is immutable (cannot be changed) and accessible to all.
  • Efficiency: No room for missing documents, misinterpretations. Code is the law.
  • Cost Reduction: As middle-men are not needed, the costs incurred to have them, are also cut.
  • Security: The code and all related transaction data lies in the Blockchain, which is ultra-secure (using cryptographic principles)
Smart Contract Benefits

Use Cases of Smart Contracts

Smart Contracts are based on the Blockchain technology. Smart Contracts help to automate transactions and processes which would otherwise require middle men or third parties. Besides, Smart Contracts provide a transparent, more secured and cost effective approach to carry out various traditional functions in industries like banking, insurance, mortgage, loans, real estate, healthcare, etc. Let us see some of the prominent use cases of Smart Contracts.

  • Real Estate

    Usage: Smart Contracts are set up directly between two parties, eliminating the requirement of any middlemen. Rules of the contract are coded which are executed once pre-defined conditions are met. For example, when party A is credited payment from party B, the Smart Contract gets executed transferring the ownership of asset from party A to party B.

    Benefits:
    (A) More secured: Smart Contract which uses the Blockchain technology, stores all data in encrypted manner. This is the most secured manner in which data can be stored. Hence, all data related to the real estate assets can be stored in a much more secured way than the traditional way of storing in computer records or (even worse) in papers, which were easy to manipulate.
    (B) Transparent: Data is transparent to all the parties involved, but it cannot be changed without consensus.
    (C) Cost Effective: Since no middle men are required the corresponding costs like processing charges, etc. are saved. Also since data is already too secure, cost of audits are saved.
Smart Contract in Real Estate
  • Insurance:
    Usage: Likewise the Insurance industry is adopting Smart Contracts at a wider pace. Smart Contracts can be implemented directly between the insurer and the insured to automate claim transfers. For instance, AXA has implemented Smart Contracts which has automated its flight delay insurance claims. The Smart Contract is connected to the flight traffic database. Whenever there is a delay in a flight, claim is automatically credited to the user.

    Benefits:
    (A) More secured: Smart Contract which uses the Blockchain technology, stores all data in encrypted manner. This is the most secured manner in which data can be stored. Hence, all data related to the insurance like coverage provided, monthly or annual installments, etc. can be stored in a much more secured way than the traditional way of storing in computer records or (even worse) in papers, which were easy to manipulate.
    (B) Transparent: Data is transparent to all the parties involved, but it cannot be changed without consensus.
    (C) Cost Effective: Since no middle men are required the corresponding costs like processing charges, etc. are saved. Also since data is already too secure, cost of audits are saved.
  • Loans and Mortgages:
    Usage: Smart Contracts can be used to automate loans and mortgages transactions. Rules of the transactions can be hardwired into the code which again eliminates any middlemen requirements. The Smart Contract can be set up directly between two parties. Contract terms like monthly installments, interest rate, number of installments, penalty for missed installment, loan termination after certain period of time, etc. are all fed into the contract.

    Benefits:
    (A) More secured: Smart Contract which uses the Blockchain technology, stores all data in encrypted manner. This is the most secured manner in which data can be stored. Hence, all data related to the loans and mortgages like monthly installments, interest rate, number of installments, penalty for missed installment, etc. can be stored in a much more secured way than the traditional way of storing in computer records or (even worse) in papers, which were easy to manipulate.
    (B) Transparent: Data is transparent to all the parties involved, but it cannot be changed without consensus.
    (C) Cost Effective: Since no middle men are required the corresponding costs like processing charges, etc. are saved. Also since data is already too secure, cost of audits are saved.

Blockchain Platforms used for Smart Contracts development

Apart from Ethereum other popular blockchain platforms used for Smart Contract development are EOS, Hyperledger Fabric, IBM Blockchain, Tezos, R3 Corda, EOSIO, Stellar, Quorum, etc.

How secure Smart Contracts are?

  • Smart Contracts are used in different sectors like supply chain, digital assets, crowdfunding and intellectual property. All these involve substantial monetary values which are dependent on the security of the Smart Contract. Hence, security of the Smart Contract is of utmost value to a developer while developing one.
  • Smart Contracts are as safe as the computer code of the contract are. Hackers have found gaps and loopholes in Smart Contract codes which have led to major losses in the past.
  • Hence, it is important to make the Smart Contract go through various technical audits before implementation.

Types of security issues in Smart Contracts

Some of the most common security issues or vulnerabilities found in Smart Contracts are:

  • Reentrancy: In computer codes a function is a set of instructions or lines of codes that are executed when the function is called. Just in case you are interested, refer this article to know more about functions in Python language.
    Coming back to our topic, reentrancy is a phenomena when a function is called repeatedly which hinders the existing execution. It can be called by itself or by an external routine (or function).
    In Smart Contracts, reentrancy has occurred in the past which changed the behavior of the contract. For instance, let us take the example of an auction-Smart Contract. The bid( ) function allows one to place his auction. If it happens that the bid( ) function is called repeatedly, it will hinder the contract behavior by not allowing the execution to complete.
  • Denial of Service (DoS) attack: A DoS attack aims to hinder or completely stop the services, which are expected to be delivered by a computer system to its intended users. This is accomplished either by flooding the system with too much traffic the system can manage or sending an input that triggers the shut down. The previous example of calling the bid( ) function multiple times is also a DoS attack, in which the contract fails to work as intended.
  • Integer Overflow: An integer variable (which stores the integer value in computer memory) has a defined limited space allotted in the computer memory. If for some reason (ex: as the result of an operation) the value exceeds the defined limit, the code raises an integer overflow error and aborts the program. Smart Contracts have witnessed Integer Overflow errors resulting in abortion of the contract leading to real monetary losses.

Best practices for securing Smart Contracts

As mentioned earlier, the security of a Smart Contract is dictated by the security of the code of the contract. Hence, it is imperative to secure the code of a Smart Contract, right at the development stage. The measures taken to secure Smart Contracts are:

  • Use Blockchain specific development practices: Smart Contracts can be developed on different blockchain platforms like Ethereum, EOS, Cardano, NEO, Hyperledger Fabric, etc. Always use tools, languages and testing methodologies specific to the Blockchain platform. For example, Solidity language is used for development of Smart Contracts in the Ethereum blockchain. We can also use popular languages like Java and C++, but it increases the threats, as these languages are not solely made for the Ethereum blockchain platform. Rather Solidity is created keeping the specificities of the Ethereum Blockchain platform. Remember it is about the compatibility of the language, the compiler and the blockchain platform.
    Similarly, testing methodologies should be specific to the blockchain platform. For example, use Truffle framework for Ethereum, while use EOS Factory or GTest for EOS.
    Ethereum Smart Contract development best practices
    EOS Smart Contract development best practices
  • Use strong testing methodologies: Always use all the testing options available right from unit testing to check the basic contract functionalities to releasing the contract on a Test Network first. As mentioned earlier, testing methodologies should be specific to the blockchain platform. For example, use Truffle framework for Ethereum, while use EOS Factory or GTest for EOS. Besides you can use security audits and independent checks of the code to ensure eliminating any possible vulnerabilities.
  • Be cautious while implementing added functionalities in the Smart Contract: Smart Contracts developed on Ethereum and EOS are specifically popular for added functionalities. But these extra functionalities provide extra space for errors and hence pose security issues to the Smart Contracts. Hence being extra cautious while adding features in a Smart Contract is the only solution. Use blockchain specific development practices. Some platforms like Zilliqa and Cardano offer added restrictions to Smart Contracts which help in improving the security.

Conclusion

We learnt about Smart Contracts, their use cases, benefits and security. Obviously Smart Contracts have revolutionized almost every industry by automating transactions, eliminating the need for any third parties. There are security risks but those can be mitigated by following suggested measures (discussed above).

1 Comment

Leave a Reply