by Mike Orcutt technologyreview.com
Computer programs operating on blockchains are transforming the financial landscape. Yet much of the excitement surrounding so-called smart contracts remains overblown. This is an entirely new domain. Developers are only starting to grasp how to design these contracts reliably enough to safeguard users' funds—and, as a fresh analysis of Ethereum smart contracts demonstrates, security experts are just beginning to identify what a smart contract vulnerability actually entails.
This article appears in our twice-weekly newsletter Chain Letter, covering blockchain and cryptocurrencies. Subscribe here—it’s free!
Digital vending machines: The concept of a “smart contract” was introduced by digital currency pioneer Nick Szabo, who coined the term over two decades ago (and who may or may not be Satoshi Nakamoto). His core idea was that “many kinds of contractual clauses (such as collateral, bonding, delineation of property rights, etc.) can be embedded in the hardware and software we deal with, in such a way as to make a breach of contract expensive (if desired, sometimes prohibitively so) for the breacher.” Szabo described physical vending machines as a “primitive ancestor of smart contracts,” since they accept coins, dispense products, and return correct change according to the displayed price.
Enter the blockchain: Today, the most prevalent interpretation of a smart contract is a computer program stored on a blockchain. A blockchain functions as a shared accounting ledger that uses cryptography and a network of computers to track assets and prevent tampering. For Bitcoin, this provides two parties who don’t know each other with an ironclad guarantee that an agreed-upon transfer of funds will occur as expected—no cheating.
Smart contracts are where things become fascinating. Using a smart contract, two individuals could create a system that withdraws funds from one person’s account—say, a parent’s—and deposits them into a child’s account if and when the child’s balance drops below a certain threshold. And that’s merely the simplest example—in theory, smart contracts can program all kinds of financial agreements, from derivatives contracts to auctions to blockchain-based escrow accounts.
ICOs everywhere: One of the most popular applications of smart contracts has been the creation of new cryptocurrencies. Some have offered glimpses of a new economy where a purpose-built digital currency can be used for a “decentralized” service, such as data storage or cryptocurrency trading. Investor enthusiasm for such applications has fueled the ICO craze, which has raised over $5 billion. (What the hell is an ICO? ← Here’s a primer)
But hold your horses: Technologists still lack a complete understanding of what a security flaw in a smart contract looks like, says Ilya Sergey, a computer scientist at University College London, who coauthored a study on the topic published last week.
Users learned this the hard way in 2016 when a hacker stole $50 million from the so-called Decentralized Autonomous Organization, which was built on the Ethereum blockchain. And in November around $150 million suddenly became inaccessible to users of the wallet service Parity, also rooted in Ethereum.
Sergey and colleagues used a novel tool to analyze a sample of nearly one million Ethereum smart contracts, flagging around 34,000 as vulnerable—including the one that led to the Parity mishap. Sergey compares the team’s work to interacting with a vending machine, as though the researchers randomly pushed buttons and recorded the conditions that made the machine act in unintended ways. “I believe that a large number of vulnerabilities are still to be discovered and formally specified,” Sergey says.
