07.18.2016

OPINION: When Smart Contracts Go Bad

07.18.2016

With any new technology, there are bugs that lead to unintended consequences. So-called smart contracts are not immune.

Case in point is the Distributed Autonomous Organization, a virtual venture capital business that operates solely using smart contracts. Its developers coded smart contracts using Ethereum’s architecture to handle every function that normally an employee would do.

They launched on April 30, and within three weeks had approximately 11,000 investors contributing $150 million to the project.

It only took another four weeks before hackers exploited loopholes in the DAO codebase to transfer $50 million from various accounts to a separate account.

A group of white-hat hackers, which reportedly included a few Ethereum core developers, managed to secure the remaining $100 million through a little counter-hacking and deposited the virtual currency into a new account for protection.

To retrieve their existing investments, DAO miners, investors, vendors, and others voted to adopt the “hard fork” that Ethereum Foundation plans to implement on July 20, which would roll back the DAO smart contract to before the hack.

The financial services firms are whistling past the graveyard if they think that they won’t encounter similar issues when they start deploying their own smart contracts in the wild.

Hackers would have a harder time compromising a private permissioned blockchain compared to public permission-less ones like the DAO. However, hackers already cracked industry intranets that were thought to be nigh invulnerable.

The real threat is smart contracts’ immaturity as a technology. It hasn’t been around long enough to develop a track record that can be used to create best-practices or a suite of reliable testing tools. Like with anything new, there will be trial and error.

However, there is a bright spot for those running private permissioned blockchains. Their communities will be much smaller than those of public and permission-less counterpart, which make reaching consensus much easier.

Also, a private permissioned blockchain operator could require potential members to agree on a remediation process before allowing them to play in the private sandbox.

If the operators wait until after there’s an incident to develop a remediation plan, it is a good way to kill that particular blockchain.

For more on Smart Contracts

Related articles

  1. Firms that optimise their operations can better focus on their core competencies.

  2. Firms should ensure a robust operational risk approach in tandem with resilience, ITRS Group says.

  3. Contributed Content

    What's Treasury Worth?

    COVID-19 has boosted demand for fundamental change in treasury operations, Hazeltree's Sameer Shalaby writes.

  4. The alliance with Coremont will cover front, middle and back office operations.

  5. The new offering supports reconciliation, matching and exception management applications.