Programming the Economy: You Can Lose Your Money with Smart Contracts

Ethereum smart contracts are a novelty that has come to cryptoeconomics by the hands of the Russian programmer who created Ethers – the young Vitalik Buterin. They add an interesting functionality to the concept of cryptocurrency under Blockchain that Satoshi Nakamoto inaugurated with Bitcoin.

But under a seemingly innocuous nature, there are also some risks inherent in the development cycle of any software, including Ethereum and its smart contracts. Today, there have already been numerous cases of Ethers that have remained “in no man’s land,” far from their legal owners. If there is a massive implementation of these contracts without solving these problems, the issue may end up being systemic.

In an Engadget article, smart contracts were analyzed in great detail ( I suggest you read it), so we are going to refrain from going over the fundamentals again. Instead, we’ll analyze some of its most advanced characteristics and potential risks, from a more original and less usual point of view. But the fact that is that we are going to focus today’s analysis is on its vulnerabilities, and in the trail of orphaned Ethers that have already been left in the cryptosphere, despite their short life.

A Bit of History

Several colleagues have already published a compilation that summarizes the different cases of “failed” intelligent contracts, citing the study on this subject entitled “Finding The Greedy, Prodigal, and Suicidal Contracts at Scale.”

As you may have read for yourselves, these “failed” smart contracts are subdivided into three main types. The first of these are the Prolific Contracts, these being the ones that are likely to be hacked so that the destination address of the Ethers is a fraudulent one, in which cryptocurrencies are falling as a rain of millions for the censurably graceful who has interposed between the contracting party and the legitimate destiny of the Ethers.

The second type of “failed” intelligent contracts are the so-called Suicide Contracts, which are contracts that can be closed by activating an exit condition on the part of the attacker. This is what happened with the DAO attack: there was a poorly implemented contract exit clause, which allowed a crypto user to legally start collecting all the Ethers involved in the intelligent contract. It is also worth remembering how poor protection of sensitive information from an intelligent contract led to the diversion of funds in Ethers.

Lastly, there are Greedy Contracts. These contracts are those in which there is a vulnerability (or malpractice and/or drafting) that can be exploited to freeze the Ethers associated with the contract. In this case, the Ether do not finish swelling the coffers of the attacker, but the contractor the effects are virtually identical: you will never be able to dispose of your Ethers, nor can you benefit from the supposed benefits that the contract could have brought.

For the sample of contracts taken as a basis in the study cited above, the resulting total amount of Ethers that would have been far from the portfolios of their rightful owners due to lavish and suicidal contracts amounted to 4,905 Ethers (more than 4 million dollars). 

There are still 313 Ethers that remain in no man’s land after having been transferred to contracts that have already been completed. Therefore, it is no longer possible to execute code in Blockchain, and one can continue to receive Ethers.  The end result? These Ethers end up being blocked for ever and ever.

Maybe the previous amounts do not seem very high, in fact they are not. But what is really important here is the vocation for the future with which smart contracts were conceived, with its ultimate aim being to become a massive trading and contracting platform. Undoubtedly, under these conditions, these amounts would be much higher, and the vulnerabilities that they reveal would be classified as systemic.

Smart contracts: a hybrid discipline

In the immediate future, society will no longer be a mere community of users, but it will also be the global human community itself that believes, and it will be the machines and the Internet of Things (IoT) that make up the most important group of users. 

The future is undoubtedly how technology is becoming embedded in all socio-economic sectors. The future lies in the mixed disciplines between technology and any other field of socio-economic activity. The future is in each and every one of you.

And the world of notaries, the legal profession, consultancies, etc. was not going to be an exception. As difficult as it might seem apriori for how strongly bureaucratized these activities are, the fact is that the technical society is also breaking into this sector with force. And the profile of the future, will be hybrid starting with a prefix “techno-“: “techno-lawyer”, “techno-notary”, “techno-contractual advisor”, “techno-crypto- auditor “, etc. We already have fintech, but that is not specific enough in this instance.

Undoubtedly, one of the main profiles will be people (or teams) with knowledge of intelligent contracts and Solidity, who also have deep knowledge of advocacy, legal issues, processes and contractual documents. The rest is just software code that, like everything else, only reflects a reality to be implemented in bits.

The solution goes through a specialization and a new audit concept

But as experts and newbies in the IT sector will know, the software development cycle is potentially quite complex, susceptible to later versions to patch vulnerabilities, functionalities, errors … And that, speaking of intelligent contracts, can involve massive amounts of money in Ether.

The specialization will inevitably be key for some profiles whose demand is going to be, at least in its beginnings, much higher than the offer. When it is already mainstream, there will be many professionals trying to enter a new and incipient field of professional activity, with different degrees of expertise. It will be essential to have specific talent and know-how and specialized in the development of intelligent contracts, in technical, legal and contractual matters. Specialization will be necessary in a field where (almost) everything is to be done and everything can be done, and where the field of action is very broad.But apart from the specialization, there is another aspect that will be essential and very necessary – that of the crypto-audit.

This cryptoauditor will be responsible for guaranteeing the integrity and coherence of both the intelligent contract in its legal aspect, and in its software implementation. His/her seal will be a guarantee symbol for investors, participants, or simply for the parties that intend to intervene in an intelligent contract housed in the Blockchain of Ethereum.

If the future does not knock on your door, go and call the future

If you work today in the sector, do not see this analysis with suspicion or fear. There is no recipe with more possibilities of failure than Ethereum smart contracts. There will be many many years of trial and error. However, the reward will be to acquire a profile with high demand and little supply.

It may be that a hybrid profile of this type may be unnatural within the reality of the current development of professional careers in the sector, but surely when the automobile was invented, and specialized expert drivers were necessary, it was unthinkable that in the end we would all end up driving.

Do not try to avoid the technical society. There is no possible escape. Make it your ally as soon as possible. Being one of the first ones is already a great competitive advantage. If the future does not knock on your door, go ahead and call the future: if you do not do it, it is certain that the door of the future will not open before you.

Leave a Reply

Your email address will not be published. Required fields are marked *