Story image

Why smart contracts on the blockchain aren’t viable for businesses yet - Gartner

11 Jul 17

Article by Gartner contributor Kasey Panetta

In 2016, the Decentralized Autonomous Organization (DAO) announced that a hacker had exploited a vulnerability in Ethereum, a blockchain platform utilised by the group.

The total loss to the DAO was reported at $150million.

The flaw was not in the blockchain platform itself, but rather in the smart contract.

The hacker was able to trigger a recursive send vulnerability where the act of sending funds triggered another “send funds” request.

Ethereum had done exactly what it was supposed to do, but a loophole in the smart contract code exposed the organisation to a hack.

It was reported that the DAO lost $60million in just the first 12 hours.

“Smart contracts will eventually automate the mass personalisation of value exchange,” says Nigel Montgomery, Gartner research director.

“What that means is the ability to engage many times the number of customers and partners globally, but in an intimate and personalised manner dictated by today’s consumerised ‘instant response’ world. That is the aim.

“Yet today the technology is immature and mercurial, and once live, the outcome is irrevocable. Smart contracts are something CIOs should invoke at their own risk.”

What makes a smart contract?

A smart contract is a computer program or protocol that facilitates, verifies or executes the terms of a contract.

Smart contracts have three characteristics:

  • They operate on a decentralised ledger technology.
  • They are independent.
  • They are immutable and irrevocable.

The immutability of a blockchain record and the distributed nature of a blockchain system make smart contracts an attractive option for enterprises.

In theory, they establish undisputable provenance.

However, the immaturity of the technology means they also incur potentially significant drawbacks.

For example, smart contracts are independent, which means they obey only their own code and, once deployed, cannot be controlled by either the originator or any legal system.

Additionally, they are irrevocable, and can only be replaced by a completely new contract.

The DAO example proves what can happen if that code is not exhaustively tested for every potential outcome.  

Ask the important questions

Despite the risks, Gartner estimates that by 2022, ratified unbundled (that is, defined impact) smart contracts will be in use by more than 25% of global organisations.

Unbundled means closely defined and with narrow impact, rather than complex nested contracts where the outcome permutations become nearly impossible to test.

Nevertheless, smart contracts will increase in popularity over time and will begin to impact global commerce.

Companies and organisations looking to utilise smart contracts right now should be very deliberate and careful in adoption.

Assessing technical maturity is a key component of a successful smart contract.

When pursuing a solution, ask vendors five key questions:

  • Are you certain that this contract cannot be undertaken using tried-and-tested and legally binding traditional contract mechanisms? If the answer is no, opt for the tested route.
  • Is anyone using the smart contract in production? If the answer is no then you may be putting your business or brand at risk by being the first. Are you sure you want to take that risk?
  • Do you, the smart contract creator, indemnify my organisation if there is a problem, including unexpected behaviour or unintended consequences? If they do not, then it means that you are taking the risk.
  • What mechanisms for software assurance are in place? Are there tools in place for mathematical proof of correctness? More to the point, have they been applied to this smart contract, and where is the proof?
  • Under what circumstances are escape lanes (get-out/cessation clauses) used in the software, and who can invoke them — and why? Escape lanes can increase vulnerability to exploitation and require rigorous clarity or purpose and impact.

Enterprises should consider proven traditional contracts when available and, if choosing smart contracts, ensure that the code has been tested exhaustively.

Remember that there are no standards for testing smart contracts, and having “adequate” testing exposes the company to potential risk.

Finally, remember that it’s impossible to see every potential error or issue given the complexity of the technology, and at the end of the process, the complexity could mean the contract fails to represent the original intentions of the signing parties.  

Article by Gartner contributor Kasey Panetta

GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Preparing for the future of work – growing big ideas from small spaces
We’ve all seen it: our offices are changing from the traditional four walls - to no walls. A need to reduce real estate costs is a key driver, as is enabling a more diverse and agile workforce.
Bluetooth-enabled traps could spell the end for NZ's pests
A Wellington conservation tech company has come up with a way of using Bluetooth to help capture pests like rats and stoats.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.