Article by Gartner contributor Kasey Panetta
In 2016, the Decentralized Autonomous Organization (DAO) announced that a hacker had exploited a vulnerability in Ethereum, a blockchain platform utilised by the group.
The total loss to the DAO was reported at $150million.
The flaw was not in the blockchain platform itself, but rather in the smart contract.
The hacker was able to trigger a recursive send vulnerability where the act of sending funds triggered another “send funds” request.
Ethereum had done exactly what it was supposed to do, but a loophole in the smart contract code exposed the organisation to a hack.
It was reported that the DAO lost $60million in just the first 12 hours.
“Smart contracts will eventually automate the mass personalisation of value exchange,” says Nigel Montgomery, Gartner research director.
“What that means is the ability to engage many times the number of customers and partners globally, but in an intimate and personalised manner dictated by today’s consumerised ‘instant response’ world. That is the aim.
“Yet today the technology is immature and mercurial, and once live, the outcome is irrevocable. Smart contracts are something CIOs should invoke at their own risk.”
What makes a smart contract?
A smart contract is a computer program or protocol that facilitates, verifies or executes the terms of a contract.
Smart contracts have three characteristics:
- They operate on a decentralised ledger technology.
- They are independent.
- They are immutable and irrevocable.
The immutability of a blockchain record and the distributed nature of a blockchain system make smart contracts an attractive option for enterprises.
In theory, they establish undisputable provenance.
However, the immaturity of the technology means they also incur potentially significant drawbacks.
For example, smart contracts are independent, which means they obey only their own code and, once deployed, cannot be controlled by either the originator or any legal system.
Additionally, they are irrevocable, and can only be replaced by a completely new contract.
The DAO example proves what can happen if that code is not exhaustively tested for every potential outcome.
Ask the important questions
Despite the risks, Gartner estimates that by 2022, ratified unbundled (that is, defined impact) smart contracts will be in use by more than 25% of global organisations.
Unbundled means closely defined and with narrow impact, rather than complex nested contracts where the outcome permutations become nearly impossible to test.
Nevertheless, smart contracts will increase in popularity over time and will begin to impact global commerce.
Companies and organisations looking to utilise smart contracts right now should be very deliberate and careful in adoption.
Assessing technical maturity is a key component of a successful smart contract.
When pursuing a solution, ask vendors five key questions:
- Are you certain that this contract cannot be undertaken using tried-and-tested and legally binding traditional contract mechanisms? If the answer is no, opt for the tested route.
- Is anyone using the smart contract in production? If the answer is no then you may be putting your business or brand at risk by being the first. Are you sure you want to take that risk?
- Do you, the smart contract creator, indemnify my organisation if there is a problem, including unexpected behaviour or unintended consequences? If they do not, then it means that you are taking the risk.
- What mechanisms for software assurance are in place? Are there tools in place for mathematical proof of correctness? More to the point, have they been applied to this smart contract, and where is the proof?
- Under what circumstances are escape lanes (get-out/cessation clauses) used in the software, and who can invoke them — and why? Escape lanes can increase vulnerability to exploitation and require rigorous clarity or purpose and impact.
Enterprises should consider proven traditional contracts when available and, if choosing smart contracts, ensure that the code has been tested exhaustively.
Remember that there are no standards for testing smart contracts, and having “adequate” testing exposes the company to potential risk.
Finally, remember that it’s impossible to see every potential error or issue given the complexity of the technology, and at the end of the process, the complexity could mean the contract fails to represent the original intentions of the signing parties.
Article by Gartner contributor Kasey Panetta