Smart contract (also self-executing contract, blockchain contract, or digital contract) is an electronic algorithm intended for the automation of the contract execution process in the blockchain. The general idea of smart contracts is to exclude divergences in the treatment of the agreement terms by the entered parties.
He offered to use computer algorithms with user interfaces to close deals in the area of the electronic commerce. According to the author’s idea, the description of the contract terms had to be made with the use of mathematical tools and programming languages. The idea of smart contracts was put into practice for the first time by Vitalik Buterin in his Ethereum Project (2013).
Basic work principles
The realization of Szabo’s idea became possible with the appearance of the blockchain technology, which ensures the reliability and protection of a smart contract due to its characteristics:
- Decentralized system type: None of the contract parties may change the text of the document, since a copy of the agreement is kept in the register, distributed between numerous network nodes.
- Open databases: The contract terms are available for all blockchain participants – the audit of the contract execution becomes easier.
- Formalization of the contract terms: The check and execution of the contract terms is made with a program code (if-this-then-that (IFTTT)), which is why the possibility of a wrong contract execution is excluded.
- Atomic operations: A contact will be either implemented successfully or not implemented at all.
- Turing completeness: The blockchain presented in Ethereum, has a built-in Turing-full programming language, thanks to which the users will be able to create any contracts by themselves.
Execution of smart contracts
Smart contracts are basically just computer code that is stored in a distributed blockchain. Because the blockchain is distributed, a copy of it is stored in each computer of the network. This implies that a copy of the smart contracts code is also stored in each computer of the network, and can in fact be executed in the same way by each computer. In the Ethereum blockchain, the code is executed in a specific environment: the Ethereum Virtual Machine (EVM). Every network node (i.e. each computer) will verify new blocks by going through the transactions included in it and implementing the codes initiated by them in the EVM. Since they all have an exact copy of the same chunk of code, each network node makes the same calculations, saving equal values.
Security and sensibilities
Smart contracts in Ethereum are vulnerable to hacker attacks for a number of reasons.
1. Errors in the use of Solidity (the Ethereum programming language)
- Semantics: smart contracts are written in Solidity, which is similar to Java. However, the bytecode of the EVM does not support work with functions, so the contracts are compiled before being sent to the blockchain. One typing error in the contract code may lead to the implementation of the fallback function.
- Incorrect order of exceptions: For the implementation of a smart contract, an interruption of the work of its method – an exception may be needed. If an exception appears during the running of the call command, then the execution of contracts will continue until the gas is over.
- Reenterability: The same program instructions may be entered for several times, for example, through the fallback function, which will lead to a cycle in the calling of the call method and expending the whole gas. The attack on DAO was built on this type.
2. Errors in the work of the Ethereum virtual machine
- Invariability of contracts: A contract published on the blockchain cannot be changed. If a contract contains a bug, it’s impossible to correct, the contract execution only can be stopped. An outstanding example may be the elimination of the consequences of the attack on DAO.
- Ether losses during the transfer: To send ether, you need to give the address of the receiving party, which presents a sequence of 160 bits. If the given address is not bound to a user or a contract, the sent ether will be lost forever.
3. Blockchain errors
- State of a contract: A part of a smart contract that came into a short sub circuit won’t be executed. Accordingly, the contract status won’t be determined uniquely temporarily. One of the contract parties may consider that the contract has been executed although it didn’t happen.
- Temporary restrictions: To determine the state of a contract, some time is needed (see the previous paragraph), which makes it vulnerable to attacks.
Big fraud cases
In July 2016, there was an attack on The DAO, as a result of which a hacker managed to transfer over $64 million to the balance of a contract created by him. For an attack, the reenterability characteristic has been used: within one transaction, the hacker withdrew funds of the DAO and transferred ether to their daughter DAO, repeating the operation for many times.
- Szabo N. Smart contracts: building blocks for digital markets //URL: http://www. alamut. com/subj/economics/nick_szabo/smartContracts. html (Letzter Abruf vom 31.10. 2016). 1996.
- Szabo N. //URL: http://firstmonday.org/ojs/index.php/fm/article/view/548/469 1997
- Dannen C. Bridging the Blockchain Knowledge Gap //Introducing Ethereum and Solidity. Apress, 2017. С. 1-20.
- Delmolino K. et al. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab //International Conference on Financial Cryptography and Data Security. – Springer Berlin Heidelberg, 2016. – С. 79-94.
- Atzei N., Bartoletti M., Cimoli T. A Survey of Attacks on Ethereum Smart Contracts (SoK) //International Conference on Principles of Security and Trust. – Springer, Berlin, Heidelberg, 2017. – С. 164-186.
- Velner Y., Teutsch J., Luu L. Smart Contracts Make Bitcoin Mining Pools Vulnerable //IACR Cryptology ePrint Archive. – 2017. – Т. 2017. – С. 230.