Smart contract (also self-executing contract, blockchain contract, or digital contract) is an electronic algorithm intended for the automation of the contract execution process in the block chain. The general idea of smart contracts is to exclude divergences in the treatment of the agreement terms by the entered parties.
He offered to use computer algorithms with user interfaces to close deals in the area of the electronic commerce. According to the author’s idea, the description of the contract terms had to be made with the use of mathematical tools and programming languages. The idea of smart contracts was put into practice for the first time by Vitalik Buterin in his Ethereum Project (2013).
Basic work principles
The realization of Szabo’s idea became possible with the appearance of the blockchain technology, which ensures the reliability and protection of a smart contract due to its characteristics:
- Decentralized system type. None of the contract parties may change the text of the document, since a copy of the agreement is kept in the register, distributed between numerous network nodes.
- Open databases. The contract terms are available for all blockchain participants – the audit of the contract execution becomes easier.
- Formalization of the contract terms. The check and execution of the contract terms is made with a program code (if-this-then-that (IFTTT)), which is why the possibility of a wrong contract execution is excluded.
- Atomic operations. A contact will be either implemented successfully or not implemented at all.
- Turing completeness. The blockchain presented in Ethereum, has a built-in Turing-full programming language, thanks to which the users will be able to create any contracts by themselves.
Execution of smart contracts
In Ethereum, the codes of smart contracts are executed in a specific environment - Ethereum virtual machine (EVM). Every network node performs verification of a new block, by going through the transactions included in this block and implementing the codes initiated by these transactions in EVM.
- Each network node makes the same calculations, saves equal values.
- The formation of transaction blocks by miners is made for a fee: the cost of the operation is evaluated in gas units.
Security and sensibilities
Smart contracts in Ethereum are vulnerable to hackers’ attacks for a number of reasons.
1. Errors in the use of the Solidity
- Semantics of the Solidity language. The contracts are created in the programming language – Solidity, which is similar to Java, and present a set of functions. However, the bytecode of the Ethereum virtual machine doesn’t support the work with functions, so the contracts are compiled before sending to the blockchain. One typing error in the contract code may lead to the implementation of the fallback function.
- Incorrect order of exceptions. For the implementation of a smart contract, an interruption of the work of its method – an exception may be needed. If an exception appears during the running of the call command, then the execution of contracts will continue until the gas is over.
- Reenterability. The same program instructions may be entered for several times, for example, through the fallback function, which will lead to a cycle in the calling of the call method and expending the whole gas. The attack on DAO was built on this type.
2. Errors in the work of the Ethereum virtual machine
- Invariability of contracts. A contract published on the blockchain cannot be changed. If a contract contains a bug, it’s impossible to correct, the contract execution only can be stopped. An outstanding example may be the elimination of the consequences of the attack on DAO.
- Ether losses during the transfer. To send ether, you need to give the address of the receiving party, which presents a sequence of 160 bits. If the given address is not bound to a user or a contract, the sent ether will be lost forever.
3. Blockchain errors
- State of a contract. A part of a smart contract that came into a short sub circuit won’t be executed. Accordingly, the contract status won’t be determined uniquely temporarily. One of the contract parties may consider that the contract has been executed although it didn’t happen.
- Temporary restrictions. To determine the state of a contract, some time is needed (see the previous paragraph), which makes it vulnerable to attacks.
Big fraud cases
In July 2016, there was an attack on DAO, as a result of which a hacker managed to transfer over $64 million to the balance of a contract created by him. For an attack, the reenterability characteristic has been used: within one transaction, the hacker withdrew funds of DAO and transferred ether to their daughter DAO, repeating the operation for many times.
- Szabo N. Smart contracts: building blocks for digital markets //URL: http://www. alamut. com/subj/economics/nick_szabo/smartContracts. html (Letzter Abruf vom 31.10. 2016). 1996.
- Szabo N. //URL: http://firstmonday.org/ojs/index.php/fm/article/view/548/469 1997
- Dannen C. Bridging the Blockchain Knowledge Gap //Introducing Ethereum and Solidity. Apress, 2017. С. 1-20.
- Delmolino K. et al. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab //International Conference on Financial Cryptography and Data Security. – Springer Berlin Heidelberg, 2016. – С. 79-94.
- Atzei N., Bartoletti M., Cimoli T. A Survey of Attacks on Ethereum Smart Contracts (SoK) //International Conference on Principles of Security and Trust. – Springer, Berlin, Heidelberg, 2017. – С. 164-186.
- Velner Y., Teutsch J., Luu L. Smart Contracts Make Bitcoin Mining Pools Vulnerable //IACR Cryptology ePrint Archive. – 2017. – Т. 2017. – С. 230.