In 2009, the inventor(s) of the famous cryptocurrency bitcoin proved that there was a way to exchange money online without having to go through banks, online payment services, or other centralized authorities.
Bitcoin also popularized blockchain, its underlying technology. Blockchain is a distributed ledger that enables parties to register and transfer the ownership of any digital asset without the need for intermediaries.
Soon developers wanted to create all sorts of applications on the blockchain beyond cryptocurrencies and the simple transfer of monetary value.
In 2015, Ethereum, the second-largest blockchain and cryptocurrency, launched. One of the major differences between Ethereum and Bitcoin was that it enabled developers to publish and run smart contracts on its decentralized network, thus earning the name “World Computer.”
Smart contracts are bits of code that execute on the blockchain, without the need for a server. They’re called “smart” because they run autonomously, and “contracts” because they’re mainly meant to fulfill complex forms of asset transfer between multiple parties.
Smart contracts take on the characteristics of blockchain transactions, which means they’re transparent, immutable and auditable. No single party can tamper with them and modify them to their own benefit and everyone has equal access to them.
Still in its infancy, smart contract technology has paved the way for many different kinds of decentralized applications. It’s not without flaws and limits, but it certainly is promising.
How do smart contracts work?
Smart contracts add layers of information and logic to blockchain transactions. Developers can use smart contracts to set conditions for transactions. When these conditions are met, the transaction automatically executes and, based on the smart contract’s logic, distributes tokens or digital assets between different involved parties.
Developers write smart contracts in the Solidity programming language, compile it, and publish it on the Ethereum network. There are other programming languages, but Solidity is by far the most popular one.
Published smart contracts have a public address. Users can trigger them by sending ETH to their address, just as they would if they wanted to send funds to someone else, along with some extra data. The same computers that support the Ethereum network and verify transactions execute smart contracts. Since the Ethereum network is decentralized, it guarantees that smart contracts are executed fairly and transparently. No single node can change the terms and the results of a contract because it would contradict other computers in the network.
Smart contracts and decentralized apps (DApps)
While smart contracts can run independently, they can also call each other, just like procedures and functions in any traditional program. For instance, one smart contract may trigger another smart contract when it completes or in the course of its execution.
By creating interconnected smart contracts, developers can create decentralized applications (DApps), complete programs that run on blockchain. Furthermore, more complex arrays of smart contracts and DApps can create decentralized autonomous organizations (DAOs). DAOs are organizational structures that run without the need for human managers and compensate all participants based on their contribution to the network. (DAOs are in fact much more complicated than that, but a full discussion is beyond the scope of this article.)
Examples of smart contracts
Basically, anywhere a human-operated entity has been orchestrating and running contracts, you can replace them with smart contracts. Think real estate, supply chains, app stores, the music industry, the film industry, the ads industry, gaming…
Below are a few examples:
Smart contracts that compensate artists
Let’s say a band of musicians want to sell their new record. In old days, they had to go through record labels and other firms in the music industry that had access to advertising and distribution channels. These intermediaries first had to deem them acceptable, and then if they decided to distribute their record, they would take a huge cut from their revenues. What the musicians would make was much less than what their creation was worth.
Later, online platforms enabled artists to directly interface with their audience. This was an improvement over the old mechanisms. But those platforms were still centralized, and their owners continued to take huge cuts from the artists revenues.
Now imagine the band of musicians publishes a smart contract for their new record. Anyone who wants to license the music will send ether to the smart contract. The amount will depend on the type of license and the duration of use the customer wants. In exchange they receive a digital key that enables them to access the music. Their transaction is also stored on the blockchain, which is irrefutable proof that they’ve purchased the license to the music and haven’t pirated it.
The smart contract directly sends the funds to musicians. The amount that each of the members of the band gets can be agreed and registered in the smart contract, and the smart contract will automatically distribute it among their wallets. The smart contract can also be programmed to automatically revoke the license of the customer when it expires.
This is a model that applies to other industries, such as app stores, where developers have to pay a large part of their revenue to the app store owner.
Smart contracts for hotels
Say a person wants to rent a hotel room. The person can send payments to the hotel room’s smart contract. If the room is not available, the customer will automatically be refunded. If it’s available, the smart contract will make the key available to the customer for the specified amount of time and they’ll be able to use the room with their identity.
When the rental period runs its course the smart contract (or another one triggered by the original contract) will revoke the key. Also, if the hotel is owned by multiple parties, the smart contract can automatically distribute the revenue between them.
Multi-signature wallets are useful tools for businesses and organizations that want to use cryptocurrencies but require confirmations from multiple parties before making a payment. To make payments with multi-sig wallets, the first user calls the wallet smart contract along with the destination address and the amount of funds to be transacted. The smart contract returns a transaction number that the next users have to confirm through other smart contract calls. When enough users have confirmed the transaction, the transfer is done.
The benefits of smart contracts
First, smart contracts obviate the need for lawyers, notaries and other brokers by automating the process through undeniable mathematical proof.
Second, smart contracts provide transparent and immutable registration. Contrary to centralized systems where contracts are stored in walled gardens and secured by organizations that tax their clients for the services they offer, everything a smart contract performs is stored on the blockchain, unchangeable and available to everyone.
The direct result of these two characteristics is that, first, you save a lot of money but slashing broker costs, and second, your documents and contracts are backed up many times over instead of being stored in a location where they can be tampered with or destroyed.
The security risks of smart contracts
Despite all their important benefits, smart contracts do come with some serious security risks and considerations. In 2016, a security flaw in smart contracts of the DAO, which was going to be the first use of decentralized autonomous organizations, enabled hackers to steal 3.6 million ETH, 15 percent of all ether in circulation at the time.
Last year, hackers exploited vulnerabilities in the smart contracts of the Parity multi-sig wallet to steal 150,00 ETH, and a few months later, another flaw in the same wallet froze around 514,000 ETH in user accounts. These are just some of the many security incidents related to smart contracts that have resulted in the theft of digital currencies.
Blockchain itself is resilient to tampering and many other types of cyber-attacks. Unfortunately, many expand this notion to smart contracts, which isn’t true. Like all computer source code, smart contracts are prone to coding errors and flaws. However, smart contracts have two distinct features that make them more sensitive than other computer programs.
First, smart contracts involve money, which means malicious actors will be much more interested in poking at them to find flaws that can earn them free digital cash. Second, once a smart contract is published, like all other information stored on the blockchain, it becomes immutable. This means even if you find a flaw in a smart contract, you won’t be able to fix it. You can publish a new version of the smart contract with a new address that contains the corrected code, but the old one will still remain.
What this means is that, in contrary to traditional software, where we’re used to go through cycles of publishing and fixing code, with smart contracts, developers have to do everything they can to get the code right on the first pass.