At a young age, I was conditioned to experience new technologies every 5-8 years. It started with gaming consoles: I could not wait to see the evolution of graphics, especially when it came to my favorite Role Playing Game (RPGs) developer, who seemed to always be on the cutting edge of the technology spectrum. Would then migrate into computers and the internet, and lastly with TVs and phones. It is amazing to see the consumer’s reluctant or slow adoption to advancements in technology to an attitude of acceptance that this is now the new normal. I believe that period to be on the horizon again.
With the fast adoption of NFTs, the world of Web 3.0 is expanding at great speeds. What was once considered a joke or scam, is now getting the attention of prominent Fortune 500 firms and spawning new companies in this space. At the center of this technological marvel is the concept of Smart Contracts.
What are Smart Contracts?
In its simplest form, Smart Contracts are programmable logic (or code) that exists on a blockchain. It is commonly used to define terms or agreements among parties such as ownership, rights, payment options or business logic. It is immutable meaning that once committed to the blockchain, the terms cannot be altered or changed.
This is important as it gives Smart Contracts legitimacy by alleviating possible disagreements among parties, related to unfilled terms or breach of contract. Although they sound foolproof, it is important to know that Smart Contracts are not without vulnerabilities, which we will discuss later.
This space is exploding because it has the real potential of transforming the way we do things, especially behind the scenes. Today, in the NFTs space, artists have the ability to sell their work online, assign resell rights and profit along most of the distribution chain.
In going to OpenSea.io, the largest NFT Marketplace today, you can browse millions of digital art pieces and see what the going rate is and the terms. One of the things I find the most fascinating is understanding what you can and cannot do, once you have the rights to the work. In the piece below owned by Zlim, they have the rights to use the image in “advertising, [to] display privately and in groups, including virtual galleries, documentaries and essays by [the] holder of the NFT, as long as creator is credited.” Consequentially, there are “no rights to create commercial merchandise, commercial distribution, or derivative works” as that is solely retained by the original creator.
Although art is primarily the first thing that come to mind for Smart Contracts, it is not the only application that have many including myself excited. Industries such as Healthcare or Financials can benefit from non-repudiation and attribution features, especially when it comes to determining who made a critical change. State and Local governments can utilize Smart Contracts to improve the efficiency in the voting process, Insurance companies can better improve the claims handling process, Law Enforcement could better positioned to facilitate chain of custody and with any new technology, you are bound to need cybersecurity experts to ensure protections.
And on that note, it’s time to dive into the big elephant in the room. Is it safe?
Are Smart Contracts Safe?
This is probably one of the most asked questions on the internet:
Smart contracts are prone to bugs How efficient and secure are your smart contracts? Have you ever been audited by an external party, so we believe this project is safe and good for future investors?
I m so stressed about these topics, so i stopped making arts lately but focusing on a safe on/off chain base for my arts… I understand that there are more essential steps like having our own smart contracts.
for the NFT management SDK, as many games will use SkyMeta smart contracts for NFT management features. Security is definitely an important factor!! are you going to audit the code so games and gamers can know that their NFT is safe and the code is secure??
Unfortunately, the answer isn’t as binary as the concept of the topic. Although the majority of Smart Contracts are “safe,” in the sense that they do what they are supposed to; because they are based on code, they are susceptible to vulnerabilities or bugs. So why is this a big deal.
As stated earlier, one of the benefits of Smart Contracts is that they are immutable once committed to the blockchain. If an artist were to unintentionally introduce code that allowed royalty payments for their $100 digital artwork at a rate of .1% (0.001) instead of 10% (.10), they wouldn’t be particularly happy earning ten cents instead of dollars. This could have higher implications for other industries.
In 2017, the Parity Bug resulted in over 550 wallets containing 514K Ethereum tokens being locked out. Parity Technologies advised that “a user exploited an issue and thus removed the library code, as it seems unaware of the consequences.” Library codes are common reusable code for developers. It allows them to save time by reusing code that has been proven to work.
Last month, Minswap Labs released a patch to address “a critical vulnerability that would allow someone to drain all the Liquidity in the Smart Contract.” In a blog post, they advised that this was discovered during an audit. The vulnerability would allow a user to mint (create) at a large scale, liquidity pool tokens
What I find fascinating about this was that in order to remediate or patch the vulnerability, Minswap Labs had to actually utilize the exploit to migrate all holders to the new Smart Contract. This is pretty unprecedented considering the concept of Smart Contracts by many is to avoid anyone from being able to have this power.
Are Smart Contracts Legally Binding?
Perhaps an even more pressing issue is the legality of smart contracts. To date, I am not aware of any legal prescient that Smart Contracts can be held up in court. My suspicions are complemented by industry experts who were asked on this very topic in 2018 at the Singapore FinTech Festival.
In response, Brian Harley, a registered foreign lawyer at Clifford Chance stated that he’s “…not really sure if they are legal contracts,” but suggested the concept of Smart Contracts could replace legal contracts due to the overall efficiency and effectiveness involved with the process. I also found humor in the suggestion that “you have to build in the functionality to have a dispute.”
Frank Desvignes, a Global Head at AXA Next Labs, suggested that they may not be binding contracts but attaching legal contract documentation may be a good practice.
The latter panelist may have the right of it. The Smart Contracts themselves may not be legally enforceable, but perhaps using them as an addendum to a legal contract (whether electronic or paper), could be enforceable similar to how a Service Level Agreement (SLA) is attached.
As the technology becomes more adopted, I believe we will have more clarity.
How to make my contract secure?
As with anything coding related, unintended events are bound to occur in your code. Here are a few ideas that can help make a Smart Contract less prone to bugs:
This is a good way of having someone else either on your team or preferably someone not directly involved in the project go through the code to identify and/or test for bugs or anomalies.
Set up a pre-production environment and test every aspect of the Smart Contract. See if it is possible to answer the following:
Does it work as intended?
Is it doing something it is not supposed to do?
Do you think a user could reasonably exploit the Smart Contract with elevated permissions?
What are you most concerned about, and how can a threat actor achieve it?
As with most businesses, it is important to consider the implementation of a Disaster Recovery Plan. Think of all potential scenarios that could go wrong in the development and production of a Smart Contract, and think of solid ways to deal with the issues as they come up.
As with all the technological advancements I have witness, I look forward to the evolution of Smart Contracts. Firmly, I believe it has the ability to transform economics and our way of life if implemented correctly. It goes without saying that I am worried of all the pitfalls to come as the space continues to grow, but I am optimistic that there are enough people invested that things will not go completely sideways.
For over 20 years, I have had the distinct opportunity to work in the Information Technology space under a variety of distinct roles.
My unique position has helped me become a risk management Maven for Fortune 500 and Small Business Companies around the world. For the last 12 years, I have assisted Small Business Owners and Insurance Agency understand the impacts of Cyber Incident exposures and what steps to take to help mitigate potential data breaches.
My desire to expand my reach related to cyber security has led me to establish the Sage Knows IT blog as a way to help Small Business Owners and aspiring Information Technology (I.T.) Professionals better understand the road-maps of I.T. through the experiences I have had.
Information Technology and Information Security is the future of our world and I hope this blog will inspire those that are interested in joining our ever involving field.