Law in the Internet Society

"Smart" Contracts

-- By ArashMahboubi - 04 Nov 2016

Introduction

The tide of the Internet age has brought numerous dangers concealed amongst the benefits. Users have accepted, whether knowingly or not, risks associated with the Internet under the assumption that the benefits are too great to pass up. With this tide has come a recent invention—the smart contract—that is welcomed by many, yet dangerous in its current, imperfect state. Proponents envision smart contracts being a key component of next-generation blockchain platforms, and go as far as seeing its use in any practical enterprise application.(1) However, smart contracts are still susceptible to the same errors as a traditional contracts, and these errors can be further magnified as the contract acquiesces to nothing besides the code. The "smartness" is not an inherently separate attribute of the contract type, but merely a by-product of the contract being self-executing. Therefore, the public should take a more cautious approach than they have with the likes of Facebook and Apple, and wait for the current state of smart contract technology to catch up to the lofty, idealistic goals.

Transformative Potential of Smart Contracts

To understand the potential dangers, one must first understand what a smart contract is and why it can be a valuable alteration to contract law. A smart contract is a computer program code that is capable of facilitating, executing, and enforcing the negotiation or performance of an agreement (i.e. contract) using blockchain technology.(2) The self-executing code automatically implements the contractual terms. The code defines the rules and consequences in the same way that a traditional legal document would, stating the obligations, benefits, and penalties which may be due to either party in various different circumstances.(3) The code can enforce predetermined contractual obligations by electronically moving assets or virtual currency from one party to another.(4) In its ideal state, smart contracts aim to increase efficiency compared to traditional contracts by providing better security, reducing transaction costs, and eliminating heavy reliance on third-party enforcement. However, all that promise, at best, remains to be unlocked.

Smart Contract Disaster

The appeal of smart contracts, their code, has also been the liability that is stalling their widespread implementation. Ever since the invention of computers, hackers have been breaking systems by exploiting code. These hacks and data breaches occur regularly at smaller levels such as Facebook and emails, but parties potentially stand to lose much more if smart contracts are breached because smart contracts are usually tied directly to assets of the contracting party.

The recent hack of the Decentralized Autonomous Organization ("DAO"), which lives on the Ethereum blockchain, serves as a cautionary tale. The DAO was designed to crowdsource funds from anonymous stakeholders and invest it in projects voted on by the investors and administered through smart contracts.(5) The DAO promised to revolutionize managing and allocating capital by functioning without a fund manager. Instead of the venture-capital firm being run by a traditional manager, the wisdom of the crowd would make the investment decisions. The investors then stand to gain on the profits, whether through dividends or an increase in the value of Ether (the Ethereum crypto-currency equivalent of Bitcoin). Soon enough, the DAO had become the largest crowdfunded project in history, raising over $150 million.(6)

In hindsight, the level of trust placed upon the code appears to be premature and misguided. The fatal flaw was that the entire platform hinged upon the code behind the smart contracts. Less than a year after the launch of the DAO, a hacker siphoned about $60 million worth of Ether through a recursive splitting function.(7) The recursive splitting function was a feature of the smart contracts; and this feature within the code allowed funds to be siphoned into a sub-DAO, which is exactly what a user did. The attack shook faith in smart contracts, and left in its wake a lose-lose legal battle.

Legal Ramifications

What made this hack unique was that it was not illegal according to the smart contracts. The DAO made clear that “The DAO’s code controls and sets forth all terms of The DAO Creation”.(8) The platform's integrity rested upon the assumption that the code behind the smart contracts is the law. As the code allowed for the hack, then the hack should be legal. Consequentially, it might not even be appropriate to call the action a “hack” or a “theft”.

This left the DAO between a rock and a hard place. The DAO could either attempt to retrieve the funds or they could sit idle and let the code be exploited. The first option plugs a temporary hole. However, this would be seen, by smart contract idealists, as a violation of the trust placed in the smart contracts. Changing the code after the fact would be a betrayal of the promises set forth by the smart contracts. In the words of the DAO: “The DAO is borne from immutable, unstoppable, and irrefutable computer code, operated entirely by its members, and fueled using ETH which Creates DAO tokens.”(9) The risk of such a betrayal would be the collapse of the very foundation the DAO rests upon, the supremacy of the code. The DAO essentially must pick between losing $60 million against the expectations of investors or risk losing the integrity of the entire platform.

The courts will likely be left to determine the intent of parties invested in the DAO and in the process sculpt the future of societal trust in smart contracts. Did the hacker violate the intent of the DAO by stealing money from others or is the hacker merely a legitimate operator within the bounds of the smart contracts?

Conclusion

Smart contracts might not be as “smart” as advertised. Parties involved are vulnerable to manipulations and exploitations of the code. As smart contracts are usually linked to assets, the public should be extra cautious and patient when determining whether or not a smart contract is suitable for their contractual needs.


(1) http://www.coindesk.com/making-sense-smart-contracts/.

(2) http://www.blockchaintechnologies.com/blockchain-smart-contracts#smart-contract-definition.

(3) https://medium.com/@Swarm/daos-hacks-and-the-law-eb6a33808e3e#.489ehtki3.

(4) http://www.insidecounsel.com/2014/07/29/blockchains-smart-contracts-and-the-death-of-speci.

(5) https://www.bloomberg.com/view/articles/2016-06-17/blockchain-company-s-smart-contracts-were-dumb.

(6) http://qz.com/688194/the-price-of-ether-a-bitcoin-rival-is-soaring-because-of-a-radical-150-million-experiment/.

(7) http://www.nytimes.com/2016/06/18/business/dealbook/hacker-may-have-removed-more-than-50-million-from-experimental-cybercurrency-project.html?ref=dealbook.

(8) https://daowiki.atlassian.net/wiki/display/DAO/Introduction+to+the+DAO.

(9) https://www.bloomberg.com/view/articles/2016-06-17/blockchain-company-s-smart-contracts-were-dumb.

Navigation

Webs Webs

r1 - 04 Nov 2016 - 21:09:18 - ArashMahboubi
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM