Law in the Internet Society

"Smart" Contracts

-- By ArashMahboubi - 04 Nov 2016

Smart Contracts Meet Financial Systems

The tide of the Internet age has brought numerous dangers concealed amongst the benefits. With this tide has come a recent innovation—smart contracts—that is welcomed by many. Proponents envision smart contracts being a key component of next-generation blockchain platforms, and go as far as seeing its use in any practical enterprise application. While users would be sensible to prioritize the prevention of theft or modification of critical data that isn’t cryptographically secured, users should still be aware of the dangers that exist with cryptographically secured smart contracts in financial systems. The public should avoid the overeager approach it has taken with significant data threats like Facebook and Apple, and wait for the current state of smart contract technology in financial systems to catch up to the lofty, idealistic goals.

What are Smart Contracts?

To understand the potential dangers of smart contracts in financial systems, one must first understand what they are and why they can be a valuable addition. As succinctly put by Chris Ferris, “a smart contract is a stored procedure in a database.” Smart contracts are a piece of code that is stored on a blockchain, which is triggered by blockchain transactions and reads and writes data in that blockchain’s database. The code defines the rules and consequences in an analogous way that a traditional legal document might, stating any obligations, benefits, and penalties which may be due to either party in various different circumstances. A smart contract is capable of being used in financial systems to facilitate, execute, and enforce the negotiation or performance of an agreement (i.e. contract) using blockchain technology. In a practical application, for instance, the code can enforce predetermined contractual obligations by electronically moving assets or virtual currency from one party to another.

Smart Contract Disaster

The appeal of smart contracts, their code, has also been the liability that is stalling their widespread implementation in financial systems. Ever since the invention of computers, malicious programmers have been exploiting code. These data breaches regularly threaten critical data that isn’t cryptographically secured, but still pose risks to cryptographically secured financial data.

The recent attack of the Decentralized Autonomous Organization (“DAO”), which lives on the Ethereum blockchain, serves as a cautionary tale. The DAO was designed to crowdsource funds from anonymous stakeholders and invest it in projects voted on by the investors and administered through smart contracts. The DAO promised to revolutionize managing and allocating capital by functioning without a fund manager. Instead of the venture-capital firm being run by a traditional manager, the wisdom of the crowd would make the investment decisions. The investors then stand to gain on the profits, whether through dividends or an increase in the value of Ether (the Ethereum crypto-currency equivalent of Bitcoin). Soon enough, the DAO had become the largest crowdfunded project in history, raising over $150 million.

The DAO’s entire platform hinged upon the code behind the smart contracts. In hindsight, the level of trust placed in their code appears to be premature and misguided. Less than a year after the launch of the DAO, an individual siphoned about $60 million worth of Ether through a recursive splitting function. The recursive splitting function was a feature of the smart contracts; and this feature within the code allowed funds to be siphoned into a sub-DAO, which is exactly what the user did. The attack shook faith in the implementation of smart contracts in financial systems, and left in its wake what, on its surface, appears to be an intriguing legal battle, but in reality should be a fairly straight forward decision.

Don't Overcomplicate the Legal Ramifications

What made this attack unique was that it was not illegal according to the smart contracts. The DAO made clear that “The DAO’s code controls and sets forth all terms of The DAO Creation”. The platform’s integrity rested upon the assumption that the code behind the smart contracts is the law. As the code allowed for the siphoning of funds, then the siphoning should be legal. Consequentially, it might not even be appropriate to call the action a “theft”.

This left the DAO between a rock and a hard place. The DAO could either attempt to retrieve the funds or they could sit idle and let the code be exploited. The first option plugs a temporary hole. However, this would be seen, by smart contract idealists, as a violation of the trust placed in the smart contracts. Changing the code after the fact would be a betrayal of the promises set forth by the smart contracts. In the words of the DAO: “the DAO is borne from immutable, unstoppable, and irrefutable computer code, operated entirely by its members, and fueled using ETH which creates DAO tokens.” The risk of such a betrayal would be the collapse of the very foundation the DAO rests upon, the supremacy of the code. The DAO essentially must pick between losing $60 million against the expectations of investors or risk losing the integrity of the entire platform.

However, such an outlook disregards the obvious. Courts, steered by regular human judges, are not likely to see the world the same way the DAO does. Merely slapping a disclaimer on a contract in the real world does not supersede liability. There isn’t much reason to think courts would be more sympathetic to disclaimers by the DAO than they would to similar disclaimers by a corporation like Blackstone. Smart contract idealists might envision a financial world where the code is the law, but, unfortunately for them, they still remain under our nation’s legal system jurisdiction. The court is unlikely to view the DAO’s smart contracts as a new realm of contract law. Instead, it will likely empathize with the reasonable expectations of the investors just as it would in other financial systems.

Smart Contracts in Perspective

The dangers of smart contracts in financial systems are overblown in comparison to the social harm caused by attacks against critical data that isn’t cryptographically secured. Nonetheless, it is still a problem that merits acknowledgment because smart contracts might not be ready for incorporation into mainstream financial systems.

Why use endnotes in writing a short essay for the web. Make links please, so that the reader can go directly from a statement of yours to the reference that helps to confirm it, so they can judge the quality of your source, and read more conveniently for themselves.

You did some good learning here, but not knowing what you didn't know, you took a metaphor for reality.

A smart contract is simply, as Chris Ferris said in his presentation at our conference, a stored procedure in a database. It's not a replacement for contract law, anymore than the hundreds of such stored procedures you trigger every day, in databases like Facebook with which you interact, and in which algorithms are started as a result of data access or searching. "Smart contracts" are not an innovation in that sense, but an analog of an existing software style "ported" to the new software style that is blockchain.

Worrying about malicious programming (which is poorly described by the word "hacking," which has another and more valuable conflicting meaning) is sensible with respect to any form of software that moves money. But worrying about material that is cryptographically secured against tampering, while sensible because all software has exploitable failure modes, makes sense only after one has worried about tampering with all the critical data that isn't cryptographically secured, and whose theft or modification causes big social harm every day.

In short, your learning was a little too narrow for the conclusions you drew from it. The greatest asset of the expert is a firm grasp on the obvious, which you don't quite have yet. The best route to improvement is to widen the focus on your learning about blockchain, so that you can describe not only correctly but in correct proportion what you have learned in relation to the concerns of a reader who has not followed you in your learning yet, and will do so through the next draft.


Webs Webs

r6 - 10 Dec 2016 - 05:06:16 - ArashMahboubi
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM