Smart contracts, or programs that run on the blockchain, enable completely distributed and decentralized applications to be self-enforcing.
Smart contracts are the glue that binds blockchain-based relationships. They bind and digitally enforce engagements between different devices, applications and data assets maintained within the network. But do they work in real-life situations?
The Cloud Security Alliance (CSA) wants to make sure they are secure, as well as assure the rest of the world that the smart contracts generated within their blockchain networks of their viability as well as secure. The CSA’s latest guidelines, Best Practices for Smart Contract Security Hyperledger Fabric, have been released, intended to provide business leaders and professionals an overview of the benefits, challenges, and opportunities for deploying smart contracts within an organization. The goal is to help users gain a deeper understanding of the many legal, regulatory, and security considerations that arise with smart contracts.
Security is a major concern, said Hillary Baron, research analyst and program manager at CSA. “However, as these contracts become more detailed and robust, the more surface area is exposed to risk. It’s imperative, therefore, that practitioners deploying legal smart contracts should understand the risks associated with their execution.”
The more detailed and robust the smart contract, “the more surface area exposed to risk,” the CSA report cautions. Complexity is another concern. “Additionally, smart contracts can combine both computer executable code as well as a natural language legal framework from which to work within. Therefore, any practitioner deploying a natural language smart legal contract should understand the risks associated with the execution of such a hybrid legal agreement.”
In addition, the complexity of large numbers of interconnected smart contracts poses challenges to users of blockchain-based networks. “Each node in the blockchain network runs a copy of the blockchain’s virtual machine and executes the code contained in transactions,” the CSA report explains. “This creates a parallelized and sometimes hugely inefficient distributed computer since the parallelization is used to maintain synchronization (each node runs the same code in the same order) rather than speed processing.”
CSA recommends addressing such performance efficiency issues “by implementing a blockchain solution that utilizes a ‘proof-of-stake’ or ‘proof-of-elapsed-time’ methodology.”
Smart contracts, or programs that run on the blockchain, enable completely distributed and decentralized applications to be self-enforcing. Smart contract code is designed to be the final authority on the agreement that it encodes, meaning that any contractually valid interaction is considered “fair use” including exploiting a logical or programming flaw in the contract. At the same time, such “code-as-law” functionality may present unique legal challenges that will need to be addressed before implementing a smart contract solution in an industry, CSA says. With these on-chain smart contracts, the code that defines the business logic becomes part of the ledger.
There are two categories of smart contracts, CSA notes: “those that install business logic on validators in the network before the network is launched, or those that deploy business logic as a transaction committed to the blockchain and then called by subsequent transactions.”