What's a smart contract (and how does it work)?
- 29 July, 2019 20:00
Smart contracts are self-executing, business automation applications that run on a decentralized network such as blockchain.
And because they're able to remove administrative overhead, smart contracts are one of most attractive features associated with blockchain technology. While blockchain acts as a database, confirming that transactions have taken place, smart contracts execute pre-determined conditions; think about a smart contract as a computer executing on "if/then," or conditional, programming.
Essentially, once certain conditions of a smart contract are met – goods arrive in a port, two parties agree to an exchange in cryptocurrency – they can automate the transfer of bitcoin, fiat money, or the receipt of a shipment of goods that allows them to continue on their journey. Underneath it all: a blockchain ledger that acts as a database to store the state of the smart contract – whether it's been fulfilled or not.
Understanding tokens and smart contracts
For example, an insurance company could use smart contracts to automate the release of claim money based on events such as large-scale floods, hurricanes or droughts. Or, once a cargo shipment reaches a port of entry and IoT sensors inside the container confirm the contents have been unopened and remained stored properly throughout the journey, a bill of lading can automatically be issued.
Smart contracts are also the basis for the transference of cryptocurrency and digital tokens (in essence, a digital representation of a physical asset or utility). For example, Ethereum blockchain's ERC-20 and ERC-721 tokens are themselves smart contracts.
But not all smart contracts are tokens, according to Martha Bennett, a principal analyst at Forrester Research. "You can have smart contracts running on Ethereum that trigger an action based on a condition without an ERC-20 or ERC-721 token involved," she said.
Smart contracts can govern the transference of other cryptocurrencies, such as bitcoin. Once payment is verified, bitcoin can change hands from seller to buyer.
Most enterprise blockchain networks don't use tokens, Bennett pointed out. In those that do, the rules in smart contracts govern how tokens get allocated and define the conditions of transfer.
"That still doesn't mean the token is the smart contract - it all depends on how the token has been constructed," Bennett said. "And tokens don't have to be about economic value; a token can simply be something you hold that gives you the right to vote on a decision; casting your token means you've voted, and can't vote on this decision again – no economic value associated."
How smart contracts mimic business rules
Smart contracts are neither really "smart" nor contracts in the legal sense. They're no more than business rules translated into software.
"People often ask what makes smart contracts different from business rules automation software or stored procedures. The answer is that conceptually, the principle is the same; but smart contracts can support automating processes that stretch across corporate boundaries, involving multiple organizations; existing ways of automating business rules can't do that," Bennett said.
In other words, because smart contract code is running atop an open blockchain ledger, rules can be applied not only within the corporation that coded the smart contract but to other business partners permitted to be on the blockchain.
"In other words, they're code that does what it's been programmed to do. If the business rules...have been defined badly and/or the programmer doesn't do a good job, the result is going to be a mess," Bennett said. "And, even if designed and programmed correctly, a smart contract isn't smart – it just functions as designed."
Translating business rules into code doesn't automatically turn the result into a legally enforceable agreement between the parties involved (which is what a contract actually is). Although there are some initiatives aimed at making smart contracts automatically legally binding, that path – at least for now – fraught with difficulty and risk, Bennett said. That's because there's no agreed standard definition of what a smart contract is.
"And what happens if the software has bugs and yields bad results? Is the resulting loss now also legally binding?" she added.
The importance of good data, and 'oracles' in smart contracts
A smart contract is only as good as the rules used for automating processes, which means quality programming is crucial. Also crucial? The accuracy of the data fed into a smart contract. Because smart contract rules, once they're in place, are unalterable. After a contract is written, neither the user nor programmer can change it.
So if the data isn't true – and being on a blockchain doesn't necessarily make it so – the smart contract can't work properly.
Data is fed into blockchains and used for smart contract execution from external sources, specifically data feeds and APIs; a blockchain cannot directly "fetch" data. (These real-time data feeds for blockchains are called "oracles" – they're essentially the middleware between the data and the contract.)
Oracles can be software- or hardware-based. A hardware-based oracle, for example, might be an RFID sensor in a cargo container transmitting location data to smart contract parties. A software oracle, by contrast, could be an application that feeds information through an API about a securities exchange, such as changing interest rates or fluctuating stock prices.
In that case, when you're hedging risk on an exchange and a stock price goes up, one party will get money while another loses it. The smart contract determining which happens requires market price data, and the API for that comes from the data provider. That poses a problem: the parties involved in the smart contract must be able to trust the outside data source.
While blockchains may be decentralized across dozens or thousands of nodes, smart contracts are not. They run on a single node. The blockchain nodes (servers) have no visibility into how a particular smart contract works; any consortium of companies that are a part of a blockchain network must rely on one oracle for the information being fed into the smart contract.
If your company is part of a blockchain consortium – a supply chain, for example – it has no way to know what's running in the smart contract. There's no verifiability. Essentially, you have to take the word of the company running the server on which the oracle and smart contract reside that the information being fed to the blockchain is accurate.
"You have to go to one source, one table, one oracle for that data. There's no standard processes to verify the data is what it says it is and it's coming in properly. It's a central point of failure," said Gartner Vice President of Research Avivah Litan.
"It's not mature yet," Litan continued. "I've talked to companies participating in a consortium and asked them how do you know what the smart contract is doing and they say they don't. If you have a contract running your life, wouldn't you want to know what it's doing?"
Potential problems with smart contract data
Because oracles have traditionally transmitted data from a single source, there is no perfectly trustworthy data, according to Sergey Nazarov, CEO of ChainLink, an oracle start-up that uses multiple external sources of oracle data. Nazarov, in a white paper, wrote that data may be "benignly or maliciously corrupted due to faulty web sites, cheating service providers, or honest mistakes."
ChainLink has formed development partnerships with internet and financial services companies, including Google and the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which runs one of the world's largest clearing and settlement networks.
The way regular contracts function today can be problematic, according to Nazarov, because one party may perform a task but the other party may decide not to pay – likely touching off a legal battle – or there may be assumptions made by one of the parties about a complex contract that may not be true.
"Those contracts are not rigorously enforceable; they can't be enforced by technology the way a smart contract can." Nazarov said. "A smart contract is deterministic; it can absolutely be enforced as long as the events related to its contractual clauses happen.
"Smart contracts are contingent on events; they're contingent on market events, in insurance they're contingent on IoT data from cars, factories or other equipment," Nazarov continued. "In trade finance, they're contingent on shipping data."
In another example, ChainLink created a smart contract for a media company that held in reserve fees to be paid to a search engine optimization (SEO) firm it had hired until news article URLs reached – and then maintained – search engine rankings for a specific period of time.
"That payment wasn't held by our client or the search engine optimization firm," Nazarov said. "It was held by this new technology [blockchain and the smart contract] that will programmatically enforce the contract as it was written. That's the fundamental difference."
While complicated to develop in the past, constructing smart contracts is becoming easier as new programming tools are emerging that move away from the underlying complexity of smart contract scripting languages, essentially enabling business people to pull together the basics of a smart contract, Bennett said.
"We're even beginning to see tools that allow businesspeople to pull together the basics of a smart contract," Bennett said. "That's only the beginning, though, as some companies have already discovered it can be a challenge to ensure that every network participant runs the same version of a smart contract."
Edge computing, IoT and the future of smart contracts
Over the next several years, the massive growth in IoT connected devices could spur greater use of smart contracts. That's because a substantial portion of the estimated 46 billion industrial and enterprise devices connected in 2023 will rely on edge computing, according to Juniper research. As a result, addressing standardization and deployment issues will be crucial.
Smart contracts could offer a standardized method for accelerating data exchange and enabling processes between IoT devices by removing the middleman: the server or cloud service that acts as the central communication spoke for requests and other traffic among IoT devices on a network.
"Fundamentally, the idea is you don't have a central agent – no one approving and validating every single transaction. Instead, you have distributed nodes that participate in validating every transaction in the network," said Mario Milicevic, a member of the Institute of Electrical and Electronics Engineers (IEEE), a leading authority on technology innovation that has more than 500,000 members.
Blockchain ledgers decrease the time required to complete IoT device information exchange and processing time.
"It could be in an automotive manufacturing plant. As soon as a certain part arrives, that part then communicates that to other nodes at that destination, which would agree that part arrived and communicate that to entire network. The new node would then be allowed to begin doing its work," Milicevic said.
The rise of edge computing is critical in scaling up tech deployments, owing to reduced bandwidth requirements, faster application response times and improvements in data security, according to Juniper Research.
Blockchain experts from IEEE believe that when blockchain and IoT are combined they could actually transform vertical industries.
While financial services and insurance companies are currently at the forefront of blockchain development and deployment, transportation, government and utilities sectors are now engaging more, due to the heavy focus on process efficiency, supply chain and logistics opportunities. And that's expected to combine to make smart contracts more ubiquitous in the years ahead.