Arthur Breitman is the CEO and Kathleen Breitman the COO of Tezos (tezos.com), a new blockchain platform currently in development. Before founding Tezos, Arthur worked at Goldman Sachs and Morgan Stanley where he served as a vice president. Kathleen was a senior strategy associate for blockchain consortium R3.
In this CoinDesk 2016 in Review special feature, the Breitmans provide their overview of the ongoing issues with smart contract development, selecting just three they believe remain barriers to mainstream use.
Smart contracts hold tremendous promise as the 'killer app' for blockchains.
If you're not familiar, a smart contract is a computer program that automatically executes the terms of a contract on a blockchain. In principle, you can use smart contracts for a wide variety of purposes, such as wireless service contracts, apartment and hotel room rentals, freelance work contracts, automating payments – anyplace you'd want to cut out the middle person.
With more than $17bn in assets stored in just the top 10 cryptocurrencies, there currently is a huge opportunity to give existing blockchain assets additional flexibility and utility by adding smart contract capabilities.
It's also obvious that the technology offers a robust upside to traditional markets.
For example, consider the use case of the over-the-counter (OTC) derivatives market, which accounts for $700tn in notional value per year. Moving even a small percentage of those trades to smart contracts represents an enormous potential savings.
But before smart contracts can live up to their promise, the platforms enabling them need further development.
Here are three ways smart contract systems can earn our trust in 2017:
1. Provide formal verification capabilities
Writing code that works exactly the way we want is incredibly difficult.
All software is vulnerable to bugs or attacks of various kinds – but with smart contracts, actual assets are at stake. We need a better way to ensure these contracts are robust and secure. One way is to use formal verification, a mathematical technique of checking code to prove that it will execute as intended.
Smart contracts should be implemented in a language that's easy to verify. For this reason, functional languages, like Haskell and OCaml, are better suited to smart contract code than imperative ones like C/C++, Java and JavaScript, because their structure is easier to reason about and to verify formally.
True, more programmers are familiar with JavaScript, but the focus needs to shift from ease of use to security.
Bear in mind that formal verification has some limitations. It is not completely automatic and still requires human skill.
Also, formal verification can only prove the properties we actually think to check; if you don't verify the right things you can still leave vulnerabilities open. But still, it is a step in the right direction when implemented properly.
2. Ensure transparency so code can be inspected
One of the biggest experiments with smart contracts was The DAO, a virtualized investment vehicle that raised $150m – and then immediately fell victim to an attacker who siphoned off $50m into their own account.
When security researchers began to analyze The DAO, it was tedious to understand what it was actually doing because The DAO's bytecode (the virtual machine code) was all that was visible on the blockchain, and it was not clear which version of the source code was actually being deployed.
Smart contract code needs to be transparent, with no loopholes, so we know exactly what we are signing when we enter an agreement – and also so errors are easier to spot. One way to accomplish that is by using an interpreted language, instead of a compiled one, so the actual code is visible on the blockchain and can be easily inspected.
Otherwise, bytecode needs to map exactly to the source code that created it to ensure that they match. That requires the compiler itself to be certified.
3. Provide a clear governance mechanism
Because smart contracts are stored on a blockchain, by definition the code is immutable – meaning, in a perfect world, the code doesn’t change.
But software is never perfect. Changes to the underlying platform can and will happen, which can affect how smart contract code executes. How a given blockchain handles those changes is critical to instilling trust in its platform.
Where there is no clear governance model, there is no certainty the ground won’t suddenly shift beneath your feet. When it works in their favor, core developers or whoever is running the show has the power to change the rules of the game midstream.
Of course, how vulnerable a blockchain is to this kind of abuse of power depends largely on its community. Still, blockchains of the future should have clear governance principles laid out from the start, so that protocol changes are made in a predictable fashion and nobody gets hit by any big surprises.
Once we get the kinks worked out, smart contracts will take off and form the backbone of many of the contracts we engage in everyday, handling everything from your electricity bills to your dog sitter to the arrangement you have with a landlord – all behind the scenes and over the Internet, making our lives easier.
And like the Internet, we won’t think about the technology behind it, we just know that it works – consistently and dependably.
STORY CONTINUES BELOW
Correction: An earlier version of this article indicated that CoinDesk's parent company, Digital Currency Group, had invested in Tezos. This has been revised.
Airplane takeoff image via Shutterstock