A smart contract is a computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract. Smart contracts allow the performance of credible transactions without third parties. These transactions are trackable and irreversible.
Advocates of smart contracts claim that numerous sorts of contractual clauses may be made partially or fully self-executing, self-enforcing, or both. The main goal of smart contracts is to provide security that is superior to conventional contract law and to reduce other transaction costs associated with contracting. Various cryptocurrencies have implemented types of smart contracts.
Smart contracts were first proposed by Nick Szabo, who begat the term. With the present implementations, based on blockchains, “smart contract” is mostly used more explicitly in the sense of general purpose computation that takes place on a blockchain or distributed ledger. In this interpretation, utilized for example by the Ethereum Foundation or IBM, a smart contract is not necessarily related to the classical concept of a contract but can be any kind of computer program.
In 2018, a US Senate report said: “While smart contracts might sound new, the idea is rooted in basic contract law. Usually, the judicial system adjudicates contractual disputes and enforces terms, but it is also common to have another arbitration method, especially for international transactions. With smart contracts, a program enforces the contract incorporated into the code.”
Byzantine fault-tolerant algorithms enabled digital security through decentralization to frame smart contracts. Furthermore, the programming languages with various degrees of Turing-completeness as a built-in feature of some blockchains make the creation of custom sophisticated logic possible.
Notable examples of implementation of smart contracts are:
- Bitcoin also provides a Turing-incomplete Script language that allows the creation of custom smart contracts on top of Bitcoin like multisignature accounts, payment channels, escrows, time locks, atomic cross-chain trading, oracles, or multi-party lottery with no operator.
- Ethereum implements a nearly Turing-complete language on its blockchain, a prominent smart contract framework.
- Ripple (Codius), smart contract development halted in 2015.
- Replicated titles and contract execution.
- Szabo proposes that smart contract infrastructure can be implemented by replicated asset registries and contract execution using cryptographic hash chains and Byzantine fault-tolerant replication. Askemos implemented this approach in 2002 using Scheme (later adding SQLite) as the contract script language.
One proposition for utilizing bitcoin for replicated asset registration and contract execution is called “colored coins”. Replicated titles for potentially arbitrary forms of property, alongside replicated contract execution, are implemented in different projects.
As of 2015, UBS was experimenting with “smart bonds” that utilize the bitcoin blockchain in which payment streams could hypothetically be fully automated, creating a self-paying instrument.
A smart contract is “a computerized transaction protocol that executes the terms of a contract”. A blockchain-based smart contract is visible to all users of the said blockchain. However, this prompts to a situation where bugs, including security gaps, are visible to all yet may not be quickly fixed.
Such an attack, difficult to fix quickly, was successfully executed on The DAO in June 2016, depleting US$50 million in Ether while developers endeavored to come to a solution that would gain consensus. The DAO program had a period delay setup before the hacker could remove the funds; a hard fork of the Ethereum software was done to claw back the funds from the assailant before the time limit expired.
Issues in Ethereum smart contracts, in particular, include ambiguities and easy-but-insecure constructs in its contract language Solidity, compiler bugs, Ethereum Virtual Machine bugs, assaults on the blockchain network, the immutability of bugs and that there is no central source documenting known vulnerabilities, attacks and problematic constructs.