OPINION: Smarting Contracts
Smart contracts require a quantum leap in QA.
Rolling out any new technology can be painful, but rolling out smart contracts just may redefine “pain.”
According to the legal, technical, and security experts who discussed a spectrum of smart contract issues at the Blockchain for Wall Street conference, developing and deploying a smart contract should not be entered into lightly.
To say that smart contracts are a nascent technology would be an understatement. Dan Guido, co-founder and CEO of cybersecurity firm Trail of Bits, scarily stated that all the smart contracts that his firm has audited each one had a least one critical error.
This should not be too surprising since smart contracts can range from 50 lines of code to an average George R.R. Martin novel and errors are bound to creep in. And those mistakes can be expensive. One accidentally deleted code library has left approximately $160 million in ether digital currency frozen in Parity multi-signature wallets and no immediate plans by the ether community to release the funds. It does not take too much effort to think how expensive it would be if a smart contract could do if it wound up destroying automated margin payments rather than forwarding them. Losing $160 million just might be a drop in the bucket.
Many of these concerns come from decades of software development where the business pressures force software teams to ship buggy code and address the flaws with subsequent patches and releases.
It also does not help that many developers who use the Solidity programing language to code their smart contracts do not read its source documentation thoroughly, noted Daniel Kahan, an associate at Morrison & Foerster and who also spoke at the conference.
Launching a bulletproof smart contract is going to require the stiffest quality assurance process most organizations have ever seen. Moreover, it will not just be the QA team that will have to be on their toes, but the representatives from legal and cybersecurity as well.
Nothing is perfect and smart contracts use technology that evolves continually. There will be high-profile failures that will wind up costing their participant plenty, and each firm will need to do their own risk-reward analysis to see if the benefits of smart contracts outweigh their risks.
Supporting regulations and technology need time to fully bake.
Wall Street needs to address a number of issues that smart contracts raise.
Faulty 'smart' contracts could cost Wall Street millions, if not more.
A new working group and position paper spur a standards discussion for smart contracts.
What can Wall Street Learn From the DAO hack?