ECE398SC Spring 2018

Smart Contract Security

Lecture 2: Intro to Smart Contracts
Andrew Miller
(some slides credit Joseph Bonneau)
Smart Contracts: user-defined programs running on
top of a blockchain
Decentralized Consensus
Money “Blockchain”
Users
Contracts
Storage
Code
Data

2
Contract programming model

- Contract class
Create an object of this class by
making a transaction

- Define functions you can call

Demonstrations with Remix
“Smart contracts” conceptualized by Szabo in 1994

A smart contract is a computerized transaction protocol that

executes the terms of a contract. The general objectives are
to satisfy common contractual conditions (such as payment
terms, liens, confidentiality, and even enforcement), minimize
exceptions both malicious and accidental, and minimize the
need for trusted intermediaries. Related economic goals
include lowering fraud loss, arbitrations and enforcement
costs, and other transaction costs.

-Nick Szabo “The Idea of Smart Contracts”

A “dumb contract” example

Alice will reveal to Bob a value x such that

SHA-256(x) = 0x2a...

In exchange, Bob will give Alice $10 in cash.

If Alice does not give Bob by July 1, 2018,

then she will pay a penalty of US$1 per day
that she is late, up to US$100.

Signed:
 Traditional contracts vs. smart contracts
Traditional Smart

specification Natural language + “legalese” Code

identity & consent Signatures Digital signatures

dispute resolution Judges, arbitrators Decentralized platform

nullification By judges ????

payment Carried out by parties separately built-in

escrow Trusted third party, settled in $ built-in

Ethereum project
About Ethereum
Crowdfunded ~$20M in ~ a month
Popularized a grand vision of
“generalized” cryptocurrency

Flexible scripting language

“pyethereum” simulator, 2014
 Third-party services
Ordinary contracts between two
parties E.g., Paypal, Kickstarter, ….Piazza?

- Civil courts are available to - Transactions are automatically

mediate, but typically don’t get processed by the third party
involved
- Formal intermediary to finance
- Parties responsible for their own network (help with taxes)
accounting:
“Double entry accounting” - Settles disputes through mediation

Smart Contract dApps “decentralized apps”

- Transactions typically go
- Settles automatically via
through the blockchain
cryptocurrency
- App developers do not
- Auditing may be simplified by
receive custody of funds
public transparent log
- Developers limited in ability
to change the rules
Potential Ethereum Applications
https://github.com/ethereum/wiki/wiki/White-Paper#applications

● Tokens
● Lotteries
● Cryptocurrency exchanges
● Marketplaces
● Insurance / hedging
● Supply-chain management
● “Self-sovereign” identity management
● Sharing economy

And many more!

Example:
NameCoin in Ethereum
“Namecoin”: a DNS replacement

Initially, all names are unregistered.

Anyone can claim an unregistered name.

Once it’s registered, no one can change it.

Namecoin pseudocode
def register(k, v):

if !self.storage[k]: # Is the key not yet taken?

# Then take it!

self.storage[k] = v

return(1)

else:

return(0) // Otherwise do nothing

Key challenges in smart contract design:

- Smart contracts on public blockchains can be

trusted for correctness and availability,
but not privacy
- Blockchain resources are expensive
- Uncertain delays, and front running
- On the blockchain, “Code is law”
Enjoy your spring break