In 2016, the Decentralized Autonomous Organization (DAO) announced that a hacker had exploited a vulnerability in Ethereum, a blockchain platform utilized by the group. The total loss to the DAO was reported at $150 million. The flaw was not in the blockchain platform itself, but rather in the smart contract. The hacker was able to trigger a recursive send vulnerability where the act of sending funds triggered another “send funds” request. Etherium had done exactly what it was supposed to do, but a loophole in the smart contract code exposed the organization to a hack. It was reported that the DAO lost $60 million in just the first 12 hours.
Read More: Are You Ready for Blockchain? [infographic]
“Smart contracts will eventually automate the mass personalization of value exchange,” said Nigel Montgomery, research director at Gartner. “What that means is the ability to engage many times the number of customers and partners globally, but in an intimate and personalized manner dictated by today’s consumerized ‘instant response’ world. That is the aim. Yet today the technology is immature and mercurial, and once live, the outcome is irrevocable. Smart contracts are something CIOs should invoke at their peril.”
What makes a smart contract?
A smart contract is a computer program or protocol that facilitates, verifies or executes the terms of a contract. Smart contracts have three characteristics:
- They operate on a decentralized ledger technology.
- They are independent.
- They are immutable and irrevocable.
The immutability of a blockchain record and the distributed nature of a blockchain system make smart contracts an attractive option for enterprises. In theory they establish undisputable provenance. However, the immaturity of the technology means they also incur potentially significant drawbacks. For example, smart contracts are independent, which means they obey only their own code and, once deployed, cannot be controlled by either the originator or any legal system. Additionally, they are irrevocable, and can only be replaced by a completely new contract. The DAO example proves what can happen if that code is not exhaustively tested for every potential outcome.