It is no secret that smart contracts have vulnerabilities. Today’s post suggests a mix of best practices to limit potential liabilities that may arise when vulnerabilities interfere with smart contract performance.
But first, some background: One recent survey of 19,366 Ethereum-based contracts found vulnerabilities in 45% of them. Perhaps the most publicized example of a vulnerability was the DAO hack in June of last year, but hacking is certainly not the only way that smart contracts may be compromised. There is potential for manipulation by insiders, which is of particular concern for smart contracts that operate based on “proof of stake” protocols, given the ongoing concerns that those protocols will not be effective in ensuring that the parties play by the rules. Even without intentional interference by hackers or insiders, smart contracts may have software bugs that disrupt performance, and there is the possibility of unintended outcomes if the smart contract’s code fails to anticipate an unusual situation. (Consider, for example, a complicated contractual pricing formula that depends on several variables and may cause the price to drop or skyrocket simply because the variables align in unanticipated ways.)