In today's post we would like to highlight key attributes of a smart contract that every IT auditor needs to know in light of increasing adoption of blockchain technology by corporations.

The term smart contract was coined by American computer scientist Nick Szabo in 1994. A smart contract is simply a computer program that prescribes conditions and outcomes. Smart contracts run on the blockchain of any second generation blockchain platforms or later. Examples of 2nd generation blockchains include:

• Ethereum

• Cardano

• Corda

• Hyperledger Fabric

A smart contract normally stays dormant until called by a transaction. All transactions performed by the smart contract including user interactions are written onto the distributed ledger. On Ethereum, smart contracts can also be self-destructed (e.g., render inactive).

Since 2020, smart contracts have increasingly gaining traction for several use cases including:

• Decentralized Finance

• Exchanges

• Non-Fungible Token (NFT) applications

• Identity

• Marketplaces

• Games

Smart contracts offer several clear advantages over traditional paper contracts as follows:

• Speed

• Significantly lower cost

• Executable from anywhere without the need for physical presence

• Transparent because the code and all underlying transactions are visible throughout the life of the smart contract and after.

• May eliminate the need for escrow

When you interact with a blockchain application, or a decentralized application (dApp), you are interacting with a front-end web application that connects to one or more smart contracts and running on a blockchain network. Another way of describing dApps is as web applications that are block-chain enabled but rely on smart contract for the processing logic.

Smart contracts have some important properties that an auditor needs to know:

Turing Completeness

In programming term, something is Turing complete if it has conditional branching and the ability to change an arbitrary amount of memory. In other word, smart contracts are programmable using a Solidity programming language and therefore is Turing complete. Turning completeness allows for any application within human imagination to be developed and run on the blockchain.

Visibility

Visibility refers to how the smart contract code is stored on the blockchain network, and has more significant impact on permissionless or public blockchain.

By default, most smart contracts are untrusted. To be trusted, the publicly accessible contract source code may be compiled and verified against the deployed version at a production contract address to confirm that the same codebase are being used. If they both match, the source code is then made available for everyone to examine, reverse-engineer, and evaluate for weaknesses.

Deterministic

Smart contract must be deterministic in that the outcome is the same for every participants that interact with the contract. If the smart contract requires some random inference, the same chance or probability must still be the same for every participants of the same contract.

Atomic

Smart contract is atomic meaning that the smart contract has prescribed conditions to be met in order to execute a transaction. If one or more of the conditions is not met, the transaction does not run (or exit as an exception). Accordingly, any changes in the global state to the smart contracts and accounts will only get recorded only if all execution terminates successfully.

Interaction with Other Interfaces

Smart contract can interact with interfaces including other smart contracts and APIs. Through APIs, smart contracts can also connect to traditional applications to bring additional functionality. In other words, the contract can call or be called by other contracts.

This can be good and bad. It is good that it can extend the capabilities of the smart contracts by leveraging existing smart contracts, external oracles, and APIs to significant added to the user experience. Conversely, it can be bad as an attacker can also craft a smart contract to attack or exploit known weaknesses in existing smart contract.

Zero Friction can assist your organization with the implementation of your blockchain technology strategy and roadmap. Our expertise with several public blockchain platforms, and the development and implementation of smart contracts can significantly reduce your time to market while reducing your reputation and financial risks.