Contracts are going digital. With certain online asset transactions already using blockchain-based software as their primary mode of contractual agreement, what does the future hold for smart contracts?
But what are the risks of employing such technology, and are legal teams ready to harness this young but fast-paced industry?
For those who need help understanding how smart contracts work, it is useful to think of a drinks vending machine. Using a self-executing mechanism, these machines are pre-programmed to release a can of fizz when the customer puts their correct cash into the slot and makes their selection.
Smart contracts are also self-executing. Using pre-determined, programmed parameters, they regulate a party’s adherence to the contract’s terms and may even perform actions in case of a breach, such as automatically charging a late payment fee for missed deadlines. No third-party intermediary is required because the terms are written directly into lines of code across a distributed, decentralised blockchain network.
At present, the average consumer would correctly assume that smart contracts are commonly used to regulate blockchain transactions, such as dealings in digital assets like non-fungible tokens (NFTs) and cryptocurrency. However, they can also be used in any transactions in which automation is possible. For example, smart contracts can be used in a real-estate deal in which the buy and sell obligations can be automated once the buyer pays the property value to the seller. In trade finance, they can be used to effect cross-border payments and implement automated escrow accounts.
They can also help governments improve departmental transparency and efficiency. Banks can also avail of smart contracts for liability payments, digital identification, automatic payments, and stock splits and dividends dealings. These are only a few examples. Their use is also spreading to other sectors, such as the commercial and M&A sectors, where smart contracts can be used to configure entire corporate structures.
Are ‘smart’ contracts a gateway for hackers?
Unlike traditional legal contracts, smart contracts are written in code via decentralised software that is hosted on multiple connected servers. This code is also visible to outside parties, although its complexity provides some protection by being inaccessible to the untrained onlooker. However, for tech-savvy, code-competent hackers, it is a vulnerability that can be readily exploited.
Indeed, the sophistication and capability of hackers and cyber-criminals is on the rise. Just last year, one of Europe’s largest insurers predicted in the Financial Times that cyber-hacking would soon replace natural catastrophes as an uninsurable occurrence.
Weak spots in smart contracts are already being exposed. In 2021, for example, a hacker took advantage of flaws in a cryptocurrency platform’s suite of smart contracts to steal more than £500m in digital tokens (which it later returned).
It is not just professional, organised cyber-crime networks that are behind such incidents
It is not just professional, organised cyber-crime networks that are behind such incidents. According to US penetration testing researchers, 51 per cent of attacks on decentralised finance (DeFI) took advantage of smart contract vulnerabilities, with most of these attacks described as “unsophisticated.”
Oracles and automation
A smart contract’s visible code is not its only weak spot. In fact, certain elements of risk exist outside the contract, in entities known as Oracles. Many contracts rely on these third parties to provide external sources of information relevant to a particular transaction. Crypto-currency transactions, for example, may use Oracles to update the price of Bitcoin. Oracles, however, are susceptible to manipulation by hackers who, once inside the system, can alter the behaviour of the smart contract with which the Oracle is linked.
Risks unrelated to cybercrime also abound, particularly in relation to contract management and dispute resolution. The absence of a trusted third party, such as an intermediary or regulator, makes allocating liability and jurisdiction difficult in the event of a malfunction or a dispute.
It also presents challenges for transactions involving subjective evaluation. This includes the assessment of items of artistic value, where the opinion of an industry expert may be required to decide issues such as authenticity or ownership, either prior to the artwork’s sale on the blockchain or subsequently as part of a claimant or defendant’s legal case during a court or arbitration proceeding.
Certain eventualities could theoretically be written into the code, as one would do for specific clauses in traditional contracts. In either case, though, it is not always possible to predict every contingency.
Also, as with many automated processes, a smart contract offers little wriggle room for subjective decision-making. A party may choose to excuse a breach of contract (such as a late payment) in the interest of preserving a long-term commercial relationship. But suppose the smart contract has pre-programmed late payment penalties. In that case, a charge may be applied to the customer’s account automatically, regardless of the leeway parties might otherwise have accorded to each other on a case-by-case, contextually driven basis.
The risks outlined above are not the only ones that smart contracts present. More will inevitably arise as this industry matures and expands in its scope. As such, there is both a need and an opportunity for lawyers with skills in both coding and contracts to support software development companies and individual clients.
With careful development, it might be possible for legal representatives to formulate embedded terms and conditions as part of a “next generation” type of smart contract that would protect clients from lawsuits by foreseeing solutions or allocating liability after a breach.
“As I programmer, I would not want to be held liable for creating smart contract software that was not tailored to the client’s specific needs or that later developed a fault outside of my control,” says Sayf Jawad, founder of Netherlands-based software development company MultiCode. “Lawyers can assist here by working with developers to agree an hourly rate that can then provide the client with a bespoke smart contract, of which they retain full ownership.”
“Lawyers can assist here by working with developers to agree an hourly rate that can then provide the client with a bespoke smart contract, of which they retain full ownership.”
Looking towards a digital, secure future
Smart contracts are relatively young. As a result, the pool of available experienced developers available to put in place functional smart contracts is small, with an alarmingly high percentage of unsophisticated programmers responsible for coding contracts governing some of the world’s highest value, or most significant, digital transactions.
As this field develops and specialist assistance becomes more readily available, programmers of all specialisms will hopefully gain a clearer understanding of their jurisdiction’s laws covering smart contract risks, such as data protection, compliance and regulatory issues, and theft.
With a combined talent pool of programmers and lawyers, it is to be hoped that the industry, aided by switched-on legal counsel, will minimise the potential security risks of smart contracts and establish best practices. This will garner greater trust in the digital industry and, by extension, the smart contracts that govern it.
We offer multi-disciplinary legal support to in-house lawyers and general counsel, giving you access to a dedicated group of lawyers across a range of services and levels of seniority.
This piece was written and provided by Noor Kadhim, a consultant at Gateley Legal.