Smart contracts bring the best of automation and reliability of the blockchain into financial transactions and the execution of protocols, particularly in DeFi. Today, we explore the use-case of smart contracts, their risks amid exploits, and how to overcome their risks and adoption challenges.
How can we approach risk on an innovation bringing the end of disputes to agreements between parties? Wouldn't the streamlined execution of an automated contract end all risks associated with unfulfilling obligations and simplify processes?
Let’s take a step back and explore what smart contracts bring to the table, the underlying risks, and how to mitigate them.
Smart Contracts: The Democratization of Agreements Across Sectors
Smart contracts are programmable protocols that validate a series of predetermined conditions and triggers to execute such contracts issued on a verifiable and decentralized system like a blockchain.
The use of “contract” as terminology comes from its automated execution based on agreements between parties but does not constitute a legally binding document. Defining this technology as a "contract" makes it easy to understand its use-case: programmable code that validates a series of immutable conditions agreed by parties to execute a protocol.
Ethereum was the first network to envision smart contracts as the key use-case of its network, revolutionizing developers' interaction with code, application development, and deployment. The Ethereum whitepaper suggested that the financial sector would be the primary beneficiary of such innovation as a target for corruption, complexity in its steps, and the need for transparency and integrity. Since Ethereum’s launch, many other decentralized and permissionless smart contract-based protocols have emerged to serve this purpose and advance its developments (e.g., Polkadot, Tezos and EOS).
However, the finance sector is not the sole beneficiary of introducing programmable contracts to tackle such inefficiencies. In the same way as digital currencies with scarcity-based models (e.g., Bitcoin) introduce the idea of programmable monetary policy, smart contracts shed light on programmable agreements for every industry.
The need for transparency, fast execution and streamlined journey to comply with an agreement is an underlying common need in the arts, insurance, ownership rights, gaming, government, and many other fields. Smart contracts can simplify the development and issuance of different protocols and transactions across fields.
Are the Benefits of Smart Contracts Also Their Own Source of Risk?
The introduction of agreement-based protocols issued on the blockchain offers scalability, cost-efficiency, transparency, and speed to execute transactions. On top of its verifiable nature, smart contracts introduce a higher level of security while eliminating trust issues and intricacies involved in most traditional agreements.
Smart contracts overcome crucial pain points from archaic processes of conducting business with the introduction of math-induced solutions, which at first glance could seem unbreakable. It can come across almost as a contradiction that blockchain's immutability could be associated with outside risks.
Currently, most threats and hacks to DeFi protocols come from exploits into third-party services that protocols rely upon. For example, DeFi protocols interact with oracles, which link to centralized entities that provide off-chain data, opening space for potential exploits. Despite the perfect execution of smart contracts, its requirement to gather more data points from outside partners allows attackers to manipulate that data and conduct an attack on the DeFi protocol. Smart contracts still execute seamlessly, but their dependency on outside integrations poses one of its biggest threats for further adoption.
Smart contracts’ selling points of flexibility and efficiency could be, at the same time, their biggest challenge to institutional adoption. In the same way that DeFi offers multiple avenues for users to take advantage of their yields and value propositions, hackers also rely on that flexibility to conduct attacks. For example, hackers can borrow from one protocol while swapping other tokens in a different protocol and follow this indirect chain of transactions and exploits consecutively.
When it comes to integration with third-party services, DeFi protocols can work on decentralized alternatives instead of centralized oracles while increasing the KYC/AML measures to avoid its flexibility to help hackers conduct attacks.
To Launch or Not to Launch? The Place of Audits Amid DeFi’s Rise
DeFi’s flexibility allows for the launch of half-fledging products amid periods of high enthusiasm around digital assets. The mantra of open source projects, as with DeFi protocols, allows developers to quickly clone existing smart contracts, tweak interfaces, and launch similar protocols to draw users from projects with traction (e.g., Sushi launch based on Uniswap). To quickly launch new projects, developers overlook all the technical code audits, leaving protocols exposed to outside risks.
According to CipherTrace, during 2020, DeFi protocols represent half of the attacks in the crypto space, while representing 20% of their total volume stolen. In 2019, the hacks concerning DeFi were residual, but its mainstream adoption during 2020 led to an increase in exploits.
As seen, distributed ledger technologies (DLT) bring flexibility to the marketplace but do not establish formal processes or guidelines for new projects. It seems DLT’s open vision is, at the same time, a blessing and curse for proponents and users. Despite DeFi’s challenges, centralized projects still represent the majority of exploits, while decentralization could change this reality in the future with the maturity of DeFi. Nevertheless, this is not a closed problem within decentralized protocols as the main target of attacks are still centralized projects.
If centralized projects are also targets of outside risks, how is DeFi different, and how can the risks be overcome?
First Things First: Addressing Regulation From the Get-Go
Centralized projects face outside risks even with regulatory obligations, but that should not lead decentralized projects to assume that the lack of regulatory compliance brings benefits. Instead of overlooking regulations or believing DeFi’s complexity would scare away financial compliance agencies and the government, smart contracts proponents should actively address these concerns while branching out into new applications. Looking forward, smart contracts need to find the balance between sacrificing initial exponential growth to address underlying regulatory foundations that need to be met and overcome the doubts of the most risk-averse players in the market.
Nevertheless, smart contract developers have the choice to address those regulatory concerns and position themselves as prime options for institutional investors, while others can also opt for quick deployment and attract "risk lovers."
DeFi’s permissionless allows developers to launch new applications despite their technical risk, but users always have the freedom to choose which protocols, based on multiple criteria (including security), to use. As a result, regulators' best approach would be to protect and carefully warn users about market options while ensuring protocols to continuously work to reach an institutional-grade level of security as the sector matures.
Apart from native decentralized solutions, there could be a compromise between the traditional legal landscape and smart contracts. Despite their name, smart contracts are not legal agreements between parties, but a series of predetermined steps, automatically settled by technology and verified by the blockchain. Nevertheless, integrating legally binding documents to smart contract execution could be another resource to strengthen their end-goal, mixing legal requirements with the best of decentralized technologies. Nevertheless, the priority of DeFi proponents should be to look for decentralized native solutions to tackle current challenges, differentiating themselves from incumbents.
Native Solutions as the Gateway for Smart Contracts Adoption
DeFi’s possible points of failure are also where the opportunities lie for smart contract upgrades and its risk mitigations. However, tackling these challenges with a centralized point of view will lead to the same issues that centralized projects face. Approaching new decentralization-based problems with old methods can yield demoralizing results. As a benchmark, developers should work within the distributed ecosystem to fix smart contract issues.
Firstly, smart contract proponents shouldn’t disregard technical audits and peer-reviews of all codes as they deliver higher value propositions for users. The compromise of speed and efficiency is always present in launching these projects, but its long-term sustainability lies in its features, simplicity and security.
Education is the top differentiator for users to make an educated decision on which protocols to interact with or not. Regulators can play a significant role in communicating projects' compliance and security levels, while DeFi proponents also cannot disregard their educational role in the sector’s maturity.
DeFi projects have the onus, together with an expanded pool of players, to streamline and benchmark smart contract tools and best practices to ensure a common level of security across parties. Projects such as Agoric target this issue to solve it natively by developing distinct smart contract's architecture and design.
Decentralization to “Bridge” Features and Compliance
The role of native solutions goes further in the Know Your Customer (KYC)/Anti-Money Laundering (AML) department. On one side, protocols face money laundering risks from mal-intentioned parties taking advantage of the flexibility of decentralized technologies to conduct illegal activities while having to sacrifice those features to comply with KYC measures. On the other side, if they place those risks/responsibility on third parties to follow those regulatory principles, customers face a lack of privacy and flexibility, besides data leaking risks to centralized institutions.
Fortunately, native decentralized solutions are in place to serve this need instead of relying on third-party operators to conduct and assume the compliance risk.
Decentralized digital identifiers (DDIs) can overcome the counterparty risk and work as a native solution for both institutions and regulators to easily and privately verify funds’ compliance. The introduction of zero-knowledge proofs (ZKPs) systems, where a user/institution can selectively prove credentials without revealing personal/confidential information, bolsters the integrity and assurance of the decentralized protocols while complying with regulations in a decentralized fashion.
When it comes to the custody of funds, users’ privacy and reassurance of compensation under breaches, native insurance solutions take a further step. The questions of unaudited code or lack of regulatory compliance raise challenges to implement traditional insurance models. However, predetermined payouts linked to triggering events in smart contracts can help solve the insurance conundrum and provide security for crypto investors (e.g., Nexus Mutual, CDx). The issuance of products based on the smart contract’s insurance can also open a wave of secondary markets in DeFi, alluring institutions to its potential.
At the end, the basis of smart contract risk mitigation is based native solutions with decentralization at its core, following clear regulations and providing security and insurance to its clients. The development and maturity of systems in place will work as signaling tools for viable, secure, and regulated projects to shape the next phase of smart contracts.
Building for Within Before Branching Out for Adoption
Even though the search for native solutions is key to its risk mitigations, smart contract protocols also need to broaden their integrations within the space to create a seamless and simple experience for their users amid all the regulatory and technical improvements.
As a result, smart contracts adoption roadmap will have to integrate different blockchain networks under a similar interface and seamless experience. Every party needs to be completely in-sync with its steps and inner-workings of executing smart contracts as if they were working with the usual traditional alternatives.
Nevertheless, the perfect execution of smart contracts should not be the be-all and end-all as it is human-written code, but its role in the market should be evaluated as a function of the next best alternative. Following that criteria, the continuous development and tweaking of smart contacts offer much safer, faster, and transparent business procedures than current options.
At Outlier Ventures, we believe in the censorship resistance economy built upon new decentralized models that overcome traditional problems while creating an entirely new Web 3 ecosystem, giving power to the end-user.