{"id":37,"date":"2017-04-22T14:46:37","date_gmt":"2017-04-22T14:46:37","guid":{"rendered":"https:\/\/davidgerard.co.uk\/blockchain\/?page_id=37"},"modified":"2017-11-18T16:45:18","modified_gmt":"2017-11-18T16:45:18","slug":"ethereum-smart-contracts-in-practice","status":"publish","type":"page","link":"https:\/\/davidgerard.co.uk\/blockchain\/ethereum-smart-contracts-in-practice\/","title":{"rendered":"Ethereum smart contracts in practice"},"content":{"rendered":"<p style=\"text-align: center;\"><i>Excerpt from <a href=\"https:\/\/davidgerard.co.uk\/blockchain\/table-of-contents\/\">chapter 10<\/a> of <a href=\"https:\/\/davidgerard.co.uk\/blockchain\/book\/\">Attack of the 50 Foot Blockchain<\/a> by David Gerard<\/i><\/p>\n<blockquote><p>If you suspect that spending crypto-currencies on virtual thrones for non-existent kingdoms is illegal in your jurisdiction, please avoid participating (and complain to your political representatives).<\/p>\n<p align=\"right\">\u2013 chain-letter automatic Ponzi scheme \u201cKing of the Ether\u201d<a class=\"sdfootnoteanc\" href=\"#sdfootnote1sym\" name=\"sdfootnote1anc\"><sup>1<\/sup><\/a><\/p>\n<\/blockquote>\n<p>For decades, smart contracts were just an interesting hypothetical. When blockchains came along, smart contract advocates were very interested in the blockchain\u2019s immutability. There were some smart contract experiments on Bitcoin, but Ethereum was pretty much the first practical platform for writing and running computer programs on a blockchain.<\/p>\n<p>Humans are bad at tasks requiring perfection. But when programming errors have drastic consequences, the usual approach is to make it harder to shoot yourself in the foot: functional programming languages, formal methods, mathematical verification of the code, don\u2019t use a full computer language (avoid Turing completeness), and so on. Szabo wrote up some requirements and a simple example language in 2002.<a class=\"sdfootnoteanc\" href=\"#sdfootnote2sym\" name=\"sdfootnote2anc\"><sup>2<\/sup><\/a><\/p>\n<p>This is particularly important when you have multiple smart contracts interacting with each other \u2013 massively concurrent programming, with unknown possibly-hostile programs calling into functions of yours.<\/p>\n<p>Ethereum ignores all of this. Its standard contract language, Solidity, is a procedural language based on the web programming language JavaScript \u2013 to make it as easy as possible for beginners to write their first smart contract. It contains many constructs that mislead programmers coming from JavaScript into shooting themselves in the foot.<a class=\"sdfootnoteanc\" href=\"#sdfootnote3sym\" name=\"sdfootnote3anc\"><sup>3<\/sup><\/a> It is ill-suited and hazardous for concurrency (<i>e.g.<\/i>, the Solarstorm vulnerability<a class=\"sdfootnoteanc\" href=\"#sdfootnote4sym\" name=\"sdfootnote4anc\"><sup>4<\/sup><\/a>), despite this being a specific intended use case.<\/p>\n<p>There are endless guides to writing a secure smart contract for Ethereum, but <i>most<\/i> Ethereum contracts ignore them, with the obvious consequences.<a class=\"sdfootnoteanc\" href=\"#sdfootnote5sym\" name=\"sdfootnote5anc\"><sup>5<\/sup><\/a><\/p>\n<p>Smart contracts on Ethereum are worse than even non-financial commercial code; as of May 2016, Ethereum contracts averaged 100 obvious bugs (so obvious a machine could spot them) per 1000 lines of code.<a class=\"sdfootnoteanc\" href=\"#sdfootnote6sym\" name=\"sdfootnote6anc\"><sup>6<\/sup><\/a> (For comparison, Microsoft code averages 15 bugs per 1000 lines, NASA code around 0 per 500,000 lines.)<\/p>\n<p>Since cryptocurrency enthusiasts had already self-selected for gullibility, the very first smart contracts they wrote were chain letters, lotteries and automatic Ponzi schemes. These ably demonstrated the requirement for coding correctly, first time, every time:<\/p>\n<ul>\n<li>The casino whose pseudorandom number generator had the random seed in the code, so anyone could recreate the precise sequence of random numbers.<a class=\"sdfootnoteanc\" href=\"#sdfootnote7sym\" name=\"sdfootnote7anc\"><sup>7<\/sup><\/a><\/li>\n<li>The GovernMental Ponzi was going to pay out 1100\u00a0ETH, but due to a coding error this required more gas than the maximum possible gas for a transaction. The ether is now stuck there forever.<a class=\"sdfootnoteanc\" href=\"#sdfootnote8sym\" name=\"sdfootnote8anc\"><sup>8<\/sup><\/a><\/li>\n<li>Many schemes which ran out of gas due to bugs, <i>e.g.<\/i> King of the Ether.<a class=\"sdfootnoteanc\" href=\"#sdfootnote9sym\" name=\"sdfootnote9anc\"><sup>9<\/sup><\/a><\/li>\n<li>Rubixi Ponzi: Errors in the code, copy-and-pasted from other contracts, allowed anyone to become the owner and take the money.<a class=\"sdfootnoteanc\" href=\"#sdfootnote10sym\" name=\"sdfootnote10anc\"><sup>10<\/sup><\/a><\/li>\n<li>A Ponzi which would pay out only to the creator of the scheme because of what looked to casual inspection of the code like a typo in a variable name.<a class=\"sdfootnoteanc\" href=\"#sdfootnote11sym\" name=\"sdfootnote11anc\"><sup>11<\/sup><\/a> No doubt just an accident, I\u2019m sure.<\/li>\n<\/ul>\n<p>Automated Ponzi schemes are not nearly as fashionable in 2017; most of the effort goes into smart contracts for managing ICO tokens. However, as The DAO showed, the coding quality is as good as ever.<\/p>\n<hr \/>\n<div id=\"sdfootnote1\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote1anc\" name=\"sdfootnote1sym\">1<\/a> <a href=\"https:\/\/www.kingoftheether.com\/\">King of the Ether<\/a>: \u201cAn Ethereum contract, living on the blockchain, that will make you a King or Queen, might grant you riches, and will immortalize your name.\u201d<\/small><\/p>\n<\/div>\n<div id=\"sdfootnote2\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote2anc\" name=\"sdfootnote2sym\">2<\/a> Nick Szabo. \u201cA Formal Language for Analyzing Contracts\u201d. 2002. (<a href=\"http:\/\/web.archive.org\/web\/20020806154414\/http:\/\/szabo.best.vwh.net\/contractlanguage.html\">archive<\/a>)<\/small><\/p>\n<\/div>\n<div id=\"sdfootnote3\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote3anc\" name=\"sdfootnote3sym\">3<\/a> Nicola Atzei, Massimo Bartoletti, Tiziana Cimoli. <a href=\"http:\/\/co2.unica.it\/ethereum\/\">\u201cA survey of attacks on Ethereum smart contracts\u201d<\/a>. 6th International Conference on Principles of Security and Trust (POST), European Joint Conferences on Theory and Practice of Software, April 2017.<\/small><\/p>\n<\/div>\n<div id=\"sdfootnote4\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote4anc\" name=\"sdfootnote4sym\">4<\/a> Muneeb Ali. <a href=\"https:\/\/blog.blockstack.org\/solar-storm-a-serious-security-exploit-with-ethereum-not-just-the-dao-a03d797d98fa\">\u201cSolarstorm: A security exploit with Ethereum\u2019s Solidity language, not just the DAO.\u201d<\/a> Blockstack Blog, 21 June 2016.<\/small><\/p>\n<\/div>\n<div id=\"sdfootnote5\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote5anc\" name=\"sdfootnote5sym\">5<\/a> Zikai Alex Wen and Andrew Miller. <a href=\"http:\/\/hackingdistributed.com\/2016\/06\/16\/scanning-live-ethereum-contracts-for-bugs\/\">\u201cScanning Live Ethereum Contracts for the &#8216;Unchecked-Send&#8217; Bug\u201d<\/a>. <i>Hacking Distributed<\/i> (blog), 16 June 2016. \u201cUpon inspection, not one of the Solidity programs that passed our heuristic check actually applied the recommended best-practice of testing the callstack directly.\u201d<\/small><\/p>\n<\/div>\n<div id=\"sdfootnote6\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote6anc\" name=\"sdfootnote6sym\">6<\/a> Peter Vessenes. <a href=\"http:\/\/vessenes.com\/ethereum-contracts-are-going-to-be-candy-for-hackers\/\">\u201cEthereum Contracts Are Going To Be Candy For Hackers\u201d<\/a>. <i>Blockchain, Bitcoin and Business<\/i> (blog), 18 May 2016.<\/small><\/p>\n<\/div>\n<div id=\"sdfootnote7\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote7anc\" name=\"sdfootnote7sym\">7<\/a> Martin Holst Swende. <a href=\"http:\/\/martin.swende.se\/blog\/Breaking_the_house.html\">\u201cEthereum contract security: An Ethereum Roulette.\u201d <\/a>Blog post, 14 August 2015.<\/small><\/p>\n<\/div>\n<div id=\"sdfootnote8\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote8anc\" name=\"sdfootnote8sym\">8<\/a> Ethererik. <a href=\"https:\/\/www.reddit.com\/r\/ethereum\/comments\/4ghzhv\/governmentals_1100_eth_jackpot_payout_is_stuck\/\">\u201cGovernMental\u2019s 1100 ETH jackpot payout is stuck because it uses too much gas\u201d<\/a>. Reddit \/r\/ethereum, 26 April 2016.<\/small><\/p>\n<\/div>\n<div id=\"sdfootnote9\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote9anc\" name=\"sdfootnote9sym\">9<\/a> <a href=\"https:\/\/www.kingoftheether.com\/postmortem.html\">\u201c<\/a><a href=\"https:\/\/www.kingoftheether.com\/postmortem.html\">Post-Mortem Investigation (Feb 2016)\u201d<\/a>. <i>King of the Ether.<\/i><\/small><\/p>\n<\/div>\n<div id=\"sdfootnote10\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote10anc\" name=\"sdfootnote10sym\">10<\/a> <a href=\"https:\/\/bitcointalk.org\/index.php?topic=1400536.60\">\u201cHi! My name is Rubixi. I&#8217;m a new Ethereum Doubler. Now my new home \u2013 Rubixi.tk\u201d<\/a>. Bitcointalk.org Bitcoin Forum &gt; Alternate cryptocurrencies &gt; Marketplace (Altcoins) &gt; Service Announcements (Altcoins), 11 April 2016.<\/small><\/p>\n<\/div>\n<div id=\"sdfootnote11\">\n<p class=\"sdfootnote\"><small><a class=\"sdfootnotesym\" href=\"#sdfootnote11anc\" name=\"sdfootnote11sym\">11<\/a> Vitalik Buterin. <a href=\"https:\/\/www.reddit.com\/r\/ethereum\/comments\/4e5y30\/live_example_of_underhanded_solidity_coding_on\/\">\u201cLive example of \u2018underhanded solidity\u2019 coding on mainnet\u201d<\/a>. Reddit \/r\/ethereum, 10 April 2016.<\/small><\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<br><br><div align=\"center\"><p><a href=\"https:\/\/www.patreon.com\/bePatron?u=8420236\"><img src=\"https:\/\/davidgerard.co.uk\/blockchain\/wp-content\/uploads\/2021\/10\/become_a_patron_button.svg\" alt=\"Become a Patron!\" title=\"Become a Patron!\" width=217 height=51><\/a><br><p style=\"align:center;\" class=\"patreon-badge\"><i>Your subscriptions keep this site going. <a href=\"https:\/\/www.patreon.com\/bePatron?u=8420236\">Sign up today!<\/a><\/i><\/p><\/div>","protected":false},"excerpt":{"rendered":"<p>Of course the very first Ethereum smart contracts were chain letters, lotteries and automatic Ponzi schemes<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"footnotes":""},"class_list":["post-37","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/pages\/37","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/comments?post=37"}],"version-history":[{"count":9,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/pages\/37\/revisions"}],"predecessor-version":[{"id":2366,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/pages\/37\/revisions\/2366"}],"wp:attachment":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/media?parent=37"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}