When It Comes To Smart Contracts, Safer Assets Are The Key To Better dApps
Smart contracts have emerged as one of the most fundamental technologies in decentralized networks, forming the basis of today’s growing blockchain industry. It’s smart contracts that allow DeFi applications to process transactions, and NFTs and the metaverse to function in a correct manner. Without them, none of these things would be possible.
The technology is based on the idea of a traditional contract that’s agreed upon between two individuals. Such an agreement might stipulate the terms of compensation for an employee who agrees to work for a company. It will state the employee’s obligations and how many hours they are required to work, as well as the salary that person will receive for doing it.
Smart contracts are simply more intelligent versions of contracts that don’t require any enforcement. They’re software-based agreements that run on the blockchain and are designed to operate only when certain conditions are met. Because they’re open-source, smart contracts are also transparent, allowing everyone to see the outcome of the transaction they’re programmed to perform.
These automated programs are formed on the basis of “if/when… then”, which is a concept that allows them to execute a predetermined action when the stipulated conditions are met.
There are numerous advantages to smart contracts. For one thing, they can process transactions instantaneously when conditions are met, meaning they’re far faster than a traditional contract, which requires a human to ascertain that all requirements have been met. They’re also more trustworthy because everyone can see the code and the terms of the agreement before they enter into it. Moreover, because they eliminate the need for an intermediary, they’re also much cheaper, which means transaction fees can be far lower.
It’s the automated nature of smart contracts that makes DeFi possible. DeFi refers to a “decentralized finance” industry that excludes banks and traditional financial institutions. Instead, it caters to individuals, who can borrow or loan funds, “stake” tokens for rewards, and engage in yield farming, liquidity provision, and other activities that derive a passive income. Without smart contracts that dictate and enforce the terms of DeFi agreements, the industry simply wouldn’t be able to exist.
The Challenge Of Smart Contracts
As good as smart contracts are, the technology is far from perfect. DeFi for sure has a lot of potential and it has generated a great deal of interest, attracting billions of dollars of capital. Yet, it is seen as an incredibly high-risk industry due to the frequent hacks and scams that occur. This year alone, it’s estimated that more than $2 billion has been lost to attacks on DeFi protocols, scams and rug pulls, and misuse of customers’ funds. The vast majority of this money was lost due to vulnerabilities in the smart contracts that are meant to ensure it all works correctly.
The biggest problem with smart contracts is that they are, at their core, software programs. As any developer knows, the biggest problem with code is that it’s incredibly vulnerable to bugs and exploits. Smart contract programs are written by human developers. These people are “human” and they’re prone to mistakes. And if a smart contract contains a mistake, it can be exploited by a malicious user to steal funds. Given the billions of dollars worth of value floating around the DeFi ecosystem, it’s an industry that has become a very tempting target for hackers.
Automating Code Audits
Unfortunately, most DeFi applications and protocols simply accept the risk that their smart contract code could have vulnerabilities. Of course, they do their best to ensure there are none. Once the code is written, it will undergo an extensive code audit to try and identify any vulnerabilities before the dApp is made available to users. But despite the best efforts of developers and auditors to ensure no bugs are present, there are invariably cases where exploits slip through the cracks, unnoticed until a hacker stumbles upon it.
One possible solution proposed by Dr. Lingxiao Jiang, an associate professor of Computer Science at Singapore Management University, is to shift the responsibility for audits away from humans. Instead, he and his team have created artificial intelligence-based machine learning models that attempt to check code for vulnerabilities.
These models rely on deep learning techniques to scrutinize smart contracts, checking for any evolutions in programming language rules and bug development. In an academic paper, Dr. Jiang explains that this approach is based on the concept that code and vulnerability patterns, including their syntactical, lexical, and semantic information, may be automatically encoded within numerical vectors through techniques adapted from word embedding.
This machine learning-based approach is known as “code-embedding”, and when combined with similarity checking it can be applied to debugging source code and maintaining it through translation and analysis. In this way, it can detect cloned smart contracts, check a smart contract against a database of known exploits, or even identify specific bugs within a group of smart contracts.
Dr. Jiang’s team has created a machine learning program called SMART EMBED that’s able to work with Solidity-based smart contacts that run on the Ethereum blockchain. Ethereum is the most popular blockchain for DeFi apps and NFTs. SMART EMBED was trained on more than 50 buggy smart contracts from different sources, before being applied to a sample of more than 22,000 verified Solidity smart contracts, with the results showing encouraging results.
The paper demonstrates that SMART EMBED was able to identify cloned smart contracts that had a “similarity ratio” of 90%. It revealed the existence of masses of reused or duplicate code in the smart contracts it checked. Moreover, SMART EMBED was able to over 1,000 bugs in this duplicate code. SMART EMBED was also able to validate the smart contracts by checking to see if they contained bugs similar to existing patterns with low rates of false positives.
Changing The Paradigm
As encouraging as solutions like SMART EMBED are, even machine learning models are not infallible. For better results, the DeFi industry can benefit from a solution that’s more proactive, as opposed to the reactive idea of simply checking code for vulnerabilities after the fact.
This is where the startup Radix may be onto something. It’s taking a far more radical approach to smart contract safety that involves changing the paradigm – it has created an entirely new model for writing smart contracts that automates much of the process through the use of “components” and “blueprints.”
Radix is based on the idea that “safer assets equals better dApps” and to that end, it has created a Radix Engine that treats crypto assets such as NFTs and tokens as a central feature within its smart contracts.
Using Radix, it’s possible to build dApps using what the startup calls “DeFi Lego bricks”, which are components written with its proprietary Scrypto language. Scrypto is based on the Rust programming language and will be immediately familiar to anyone who’s competent in that language. These components can be thought of as pre-written templates that can be incorporated into DeFi applications, eliminating the need to write smart contracts for each function they perform. More specific kinds of functionality can be embedded into DeFi apps with “blueprints” that modify each of these components, to create extremely customizable dApps.
With Radix Engine and Scrypto, developers can leverage trusted resources that ensure the safety and integrity of crypto assets, in order to create the bulk of their dApp code. This means that there is much less scope for vulnerabilities to slip through the net.
To incentivize the creation of these components, Radix has even created a developer royalty system, where programmers are able to earn cryptocurrency each time the code they design is implemented in a new dApp. In this way, the Radix community is encouraged to create a public library of components and blueprints that anyone can use.
It remains to be seen if Radix’s redesigned blueprint for smart contracts will catch on with a developer community that has largely accepted today’s reactive approach to programming. Nevertheless, it’s an extremely promising solution. Smart contracts are gaining more traction by the day, and not only as tools for financial transactions. Additional promising use cases include automating workflows in business processes and in areas such as manufacturing, for example by triggering actions for managers or machines when specific conditions are met.
Smart contracts can play a huge role in advancing automation in multiple industries and businesses. The potential is massive, but it will only ever be realized if safety is built into smart contracts as a core feature, as opposed to being an afterthought like it is today.