#smartcontractanalysis

Organizations across the world, depending on their nature of business will have contracts located across repositories and possibly in multiple languages. Unless the contracts are digitized and brought into a central repository there is no way one can know what is inside these contracts and if there are any potential risks with any of these contracts. Traditional contract management processes fail in terms of speed, time and resources required to get to the bottom of each executed contract.

Let us understand a use case

As a practical use case let us take an example of an organization that is into manufacturing of several spare parts of Automobiles and the organization has manufacturing facilities across the world spread across several countries. Obviously, such an organization will have to deal with multiple raw material vendors across the world and the organization must enter into agreements for supply of raw material with each of these vendors. Lets also assume that there is a central procurement department for this organization who are handling vendors through their country specific procurement teams with each country making their own agreements with the country / region specific vendors.

What are the possible pain points?

With such a distributed organization architecture, it becomes difficult and unviable to keep a track of all the vendor contracts, understand which contracts are expiring, which are in auto renew mode, which have penalty clauses, which are signed on company templates and which are executed on third party paper etc.

Not having visibility on contract key terms and metadata can lead to huge risk across the organization along with the possibility of getting into compliance issues.

the term “smart contract” back in 1994, but DocuSign can make a compelling case for being its true inventor. Since its founding in 2003, firms of all sizes and industries have relied on the company to streamline the contract process through its best-in class security, identity authentication, user interface, and integration with leading business suites. Today DocuSign has 500 thousand paying customers, and it earned over $700 million in revenue last year.

However, the company is not resting on its laurels and instead is seeking ways to improve its service offerings, with much of this experimentation incorporating blockchain technology. Over the last few years this testing has included trials, demos, and partnerships on both Bitcoin and Ethereum. The company also joined the Accord Project, an open-source software initiative that was established to develop a technology stack for smart agreements. Furthermore, last week the company invested in a $5.5 million Series A round for smart contract provider Clause alongside Galaxy Digital with the goal of making contracts on their DocuSign Agreement Cloud “self-executing” and “self-aware” in an ongoing fashion, rather than just one moment in time.

For traditional coding, it is a prevalent practice to segregate the code into various sections, which is also true in designing smart contracts. There are a number of libraries available which contain modules that can be used when writing a contract. It is also preferable to reuse such already available modules since this widely reduces the risk of committing an error and saves valuable time to focus on the ‘unique’ features of the contracts at hand. Even when a module needs to be modified to fit some particular needs, reuse of the corresponding tests to ensure nothing gets broken is highly recommended.

Hence, it is always advisable not to overdo the contractor to use fanciful coding techniques. Instead, keep it modest, especially because most contracts used by the public are going to have the corresponding source attached on the blockchain for anybody to inspect and validate. Having a clear, simple contract that is easy to understand gains more trust and is actually less likely to contain flaws than a large over-engineered contract doing way more than actually needed.

Addressing Security

When designing smart contracts, it is important to think about security from the very start. Since contracts are public and visible on the blockchain, everybody can potentially call every function. Even if you do not submit the source code, there is still the bytecode so everyone with the right understanding of the EVM and proper endurance can figure out what the contract does and call it. Hence, it’s not a very good idea to count on security by obscurity. In order to avoid this, most contracts implement the owner pattern that can be used to restrict the highest state “administrator” change functions, like setup, start, stop, and kill.

In order to determine which smart contract development platform is best-suited for a particular requirement, crypto analyst Marco Manoppo recommends building applications on networks that support interoperability between different tokens and blockchains. He explains:

In the future, when blockchain technology has matured … these [independent] blockchains & tokens [should be able] to communicate and operate with [each other]. There will be multiple [chains] in the space, ranging from private to public blockchains, with different use-cases on different parts of the world. For instance, a project that is utilized for patients’ data in the healthcare industry must be able to operate with another project that will be used as a payment channel.

Today, we’re delighted to share that we have been working with fellow Hyperledger members, Blockchain Technology Partners (BTP), to integrate the DAML runtime with Hyperledger Sawtooth! In this blog post, I’ll describe why we believe it’s important to architect a DLT application independently of the platform, why a new language is needed for smart contracts, and why we are working with BTP to integrate it with Hyperledger Sawtooth.

“Following the recent announcement that DAML has been open-sourced, we are delighted that work is already underway to integrate the DAML runtime with Hyperledger Sawtooth. This demonstrates the power of the open source community to enable collaboration and give developers the freedom required to truly move the industry forward.”

Brian Behlendorf, Executive Director of Hyperledger

EY announced today the launch of EY Smart Contract Analyzer, a smart contract testing and security service for the public Ethereum blockchain. The service, now entering a private beta test, will allow users to monitor smart contracts and tokens for known security risks. As companies and investors increasingly turn to blockchain-based tokens and assets, it is becoming crucial to understand the risks involved.

Investors in digital tokens face unique risks because both tokens and contracts are software designed to represent certain business and legal commitments. EY research has found that, in the past, digital tokens may not have accurately reflected claims made in prospectuses or white papers and may not be updated in ways that are agreed by investors.

Built by the EY Blockchain Security Lab in Israel, the EY Smart Contract Analyzer is designed to test and monitor tokens and contracts both prior to their release and once available on public blockchains. EY has developed a list of more than 250 standard tests that cover aspects ranging from known malware and coding errors to standard tests that confirm for investors that tokens are behaving according to accepted industry standards.