DEV Community

Discussion on: What are Smart Contracts?

 
0xjepsen profile image
Waylon Jepsen

Security is essential, of course. But when it comes to validating the contract behavior, contracts are written in a turing complete language. Additionally, since the contract execution is on a distributed ledger, all the validators on that network (be it PoW or PoS) have to agree on the expected outcome. Since they are deterministic programs, this is a reasonable degree of insurance.

The security advantage of open source software is that there are many eyes on the software, especially if highly utilized. Lots of companies open-source their code to increase security. Granted, this is a new industry, so there are growing pains, but the composability also helps here. For example, a well-known highly regarded Safe Math contract that performs operations that protects against buffer overflows. The standardization of secure ways to do things is happening.

On the other hand, smart contracts have the desired property of immutability. No one can change the functionality on a contract once it is deployed. This is a significant security advantage. One of the pillars in the CIA triad is the integrity of information. Immutability can be leveraged for data integrity guarantees that no other applications in traditional systems allow for.

Furthermore, audits are important, but they are not as difficult as you make out. A well-rounded computer scientist or security researcher can apply methods well known in computer science like fuzzing to perform them. However, it is essential to know that as long as humans are a part of the technical landscape, there is no perfect security.

Thread Thread
 
dave_z80 profile image
David Lazar

It is easy to gloss over! I like how you introduce the terms "well-rounded computer scientist". I guess my point is this. Until a system based on and using Smart Contracts comes with a trusted stamp of approval in terms of the contract itself (which in the end, some human conjured up out of nothing, at least for now)... we are left with trusting a bunch of math, and not really sure that is enough. This is not a knock of the theory. It is simply me questioning how this Smart Contract concept can gain wide acceptance when there remain some glaring issues, like provably correct Smart Contracts. Until they come with some badge of assurance themselves, they are just black boxes supposedly correct, but not provably so. They may tickle the correct outputs based on some inputs, but that is not a test I'd trust.

Thread Thread
 
0xjepsen profile image
Waylon Jepsen

I am biased from my mathematics education, but I think mathematics is the best form of assurance. Public key cryptography is not just some "hocus pocus"; it's incredibly sophisticated. I wrote about it here if you are interested. It's also the technology your bank uses to keep your fiat money safe. The only difference is that they control the keys to you information instead of you. The primary way to prove things in academia is with mathematics. In fact we have built proving systems like Qoc to exactly this. The black boxes are deterministic and provably so. They are a lot more accurate than almost all of our technical infrastructure's current systems.

Thread Thread
 
dave_z80 profile image
David Lazar

I am not questioning math. As an engineer I well know the value in speaking math. I have qualms with cryptography and never implied any hocus-pocus? Again, my issue with Smart Contracts (since their inception) has never been their potential value. I have dreamed up many uses for them, none of which are currently needed or practical, but still. I am just commenting that as they become more and more ingrained in systems, those responsible for developing them, will be under heavier and heavier scrutiny, as we cannot simply pass off the old school to the new school, without being sure these contracts are in fact trustable. I think you mistake my concerns for operational aspects as opposed to what they truly are, a question of the ethics, morals and philosophy of how we use them. Finding out too late a contract was responsible for real problems is bound to happen if we have no oversight, and people just blindly trust that some contract is in fact what they believe it is. So it is not a question of the math, but more, does the math implement what it is believed to be correct and sufficient processing to deliver the goods.

Anyway.. thanks for the discussion, all good.

Thread Thread
 
growinweb3 profile image
Brendan H. Murphy

Waylon and David,

I have a lot of thoughts here as well.

I think a lot of the points mentioned here are valid and true as they exist today. Namely, the cost and complexity of smart contracts, potentially out-weighing their use.

I see this as a gap in talent and education. As more and more developers in Web2 transition to Web3 I believe we will learn to write more efficient code that is secure based on attack verticals.

I am a part of a community that trains engineers to write production ready smart contract code that is secure and scalable (Gas efficiency) in response to the exponentially growing demand for engineers in Web3.

I would love to talk more and collaborate with you both and anyone on this thread if you're open to it.

Check it out: optilistic.notion.site/Optilistic-...

I look forward to hearing from you!

Cheers,
Brendan H. Murphy
Optilistic.com

Thread Thread
 
0xjepsen profile image
Waylon Jepsen

Hey Brendan,

I really love to see this. You are absolutely correct in the gap in talent and education. I am glad to see you doing something about it. Open to chat and collaborate as always. My contact information and DMs are open.

Some comments have been hidden by the post's author - find out more