DEV Community

Cover image for What Are License Identifiers In Solidity and why we need them
CodeHadIt
CodeHadIt

Posted on

What Are License Identifiers In Solidity and why we need them

If you’re anything like me, then the first time you wrote a solidity smart contract, you thought to yourself; why do smart contracts start with a license identifier? What does the SPDX license identifier mean and why do we reference the Massachusetts Institute of Technology(MIT)?

In my smart contract journey thus far, I have found that many solidity developers fail to have answers to the above questions. They simply copy-paste it onto their codes as a necessity without understanding why it's needed in the first place.

If you're guilty of such(I was too at some point), then come along with me on this piece as I thoroughly discuss what license identifiers are in software, why they’re important in smart contracts, and how you can possibly do without them in your solidity codes.

Our daily lives revolve around software, they power the digital age we currently find ourselves. For most software, before we enjoy their benefits, we first have to agree to some terms and conditions regarding their usage.

The conditions precedent for the usage of a software is often contained in a file. This file sets the terms for the use of the software. It contains some of the following;

  • The extent to which the end-user enjoys the software.
  • Limitations to the use of the software.
  • Certain liabilities on the End user.
  • The intellectual property right of the software creator.
  • Some limitations of the creator’s liability.
  • Plus a bunch of other legal terms and clauses, primarily to protect the IP right of the creator.

This file is what is called a software license. A software license spells out the rules guiding the use of the product.

Before users can enjoy a software, they first enter into an End-User License Agreement or EULA. The EULA is a contract between the software creator (licensor) and the end user (licensee) establishing the right of the latter to use the software.

Every day, you enter into a EULA without even knowing it. When you run a software for the very first time(not always the case) or click on an “accept terms and conditions” popup on your favourite website, you’re entering into a EULA. 

Why are Sofware Licenses Important?

Software licenses are important for a variety of reasons to both the creator and end users. Some of these reasons are;

  • For creators, it protects their intellectual property rights.
  • It also serves to limit their liabilities arising from the use of the products.
  • For users, licenses serve to establish and limit the extent to which they can use, modify or distribute the software.

Classification of Software and Software Licenses

Generally, in legal parlance, a software can be classified either as unlicenced or licensed. This classification determines the extent to which the software can be used, modified, and redistributed.

Unlicensed Software;

is that not covered by terms and conditions for its use. They can be subdivided into public domain software and private unlicensed software.

Public Domain Software: These are software in the public domain. They are free of terms and limitations on their usage. A user is free to use, modify and redistribute at will. An example of this is SQLite(A database engine).

Private Unlicensed Software: They do not come with licenses, nonetheless are protected under copyright law. The fact that these software are unlicensed does not mean one can use them at will, users still have to be careful in how they use, modify or redistribute them.

Licensed software;

is that software with explicit terms and conditions for its use. The type of license used by this software can be broadly grouped into free and open-source software licenses and proprietary software licenses.

  • Free and Open Source Software Licenses: These licenses permit users to use the operational code, modify the source codes, and also redistribute the same with little to no restrictions.

Common Types of Open Source Software Licenses 

Permissive licenses: They are the most common type of software license. Permissive licenses allow you to use, modify and redistribute the software with minimal restriction. Examples include; Apache and MIT (used in solidity).

Copyleft licenses: These allow usage of the software, and modification into one’s own product, with one caveat. The caveat being that; one must reciprocate the license when distributing a product/software made from the use of the original software carrying this type of license.

You’re only allowed to use the software as long as you include the very same license used by the earlier software in any redistributed product created from the modification of the earlier software. Thus copyleft licenses permit usage and modification but restrict redistribution.

  • Proprietary or Commercial: Unlike open-source software licenses, commercial software licenses do not allow for the usage, modification, or redistribution of software. Even if they do, they tend to grant very restrictive permissions. Such licenses are generally attached to commercial software and are heavily protected under copyright law. This type of license is common among business entities. With these, you cannot use, or reverse engineer the source code.

Where Does Solidity Come in All of This?

As we have established above, for open-source projects, where users can enjoy, modify and redistribute the software, it is best they come with a permissive open-source license.

Most smart contracts and blockchain protocols are open-sourced. It is essential that they are open-sourced as trust is one of the key tenets of the blockchain and web 3. Making your contract open source aids in the establishment of trust.

As a result, you have to supply/identify the type of open-source license the contract uses so as to set the terms and conditions for the usage of your contract. The recommended licensing standard on the Ethereum network is the SPDX licensing identifiers which are readable by the Ethereum Virtual Machine.

SPDX refers to Software Data Package Exchange. It is an open-source project hosted by the Linux Foundation. The goal is to help standardize the formats for data sharing. One way SPDX does this is by providing a list of open-source licenses for projects to reference. The SPDX open-source license list available to projects includes Apache, Barr, BSD, and many more. The recommended license in solidity is however the MIT license.

To summarize the above, SPDX provides a standard for sharing software data(open-source). One of these common standards is in license referencing. They do this by proving a list of licenses projects can reference. The MIT license used in solidity is one of the many licenses on the SPDX list.

Where Should the SPDX-License-Identifier be Located in my Code?

The SPDX license identifier can be written anywhere in your code as the solidity compiler can recognize it from wherever. It is however considered best practice to write it at the very top of your code. 

What Happens If I Fail to Include the SPDX identifier in my smart contract

Failure to reference a license in your contract will cause the solidity compiler to throw a warning rather than an error. Identifying multiple licenses on the other hand will throw an error.

Can I Choose to Not Identify a License?

Interestingly enough, if you want to prohibit code reuse, modification, and redistribution you can specify it in your contract. Instead of supplying a license identifier, you can simply use the special value; UNLICENSED.

This way, the compiler will know you’re restricting the usage of your contract.

Final Takeaways

The most important points in this piece are summed up below.

  • Licenses in software spell out the terms by which that software can be used, modified, and redistributed.
  • A Software could have Free and Open Sourced licenses or proprietary licenses.
  • Free and Open source licenses allow for the usage of a software with little or no restrictions.
  • Proprietary licenses on the other hand either expressly prohibit the usage of that software or permit usage under very strict conditions.
  • SPDX stands for Software Data Package Exchange. They are an open-source project which helps standardize open-source licenses.
  • Some of the open-source licenses available in their list of licenses include; MIT, Apache, Barr, and BSD.
  • These types of open-source licenses are called permissive licenses and permit software usage with minimal restrictions.
  • The majority of smart contracts are open-sourced as it helps build trust in the contract or protocol.
  • Trust is a key feature of the blockchain.
  • Solidity uses the MIT license to specify the terms of usage of each contract.
  • You may include your license identifier anywhere in your contract, nonetheless specifying it at the top of your code is considered best practice.
  • Failure to include a license identifier causes your compiler to throw a warning. 
  • Having multiple licenses results in a compiler error.
  • If your contract is not open source, you can skip having a license identifier for the special value; UNLICENSED

Top comments (0)