The Challenges and Risks of Smart Contracts

Nov. 12, 2021

By Brian Laverdure

Smart contracts — blockchain-based programs that operate when predetermined conditions are met — offer potential use cases as well as risks for community banks evaluating their payments processing capabilities.

Esoteric Programming Languages

While smart contracts are gaining traction due to a growing interest in blockchain-based financial services programs, their complexity makes them inaccessible to many.

Unlike legal contracts that users frequently experience in regular business activities, such as mortgages, smart contracts are written in programming languages that most people would find difficult, if not impossible, to evaluate and understand on their own.

Proponents contend that smart contracts provide greater transparency because anyone can audit the code, but users who cannot easily understand a smart contract will have a hard time knowing it will perform as intended and advertised.

External Data Reliability

Smart contracts also frequently use external data from third-party programs called oracles to perform their functions. External information, such as the price of Bitcoin or other assets, may be necessary for the smart contract to initiate critical functions like margin calls.

However, the dependence on oracles can introduce operational risks—what happens if the data source is corrupted? Bad actors are known to target oracles to manipulate DeFi programs to their advantage.

High-Stakes Flaws

Additionally, flaws in smart contracts may result in costly errors and potentially the loss of users’ assets.

In early October, reports surfaced that users of the popular DeFi platform Compound were mistakenly awarded $90 million worth of COMP tokens due to faulty coding. Defects can also be difficult to correct in a timely fashion due to governance structures that require project supporters to vote on proposed changes.

There are also many recent examples of hackers exploiting errors in smart contract coding to drain users’ accounts. Blockchain analytics company CipherTrace reported that DeFi hacks led to $361 million in losses between January and July. In August, a hacker exploited a vulnerability in a smart contract for the Poly Network to steal $600 million in digital tokens, which the hacker ultimately returned.

Relationships and Liability

Finally, unresolved legal and regulatory questions remain about the development and operation of smart contracts. For example, if a smart contract makes an error, which party should be responsible and how can jurisdiction be established?

Plus, the automated nature of smart contracts hinders the ability for participants to make subjective decisions.

For instance, a vendor might decide to excuse a one-time late payment because “preserving the long-term commercial relationship is more important than any available termination right or late fee.” In contrast, a smart contract cannot make such a judgment call, and the lack of the ability to do so may impede adoption.

For relationship-based community banks that are both high-tech and high-touch, this is a key concern.

What’s Next?

Smart contracts are a foundational concept to understand the evolving world of DeFi. As the crypto economy continues to develop, smart contracts will play an increasingly significant role in the development of new financial products and services.

ICBA is encouraging regulators to harmonize digital asset regulations and provide greater clarity on regulatory treatment of these novel technologies.

As Federal Reserve Governor Michelle Bowman recently noted, community banks rely on strong connections to their customers and communities—not the automated underwriting models that are typical in larger institutions.

To be successfully deployed by community banks, smart contracts must complement the industry’s strengths and preserve relationship banking.

Brian Laverdure is ICBA vice president of payments and technology policy.