The Technology behind Smart Contracts Florian Glaser, Chair of E-Finance, Information Systems Department Goethe University 01.09.2016 << People are corruptible, code is not. >>
Agenda Transactions in detail Decentralised applications Smart contracts DAOs Outlook
Transactions in Detail
Block Block contains transactions and meta data Blockchain: Transaction log of Bitcoin transactions Can be traced without gaps (auditability) Cannot be changed (immutability, fraud resistant) Block 51 Proof of Work: 0000009857vvv Previous Block: 000000432qrza1 Transaction lk54lfvx Transaction 09345w1d Transaction vc4232v32 Block 52 Proof of Work: 000000zzzxyzx5 Previous Block: 0000009857vvv Transaction lk54lfvx Transaction 09345w1d Transaction vc4232v32 Block 53 Proof of Work: 00000090b41bx Previous Block: 000000zzzxyzx5 Transaction lk54lfvx Transaction 09345w1d Transaction vc4232v32 Feature Chain: Token transactions as primary purpose Example: Bitcoin
Transaction (Tx) Requires proof of ownership from sender by digital signature Digitally signed: Only current owner can transfer ownership to next transaction Unspent Transaction Output (UTXO) used as Input for every Tx Source: Nakamoto (2008)
Transaction Creation Process 1. Create empty Tx 2. Select (unspent) outputs as inputs 3. Create outputs (target_address, amount) 4. Define output spending condition Small script (OP_CODES) Simple example: Only account who can prove to own target_address can use this output as input 5. Sign Tx 6. Send Tx message to peer node(s)
Meta Protocols Output scripts can contain arbitrary data to implement additional protocols (e.g. asset issuance) to store additional data on the blockchain Transaction Tx Inputs Nr Tx Inputs Tx Outputs Nr Tx Outputs Tx Input Prev Output scriptsig Tx Output Value scriptpubkey Prev Output Tx Reference Hash Script Meta Protocols To implement smart contracts on UTXO / Feature Chains Origin of decentralised applications (DApps) Index OP_CHECKSIG 0x3045h5jks9023hjk2439d09 OP_RETURN <protocol data> (Meta) Protocol data Protocol Identifier Version Number Transfer/Issuance Instructions: amount, percent Source: own analysis
Decentralised Applications
Traditional Applications Server(s) as a single point of failure Censorship Manipulation of code/storage Operator must be trusted
DApps on a Blockchain Zero Trust Open source Decentralized Autonomous only into the code base/developers.
DApp Examples Property + Provenance Token Systems & Currencies Decentralized Exchanges Financial Derivative Contracts Crowdfunding Identity + Reputation Systems
DApps are hard Needed: Public Blockchain Bootstrap own blockchain? Meta-protocol on top of Bitcoin? Problems Effort to get started Interoperability Higher layer standards
Ethereum as DApp Platform DApps share a single Blockchain Turing complete VM instead of scripts Code execution (Loops!) Storage Smart Contracts Interoperability/Interaction by design
Ethereum Overview
Blocks {TX1, TX2 } in a Blockchain Transaction {to, from, value, data, sig} Accounts {balance, code, storage} Gas as fuel for code execution
A System similar to Bitcoin but with fully fledged smart contracts and not a UTXO System
Smart Contracts
Smart Contracts Live in the Blockchain activated only when receiving a Tx Address, Balance, Code, Storage Can send + receive Tx
Source: Glaser 2017 Where Smart Contracts live
Creating Contracts
Write Code: Solidity, Serpent, LLL [, Python] Compile: Deploy: Transaction To: 0x0000..., Nonce: 1, Value: 2000, Gas: 1000, Gasprice: 5, Data: TXVALUE Push 25, Signature: v,r,s Creates New Smart Contract New Account Address: a8ead97f..., Nonce: 0, Value: 2000, code: TXVALUE Push 25, Storage: []
Calling Contracts
Contract Address: a8ead97f..., Nonce: 0, Value: 2000, code: TXVALUE Push 25, Storage: [] State 1 Transaction To: a8ead97f..., Nonce: 2, Value: 0, Gas: 1000, Gasprice: 5, Data: George 42, Signature: v,r,s, Hash: d1936afe6 Virtual Machine: State Transition Performed by every node for every Tx in a Block. Contract Address: a8ead97f..., Nonce: 0, Value: 2000, code: TXVALUE Push 25, Storage: [George 42] State 2
UTXO vs Account State Systems Bitcoin as a state Tx transition system (UTXO) State 1 Transaction State 2 14c5f8ba:7 3ce6f712:2 5ad59065:0 7b53ab84:1 892bb91f:5 Spend: 7b53ab84:1 3ce6f712:2 Create: bb75a980:3 Sig: 3df4kjth3kj39903j 3o5923433324ga 784lkj45l23423l4k j23lk4j2l3k4j3k3hf 14c5f8ba:7 5ad59065:0 bb75a980:3 892bb91f:0 Ethereum as a generalized state transition system State 1 14c5f8ba: - 1024 eth 3ce6f712: - 256 eth [ALICE, BOB, CHARLIE] bb75a980 : - 35 eth Transaction From: 14c5f88a To: bb75a980 Value: 10 Data: [ ] Sig: 349df89506sd52gkljlkie7652k y0wue8332556fgh66j75od55f State 2 14c5f8ba: - 1014 eth 3ce6f712: - 256 eth [ALICE, BOB, CHARLIE] bb75a980 : - 45 eth
Sub-Calls Data Feed Address: a8ead97f..., Nonce: 0, Value: 2000, code: TXVALUE Push 25, Storage: [ ] Hedging Address: a8ead97f..., Nonce: 0, Value: 2000, code: TXVALUE Push 25, Storage: [ ] Transaction To: a8ead97f..., Nonce: 3, Value: 0, Gas: 1000, Gasprice: 5, Data: 1020:13:W, Signature: v,r,s, Hash: d1936afe6 Exchange Contract Address: a8ead97f..., Nonce: 0, Value: 2000, code: TXVALUE Push 25, Storage: [] Reputation Address: a8ead97f..., Nonce: 0, Value: 2000, code: TXVALUE Push 25, Storage: [ ] Registrar Address: a8ead97f..., Nonce: 0, Value: 2000, code: TXVALUE Push 25, Storage: [ ] Escrow Address: a8ead97f..., Nonce: 0, Value: 2000, code: TXVALUE Push 25, Storage: [ ]
Halting Problem will it run forever?
gas as the fuel for running contracts Each operation (memory, calculation) Cost: gas-used * gas-price To pay upfront, remainings are refunded Estimation of gas/gas-price Required input for TXs
Common Pitfalls
Smart Contract Limitations No number crunching, No Counter-Strike No Dropbox [?] All data is public [yet] Cannot not access external data
but use Data Feeds! Feed external data to dedicated contract (oracle) No trust in external data Schelling Coin mechanism: Transaction Transaction Transaction Transaction Value [Reward] EUR/USD Address: a8ead97f..., Nonce: 0, Value: 0, code: TXVALUE Push 25, Storage: [0.30] Or: Data signed by Bloomberg/Reuters 0.10 0.20 0.21 0.30 0.30 0.30 0.30 0.30 0.30 0.30 0.35 0.40 0.70 >75% = 0.3 Reward range
Development Pitfalls No [proven] contract design patterns No deployment best practices Smart contract security
Environment Pitfalls Introduction of complex technology Transfer of trust to interfaces Third party / cloud often more efficient
DAOs
Decentralized Autonomous Organization Idea: Organisation encoded in smart contracts on a blockchain Processes, Products proposed, decided and (en)coded by voting of particpants on the blockchain Payout/Reward porportionally shared on the blockchain TheDAO : Recent example of a DAO (Q2 2016) Highest crowdfunding result in history Or: the largest (inadvertent) bug-bounty-program in history
Source: adapted from slock.it
Issues Avoid minority abuse: Problem: Majority stakeholders could overrule minority Solution: Possibility for every investor to split a DAO Misuse of the split function: Funds of TheDAO were drained by indivdual attacker Irreversible transactions/executions on the blockchain Recall: DApps are hard! even for quite experienced smart contract developers even after public code reviews
Consequences Legal aspects of autonomous code unclear Differing reactions of Ethereum developers/community: Initial Event: 3.6 Million ETH drained to split DAOs A small group presents various solutions 5% pro Fork 1% con Fork 94% absent Authorities notified Assets frozen when discovered by end-point users (exchanges) Ethereum (ETH) Chain Redistribution to victims on hard forked chain FORK Ethereum Classic (ETC) Chain Redistribution to Victims without protocol level change Two blockchains: two sets of miners with differing protocols of Ethereum Source: adapted from http://www.slideshare.net/arcatomia/ethereum-classic-18-august-2016
Outlook
State-Networks Scalability + Privacy solution Leverage state transitions off the blockchain Zero Knowledge Proofs Transaction privacy solution But: no smart contract privacy
Questions?
Florian Glaser Doctoral Student (Information Systems / E-Finance) Goethe University of Frankfurt Theodor-W.-Adorno-Platz 3 60323 Frankfurt, Germany E-Mail: fglaser@wiwi.uni-frankfurt.de Florian Glaser Researcher / Consultant brainbot technologies AG Taunusstrasse 61 55120 Mainz, Germany E-Mail: florian@brainbot.com
Backup
BTC Transaction Byte Signature
Source: slock.it