Can someone give me a good use case (even better if you're doing it yourself) for a smart contract?
What is anyone doing with them that they find really handy?
I've never been able to understand how it gets used / why you would use smart contracts. I've googled and read... still don't grok it.
I've seen so many "benefits" listed, but none make sense to me as far as the process you go through and how it works out in the end. Often it's described as a magic thing that eliminates the use of "intermediaries" and so on. I suppose that is true but you only get to that by going through all the complexity of from making sure someone writes a good contract / getting folks from the outside to review and validate it and so on. I'm not sure that saved a lot in the end.
Much like a most things blockchain I find these ideas (not bad ones) and then the practical usage ... much less than ideal.
I'm a reasonably intelligent person. My job requires me to learn complex technical details about a bunch of different domains - it may take me a while to grok it all, but I usually can once I do my research.
The thing that is striking to me whenever smart contracts come up is how extremely rare it is to be just presented with a simple, understandable, real-world use case that is an improvement over existing alternatives. Instead, so often you get:
1. Long missives about how the technology is really cool, but that completely sidestep the original question: show me a simple example of what a smart contract is used for.
2. Lots of examples that are only relevant to crypto in the first place (i.e. just speculating on valuation movements in crypto). What I mean by this is that the purpose of finance (at least the intended purpose) should be to provide capital for real goods and services. Pretty much all of the smart contract examples I've seen are just, for example, triggers related to the prices of a bunch of different tokens.
I would honestly be thrilled if someone could just give a simple example of someone actually using this stuff in the real world.
OK, please commence all the "HN just always hates on crypto" non-responses... (this last sentence is sarcasm but also born out of frustration of getting straightforward answers in this domain).
Escrow is the simple thing. Suppose you want to buy a house or a car, and you show up with a bag of money and someone else shows up with a set of keys. How to proceed without the transaction requiring trust between people who don't know each other? If you physically get the car/house/keys, what guarantees that title was transferred as expected? Depending on the cash volume and the jurisdiction, there is basically no established mechanism for doing this peer-to-peer. If you're "lucky" then you see a whole industry of middle-men created around trying to solve /skim on this, which then increases the costs of transaction (say realtors or car dealerships). If you're unlucky, then there's simply no way to have a trust-free transaction, and you just weigh the risk and take it or leave it.
This does seem solvable, right? Because there's only a few APIs (bank transfers, title queries) that are involved in a fully automatic escrow. Such escrow could be provided as a free service by the government, or it might be pay-per-use (and simply cost less than markup from dealerships/realtors).
OK, great example, so I'll explain why a smart contract couldn't work here at all.
So, to start, going to be clear I'm using your specific example of "escrowing funds on purchase of a piece of real estate (and I mean actual, real, real estate)". Simple enough. But, at the end of the day, who is to say "the keys you gave me are really the keys to the house you said you sold me"? That is, there needs to be some way to import to the smart contract ecosystem "yes, these are the keys to the house he sold me, and yes, the seller is the unencumbered title holder of this house". There is no real way to do that without some sort of oracle, and then you've just moved the problem back a step (i.e. you need to trust the oracle).
I happen to think title insurance is vastly overpriced in many states, but that's not the same thing as thinking that title companies (who normally do escrow in the US) don't serve a very important purpose. Most importantly, they ensure the seller is the actual title holder. And I can hear the crypto fans saying "Well, if you just held that title on a blockchain, there would be no ambiguity about who owns it." But that just pretends that all the real world examples don't exist, like a contractor who puts a lien on a house because he claims he wasn't paid. Also, in the real world, if someone steals the key to your house, it's not usually that hard to evict them and change your locks. In the crypto world it's "sorry, finders keepers".
So again, this simple example just falls apart on further inspection. Very happy to hear why any of the rationale I've given above is not correct.
More than just needing an oracle - the keys and the house are both physical items. There's not really any practical way for a contract on the blockchain to validate that a particular physical item is in fact the item that it purports to be.
Are these ACTUALLY the keys to this house? Are they the only set? The original set? Were the locks changed, and this set in the contract is no longer valid?
Then putting aside all of that... How do you ENFORCE a "smart contract"? Probably through... Existing contract law. Because that's what it's there for. Smart contracts are just more convoluted paper, and we can do that already with DocuSign or any number of other digital contract options - all of which provide, so far as I can tell, precisely the same level of verification that a smart contract does. The only "advantage" of a smart contract over those platforms is that the history of the "document" is more or less baked into the chain, instead of trusting that the third party platform hasn't modified it... Which they will never have any motivation to do...
People have been initialing pages to mark them as read/accepted for more years than I've been alive. In the event of a contract dispute, smart contract or not, it's going to be up to a third party (mediator, judge, etc.) to decide on resolution anyway... At which point even the exact wording of the contract may well be discarded as being unenforceable because _contracts are not above the law_.
Thinking of a real estate transaction as an exchange of physical things is already a mistake. Most people expect to take possession of a structure in most deals, but it is sort of beside the point. What you're trading is a legal filing where you go to the county recorder (most states) and just claim to own something. What are you really buying? The promise from the other guy that they won't claim to own it in the future. But, under our deeply stupid title system, there really isn't a guarantee that the seller "owns" it in the first place. All kinds of people could have claims on it.
In a legal system this vague, smart contracts simply do not have a niche.
> In a legal system this vague, smart contracts simply do not have a niche.
This is an interesting point. The way I think about this is, if we can ignore for a second the bitcoin-related baggage of smart-contracts as a concept, then there's still a lot of overlap with related concepts like open government and automated legal reasoning. So I'm curious if you think of those things as also intractable. Also, blockchain isn't some magic wand that replaces the need for other datastructures. Why should partial or even doubtful ownership be impossible to model and do secure/verifiable/conditional compute on?
That is not necessarily true. Often, one or more of the closing documents addresses this very issue, attesting that there are no such known claims and/or assigning any unknown ones to you as the new owner. Liability is part of ownership, after all, and all ownership is "just a legal filing" unless it's backed by force. While it's true that a real estate transaction is not the same as a transfer of a physical thing, dismissing such transactions as fictional is a bit sophist.
> More than just needing an oracle - the keys and the house are both physical items. There's not really any practical way for a contract on the blockchain to validate that a particular physical item is in fact the item
Responding to you but this applies to lots of stuff in this thread.
Quoting wikipedia, "a smart contract is a computer program or a transaction protocol that is intended to automatically execute, control or document events and actions according to the terms of a contract or an agreement. The objectives of smart contracts are the reduction of need for trusted intermediators, arbitration costs, and fraud losses, as well as the reduction of malicious and accidental exceptions."
How can anyone possibly object to this technology as if it were a) impossible or b) useless? In the next sentence we get into "commonly associated with cryptocurrencies", but I think the main idea is already there in the opening. There is no strict requirement for whatever implementation details that you love to hate (blockchain, digital goods, digital titles, web3, etc).
> How can anyone possibly object to this technology as if it were a) impossible or b) useless?
Because it doesn't work, nor do I believe it ever really can work, at least as it's largely advertised. I mean, you just read the description from Wikipedia and are basically saying "How can people object to this idea?" That's like reading about all the great things flying cars can do and then saying "How can anyone object to flying cars?"
The point is that I (and many others, but I'll only speak for myself) do not believe that the utility the crypto boosters like to tout about smart contracts is technically feasible, at all, for most of the things we use contracts for in the real world.
Final will and testament: When I'm dead, move all the money from account A into account B. What is "not feasible" about a government API that answers whether a citizen is alive and a banking API that runs a funds transfer? Let's stick the code for this in some large cloud provider where it checks the credentials and conditions involved every minute.
We could debate whether this is a cheaper/easier/safer approach than trusting a law firm/banks/clergy/clerks to execute things on your behalf. But it's absurd to say that this is not possible (because every part of this is already done), or that it is not useful (it has exactly the same use-case as a classic will, but moves trust from a law firm to a cloud provider).
Because what you are describing is not a smart contract, at least how it is nearly always commonly understood.
What you are describing is simple API automation. Nobody describes what IFTTT or Zapier can do as a smart contract, yet that is literally exactly what you have described.
>Because what you are describing is not a smart contract, at least how it is nearly always commonly understood.
Shrug. So now we've moved through your criticisms of "it's not possible" and "it's not useful", and we're splitting hairs about whether it's in the right category. It seems like you want to have a conversation where "smart contracts" means exactly/only Ethereum as it exists today. If you're asking about the use-cases of abstract technology, and then pivot to insist that discussion revolves around existing brands/implementations, it feels like you're moving the goal-posts. You're of course free to insist that smart-contracts ARE ethereum and vice versa, but ironically when you do that you're a clear victim of marketing, and you're essentially endorsing the branding that you claim to dislike!
If "mere API automation" is disqualified as "smart contracts" according to your definitions because it isn't blockchainy enough, and if everything that IS blockchainy is disqualified as stupid or a scam, then I guess you win debates before they start. But that's just not a very interesting conversation for any one else.
FWIW, ethereum does have a concept of oracles ( https://ethereum.org/en/developers/docs/oracles/ ). I wonder if ethereum and zapier did have a lovechild, would you call it a smart-contract then? Do we need the contract AND the decision-data AND the assets to be blockchained, or can we blockchain a subset and still call it a smart-contract?
A mix between zapier, plus something like ethereum, together with legislation that requires open-APIs for critical services is probably exactly what we need to satisfy tons of practical real world use-cases. That's what you claimed to be interested in, right?
This conversation has probably been the biggest waste of time I've ever had on HN. "Moving the goalposts"??? This whole thread is on an article titles "Smart Contract Security Field Guide". To be clear, what you are talking about has absolutely nothing to do with the concept of smart contracts as discussed in that article, and honestly I have never heard someone in the past 10 years or so discuss smart contracts in a way that doesn't include distributed consensus. It has very little to do with ethereum specifics, but if you want "smart contract" to mean any automated behavior, then sure.
Feel free to call a giraffe a dog and then get upset when people point out that nobody else calls that thing a dog.
> There is no real way to do that without some sort of oracle, and then you've just moved the problem back a step (i.e. you need to trust the oracle).
Sure, and of course this is desirable. The "oracle" is a trusted external API (the bank, the DMV, the municipality, whatever). Some people may not like that these institutions are the arbiter of ownership or whatever, but of course we expect to be able to trust these institutions more so than strangers from craigslist.
I haven't mentioned anything about "digital keys" to the house, or "titles on blockchain", or the US specifically, you brought up all that and then argued against it. Honestly, I'm not really a crypto-bro, just a guy who's had trouble with exactly this kind of transaction. And I'm not personally invested in ideals like radical decentralization, or implementation details like super pure smart-contract ecosystems that disallow external oracles. I just want less friction AND less risk when I'm trying to buy a motorcycle on craigslist, or a house in an arbitrary (i.e. potentially non-US) jurisdiction.
OK, I think I can fully understand and agree with your point, but what you are describing is really not a "smart contract" as it is usually described, at least by people who think of it as revolutionary technology. It sounds like you just want a title company with better technology, and that I can wholeheartedly agree with.
But the fundamental raison d'être of smart contracts (i.e. that they are "trustless", that "code is law", there is no intermediary) do not really support the use case that you are describing.
I guess you could say you don't need Amazon, the problem of getting goods is solved by physical stores. Yet, millions of people find value in ordering through Amazon instead.
There will be use cases where people simply prefer blockchain over the legacy alternatives because it's cheaper, faster or better and there will be "whole new world" use cases.
This is just more "handwaving with a bad analogy", which again only goes to show how hard it is for people to show any real utility for smart contracts.
It is very easy for me to explain and understand the benefit of ordering over Amazon vs. going to a physical store. When Amazon first showed up, I didn't think "Gosh, what is this really for?" or "Can somebody explain to me, simply, what Amazon is for?" No, I went to amazon.com, browsed a giant selection of books, ordered one and it showed up at my house a couple days later. "Wow, that's awesome" I thought.
If you say "There will be use cases where people simply prefer blockchain over the legacy alternatives because it's cheaper, faster or better and there will be "whole new world" use cases." then why is it so difficult for anyone to say what those use cases actually are?? You say it will be "cheaper, better, faster", but are able to offer no concrete examples or rationale as to why.
That only works so long the "car" resides entirely within the blockchain.
In the real world, there can be disputes after the sale. The property might have some horrible undisclosed effect. You might have stolen it. Or something else along those lines.
Securely swapping a bag of cash for some keys is solving the trivial part of the problem, and ignoring the rest.
The blockchain will do its thing and give you the title to a house infested from top to bottom with termites, but everything went according to the smart contract, so as far the blockchain is concerned there's no problem to be solved.
One theory I have about all this is that doing deals with zero trust is that ... people don't want to do that ... and no matter what you do there's going to be this whole process around these transactions to provide some assurances and so on. On the surface all this title company stuff is silly and it is, unless there's a real problem with the title and then you want it.
These sound like problems I associate with bureaucracy, not people, and problems that just go away if/when some kind of API is provided. If the purpose of the title company or lawyer or whatever is to do something like "phone the county office clerk and tell them to look up a rubber stamp and fax us a signed copy", then it's not like it's impossible to get rid of the middlemen.
But its not _worth_ getting rid of the middle man when the fee is so much higher than current processes, on transactions where it might actually be used.
Escrow's only real value is when a third party steps in to judge who's in the right when things go wrong. When Escrow works well, it's highly automatable and already significantly automated by modern escrow companies. When one or both parties try to cheat, then you need human intervention, and again; Crypto/Blockchain/"Web3" is completely unsuitable.
Arguably the most popular use case is that smart contracts are used to create decentralized exchange services. See: Uniswap.
They are also used extensively in the crypto sub-genre called DeFi, or decentralized finance. One of the most popular implementations is called Aave, which allows one to take loans out (i.e. give the contract Ether as collateral, receive an amount of USD stablecoin in return) on a given set of assets.
Of course every NFT you ever heard of is essentially its own smart contract (specifically one that implements the ERC-721 standard of functions and public variables), though I'm not sure that qualifies as a 'good' use case. ;)
This answer right here is, in my opinion, one of the most interesting use cases that is available today.
Provide collateral and take out a loan against that collateral. It allows people to act as their own bank. No longer do you have to go to a bank, ask for permission and then get approved for a loan. Now, you can do that yourself, instantly, without any trouble at all. Amazing really.
What are those loans used for today? Well, mostly it is about interest rate arbitrage and providing liquidity. As a super basic example, you can borrow funds at 2% and then lend them out again at 3% and make 1%. It is essentially risk free (assuming the contract doesn't have bugs/exploits).
The larger picture will be to enable people to be their own Kiva's. Crypto often is pushed to 'bank the unbanked', but it is more than just holding money. It is enabling people to borrow against their existing holdings, effectively allowing anyone, globally, to put their savings to work for them, without having to rely on a centralized banking system to do so. This might not be interesting for USA people, but it is especially valuable in countries that don't have a stable banking system.
Who is providing the finance and under what terms? How does rhat actually differ from banks or one of the many microfinance services predating crypto?
Now, the real kicker, what is the effective cost when _all_ fees are included, because someone has to pay for it and when combining the interest of non-traditional lenders and such fees I highly doubt it'll be cheaper.
These are collateralized loans that are automated with "smart" contracts. Programmable money.
Who? Anyone who wants to provide liquidity. Is this different from existing solutions? Yes and no, the difference is that there is no human intervention here... you don't have to ask for permission. You're also dealing with a global pool of funds using open source technology, instead of just a single bank or service.
The only additional "fees" above the interest rate are the cost of a transaction on the block chain. There are certainly a lot fewer hands in the pot and overhead.
Learn more at one of the largest and oldest sites: https://aave.com
It is baked into the contracts and the way that the networks and protocols work. The general idea isn't super complicated though.
You have tokens, they sit in a wallet that you control. Let's say you own 10 ETH. Then that is in your wallet. Those ETH are mathematically provable to be in your wallet.
In the case of AAVE, you send your tokens to their contract, they give you back a receipt token which represents how much they owe you. Once your tokens are in their contract, you are free to borrow against the value that is locked up. If you get liquidated due to not maintaining your loan ratio, AAVE just keeps your tokens and your receipt tokens are then invalid.
There aren't any steps left out. It is really on you to read the documentation and bring some understanding around how all this works. I'll point you here: https://docs.aave.com/hub/
The collateral provably exists because blockchain code is public and ownership is secured via cryptography.
Are you asking about an off-chain asset that is brought on-chain? For that, you are correct you need to rely on a socially trusted institution that attests that the off-chain asset isn't actually owned by someone else.
There are some off-chain assets that are tokenized and are very trustworthy, IMO, such as USDC. And then there are a number of purely on-chain assets, such as ETH, MATIC (Polygon), and coins that power protocols like Uniswap and Aave and give the owner of those coins a right to dividends. The blockchain proves ownership of purely on-chain assets directly through cryptography.
I do want to add, you are being pretty combative here towards someone that was genuinely answering your questions.
So, by definition, the only asset that doesn't have external costs which make the SC cost _more_ than traditional paper contracts are those where the collateral asset is the exact same currency as will be issued?
You do see the glaring issue there right?
As for combative, I am beyond tired of the games played by crypto folks when it comes to answering basic questions they should already have the answers for.
If they don't answer the simple questions with clear and simple answers, then why should I act as though they are acting in good faith, let alone actually educated on the topics they claim the tech solves to know whether it solves a problem at all? Because from my perspective they sure as hell aren't.
Ed: oh I forgot to include the other major issue that undermines even on chain encumberance, that is the fact that a preceding off chain encumbrance takes precedent in court and thus even if the SC executes properly the funds may be taken by the courts as a consequence of preexisting encumbrance and thereby undermine the entire value proposition of the SC.
> As for combative, I am beyond tired of the games played by crypto folks when it comes to answering basic questions they should already have the answers for.
Making a vague reference to something isn't an answer, nor is a random link and a "look here", especially when the link doesn't provide the answer.
And the fact you don't understand that line is the proof you don't know enough about traditional contracts to be able to compare them to smart contracts.
Seriously.... you've just done more to prove to me that you crypto folks are generally just ignorant of real world issues.
> you've just done more to prove to me that you crypto folks are generally just ignorant of real world issues.
I didn't know I was supposed to "prove" anything to you or handhold you on reading even the basics of the available documentation. All I have to say is your loss for not making the effort on your own and being so negative and combative. Good luck sir.
You chastise me above for "the site sure doesn't in any reasonable nor concise manner" and then you do something even more silly. Oh the hypocrisy. At least I don't say something rude like "educate yourself."
I'll end my replies here. This is a circular non-productive 'conversation'. It is clear reading your past comments here that everything is negative from you, which is really strange to me. Seriously, have a great day, but I'm done.
The definition for the word encumbrance is literally the opening line and is the exact issue at hand that you refuse to address.
To quote it:
"Encumbrance means any charge, claim, community property interest, pledge, condition, equitable interest, lien (statutory or other), option, security interest, mortgage, easement, encroachment, right of way, right of first refusal, or restriction of any kind, including any restriction on use, voting, transfer, receipt of income or exercise of any other attribute of ownership."
How does AAVE or any other smart contracts ensure there are no outside encumbrances?
It has to use human third parties and pay those fees, on top of the SC fees.
Really, you're just proving to me that folks promoting this garbage are childish, ignorant and baseleslly arrogant.
And BTW, You are the one running in circles. I've been asking you the same question without getting an answer for several comments now...
Any asset Off Chain must be validated Off Chain thereby adding external costs, which from my napkin math suggest the total costs would exceed traditional alternatives.
And that's without even addressing actually checking for encumberance of the asset, which then makes the whole thing no different than traditional contracts except for much higher costs, an inability to readily modify without significant expense (if at all), and more.
Without checking for encumberance Off chain the entire value proposition of an SC is a joke, as what the code says doesn't matter when a preexisting encumberance applies. (Ed: This applies to on chain assets as well)
And if you're going to say it's not for off chain assets then all your saying is that one essentially can only use existing crypto to secure a crypto loan, which undermine the point of the loan ever being obtained.
> all your saying is that one essentially can only use existing crypto to secure a crypto loan, which undermine the point of the loan ever being obtained
Pretty sure my loans are perfectly not undermined.
All you're doing now is acting childish afaict, which just reinforces the view you've given of your position being based in immaturity, ignorance and idiocy.
Reread the thread and address the issue explicitly stated or just stop and accept your position is a failed one.
For the record NFTs get a bad reputation because the public associates them with silly pictures traded for outrageous prices. However NFT simply means that the token itself is not fungible and can therefore be used to refer to something specific that does not have to be art at all. Tickets would be an example that multiple teams are working on using the same tech, although they may not refer to it as NFT because the name is tainted.
Ticketing is already fully digital and no blockchains or NFTs were required. This is AGAIN another example that people bring up where blockchain solves none of the relevant problems and they've ALREADY BEEN SOLVED WITHOUT CRYPTO
Ethereum name service, more commonly known as ENS.
In ethereum address appear like 0x233eb...042, ENS let's you associate a human readable name like nick.eth with that address.
Works similar to DNS, turning IP addresses into something we humans recognize.
What's the pro of using a smart contract? (DNS works without one).
With a smart contract you can have immutable data store (assuming ethereum continues) that can give you ownership over your name, like nick.eth.
What's the con?
It's immutable which means people can own names they shouldn't with no mediation process possible.
Like a lot of things in life the system is good as long the system works for you, but not everyone is lucky enough to exist in a system that works well enough.
I posted the sibling comment basically dumping on smart contracts, so I wanted to thank you very much for posting this - it helped me understand smart contracts better in my mind and helped crystallize places where they could be useful.
I knew vaguely about ENS (primarily just by seeing .eth addresses), but your comment led me to dig in to how it works. I think the bit of "eureka" moment I had is that smart contracts are really only useful for shuffling around ownership of "pure data", and then it's up to everyone else to interpret what that data actually means.
That is, for an eth name, it's really just storing an association of the name with another piece of data, and putting a mechanism in place for who gets to control that association (i.e. how bidding for a name works). It's then up to other people to decide how (or whether) they want to "interpret" that association. In my mind it's quite similar to NFTs. All NFTs really store is an association that says "this person 'owns' this other piece of data called X, and that other piece of data X actually refers to this shitty digital image of a bored ape." But, of course anyone else can copy the bits of that shitty digital image and do whatever they want with it - it's only if enough people agree that "yes, that NFT really does mean that shitty digital image" for it to be worth anything.
It also helped me because with most contracts people think about how "things in the real world" need to be verified in order to determine contract performance (did the price of wheat go up, was the vacation rental as advertised), but smart contracts really are quite useless in those examples. But there are some examples where you're just storing pieces of data and you do not care about what happens "in the real world". Thus, I still feel smart contracts are often greatly oversold (and often misunderstood) by their boosters, but there are specific "data-mapping" use cases where they make sense. I also appreciate that you pointed out the downsides of not having a mediation process, which I think many crypto boosters think of as a feature but many people feel is a bug in the real world.
Anyway, you really helped me think about this more clearly, and I appreciate it.
At the bottom, it’s an address holding a program that can release funds to another address or a group of addresses (which may be wallets or other smart contracts) based on some predefined conditions.
There’s technically no limit to what you can implement, but there’s no killer app yet, and it’s questionable if there ever will be. For me, it’s mostly an interesting piece of tech to learn about.
I have no direct affiliation with this service (nor am I a user of it) but I recently learned about "Pool Together" which is a "lossless" lottery system. It's a daily lottery that happens automatically, you do not need to collect as it happens automatically, and you can withdraw all of your capital at any time.
First off, wanted to say thanks very much for posting this, primarily because I think it is an example that is straightforward and easy to understand. That said, I'm also thinking "if this is one of the best, straightforward examples people are talking about when referring to 'the value of smart contracts', then smart contracts are just nowhere near the important tech its boosters believe." (To be clear mteigers, not directing this at you, just saying this because what you've posted is probably the best example of a real-world use case I've seen).
In summary, what PoolTogether (https://pooltogether.com/) does is basically act like a normal savings account, except instead of you getting 4% interest a year or whatever, that interest is all pooled and then given out in big chunks at random - most people get nothing, but "winners" will get what is essentially everyone else's interest. Some notes:
1. I'm not clear what activity they're engaging in that actually generates interest (e.g. who they're lending to in order to generate a spread), but in fairness I didn't spend much going into the details. That said, if they really are generating income by lending, then I'm very curious how they can't suffer from some of the same negative edge-cases inherent in fractional reserve banking, like a run on the bank. If they are not generating real income from lending, I'm very suspect about how they can really be generating interest. Again, I didn't look much into this, so totally admit I could just not be understanding the details here.
2. I see absolutely no real benefit that comes from doing this as a smart contract vs. just doing this as any other kind of normal software (e.g. what core banking software provides), despite what their blurbs on the website say.
So still just dumbfounded by the lack of real utility in any of these smart contract examples I've seen.
PoolTogether routes deposited funds to a liquidity pool on aave. Those funds can be lended out via over-collateralized loans. That’s how the interest is earned. They could of course use other types of pools and gain funds on swap fees etc.
Sounds really unnecessary. What is there not to trust in an actual lottery? Are the people that go on TV to show the results not worth the job they have?
Why does the website have a starting sentence that includes:
"a passion project I hold dear to my heart."
What is it about lotteries or smart contracts that have people that saying "dear to my heart". The only thing "dear to my heart" is probably my wife and family. I don't know how something related to money could be. And I have a hard time trusting a person that has a passion project dear to their heart related to lossless lottery systems.
That sounds amusing ... albeit the lottery aspect makes me suspect shenanigans. Is anyone reading the contract to understand if it really is what it says it is?
One of those issues is of course that people will need to find someone who can read the contract for them, and hope they get it right.
Still, good example that is easy to get, seems like easy to code and work.
Correspondent banking. So say a bank in the States needs to send money to one in Spain. They may not have a relationship, so they go through an intermediary bank.
You can use a smart contract to eliminate the trust in the intermediary bank, so eliminating that counter party risk
bankC creates a secret number, hashes it and sends it to bankA. bankA sends money to bankB locked to hash. bankB can't get money until they have that secret number. bankB sends money to bankC locked to hash. bankC reveals secret number to bankB to unlock that money. bankB does the same with bankA.
Tada, we eliminated the risk of bankB running away with money. This is the lightning network
> we eliminated the risk of bankB running away with money
This isn't a real risk with correspondent banks. Instead, it's counterparty risk: bankB failing while it holds the funds in transfer. That risk can be mitigated with smart contracts, but it's not eliminated. (Correspondent banks also take a portion of the client bank's fraud and AML risk.)
If bankB is hacked, bankA still gets their money back or the payment is sent to bankC. So I still think the counterparty risk is eliminated between bankA and bankB
> counterparty risk is eliminated between bankA and bankB
Correct, but in its place is a new systemic risk with a real-world nonzero probability: the contract itself getting hacked. There isn't analogy for this in modern banking since the equivalent issue would either (a) get rolled back or (b) fold into the bank failing envelope. (There is analogy in pre-modern banking, though it largely revolved around debasement and invasion.)
True although I'm not talking about Ethereum smart contracts, I'm talking about Bitcoin ones which are very limited and not Turing complete. The lightning smart contract is like 20 lines and has been live since 2018, I feel the probability of the contract getting hacked is very low(famous last words!) https://github.com/lightning/bolts/blob/master/03-transactio...
I realise that this might seem a bit niche but we can use this to create a payment network(like visa). This system is better as the nodes in the network don't need to trust each other.
Cast your mind back to 2008 and hopefully this means that one bank falling over doesn't bring down the whole system.
The goal of the transaction is for the Spanish bank to have access to USD. In the example given, the Spanish bank would then have to take the crypto it got and trust an exchange to give it USD in exchange for the crypto.
How do you get USD to the Spanish bank without trusting a third party?
USD doesn't have smart contract abilities so yes you are correct about trusting a third party to exchange crypto to USD. You could use a stablecoin but that requires you to trust the stable coin backing.
They may be willing to accept trusting the dollar-backed token issuer. In the case of USDC, it's Circle. But there's nothing stopping JPMorgan, BoA, Wells Fargo, Western Union, etc implementing their own dollar backed tokens, and I suspect we'll see more and more of that as regulatory clarity settles.
Maybe the Fed themselves will issue tokens in this way. It's also entirely possible to construct a permissioned, yet decentralized exchange of tokens among whitelisted parties.
Your first and last sentence contradict to each other. If you already have a third party which both sender and receiver of money can trust, what's the point of blockchain?
There are hundreds of use cases for it. We are discussing one in particular which is for international settlement of USD backed tokens with limited trust assumptions necessary. Because we are talking about USD and not BTC or ETH, there is ALWAYS an intermediary involved in any transaction that is not paper cash in hand.
The sender and receiver still benefit from a permissionless, automated, international, instant transfer of funds with a cryptographically certified audit trail. The blockchain runs 24/7 and has no downtime. A token can be fully programmed and fine tuned for whatever parameters need to be checked to authorize a transfer. Those rules are transparent and auditable to everyone involved.
The transfer goes through within seconds and the cost of the transfer does not scale with the value of the transfer.
Typically I like to read HN comments for insightful discourse focused on details of the topic at hand by relevant experts. It is a terrible failing of HN that this useless comment is promoted to the top.
It is like if there were a detailed blog post about rusts type system and I was to comment “Why would anyone use rust when they could use X instead?”
I find posts like this honestly infuriating because its like you don't know the first thing about an entire, specialized field, yet because its something taking place in tech you feel like you're qualified to write about it. Ask the same question about chemistry, biology, electrical engineering, or any STEM subject, and here's the actual answer: it's beyond the scope of a comment on hacker news to spoon feed you an entire fucking field in a way that will make sense to you.
You will have to read papers, and think about what works and doesn't, over years to understand what is going on. And to be ahead of the curve -- you'll also have to do your own experiments that 9/10 won't yield any interesting results. In the blockchain and 'crypto' industry we also have the problem that entry is easy while skilled execution is not. Consequently: many fuck-ups have happened. It's easy to point to them and say that 'this is the industry' but its really not. Those are a few bad eggs.
I genuinely cannot tell if this comment is veiled sarcasm or not. That or a question about concrete, practical examples of this tech and what unique advantages smart contacts bring to the table has hit a real nerve and set you off. If the latter is the case, that is of course a telling answer in itself.
It's not this specific question. It's the fact that any time anything about blockchain tech is posted on hacker news the first comment will be 'b-but where are the use-cases' with the second being something like 'lol scam.' It would be the equivalent of replying to every HN post with 'but why would anyone want to own a personal computer?' That's how irrelevant and uninformed these posts are.
Asking about practical applications of a relatively mature technology is an entirely, 100% legitimate question to ask. It is frequently asked about many other techs and advances, although it's also frequently omitted since the answer is obvious and readily available/forthcoming. Not so with pretty much anything blockchain. So yeah, if a technology is a solution in search of a problem for ten years, that's gonna come up a lot, and it's entirely fair. What else could be more relevant than that question, given all the hype?
>but why would anyone want to own a personal computer?
Both you and I can effortlessly come up with a dozen or two concrete answers (reality, not hypotheticals) to this question with no preparation whatsoever. Can you come up with just one single example for smart contracts? Reality, not hypotheticals. Heck, I'd settle for hypotheticals that are at least well on their way to reality.
- p2p asset exchange without centralised deposits (otherwise vulnerable to theft)
- micro-payments and offchain payments (they help to scale the tech)
- flash loans (instant access to unlimited capital)
- escrow (setting up N-of-M access to funds -- this would require a lawyer in real life and still be unreliable)
- streamable pay rolls (when you sign an employment contract
-- you get paid after the first week(s/s/s/s) -- you can stream money to employees over time with smart contracts -- this is genuinely novel)
- automated vesting payouts (again -- most employees have to trust their boss to send whatever vested shares theyre owed. you can setup a smart contract to do this to minimise trust and ensure you will be paid.)
- provably backed derivative contracts of many different types (conventional financial contracts require the assumption that the exchange can actually back up contract values -- with blockchain smart contracts you can setup 100 - N% fully collateralised positions -- 100% transparent. Recall what happened with game stop recently. Robin hood couldn't do shit if it were a DEX.)
there is one final killer use case for the tech and by itself its enough to justify it: decentralised markets. most of you remember silk road as a drug market. But believe it or not silk road was about more than just drugs. it was about having the freedom to trade as you saw fit. taking the good and bad as it came. the website sold books, hosting, and many legitimate products and services. of course -- no one ever gives ulbricht credit for that. silk road was the reason bitcoin had any value in the beginning. today there are many more use-cases though.
These are a bunch of either superficially or actually plausible ideas. How can I tell whether it's legit or bullshit without seeing how it fares in the real world? Perhaps I wasn't clear - I was looking for company names, product names, something I can get a feel for in terms of concrete metrics like $$$ invested, sales, profits, how it's faring in the real world, etc.
Genuine question from someone on the outside watching all of this: then who are these things for? Apparently not me, nor GP, nor my mum and dad. Are we waiting until the Smart People sort out all of these complex details to make this stuff accessible for regular people?
I'd say something like this: the average person isn't doing anything that complex with money. They can use cash for instant, real-time payments (with good counterfeit prevention), and can generally rely on their banks. But this is less than ideal because their assets can easily be seized, inflated, frozen, and their banks could fail. The blockchain could offer superior piece of mind or something of an insurance policy. Though the problem with that is most of the world runs on regular money so there would still need to be ways to buy/sell those assets.
To talk about the more specialized use-cases: there are some truly novel things that can only be done with the blockchain. To give you a direct example -- 'provably fair' gambling enables someone to place bets and know for certain that the result will be fair. This is accomplished by having outcomes enforced for a network of computers instead of trusting some shady website to stay fair. It's basically fully transparent. I know there will be people saying that this grasping at straws but the list of use-cases is quite long. I don't have time to research and list all the interesting ones here. But if anyone is interested in the subject I promise you that learning more about it won't be a disappointment.
It's just not easy to explain in short-form posts.
Nah, supporters of most of the tech (chemistry, biology, EE, whatever) can easy explain applications to layman, as well as explain why one would use it over alternatives.
There are some exceptions of course -- one example is "memristors", an very specialized EE concept that claims to revolutionize computing for least 20 years and yet never does. And if you look at its HN discussions, you'll see mostly skepticism and negativity, kinda like for blockchains.
counterpoint: engineers building complicated things /and then looking for a problem they would solve/ is bad.
if you are unable to easily explain it to a human who isn't your profession, it's snake oil.
what's a tooth filling? it's a bio-safe, quick setting, similar plasticity to your teeth enamel.
what's shipping logistics software? it's not wasting an idle or half empty truck.
what's S3? durable object storage.
what's the TLS certificate transparency chain? an append only, low power proof of what the CA's issued. No blockchains or smart contracts involved because it's less expensive and less absurd.
what's sigstore? an append only, low power signing proof of binaries, docker images, git commits, etc. No blockchains or smart contracts involved because it's less expensive and less absurd.
Too many blockchains and smart contracts and such seek to be "the engine" that everything runs on. They want web 3.0 because they want a do-over to be kingmakers.
what's HTTP/HTML? a simple way to exchange data between webservers & web browsers, the universal engine.
All of your examples are trivial and deal with every day concepts. Blockchain technology intersects cryptography, computer science, government, politics, economics, finance, information security, probably even sociology and philosophy. It's multi-disciplinary.
The idea that something needs to be simple to be legitimate is not a good one. Some things simply are complex and to say otherwise is to over-simplify them. Or reductionist. Much of the ground work requires questioning assumptions that people are already familiar with and accepted as true. Like the trust assumption in banking.
I can tell you first hand that when I pitched my blockchain startup back in 2013 the very first stumbling block I had was even getting people to understand Bitcoin. So go ahead and tell me that a large, in-depth field must mean its invalid. I think that's a silly idea.
Can you give examples of things which are "simply are complex and to say otherwise is to over-simplify them" and that are not either blockchain or snake oil?
Note that internal operation does not really matter, only applications do; I might have no idea how CRISP/CAS works, but I can totally understand some of its applications and why people call it revolutionary.
There are specialized journals for blockchain tech now.
Maybe 'diverse' would be a better word than 'complex' for blockchain tech because projects aren't all financial. The OP made the claim that he couldn't think of use-cases for smart contracts. The problem isn't that there are no use-cases but that there are too many. What use-cases are there for a language for structuring trust when it can touch so many areas?
Every time we have these threads ignoramuses wander in and expect those in the industry to justify their whole field and area of expertise. Even though from their questions the only thing they know about the industry comes from news headlines and memes. Yet this is what passes for discussion around here. They expect to be spoon fed an entire area of knowledge they know nothing about. And when failing to instantly grasp the years of knowledge people have in this area they declare that it doesn't exist.
Yet knowing a lot about crypto and blockchain, thinking about what works and doesn't, and over years reading papers and understanding the technology...
I can not think of a single usable problem that blockchain solves.
We did what I thought was an interesting use case. Giving artists an ability to manage royalties in perpetuity for sales of a digital artwork through cryptography. Here is the breakdown:
From my understanding a smart contract is like a web backend, with completely transparent business logic and data, so anyone can interact with it without any intermediary. If you can deploy your program (smart contract) on the ethereum blockchain or any of the L2 chains, then all the costs of interacting with it and maintaining its data layer are borne by the market participants.
Because of these properties you can create entirely open market infrastructure that anyone can use, which means reduced compliance costs (measured in opportunity and not money) and regulations for the participants.
On the flip side, the issue is that most people are stupid, don't know shit about what they are doing, and the tech itself is vulnerable to all sorts of race conditions because of flaws in Solidity language and the EVM itself which can enable hacks.
I am personally very sympathetic to the crypto efforts and not as sympathetic with the skeptics, because I find the centralisation of the web by some American players to be more dangerous than some individuals losing their life savings playing on web3.
Governance of next-generation automated economies and societies.
It's one thing to make a promise to someone. It's another to marry your business procedures directly to immutable code which guarantees to users, employees and partners that the business operates in the intended and described way.
Most of these benefits require your company to be digital in nature, but many asset-based economic systems can benefit from it.
For example, automatic, trustless guarantee of both quality of transport and payment for shipping goods. Sensors in a transport vehicle continually update a decentralized semi-private blockchain, proving that an item never left a refrigeration state, or was not tampered with.
Automatic payment could be achieved by placing the item inside a locked stationary container at point of delivery and validating through this blockchain that all requirements were met.
A system like this could go even further to make guarantees to the end customer, who could verify at point of sale that their food item remained fresh.
> For example, automatic, trustless guarantee of both quality of transport and payment for shipping goods.
I am very, very skeptical your example would work purely with smart co tracts for this.
I can think of a bunch of ways where real world interactions would cause all sorts of problems that would have to be sorted out by regular contract law.
A common misconception is that smart contract enthusiasts believe it replaces existing contract law. It doesn't, though in some cases it removes the need for relying on it with digital services. It is meant to enhance the letter of law by adding additional guarantees.
When architected correctly (as with pretty much all software), it allows for a service to live (effectively) forever, independent from the creators of the service.
Example: I create a smart contract where everyone can post an IPFS hash to it, with added functionality to be able to post on someone's behalf if they give a signature to do so.
(This simple example is deliberately chosen to be a starting point. More complex functions & services can be derived from this starting point alone.)
If I were to kick the bucket, or if I'm not capable of contributing to its development, the service is still accessible to everyone else. If someone else wants to keep developing the service, they can do so via the contacts defined endpoints.
To me, the positives of this starting point outweigh the technical complexities involved with its development & maintenance. It varies wildly for others, but for me, this is the anchor point from which I can build something that can last long after me.
I am building an incentivized market to keep data available on the web(3) without having a centralized entity taking care of it. Without a smart contract running on a block chain this isn't possible. https://permanentum.io
I don't see any good answers here so I'll give it a try.
Smart contracts can be used to build voting systems, multi-signature agreement systems, escrow systems, exchanges etc. But all of these rely on data being in the crypto world e.g. on blockchain.
The most powerful emerging use case for smart contracts is verifying zero knowledge proofs. Using groth16 or PLONK you can compress any amount of information or computation into a constant size proof (constant in both size and verification complexity [1]). This leads to the question, what is the use case for zero knowledge proofs?
TLS notarization: a user can prove they received data from a website by proving the signature in the TLS session. So e.g. i could prove how many twitter (sorry, X) followers i have by proving an element in the HTML that is signed by twitter, or prove that i have a dm with individual X (not the company, a variable meant to indicate some person). This can be extended to proving e.g. bank account balances using TLS signatures. The idea is such a TLS proof can be ingested on the blockchain so anything on the internet can be used as a logical condition for a smart contract. https://tlsnotary.org/
^ a similar case exists for email data verification using RSA
Private user data: companies can track information about users without knowing what information belongs to what user. The idea is, the user data is stored inside a ZK proof and the user manipulates the data in ZK, then provides a proof to the web application that they manipulated it in a way that follows the rules defined by the application. A simple example might be ZKFlix. Each time a user watches a movie they add an entry to their data indicating `moviedId: true`. The web application can store the user state without knowing which user watched which movie. Put more simply, each change to user data is attributed to an anonymous actor. Theoretically it should be possible to build websites with the same functionality of existing websites, but where the website is non-custodial of the user data (this isn't strictly blockchain related). This type of system allows users to make proofs about their application user data and submit them to the blockchain.
^ the more general case is building a state system that exists entirely in ZK and putting a state root on the blockchain. Then anything about the state system can proven onchain
These are the examples I have off the top of my head (though i do work in this space). I think smart contracts by themselves lack functionality and resort to hacky things like permissioned oracles. Combined with ZK though smart contracts become a financial system that is trustlessly bound to the internet. The hard part is making the internet provable as sequences of polynomials.
Hard agree that the current user experience sucks though. I'm of the opinion that in the future users won't directly interact with the blockchain the same way a user doesn't interact directly with e.g. postgreSQL. If to make an account on a website you had to write an SQL query inserting the row that would be a similarly bad experience to managing your own private key xd
[1]: The scaling isn't strictly constant, but small enough to be considered for practical purposes constant
Well it was the same with the internet itself. It's prone to hacks, bugs, and outage, and yet today we all use it to manage our finances and make payments.
Well, for the internet you could say “it allows stores to show pages with their products, and people can choose what they want to order, give their address and pay it with credit card , all without leaving their home”
That’s a pretty obvious killer feature of the internet
Worth noting this wasn’t allowed on the early precursors to the internet. Also the credit card company and processor both take a fat cut and maybe deposit the money a few days later if they feel like it.
Smart contracts are fundamentally a business technology where money is hosted & manipulated natively on the platform.
This is pretty awesome & could be very dirsuptive.
The problem is at least in ecosystems such as Ethereum you have a single line of defense, your smart contract code. And that code is written in a poor language with very little security features.
Worst if something go wrong you can maybe pause, suicide your contract before your money is gone (what goes again the very principle of the platform) or if you are lucky & worked very hard on this you might have the chance to upgrade your contract.
The result is any contract being used seriously need to go through a long & very expensive by one of the few serious company is this field.
For now the Ethereum project have been very focused on solving the scalability & decentralization problem but my guess is without big progresses on the smart contract security & developer experience front no serious actor will ever consider adopting the platform.
There is a thriving community of security researchers and engineers in the smart contract auditing space.
Services like code4rena (https://code4rena.com/) and sherlock (https://www.sherlock.xyz/) make audits a public and competitive process with leaderboards that track the best of the best. Naturally those that rise to the top of these leaderboards tend to end up offering boutique auditing services due to projects wanting audits from the best of the best in the business.
Trust (a pseudo-anonymous auditor's handle) launching Trust Security (https://www.trust-security.xyz/) is a perfect example of someone who turned public contest success into a highly sought after auditing firm. There are other examples, but overall smart contract security is undeniably improving over time.
Yes but as you see on code4rena the cost of an audit is about $100k.
What is ballpark what a company would pay to have a security audit of their website or network for example.
So I would guess Ethereum has become an "Enterprise" technology because of the prohibitive cost of security of its applications?
From what understood originally, blockchain & Ethereum aimed removing those actors like banks who can afford high cost of licenses, compliance & security of complex systems.
Meaning you could write and execute your will without a lawyer and a court system, or write a smart contract to manage a condominium and its treasury with the other landlords (a $100k audit is out of the question for those use cases).
We are hearing less and less about those use cases and talk more and more about "Enterprise Ethereum" (https://ethereum.org/en/enterprise/) as we find out that developing for the platform will be as complex & expensive as for a big corporation.
But none of the players involved are "landlords". The 100k etc is just the figure they are charging for their services. It isn't mandatory that you get a security audit. You can just go ahead without it.
Whereas if you want to get those conventional licenses you have to go through mandatory licensing. This means there is unlikely to be a regulatory capture that would introduce licensing terms that would prohibit new players from coming in.
Do any of the audits ever come back clean i.e. no detected defects?
Are those audits actually serious and representative of the resources available to a profitable attack? Many smart contracts manage millions, tens of millions, hundreds of millions and up in value. Do they actually do multi-year audits with a team of 5 that come back clean?
Do they seriously believe and publicly state their design processes are better than the best IT systems by Google, Apple, Amazon, NSA, FBI, etc.? Because those organizations can not get clean audits against red teams with multiple people and a few years to work.
That would be a extraordinary claim, do they have the extraordinary evidence to back up that claim? Do they even have any verifiable evidence at all to back up that claim other than more marketing drivel?
If the answer to all of that is not yes, then it all sounds like a house of cards and just more “security” bullshit to me.
Audits are performed as a due diligence before actually launching the product or service that will utilize it. The audit is a collaborative process between the auditing team (or contest participants, in this case), and the developer of the smart contract. Contestants are rewarded financially for finding exploitable issues, with unique criticals (i.e. exploits that lose customer funds or otherwise fundamentally breaks the intended behavior of the contract) paying the most. AFAIK no public Codearena or Sherlock audit has had a critical vulnerability exploited after a contest was completed.
It would be hard to compare the smart contract auditing ecosystem with audits of internal processes at those entities you mentioned, because the problem being solved is fundamentally different. Google, Amazon, et. al. are protecting access to information stored in data centers, whereas smart contracts are at most a few thousand lines of code that needs to work as intended, without clever hackers finding a way to exploit them.
So, no. Lots of “process”, words, and gamification, but no results and no evidence of actual robust security at the necessary multi-million dollar level.
Looking at the leaderboard [1] it looks like the pay out is a few thousand dollars for a “steal all the money” defect. These companys literally want to manage millions of dollars, yet it regularly costs only a few thousand dollars in developer time to steal all the money. And these are the good companys doing audits.
What a joke. It is worse than XP, but at least Microsoft knew they were a laughing stock.
Yes you're right, there are very talented companies, but that's actually what the OP has been saying... These companies exist because of the language. No language is perfect but Solidity is very imperfect to say the least
These challenges are very interesting https://ethernaut.openzeppelin.com/. The thing is, almost none of these hacks could be possible, if Solidity would be better
You're literally commenting on a post that is a reference to a website that is trying to encourage a higher level of security in smart contracts. People are working on solving this issue.
It's a misunderstanding that smart contracts are just about money. What you have in essence is decentralized verifiable computation, which can and often is used for finance stuff, but isn't limited to that at all.
Every time I hear about another massive hack on Ethereum, I feel a little bit sad that I didn't specialize in software security. For many years there was huge amounts of free cash just sitting on a table waiting to be taken, a victimless crime (VCs and cryptobros are not victims, everyone is playing the same game).
I expect the low-hanging fruit has gone now. And setting up spearfishing attacks to scam teenagers out of their NFTs doesn't seem as noble (or as profitable).
It's amazing how quickly code-is-law becomes regular law is law when the code allows all your money to be stolen. And that is the nail in the coffin of this ideology, proponents of blockchain claim one day your house deed will be on the blockchain. What happens when people hack your house away from you then?
If the code allowed the issuer such flexible control, then yes. But many tokens have immutable implementations that can no longer be altered after deployment.
The only people that think code is law are hardcore libertarians / anarchists, which was the majority of crypto in 2011 but obviously isn't now.
The most likely way houses and other real world assets will exist is via a 2/3 multisig on the tokens. The 3 participants being: Government, Management Company, User.
If you lose your keys or get hacked you can go to the government + company responsible for the assets and get them back. If the company screws up the users can work with the government to get their assets back.
The advantage of this over a traditional government database is transfers can be made much more efficient because the government doesn't have to be involved in every transfer, they only step in if things go wrong.
At most you are going to make a few thousand, maybe if you're super lucky and skilled, a few tens of thousands of dollars on bug bounties. Compared to the amount of poorly-secured money that was/is in crypto, it is a pittance.
Add to that the fact that many of the hacks are largely legal consequence free due to crypto's famous lack of regulation (by design, lol), the economics are far more skewed towards the black hats over the white hats.
Seems legit and claims to have made one million in 14 months in bug bounties, although he was #1 on some leaderboard. Based on his blog I think he’s probably one of the best in the world at smart contract security so it’s probably not a realistic goal for most people , but assuming the blogger is honest I think you underestimate the potential for top white hats. Certainly the big black hat hacks are far bigger money but a million is nothing to sneeze at especially for no legal or moral risk.
Doing crime on a system with a perfect immutable record doesn’t seem like a smart play to me.
As noted above the firms like chainalysis will continue to uncover and attribute all of the nodes in the graph. If you are taking 100s of thousands or more through fraud the incentives are aligned to see your crimes prosecuted.
Agreed, especially given that frontrunning and similar techniques are almost inextricable from the technology’s default behavior.
However, actors other than law enforcement can also perform chain analysis, and you’d probably prefer to stay anonymous if you engage in such practices…
There are loads of bounty payouts in the hundreds of thousands. Probably 1000 payouts per year at that size. Most protocols would rather pay out $1 million than lose $100M to an exploit.
I appreciate how organized the Consensys guide is laid out. It's pretty easy to read. Trail of Bits has a similar guide that is a little more in-the-weeds technically. It also covers, what we think is, essential background about certain automated analysis techniques like static analysis and how fuzzers work. Check it out!
Hi Dan! Small correction: This is not a ConsenSys guide. It's my own work. As a private person. :)
More content on offensive security techniques is yet to come, so stay tuned!
Beyond the hype, my organization finds that smart contracts are a good area for research in software security methods such as static and dynamic analysis. The reason is that smart contracts are very small compared to general codebases and have a lot of real risks linked to money.
For example, here [1] the thesis is that when TVL rises, the probability of being hacked also rises which means that at some point there is not budget that can scale to protect your TVL.
Has anyone tried vyper instead of solidity and if so does it help mitigate any of these security issues? I haven’t tried it because audited libraries are critical to smart contract development and I don’t know if any decent ones outside of solidity.
Crypto guys were saying the exact same thing last year too. What changed? I kept hearing how there was all these projects underway and how I could switch jobs into crypto and make way more money.
You post this type of message in nearly every crypto thread yet every time you are pressed you don’t name a single company, project, or thought leader.
Personally I’ve worked at both coinbase and a blockchain company called avalanche. I think crypto is scams all the way down.
From every lawyer I spoke to about this, this was not a win for Ripple but the SEC.
They were found guilty of unregistered offerings to institutional. There's no way that the jury/judge won't take that prior decision into account with the non-institutional tranche. Somehow this was spun as a good thing?
I know a lawyer who happens to have a CS background who specializes in technology and cryptocurrency law. IIRC he was saying this was more of a win for Ripple/crypto, as it paved a path for crypto projects to not be classified as securities
I'm not sure. After this ruling every platform quickly relisted xrp. I assume they have pretty good attorneys who looked at the ruling and essentially declared "game on".
What is anyone doing with them that they find really handy?
I've never been able to understand how it gets used / why you would use smart contracts. I've googled and read... still don't grok it.
I've seen so many "benefits" listed, but none make sense to me as far as the process you go through and how it works out in the end. Often it's described as a magic thing that eliminates the use of "intermediaries" and so on. I suppose that is true but you only get to that by going through all the complexity of from making sure someone writes a good contract / getting folks from the outside to review and validate it and so on. I'm not sure that saved a lot in the end.
Much like a most things blockchain I find these ideas (not bad ones) and then the practical usage ... much less than ideal.