Center for Financial Innovation and Stability

Notes from the Vault

Larry D. Wall
July 2016

New technology has disrupted a wide variety of industries, including hotels, music, and taxis. Proponents of "smart contracts" argue that the legal profession may be open to similar disruption. Smart contracts could replace many traditional paper contracts with computer code, potentially reducing the cost of having lawyers write contracts in arcane language and relying on the court system for interpretation and enforcement.

The limits of relying on smart contracts, however, have been demonstrated by the recent attack on the Distributed Autonomous Organization (DAO), which drained $53 million before changes were made to the computer code to restore the funds. The DAO is a new sort of early-stage investment fund that lacks a manager.¹ Instead, investors vote on which projects to fund and the computer code does the rest. The DAO advertised itself as a smart contract that is "borne from immutable, unstoppable, and irrefutable computer code, operated entirely by its members." In other words, the DAO was intended to be like the digital currency Bitcoin in that it would operate without any governmental intervention.

The appropriate response to the attack on the DAO created a dilemma. On the one hand, investors felt their funds had been stolen and allowing the attack to stand would discourage investors from participating in the future. On the other hand, the transfers were not in violation of the smart contract but rather exploited weaknesses in the computer code. If "the code is the law" as some smart contract proponents have asserted, what happened was perfectly legal. The organizations running the computer code voted to restore the funds to the original investors in late July 2016.

This Notes from the Vault examines some lessons from the DAO experience for the future of smart contracts, especially smart contracts that are intended to be "immutable, unstoppable, and irrefutable."

Smart contracts, Ethereum, and the DAO
The term smart contract is attributed to Nick Szabo, who has defined it as:

Smart contract: A set of promises, including protocols within which the parties perform on the other promises. The protocols are usually implemented with programs on a computer network, or in other forms of digital electronics, thus these contracts are "smarter" than their paper-based ancestors. No use of artificial intelligence is implied.

An example Szabo gives of a smart contract is one for a person to obtain a car on secured credit. So long as the payments are made, the person can continue to use the car. However, if the person fails to make a timely payment, a smart contract could recognize the failure and invoke a protocol that returns control of the car keys to the lender.

The DAO is based on the Ethereum platform. Ethereum describes itself as "a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference." It is closely related to its more famous cousin, Bitcoin, in that it uses a similar distributed database for storing information.² This database, called the Ethereum Virtual Machine (EVM), stores and executes smart contracts. Individuals buy and sell the rights to smart contracts on the EVM through a currency called ether, which can be acquired, like Bitcoin, through online exchanges.

The DAO, a collection of smart contracts, is an application that runs on the EVM. It was designed to invest, with considerable lockup windows, in other businesses. The DAO website provides an explanation of how it is intended to work but goes on to say in the "Explanation of Terms and Disclaimer" that "Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO's code." Unfortunately, shortly after the DAO became operational, one participant found and exploited a weakness in the code that allowed funds to be drained into an account that person controlled.³

Most of the funds were quickly recovered, but recovery of the remainder required agreement to change the rules that moves the funds invested in the DAO into a new account in what was called a "hard fork." Ultimately, the Ethereum community approved the hard fork in an overwhelming but not unanimous decision. However, some of those who dissented from the hard fork decision continued using the original rules under the banner of Ethereum Classic.

Not so smart contracts
Oral and paper contracts have a long history based on the technologies that have been available for millennia. Szabo explains how advances in the processing and communication of data, especially advances in cryptology, have opened up the potential for automating contracts in recent decades in a way not previously possible.

One distinction between paper and smart contracts is their comprehensiveness in laying out a full range of eventualities and consequences. If smart contracts are to be "immutable, unstoppable, and irrefutable computer code," that code must implicitly or explicitly declare what will happen in every possible event during the life of the contract (or in economist speak, every possible state of nature).⁴ Yet if the parties to the contract can put such declarations into computer code, there is no reason they could not put them into the language used in written contracts.⁵ Interestingly, most commercial contracts are incomplete in the sense they do not specify what will happen in every future state but rather leave that to be determined later for some states.

Economists and lawyers have come up with a number of reasons why incomplete contracts are so common. Perhaps the most obvious reason is that it is often too costly to anticipate and agree to unambiguous contractual terms for every possible set of states. For example, suppose two financial firms were writing a 10-year contract with each other in 1999 and it occurred to one of the firms that mortgage-backed securities backed by low-quality mortgages in the United States could cause a global financial crisis during the life of the contract. The probability of such an event would have seemed so low that it likely would not have been cost-effective to negotiate contract provisions dealing with such an event.

Moreover, Halonen-Akatwijuka and Hart (2013) observe that traditional contracts are often incomplete, even though the outcomes are verifiable, are easy to describe, and appear relevant. One example they give is that contracts often leave unspecified what happens if there is a breach of contract by one of the parties. Halonen-Akatwijuka and Hart (2013) hypothesize that incomplete contract terms may make renegotiation less costly or more efficient.⁶

Some contracts may not include some future states because they may include information observable to one or both contractual parties but not subject to objective verification by a third party.⁷ This unobservability makes the contract unenforceable in that state of the world. For example, participants in an industry may generally agree on the likely implications of a new technology for the likely evolution of the industry, but those implications may not be something that can be verified by a third party.

There are several possible ways of filling in contractual gaps should the need arise. Probably the most common practice is for the parties to renegotiate the contract in a mutually satisfactory way once an unforeseen state occurs. The two parties will almost always have a better understanding of the consequences of changes to the contract than a third party. However, if the parties are unable to reach agreement, then some contracts provide for arbitrage and the parties can almost always choose to litigate the case in a court of law.

Not only is the possibility of ex-post gap filling recognized when contracts are initially written, oftentimes the contract is designed to exploit this incompleteness in ways that result in a better ex-ante contract for both parties. For example, commercial loans and corporate bonds often contain restrictive covenants that convey additional rights to the lender, such as the right to demand immediate repayment of the loan if the covenant is violated. In most cases, however, these covenants are used as trip wires for renegotiation, such as when the borrower's condition has changed for the worse and the lenders want to adjust the terms to better protect their interests.⁸ The lender lowers his risk with such a covenant since he has the option to renegotiate or insist on payment. The ex-ante benefit to the borrower from such contracts is that this risk reduction results in the lender offering better terms in the initial contract (such as a lower interest rate).

Gaps in the DAO code and their resolution
The DAO provides an illustration of some of the incomplete contract issues discussed with regard to paper contracts by economists and lawyers. The DAO code was incomplete in that it did not anticipate the possibility that coding errors could result in unexpected wealth transfers from some participants to others. However, one cannot argue that this gap in the code arose because of an event that could not have been anticipated. Although the specific error that resulted in the wealth transfer would not have been anticipated, Gideon Greenspan contends that any large piece of computer code almost surely contains bugs that are not easily identified in testing.

Given that a gap existed in the code, what happened next would be predictable to someone familiar with paper contracts—one party sought to renegotiate the terms. Someone claiming to represent the attacker is reported by Frances Coppola (2016) to have made an offer to return some of the funds in return for being allowed to keep the rest. This offer was refused and the decision was made to reverse the transaction. What remains to be seen is whether the attacker appeals the Ethereum community's decision to the courts and, if so, how it is handled.

The future of smart contracts
The lesson from this discussion of the DAO's experience is not that smart contracts are an inherently bad idea.⁹ In many circumstances, smart contracts may eventually be a more efficient way of contracting than traditional paper contracts. Rather, the takeaway is that paper contracts are written with gaps for a variety of good reasons. These paper contracts may be replaced someday by electronic code, but they are unlikely to be replaced by smart contracts that rely on "immutable, unstoppable, and irrefutable computer code."

The first step in designing smart contracts is to have a good understanding of the set of problems being solved by paper contracts. If a smart contract is then to replace the paper contract, it will either need to solve these problems or at least provide expected benefits to the contracting parties that exceed the expected costs of not solving all the problems.¹⁰

A second step would be to create smart contracts that, where appropriate, preserve some efficiencies of traditional contracts, like the ability to renegotiate. The replacement of one contract with another should not necessarily pose a too difficult technical problem. Further, if there are only two parties to the contract and they know each other, renegotiation could be conducted as is done in the paper world. However, renegotiation is likely to prove more difficult as the number of participants in the contract increases and/or if the participants want to avoid disclosing their identity (as some Bitcoin holders prefer to do).

Finally, the authors of smart contracts should also give serious consideration to what happens in those states where renegotiation is appropriate but the parties cannot reach an agreement. The solution of appealing to the relevant community for a decision has precedents in the paper world, but it is relatively rare.¹¹ The problem with such an approach is that participants in the decision may decide based on their own commercial interests. Instead, what the parties to most contracts seek is to place jurisdiction over the contracts in a place where the parties have confidence that their case will be fairly determined by a disinterested court applying well-developed legal standards. For example, financial contracts often stipulate that the legal code of the United Kingdom (London) or the state of New York shall apply, as these jurisdictions have established a reputation for relatively predictable decisions in financial cases that are fair and incorporate a relatively sophisticated understanding of contemporary business practices.

Thus, smart contracts may have a bright future but face some growing pains that must first be addressed, such as dealing with the potential for coding errors. However, to reach their potential fully, smart contracts are going to have to find a smart way of interfacing with the often complicated and messy real world of business where the initial contract is often not the final word.

Larry D. Wall is executive director of the Center for Financial Innovation and Stability at the Atlanta Fed. The author thanks Brian Robertson, Paula Tkac, and Kim Wall for helpful comments. The view expressed here are the author's and not necessarily those of the Federal Reserve Bank of Atlanta or the Federal Reserve System. If you wish to comment on this post, please email atl.nftv.mailbox@atl.frb.org.

References

Aghion, Philippe, and Richard Holden, 2011. "Incomplete Contracts and the Theory of the Firm: What Have We Learned over the Past 25 years?" The Journal of Economic Perspectives 25, no. 2: 181–197.

Coppola, Frances, 2016. "Ethereum's DAO Hacking Shows That Coders Are Not Infallible." Fortune, June 20.

Denis, David J., and Jing Wang, 2014. "Debt Covenant Renegotiations and Creditor Control Rights." Journal of Financial Economics 113, no. 3: 348–367.

Halonen-Akatwijuka, Maija, and Oliver D. Hart, 2013. "More Is Less: Why Parties May Deliberately Write Incomplete Contracts." No. w19001. National Bureau of Economic Research.

Maskin, Eric, and Jean Tirole, 1999. "Unforeseen Contingencies and Incomplete Contracts." The Review of Economic Studies 66, no. 1: 83–114.

_______________________________________

¹ Assuming the DAO had worked as intended, there is some dispute about whether it was a good approach to investing with views ranging from Seth Bannon’s description of it as a "paradigm shift" to Tom Simonite who argues it would "make terrible investment decisions."

² More specifically, Ethereum's technology is similar to the Bitcoin technology in that both use a distributed, shared blockchain that is protected from unauthorized changes by sophisticated cryptography.

³ See Klint Finley for a less technical and Phil Daian for a more technical description.

⁴ That is, either the code explicitly requires a certain action in a particular state or the contract will implicitly default to some action in that state.

⁵ Determining the state of the world may be more of a problem in some cases for paper contracts than for smart contracts using the sort of technology described by Szabo. But that does not preclude the parties to the contract from determining what actions should be taken once a neutral party has determined which state is relevant.

⁶ They give the example of a nanny who is hired from 9:00 a.m. to 5:00 p.m. on weekdays for $15 per hour. The contract could specify she be paid $30 per hour if she has to work longer on weekdays because the parent arrives late. However, if the nanny is asked to work on the weekend the parent may believe that $15 per hour is reasonable compensation, whereas the nanny may regard the contract as establishing $30 per hour as the right compensation. In this case, it may be best to leave weekday overtime rates unspecified and renegotiate as necessary.

⁷ Maskin and Tirole (1999) show that under certain assumptions it is possible to develop a mechanism that induces the parties to truthfully reveal their information. However, Aghion and Holden (2011) point out that such a mechanism is not observed in practice and offer several reasons why it is not.

⁸ One recent paper analyzing the use of covenants is by David Denis and Jing Wang (2014).

⁹ Albeit, Greenspan further argues that developing code that is largely bug-free (mature code) takes considerable experience and feedback from users. He argues that this makes writing unchangeable smart contracts that control money particularly problematic.

¹⁰ A possible analogy between smart contracts and automated review of credit applications is possible. The replacement of human judgment in evaluating a consumer's credit quality with computers may in some circumstances result in higher credit losses. However, even in these cases the use of computers may result in a reduction in the costs of evaluating credit applicants that more than exceeds the higher expected losses. Similarly, smart contracts do not need to be as good or better than paper contracts along every dimension but only provide superior overall value.

¹¹ An example of such a dispute resolution mechanism is the ISDA Credit Derivatives Determinations Committee that among other tasks makes factual determinations on credit events related to specific firms on which credit default swaps have been written. However, in this case an effort is made to provide a balance of interest by including 10 sell-side firms, five buy-side firms, and three consulting firms along with central counterparty observers.