Solidity: How to program Smart Contracts?

Since Vitalik Buterin developed Ethereum, smart contracts have become an integral part of the blockchain ecosystem. But what is behind these “smart contracts”? In five parts, Ingo Rammer explores the implications of the technology for us. Today: Why is a Smart Contract secure?

Why exactly is the whole thing safe?

So far, so good. But what about the security of this approach? What would happen if one of the participants simply exchanged the smart contract on the blockchain node he controlled and used a variant that was advantageous for him? (Depending on the blockchain, the attacker would have to dive relatively far into the internals of the implementation of the blockchain platform – but it is still a valid attack vector that has to be considered at least on a theoretical level).

What would an attacker have to do?

In our example, an attacker could try to take control of all phone numbers by changing the check conditions in his version of the smart contract. But this would lead to the World State being changed only on the attacker’s node: Only for him it looks as if he controls all telephone numbers.

All other participants would continue to execute the correct version of the contract. If, due to the consensus mechanism chosen between the participants, the attacker is selected by the network itself to generate new blocks, these would immediately be rejected by the other participants.

The attacker would lose the status of the block generator again, since depending on the configuration of the block chain, half or two thirds of all participants must agree with the result of a transaction before it is considered correct network-wide. An attack attempt therefore only harms the attacker himself.

One can therefore compare this attack with a bank customer crossing out the status on his printed account statement and overwriting an increased credit balance. From his point of view, he now has much more money than before. But as soon as he tries to access this money, he is very quickly brought back to the bottom of the facts: his own view remains a wish and will at best be acknowledged by his counterpart with a smile.

How is a Smart Contract called up?
Having seen so far how a Smart Contract is technically defined, and knowing that it can trigger events that external (non-blockchain) systems can process, one last piece of the puzzle is still missing: How is the Smart Contract actually called?

Most blockchain platforms have corresponding SDKs in JavaScript, .NET and/or Java for this purpose. These SDKs allow the creation, signing and transmission of transactions to own or externally operated nodes of the blockchain network.

For Ethereum derivatives, a Smart Contract is called as follows: First, the method name and the method arguments are converted into a defined binary format. For this, auxiliary methods are provided by the SDK that can process the interface description (ABI – Application Binary Interface) of the Smart Contract and generate the corresponding binary data. A transaction is then created that uses as the destination address the address that was created during the instantiation of the Smart Contract described above.

This entire operation can either be performed explicitly in individual steps by the client code, or – as shown in Listing 5 – it can also look like a normal function call using automatically generated methods. In the listing we see the relevant part of the call of the above mentioned contract method requestTransfer, which uses web3.js [4], the JavaScript SDK for Ethereum.