After Ethereum’s long-awaited Merge, it’s an ideal time to think about how we can also improve smart contracts. Essentially apps that run on blockchains, smart contracts are a vital component of our Web3 applications. But interacting with them remains quite dangerous, especially for non-developers. Many of the incidents where users lose their crypto assets are caused by buggy or malicious smart contracts.
As a Web3 app developer, this is a challenge I think about often, especially as waves of new users keep onboarding into various blockchain applications. To fully trust a smart contract, a consumer needs to know exactly what it’s going to do when they make a transaction — because unlike in the Web2 world, there’s no customer support hotline to call and recover funds if something goes wrong. But currently, it’s nearly impossible to know if a smart contract is safe or trustworthy.
Related: Liquid staking is key to interchain security
One solution is to make wallets themselves smarter. For instance, what if wallets could tell us if a smart contract is safe to interact with? It’s probably impossible to know that with 100% certainty, but wallets could, at minimum, aggregate and display a lot of the signals that developers already look for. This would make the process simpler and safer, especially for non-developers.
Here’s a deeper look at the advantages and disadvantages of smart contracts, why they seem like the Wild West now, and how we might improve the UX for using them.
The promise and peril of smart contracts
For developers, using a smart contract as the backend for their app has enormous potential. It also increases the potential for bugs and exploits. It’s great that smart contracts can be created by developers without asking anybody for permission, but that can also expose users to considerable risk. We now have apps transacting hundreds of millions of dollars with no safety guarantees. As it stands, we simply have to trust that these apps are bug-free and do what they promise.
Many non-developers aren’t even aware of the safety issues involved and don’t take the appropriate precautions when interacting with blockchain-based apps. The average user might sign a transaction thinking it’s going to do one thing, only to discover the smart contract does something else entirely. It’s why malicious smart contracts are a primary attack vector for bad actors.
Why are smart contracts the Wild West?
When a Web3 app makes a smart contract call, you don’t know exactly what the transaction will do until you actually do it. Will it mint your nonfungible token (NFT), or will it send your money and tokens to a hacker? This unpredictability is true of any online application, of course, not just Web3 apps; predicting what code will do is very hard. But it’s a bigger issue in the Web3 world since most of these apps are inherently high stakes (they’re built for handling your money), and there’s so little protection for consumers.
The App Store is largely safe due to Apple’s review process, but that doesn’t exist in Web3. If an iOS app starts stealing users’ money, Apple will take it down right away to mitigate losses and revoke the account of its creator.
Related: Latin America is ready for crypto — Just integrate it with their payment systems
Malicious smart contracts, on the other hand, can’t be taken down by anybody. There’s also no way to recover stolen assets. If a malicious contract drains your wallet, you can’t simply dispute the transaction with your credit card company. If the developer is anonymous, as is generally the case with malicious contracts, there often isn’t even an option to take legal action.
From a developer’s perspective, it is much better if the code for a smart contract is open source. Popular smart contracts do typically publish their source code — a huge improvement over Web2 apps. But even then, it’s easy to miss what’s really going on. It can also be very difficult to predict how the code will run in all scenarios. (Consider this long, scary Twitter thread by an experienced developer who almost fell for a complex phishing scam, even after reading the contracts involved. Only upon a second closer inspection did he notice the exploit.)
Compounding these problems, people are often pressured to act quickly when interacting with smart contracts. Consider an NFT drop promoted by influencers: Consumers will be worried about the collection quickly selling out, so they’ll often try to make a transaction as fast as they can, ignoring any red flags they might encounter along the way.
In short, the very same features that make smart contracts powerful for developers — such as permissionless publishing and programmable money — make them quite dangerous for consumers.
I don’t think this system is fundamentally flawed. But there is a ton of opportunity for Web3 developers like me to provide better guardrails for consumers using wallets and smart…
cointelegraph.com