Most blockchain systems also provide
some form of scripting language to
make it easier to add functionality to
Such programs are often called
smart contracts (or contracts) (though
they are arguably neither smart nor
contracts). Here we focus on Ethere-um-style contracts.
Here are some examples of simple
contract functionality. A hashlock h
prevents an asset from being transferred
until the contract receives a matching
secret s, where h = H(s), for H a cryptographic hash function (see the sidebar
“Cryptographic Hash Function”).
Similarly, a timelock t prevents an asset
from being transferred until a specified
future time t.
Suppose Alice wants to trade some
of her coupons to Bob in return for
some bitcoins. Alice’s coupons live on
one blockchain, and Bob’s bitcoins
live on another, so they must devise
an atomic cross-chain swap protocol to
consummate their deal. Naturally, neither one trusts the other.
Here is a simple protocol. Let us
generously assume 24 hours is enough
time for anyone to publish a smart contract on either blockchain, and for the
other party to detect that the contract
has been published.
1. Alice creates a secret s, h = H(s),
and publishes a contract on the coupon blockchain with hashlock h and
timelock 48 hours in the future, ensuring the contract will transfer the coupons to Bob if Bob can produce s within 48 hours. If he cannot, the coupons
will be refunded to Alice.
2. When Bob confirms that Alice’s
contract has been published on the
coupon blockchain, he publishes a
contract on the Bitcoin blockchain
with the same hashlock h but with
timelock 24 hours in the future, ensuring the contract will transfer the
bitcoins to Alice if Alice can produce s
within 24 hours. If she cannot, the bitcoins will be refunded to Bob.
3. When Alice confirms that Bob’s
contract has been published on the Bitcoin blockchain, she sends the secret s
to Bob’s contract, taking possession of
the bitcoins, and revealing s to Bob.
4. Bob sends s to Alice’s contract,
acquiring the coupons and completing
If Alice or Bob crashes during steps
one or two, then the contracts time out
and refund their assets to the original
owners. If either crashes during steps
three and four, then only the party who
crashes ends up worse off. If either party tries to cheat, for example, by publishing an incorrect contract, then the
other party can simply stop participating and its asset will be refunded. Alice’s contract needs a 48-hour timelock
to give Bob enough time to react when
she releases her secret before her 24
hours are up.
This example illustrates the power
of smart contracts. There are many
other uses for smart contracts, including finance,
23 digital rights management,
26 supply chain,
and even off-chain transactions,
way of streamlining commerce by conducting most business off-chain, and
falling back to the blockchain only as
necessary to settle balances.
Smart contracts as objects. A smart
contract resembles an object in an
object-oriented programming language. A contract encapsulates
long-lived state, a constructor to initialize
that state, and one or more functions
(methods) to manage that state. Contracts can call one another’s functions.
In Ethereum, all contracts are recorded on the blockchain, and the
ledger includes those contracts’ current states. When a miner constructs
a block, if fills that block with calls
to smart contract functions, and executes them one-by-one, where each
contract’s final state is the next contract’s initial state. These contract
executions occur in order, so it would
appear there is no need to worry about
Smart contracts as monitors. The
Decentralized Autonomous Organization (DAO) was an investment fund set
up in 2016 to be managed entirely by
smart contracts, with no direct human
administration. Investors could vote
on how the fund’s funds would be invested. At the time, there were breathless journalistic accounts explaining
how the DAO would change forever
the shape of investing.
Figure 1 shows a fragment of a
DAO-like contract, illustrating a func-
are appealing for
applications such as
Bitcoin, which seek
to ensure nobody
who can participate,
may not be eager
to have their