Ethereum Smart Contracts: usage, security & audits

This article aims to review what smart contracts on Ethereum are along with the key aspects of the Ethereum protocol and how it works.

What is blockchain and how does it work?

Before moving on with smart contracts, it’s important to explain their underlying technology. Blockchain represents a distributed database that is supported by a number of nodes in a computer network. The idea was first described by an anonymous group of developers under the nickname of Satoshi Nakamoto in 2008. Later in 2009, it transformed into the first cryptocurrency Bitcoin.

The key difference between blockchain and a centralized database is the way the data is structured. The traditional approach implies storing all the information in tables on a single server. Blockchain, on the contrary, suggests keeping records in blocks that are produced by all the distributed network participants which ensures the security of data and makes it possible for users to collaborate on a peer-to-peer basis without a trusted third party.

In the blockchain network, all participants are connected with each other and can interact on a peer-to-peer basis

How Ethereum works? 

Ethereum pushes the idea of the blockchain further making it the basis of cryptoeconomics with the help of the following elements:

• Smart contracts: the automated pieces of the code defining the rules for the crypto to change the owner.
• The Ethereum blockchain: the distributed database storing the records of all transactions and smart contract calls that have occurred within its environment.
• Consensus mechanism: the automated solution for validating data before it is recorded on the blockchain.
• The Ethereum Virtual Machine (EVM): the software platform enabling developers to create decentralized applications or shortly dApps on Ethereum.
• Ethers: an internal currency of the Ethereum network.

All these items work together and eventually make it possible for the participants to achieve their goals, i.e. exchange value directly without involving any third party.

What are smart contracts?

On his website, Vitalik Buterin defines a smart contract as a collection of code and data residing on a specific address on the Ethereum blockchain. Being a type of Ethereum account, it has its own balance that can be used for sending funds to other decentralized ETH addresses. However, unlike Ethereum wallets that are controlled by their owners, Ethereum contracts are deployed right on the network and are not controlled by anyone after the launch. Typically, they cannot be deleted or altered, they run the way they are programmed forever while the transactions they perform are irreversible. Alternatively, developers can deploy the so-called upgradable smart contracts with the help of proxy smart contracts that enable changing addresses of the contracts and thus deploy the new version to the network.

From the technical perspective, a smart contract is written in Solidity, then compiled to the byte code and launched on the EVM as part of the transaction data payload. Once the contract is registered in the system and the block with this transaction record is added to the network, you get a public address of this contract.

How Ethereum smart contracts can be used?

Smart contracts can be used for two key purposes: they can hold funds and they can run the logic of a contract that executes specific actions with these funds. 

For example, Alice and Bob can make a bet on whether the temperature will be above or below zero on a specific date and launch a smart contract for this purpose. Both of them send the required sum to the contract that checks a weather forecast website (which would be called an ‘oracle’ in blockchain terminology) on the day X and sends ETH tokens to the winner.

For such transactions to be possible, Ethereum features two types of accounts:

1. Externally owned accounts (EOAs): these are usual ETH wallets used by regular people for storing and exchanging funds
2. Contract accounts: these are accounts held by crypto smart contracts. The funds’ transfer from such accounts can be triggered by EOAs or any other external events.

Smart contract audits and security

To create smart contracts on Ethereum, developers rely on Solidity.  Just like traditional Java or C++ and other programming languages, writing code includes a lot of potential bugs and unexpected behaviors. The difference with Solidity though is quite important as it handles funds (Ethers) just like any other variables, a potential vulnerability may lead to disastrous effects, including theft or loss of the funds.

When discovered, these bugs represent a vulnerability that hackers can exploit to steal funds from the Ethereum applications. What’s more, the blockchain immutability makes it impossible to alter the code leaving the funds in an insecure condition. To avoid money losses, it is highly recommended to conduct a smart contract audit and test the code thoroughly before launching it on the blockchain.

FAQ

How can I run a node on Ethereum?

To do that, you need to connect to the Ethereum network by downloading the blockchain node client to your machine. Note that you will have to download a copy of the Ethereum blockchain which may require some extra space.

What are Ethereum limitations?

Scalability is the key issue that Ethereum struggles with. It can only process 15 transactions per second on average which results in slow transaction confirmation and high network fees.

What are the fees for executing smart contracts?

EthGasStation is the key resource where you can calculate the fees for sending ethers at a given moment in time. As each smart contract contains a number of transactions, the fees will be multiplied.