Smart contracts part 1: What is a smart contract? This blog post was authored by Max Houser - Senior Manager, Security and Privacy on the technology insights blog. In recent years, there’s been considerable talk of blockchain and its use cases in the business world. While some of these topics have specific use cases – metaverse, decentralised finance, etc – there is one topic that underpins everything in the blockchain and decentralised space: smart contracts. Smart contracts are behind-the-scenes applications that route data, track changes and settle transactions in a trustless manner. This is the first in a three-part series of blogs focused on smart contracts. Today, I explore the concept of smart contracts and their overall role in the blockchain and digital asset space. Parts two and three will focus on smart contracts design, standards and why securing smart contracts involves a shift to the left. Topics Cybersecurity and Privacy First, what are smart contracts? Simply put, smart contracts are applications that codify business logic, enabling automatic execution of the applications according to the design of the contracts. Smart contracts can be applications designed as single contracts or as many contracts to comprise a decentralised application (dApp). These applications are ultimately published to a blockchain, where they can be called by any user on that network, provided they meet the requirements to execute the functionality they are attempting to call. While not the primary focus of this blog, there are a wide array of legal issues triggered using smart contracts, and a host of structural legal frameworks needed to accommodate some of the unique aspects of these mechanisms. One of the building blocks likely to support smart contracts will be the adoption of Uniform Commercial Code Article 12 (the controllable electronic record), winding its way through state approvals. Among the list of potential legal challenges sure to be the subject of lawsuits in regulatory action are the following: Traditional measures of contracting (offer, acceptance, consideration, etc.) Data privacy issues (including perpetual retention of personal data) Anti-money laundering and Know Your Customer (KYC) rules Intellectual property considerations Liability and enforcement Jurisdictional issues Dispute resolution The law will likely do what it normally does with new technologies – try to catch up as quickly as possible. How do they work? What is the process? The goal of a smart contract is to have a trustless execution layer. This is possible because once deployed, smart contracts essentially serve as a self-executing layer for agreements between parties, which can run without the need for intermediaries. Once the business logic is coded, compiled, and deployed, the contract handles enforcement of transactions and related state changes. Maintenance of the dApp for this layer is not required by the organisation or individual who deployed the contract. Once deployed, as long as the supporting network (i.e., Ethereum) continues to operate, the contract will remain live and on-chain forever, remaining functional as permitted by the rules and logic encoded in the contract itself. Why use smart contracts? Smart contracts have many different potential applications across a variety of industries. Potential use cases include: Asset tokenisation: Tokenising real-world assets like real estate deeds, car titles and other assets making them more accessible and transferrable on blockchain platforms/public decentralised ledgers. Automated compliance and reporting: Smart contracts can be designed to automatically enforce regulatory compliance requirements, potentially reducing administrative costs while strengthening reporting accuracy. Cross-border payments and remittance: Organisations can leverage smart contracts to facilitate faster, more cost-effective cross-border transactions. Supply chain management: Replace existing manual processes with a transparent end-to-end chain of custody that enables better traceability and provenance and builds stronger consumer trust. Decentralised finance (DeFi): Finally, smart contracts enable the creation of decentralised financial services and applications. These decentralised platforms can include lending, borrowing, and decentralised exchanges, without the need for traditional intermediaries. As one can imagine, many other applications and transaction models can be built on a decentralised network. the potential uses span many industries including real estate, healthcare, supply chain management, government records and more. This is the beginning of a new era, bringing potential to the digital asset creation and management space. The next post in this series evaluates contract design and standards in greater detail, providing valuable insights and guidance for developers and users alike. Stay tuned for more information on smart contracts and security in the blockchain and digital asset space. To learn more about our security and privacy solutions, contact us. Cybersecurity Cybersecurity is a top priority for boards and ERM functions seeking proper visibility and understanding of their cyber threat landscape. We help firms protect data by assessing, developing, implementing and managing end-to-end agile solutions to help you safely grow your business. Data privacy With reliance on technology comes inherent data privacy and security risks. Protiviti solutions help improve privacy programme that align with increasing global regulations by identifying key gaps that may exist in privacy policies, establishing a baseline, managing change and implementing documentation. Cyber Risk Quantification By leveraging quantitative modelling, we empower you to fully understand the risks you are facing in ways that make sense for your business. Leadership Leslie Howatt Leslie is a managing director, and Protiviti’s technology consulting solution lead. She specialises in digital and technology strategy as well as transformational change with over 25 years’ experience across consulting, industry, and government sectors. She has ... Learn More Krishnan Venkatraman Krishnan is a director with over 14 years’ experience in professional services. He has specific expertise in technology risk consulting and has been advising clients both in the public and private sector in designing and implementing information security controls.Major ... Learn More Tim Speelman Tim is a director with a track record of developing and implementing strategic plans that align with the demands and gaps of global and local enterprises. Before joining Protiviti, Tim was a regional CISO responsible for APAC within a large recruitment company with core ... Learn More Featured insights WHITEPAPER Four Ways Finance Leaders Strengthen Cybersecurity As CEOs and boards become more informed about the extreme threats that cybersecurity lapses pose, their expectations are growing. CFOs’ expanding contributions to fortifying organisational data security, the highest priority identified in Protiviti’s... BLOGS Quantitative Cyber Risk Management 101: Baselining and Baseline Cycling Cyber risk is a growing threat to organisations of all shapes and sizes. Cyber risk quantification allows organisations to better understand the financial impact that these risks pose; however, setting the scope of quantification activities and... BLOGS Why Consolidated Security Will Help Meet Cyber Challenges Companies face multiple threats as the security landscape continues to evolve. But how can they get to grips with the cyber risks they face and a record number of data breaches? Taken together, all areas of risk and security are essential in modern... WHITEPAPER Building a Comprehensive Data Privacy Programme: Four Actionable Steps for Technology Companies Introduction Most technology companies today understand that ensuringdata privacyand protection is an imperative for their business; however, few manage this process well or even invest enough resources in that effort. As governments... NEWSLETTER Framing the Data Privacy Discussion in the Boardroom Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. While cybersecurity continues to be an issue for boards, a more targeted focus on data privacy is increasingly... Button Button