Between 2013 and 2014, Vitalik Buterin introduced the Ethereum whitepaper proposing the use of blockchain to store programs. Users could call these programs on nodes, allowing them to automatically execute transactions as the creator’s agent without human involvement. This concept became known as smart contracts. Buterin believed this mechanism was secure enough to conduct programmable transactions, but it turned out to be a multi-billion-dollar mistake. Just in 2020, security issues with smart contracts led to the evaporation of $90 billion worth of crypto assets.
In Ethereum and many imitators, each smart contract manages its own ledger of issued tokens. This means that there is more than one ledger on these blockchains. The native currency has one ledger, and each token has its own ledger. Are they all decentralized ledgers? There is no dispute regarding the ledger of the native currency, but when it comes to token ledgers, we need to examine what truly constitutes decentralization.
Decentralization refers to each bookkeeper (miner) independently deciding the content of their ledger, rather than mechanically copying someone else’s ledger. This independence includes deciding whether each transaction is legitimate and should be recorded. As long as there are no fraudulent actors dominating the network, this method can prevent illegal transactions from becoming the consensus of the blockchain network, thereby ensuring the security of assets. If miners in a blockchain lack this ability to independently determine the legitimacy of each transaction, then the blockchain is not decentralized. Miners would have to rely on a centralized authority to decide on the legality of each transaction, resulting in all ledgers being controlled by a single entity that can arbitrarily decide the ownership of assets, thus failing to provide security for users. Under Ethereum’s smart contract transaction model, the ledgers of smart contract tokens are managed by the contract itself, not the miners. Each contract is issued by a single project party, and although miners record the data generated by the contract, they do not understand this data; they merely note what the contract dictates. This turns miners from bookkeepers into mere recorders, with the project party behind the contract directing these recorders. Therefore, the ledgers of these tokens are not decentralized but centralized, posing a significant security risk.
Furthermore, Ethereum’s smart contracts cannot even be considered contracts. Yes, contracts can be executed through programs, but not every program execution constitutes a contract. Additional conditions must be met for a program’s execution to be considered a contract. For a blockchain functioning as a decentralized ledger, it is crucial that transactions undergo validation. As Satoshi Nakamoto stated: “Don’t trust, verify.” This is a fundamental rule of blockchain, and any violation of it will inevitably result in security issues. However, Ethereum does not verify the transaction results of smart contracts but only verifies the execution process of smart contracts. In Ethereum, when users call a smart contract, nodes execute the contract, and once the contract successfully returns, the node deems the transaction legal and records it. What are the implications of this model? After all, smart contract calls are initiated by users, so should they not accept the results of these calls? This is the Ethereum perspective.
Legally, a contract is only valid when both parties agree. Each party must reach a consensus on what they are exchanging for the contract to be valid. Therefore, when users call a smart contract, what are they agreeing to? Are they accepting any results generated by the smart contract, or the results claimed by the contract issuer? Most users are not programmers and cannot predict how a program will run; therefore, they are agreeing to the results claimed by the contract issuer. However, Ethereum cannot verify whether the execution results of smart contracts align with the user’s expectations (i.e., the results claimed by the contract issuer) because Ethereum nodes lack this information. Therefore, each recorded smart contract transaction in Ethereum only proves that “the smart contract produced such a result” rather than “both parties agreed to this result.” Confusing these two can have fatal consequences.
To make matters worse, Ethereum stores the transaction results of smart contracts as the contract’s data. In other words, the assets users receive from smart contracts are recorded in the contract’s ledger, not the public ledger. Ethereum nodes do not validate the transfer of these assets; it is handled and verified by the smart contract. Users cannot directly control these assets; it is the smart contract that controls them. This setup is akin to leaving the door open for theft. Consequently, Ethereum users are at the mercy of smart contracts, with no security guarantees in their interactions. There is no transaction security because Ethereum cannot ensure that the contract execution results meet user expectations, and there is no security for storing value because smart contracts can transfer user assets without their consent.
Therefore, since its inception, Ethereum has experienced several security incidents related to smart contracts. In contrast, Bitcoin has never encountered any security incidents. It is widely believed that smart contract security issues result from developer errors and negligence. Therefore, the industry has made significant efforts to standardize smart contract development processes, formally verify smart contracts, conduct code security audits, and develop secure smart contract languages. However, security issues with smart contracts fundamentally stem from the industry’s misunderstanding of decentralized contracts and the inappropriate transaction models that result from this. By addressing this issue, most smart contract security problems to date can be eradicated. Without resolving these issues, all current efforts will ultimately fail to eliminate the security risks associated with smart contracts.
