In Code we trust? Trustlessness and smart contracts

March 31, 2019

Trust is an integral aspect of all human relationships. Whether in the workplace, marketplace or family and other social setting, there can be no meaningful interpersonal connection between two or more persons without trust. Moreover, trust facilitates social cooperation and coordination. Contractual relationships are no exception. Non-legal mechanisms such as reputation and societal constraints may induce parties to voluntarily perform their end of the bargain. However, in the event of non-performance, a promisee can rely on the ‘system’ of contract law with its established rules, principles, and institutions to ensure their side of the bargain is upheld or else seek a suitable legal remedy.

What if it was said that we no longer need to trust the counterparty or a system of rules and institutions such as contract law to carry out a transaction? This is the claim of ‘trustlessness’ that has been associated with smart contracts.

First propounded by Nick Szabo in 1994, smart contracts were then described (by Szabo) as ‘a set of promises, specified in digital form, including protocols within which the parties perform on these promises’. Other definitions have generally described smart contracts as autonomous software agents: in other words, codes or protocols that automatically self-execute upon the fulfilment of pre-determined conditions. The recent renewed interest in smart contracts has emerged from breakthroughs in distributed ledger technologies, namely blockchains, which have made smart contract applications more practically significant. 

Using complex technology, from public and private key cryptography to peer-to-peer networks and consensus mechanisms, blockchains provide a database that is characteristically accurate. Each computer in the distributed network maintains the same updated version of the record without the need for a master copy, making it an autonomous system. Blockchains can exist without a centralised authority or server to exchange, verify, and secure data of recorded transactions. Smart contracts can utilise active distributed ledgers that are more than data-recorders, while blockchains enhance the self-executing autonomy of smart contracts. 

At first glance, smart contracts appear to do away with the need for trust in the counterparty. Since performance is automatic, smart contracts enable the promisee to obtain what has been promised to them, without the need to depend on interpersonal trust vis-à-vis the counterparty or a system of contract law to enforce the promise. However, if we take into account the social, economic, and political contexts in which smart contracts operate, do they override the need for trust? In other words, are they really ‘trustless’? We argue that a new set of trust concerns arise in the context of smart contracts, especially when they run on blockchains. 

First, the reliance on computer software is not without risk. Bugs and errors in the code or a malfunction in the system can bring about undesirable and unpredictable consequences, especially if the smart contract is directly linked to the transfer of assets (for example where the self-execution involves the automatic release of funds from your bank account). 

Another risk concerns exploitable bugs, those soft spots in the code that are susceptible to hackers. The smart contract is not able to discern the subjective intention of a bona fide party from that of a hacker and will execute provided that the correct inputs are provided, allowing the hacker to exploit the coding error for their own profit. 

A high-profile example of such a risk materialising can be found in the collapse of The DAO. The DAO was the first attempt to implement a Decentralized Autonomous Organization, a coded structure capable of self-governance and autonomous decision-making constructed by a myriad of smart contracts on blockchain: in this case, Ethereum blockchain. A bug in the code of the smart contracts enabled a hacker to use the system to “validly” (according to the rules of the code) extract Ether (the digital value token used in Ethereum) that was valued at approximately US$50 million. The inherent immutable nature of blockchain made the theft potentially irreversible. Ethereum had to ask miners to perform a hard fork to create an incompatible chain of data. The strategy proved successful and the funds returned. However, this incident showed not only that blockchains are not inalterable, but also that smart contracts can be susceptible to attacks and to human mistakes.

This suggests trust cannot be eliminated altogether from smart contracts but rather, is transferred into the hands of the coders and the developers of the software behind the smart contract. Ultimately, we need to trust the coder in both their ability and intention. Given the power imbalance that is likely to arise between the users and the developer communities, this may over time lead to distrust amongst users in the system. The potential lack of recourse in the event of bugs or malfunctions cropping up in the code, especially if they go undetected, can exacerbate such distrust. In this context, trust may not be willingly conferred in the absence of an alignment of interest between the developer communities, any stakeholder communities, and the users. 

Although the use of modern technology has proliferated, it is unlikely that code will become a dominant language in the immediate future. Assuming that code remains inaccessible to all but a minority of the population, then the rise of smart contracts (especially if it becomes mainstream say in business-consumer transactions) will increase the dependence on experts whose services are required to facilitate the entry of, and to help make sense of, the transaction that the parties wish to enter into. 

Second, the self-executing nature of smart contracts means there is reduced scope for flexibility to give effect to the actual intentions of the parties. This is because once the code is executed there is little or no discretion in how obligations are performed since smart contracts generally cannot be modified once set in motion. 

The use of smart contracts in long-term relationships may prove to be especially problematic. Long-term relationships entail the possibility of greater uncertainty due to the natural limitation of human foresight and a greater number of permutations, including external factors beyond the control of the parties. Such relationships generally entail high levels of interpersonal trust. In these contractual relationships, (as termed by Stewart Macaulay1 ) the ‘paper-deal’ often differs from the ‘real-deal’ and where contracting parties may choose to rely upon norms present in relational contracts rather than opt for strict enforcement of the contractual terms. For example, a tenant who is 5 years into a 10-year commercial lease may be unable to pay his rent on time due to changes in his financial circumstances. Based on the desire of both parties to maintain an ongoing relationship, the landlord may decide not to enforce the strict terms of the contract and instead, come to an informal arrangement with the tenant to allow for later payments. The landlord may even forego rent altogether for that month to preserve the relationship. In practice, parties may choose not to seek the performance of the contract for a variety of reasons, including costs of performance or enforcement and the desire to maintain goodwill. In this sense, smart contracts remove such a choice for parties to a transaction, as well as the opportunity to demonstrate they can be trusted to perform their obligations. 

To adapt to changing circumstances, smart contracts often use oracles to decide whether pre-determined conditions have been met. An example is Fizzy, an insurance product launched by AXA that utilises smart contracts on Ethereum’s public blockchain. This product enables individuals to automatically receive compensation if their flight is delayed for more than two hours, upon payment of an insurance premium. The need for external data (in this case, flight delay information) provided by a third party outside the blockchain means that an element of trust will remain – the oracle must be itself of a trustworthy nature. An essential solution to the problem of adaption becomes a new problem of trust.

Third, it is questionable whether code itself can encapsulate the nuances of all contractual provisions and reflect the wishes of the parties. Of course, natural language does not always capture perfectly the parties’ intentions. Parties may deliberately leave some ambiguity in contractual provisions to allow for flexibility and reduce the cost of negotiations. Parties may also want to include terms involving a subjective element, such as an obligation to act in good faith or to apply one’s best efforts in performance. Such clauses often depend on a high degree of interpersonal trust between the parties. On the other hand, the logic of code is precise. There is no room for ambiguity even if it would achieve desirable outcomes for the parties’ relationship, such as reinforcing or even enhancing their mutual trust. The use of hybrid arrangements, whereby a natural-language contract is linked or refers to a smart contract or vice versa, may go some way to address this issue. Financial institutions, law firms, and legal tech players have been actively developing this space. It remains to be seen whether the presence of traditional contracts in hybrid arrangements can help to overcome these limitations.

The ‘trustlessness’ of smart contracts is a misnomer. The use of smart contracts may facilitate the entry into transactions with others with whom we have no prior social ties, no past experience and whose reputation is unknown, thereby reducing the need for interpersonal trust between contracting parties. However, smart contracts raise a new set of trust issues. A closer interrogation shows a fundamental re-allocation in institutionalised trust taking place, from reliance on traditional ‘trusted third parties’ to a system of code and powerful actors within this system. Furthermore, opportunities for fortifying interpersonal trust, especially in longer-term contracting relationships, may be lost in the context of smart contracts. Finally, limitations in what smart contracts can do for now mean that we will still have to trust our traditional system of contracts.

1.’The Real and the Paper Deal: Empirical Pictures of Relationships, Complexity and the Urge for Transparent Simple Rules’ (2003 Modern Law Review Vol 66(1), 44-79)

Dr Mimi Zou is the inaugural Fellow in Chinese Commercial Law at the University of Oxford 

Grace Cheng is a Barrister at Field Court Chambers 

 Marta Soria Heredia is a Research Assistant at the Faculty of Law, University of Oxford.