In Code(r) We Trust? Rethinking ‘Trustless’ Smart Contracts

Trust is an integral aspect of all human relationships. Trust facilitates social cooperation and coordination. Contractual relationships are no exception. Non-legal mechanisms such as reputation and societal constraints may induce parties to perform their end of the bargain. However, in the event of non-performance, a promisee can rely on the ‘system’ of contract law with its established rules, principles, and institutions to ensure their bargain is upheld or else seek a suitable legal remedy.

What if we no longer need to trust the counterparty or a system of rules and institutions such as contract law to carry out a transaction? This is the claim of ‘trustlessness’ that has been associated with smart contracts.

First propounded in 1997, smart contracts were then described (by Nick Szabo) as ‘a set of promises, specified in digital form, including protocols within which the parties perform on these promises’. Other definitions have generally described smart contracts as autonomous software agents: codes or protocols that automatically self-execute upon the fulfilment of pre-determined conditions. The recent renewed interest in smart contracts has emerged from breakthroughs in distributed ledger technologies (such as blockchain) which make smart contract applications more practically significant.

At first glance, smart contracts appear to do away with the need for trust in the counterparty. Since performance is automatic, smart contracts enable the promisee to obtain what has been promised, without the need to depend on interpersonal trust or a system of contract law. However, if we take into account the social, economic, and political contexts in which smart contracts operate, do they override the need for trust? Are they really ‘trustless’? We argue that a new set of trust concerns arise in the context of smart contracts, especially when they run on blockchain.

First, the reliance on computer software is not without risk. Bugs and errors in the code or a malfunction in the system can bring about undesirable and unpredictable consequences, especially if the smart contract is linked to the transfer of assets. A smart contract is not able to discern the subjective intention of a bona fide party from that of a hacker and will execute provided that the correct inputs are provided, allowing the hacker to exploit the coding error for their own profit.

A high-profile example of such a risk materialising is the collapse of The DAO. The DAO was the first attempt to implement a Decentralized Autonomous Organization, a coded structure capable of self-governance and autonomous decision-making constructed by a myriad of smart contracts on blockchain. A bug in the code of the smart contracts enabled a hacker to use the system to ‘validly’ (according to the rules of the code) extract Ether worth approximately US$50 million. The inherent immutable nature of blockchain made the theft potentially irreversible. Ethereum had to ask miners to perform a hard fork to create an incompatible chain of data. The strategy proved successful and the funds returned.

The DAO incident suggests that trust cannot be eliminated altogether from smart contracts but rather, is transferred into the hands of coders and developers. Ultimately, we need to trust the coder in both their ability and intention. Given the power imbalance that is likely to arise between the users and the developer communities, this may over time lead to distrust amongst users in the system. The potential lack of recourse in the event bugs or malfunctions crop up, especially if they go undetected, can exacerbate distrust. Trust may not be willingly conferred in the absence of an alignment of interest between the developer communities, any stakeholder communities, and the users.

Although the use of modern technology has proliferated, it is unlikely that code will become a dominant language in the immediate future. Assuming that code remains inaccessible to all but a minority of the population, then the rise of smart contracts (especially if it becomes mainstream say in in business-consumer transactions) will increase the dependence on experts whose services are required to facilitate the entry of, and to help make sense of, the transaction that the parties wish to enter into.

Second, the self-executing nature of smart contracts means there is reduced scope for flexibility to give effect to the actual intentions of the parties. Once the code is executed, there is little or no discretion in how obligations are performed since smart contracts generally cannot be modified once set in motion.

The use of smart contracts in long-term relationships may prove to be especially problematic. Long-term relationships entail the possibility of greater uncertainty due to the natural limitation of human foresight and a greater number of permutations, including external factors beyond the control of the parties. Such relationships generally entail high levels of interpersonal trust. In these contractual relationships, (as termed by Stewart Macaulay) the ‘paper-deal’ often differs from the ‘real-deal’ and where contracting parties may choose to rely upon norms present in relational contracts rather than opt for strict enforcement of the contractual terms. In practice, parties may choose not to seek the performance of the contract for a variety of reasons, including costs of performance or enforcement and the desire to maintain goodwill. In this sense, smart contracts remove such a choice for parties to a transaction, as well as the opportunity to demonstrate they can be trusted to perform their obligations.

To adapt to changing circumstances, smart contracts often use oracles to decide whether pre-determined conditions have been met. An example is Fizzy, an insurance product launched by AXA that utilises smart contracts on Ethereum’s public blockchain. Individuals can automatically receive compensation if their flight is delayed for more than two hours, upon payment of an insurance premium. The need for external data (in this case, flight delay information) provided by a third party outside the blockchain means that an element of trust remains: the oracle must be itself of a trustworthy nature. An essential solution to the problem of adaption becomes a new problem of trust.

The ‘trustlessness’ of smart contracts is a misnomer. The use of smart contracts may facilitate the entry into transactions with others with whom we have no prior ties and whose reputation is unknown, thereby reducing the need for interpersonal or institutional trust. However, we argue that smart contracts raise a new set of trust issues. A closer interrogation shows a fundamental re-allocation in institutionalised trust taking place, from reliance on traditional ‘trusted third parties’ to a system of code and powerful actors within this system. Furthermore, opportunities for fortifying interpersonal trust, especially in longer-term contracting relationships, may be lost in the context of smart contracts.

Dr Mimi Zou is the inaugural Fangda Career Development Fellow in Chinese Commercial Law at St Hugh's College, in association with the Oxford Law Faculty and the Oxford China Centre.

Ms Grace Cheng is a barrister in London at Field Court Chambers and is admitted as a solicitor in Hong Kong.

Marta Soria Heredia is a Research Assistant at the Faculty of Law, University of Oxford.

This blogpost is based on the arguments put forward in a longer piece of the authors, which originally appeared in the Society for Computers and Law Journal, April 2019.