Yes, Smart contracts and blockchains can change the world of digital assets, their exchange, and automated administration of contracts. Much is being talked about this promise. Also people point to data transparency, irreversibility of records and irrepudiability
of transactions in a blockchain offering superior trust, integrity and security. But no one seems to talk about fundamental fraud prevention mechanisms required for all these promises to be delivered.
Consider these hypothetical but very real questions:
- What if events that trigger certain enforcements in a smart contract never reach it?
- What if someone suppresses an event if it is going to increase liabilities/ reduce asset values/ cause margin calls?
- How do you know some one really owns a physical asset in real world even though their ownership of the corresponding digital asset inside a blockchain is verified?
These are really hard to solve as they involve guessing how crooks might operate. If history is any guide, enforcement is always catching up with fraudsters as they change their tactics to stay ahead of fraud prevention technology and regulation.
So what is a FI (Financial Institution) or Government or Regulator supposed to do? I am not advocating that they give up on smart contracts, not for a moment. Rather they should first reconcile with and accept one major hypothesis:
- It will be impossible to stop all fraud in blockchains and smart contracts. Just like any other technology, there will be fraud and prevention will catch up through trial and error experiments as well as some catastrophes.
However, here are some practical steps that can minimize the impact and avoid catastrophies:
- For each use case, assess likely fraud triggers, loop holes and design workarounds. These could be in the form of vulenrability/ conformance testing of contract code, certifying data and event sources as well as delivery channels, etc.
- Evaluate speed and accuracy of alternative event sources - regulators, participants (through code of conduct enforcement), public sources, etc.
- KYC (know your customer) and KYM (know your miner) processes for participants
- Estimate maximum and minimum financial limits on likely fraud as a percentage of likely revenue or likely value of assets exchanged during business case stage
What do you think? Blockchains and smart contracts are susceptible or immune to fraud? Are there factors other than the ones mentioned here to be considered?