Ethereum - contract

Step back for a second and look at the big picture. You want my money. If I'm just willing to trust you to do the right thing with it, we don't need smart contracts. The case for smart contracts is where I'm not willing to send my money just anywhere -- I won't send it except under conditions where I am provided assurances that the money will be used as I expect it to be used.

If people trust you with their money, you can steal it. You don't need a smart contract for that. But if the sender doesn't trust you, he will insist on sending his money to a smart contract he trusts.

1 - Once my smart contract is active on the Ethereum, what prevents me from modifying the contract for my own benefit?

There is no such thing as "modifying the contract". You would just be creating some other new contract. Anyone can do that at any time, and you can do that. The trick is how you convince people to send money to the new contract.

Let's say I created a crowfunding dapp which users can use on my site www.crownfunding.com. Once users are using that dapp, as a malicious guy, I could link a new smart contract to that site sending investor's money to my own account instead of using that money for the crownfunded project? It is true? If so, what are the safeguards?

You can't send other people's money anywhere at all. Other people send their money where they want to send it. Of course if you could get people to send money anywhere you want then you can steal their money. But in that case, why use a smart contract? The whole point of a smart contract is that you can't just convince people to send money wherever you want them to, and they insist on using a smart contract to guarantee the money goes where they want.

2 - Could you tell me, in very plain words please, whether once I have created my contract code and "sent" it to the Ethereum network, I can update it? or do I have to write a new program and send it to the network (the oldest one then "dying" out of gas).

You can design a contract whose sole purpose is to decide what contract actually executes and it can use whatever rules you want make that decision. However, again, you are assuming that an attacker can get people to send money wherever he wants. If that's true, he doesn't need a smart contract to steal their money.

The whole point of smart contracts is that other people won't send money where you want them to, they'll send money only where they want to send it. And you need to provide a secure smart contract they trust for them to send money, otherwise they won't do it.

David Schwartz

Posted 2015-12-01T12:53:22.800

Reputation: 46 931

Thanks a lot for your answers David. This is much clearer to me now. Well just one last question...all that means that I, as an investor in a crowfunding website (for instance https://medium.com/@WeiFund) has access to the underlying contract code?

I might repeat myself but under that website (https://medium.com/@WeiFund) there is a backend code (smart contract code) which is linked to the user interface. Is this true? If so, Weifund could design a new (malicious) smart contract code as the backend code?

Do you get my point? sorry i'm just a beginner...;)

– blockFrance – 2015-12-02T19:05:36.590

The logic of a smart contract is that the user is not willing to send money wherever a site tells him to but instead demands assurances that the money is controlled by a smart contract they trust. Sure, if a user will send money wherever a site tells him to, then that user trusts the site, and there's little need for a smart contract. The point of smart contracts is to handle cases where that trust doesn't exist and the user won't just send money wherever the site tells them. – David Schwartz – 2015-12-02T19:54:45.967

Thank you very much for your patience;) this has been of great help – blockFrance – 2015-12-02T21:55:45.187

Hi again. If I as investor is ready to invest in Bob's crowfunding project, we have to agree on the smart contract's code. This means I need knowledge of programming codes I guess? or I need a developper who can designe the code with the other counterparty (Bob)? Is is right? – blockFrance – 2015-12-09T22:25:39.797

Most likely you would be using some client whose developers had already decided on what crowdfunding contracts they consider reliable. Your client program would know how to read the contract parameters and present them to you in human-readable form for your approval. The contract would, of course, be available for anyone to inspect and would have to be coded as clearly and simply as possible in order to gain broad support. Developers have to convince each other the contract can be trusted so that clients and crowdfunding systems support the same contract. – David Schwartz – 2015-12-09T22:28:33.673

It's much the same thing you do when you download firefox and all of a sudden you can tell if you're connected to the real "amazon.com" or not. Certificate authorities have to convince browser vendors that they're reliable so that their certificates will work in the browsers people use. – David Schwartz – 2015-12-09T22:29:30.060

Ok. much clearer again. I'm now understanding that as for a "physical contract", you have to agree on the code first. The main advantage of the blockchain being actually the prevention of malicious modifications once the contract is validated by the involved counterparties. – blockFrance – 2015-12-10T13:08:44.810

What do you mean by clients? This is clients software? – blockFrance – 2015-12-10T13:10:26.803

Yes, probably a wallet. And not just that the contract can't be modified, but that you're assured that the funds are dispersed as you expect. – David Schwartz – 2015-12-10T19:34:57.370

are you ok with my following ideas: • Crowfunding: launch a campaign for a new uber-like company. We should set up a smart contract between Youber and investors which would confirm shares (let’s create 100000 shares) in exchange for money (e.g. Ether). With the help of some developers, we could design the smart contract (its code) and a client software which could make it more readable to Youber and investors. – blockFrance – 2015-12-11T13:43:17.257

The investor would have his shares stored in its externally own account (via the client wallet). (Very useful as I now have the possibility to sell and settle that share to another wallet). Client software would just take a commission on the amounts of equity/debt raised. – blockFrance – 2015-12-11T13:46:35.973

The client’s ambition/interest is therefore to get a maximum of credibility. At first, there might be malicious clients colluding with smart contract’s developers to deceive honest investors and entrepreneurs (even if people having access to the code minimizes that risk). – blockFrance – 2015-12-11T13:46:46.970

There's really no such thing as "modifying a contract". If you modify it, it's a different contract entirely. You would need an unchanageable master contract that specifically supported the ability to take functionality from external contracts based on something that was changeable. And people would only trust such a contract, and send money to it, if what was changeable was acceptable to them. – David Schwartz – 2015-12-02T08:27:05.693

Sorry but I don't understand what you mean by unchangeable master contract? – blockFrance – 2015-12-02T09:08:52.837

and I understand that if i modify a contract, this is a different contract entirely. BUT as a user of the website, I have no possibilities to verify whether a new smart contract was not maliciously modified for the benefit of the developer? – blockFrance – 2015-12-02T09:12:53.590

I think you're missing the point. You can't "maliciously modify a contract". You can just create a new contract that's malicious. You make things unnecessarily complex and hard to understand by talking about a "change". The question is just this -- how can people know that the contracts they're sending money to can be trusted? A contract can't be changed, so issues with changes and modifications simply don't exist. – David Schwartz – 2015-12-02T10:49:35.613

Ethereum - contract

Answers