Can someone give me a good use case (even better if you're doing it yourself) for a smart contract?
What is anyone doing with them that they find really handy?
I've never been able to understand how it gets used / why you would use smart contracts. I've googled and read... still don't grok it.
I've seen so many "benefits" listed, but none make sense to me as far as the process you go through and how it works out in the end. Often it's described as a magic thing that eliminates the use of "intermediaries" and so on. I suppose that is true but you only get to that by going through all the complexity of from making sure someone writes a good contract / getting folks from the outside to review and validate it and so on. I'm not sure that saved a lot in the end.
Much like a most things blockchain I find these ideas (not bad ones) and then the practical usage ... much less than ideal.
I'm a reasonably intelligent person. My job requires me to learn complex technical details about a bunch of different domains - it may take me a while to grok it all, but I usually can once I do my research.
The thing that is striking to me whenever smart contracts come up is how extremely rare it is to be just presented with a simple, understandable, real-world use case that is an improvement over existing alternatives. Instead, so often you get:
1. Long missives about how the technology is really cool, but that completely sidestep the original question: show me a simple example of what a smart contract is used for.
2. Lots of examples that are only relevant to crypto in the first place (i.e. just speculating on valuation movements in crypto). What I mean by this is that the purpose of finance (at least the intended purpose) should be to provide capital for real goods and services. Pretty much all of the smart contract examples I've seen are just, for example, triggers related to the prices of a bunch of different tokens.
I would honestly be thrilled if someone could just give a simple example of someone actually using this stuff in the real world.
OK, please commence all the "HN just always hates on crypto" non-responses... (this last sentence is sarcasm but also born out of frustration of getting straightforward answers in this domain).
Escrow is the simple thing. Suppose you want to buy a house or a car, and you show up with a bag of money and someone else shows up with a set of keys. How to proceed without the transaction requiring trust between people who don't know each other? If you physically get the car/house/keys, what guarantees that title was transferred as expected? Depending on the cash volume and the jurisdiction, there is basically no established mechanism for doing this peer-to-peer. If you're "lucky" then you see a whole industry of middle-men created around trying to solve /skim on this, which then increases the costs of transaction (say realtors or car dealerships). If you're unlucky, then there's simply no way to have a trust-free transaction, and you just weigh the risk and take it or leave it.
This does seem solvable, right? Because there's only a few APIs (bank transfers, title queries) that are involved in a fully automatic escrow. Such escrow could be provided as a free service by the government, or it might be pay-per-use (and simply cost less than markup from dealerships/realtors).
Arguably the most popular use case is that smart contracts are used to create decentralized exchange services. See: Uniswap.
They are also used extensively in the crypto sub-genre called DeFi, or decentralized finance. One of the most popular implementations is called Aave, which allows one to take loans out (i.e. give the contract Ether as collateral, receive an amount of USD stablecoin in return) on a given set of assets.
Of course every NFT you ever heard of is essentially its own smart contract (specifically one that implements the ERC-721 standard of functions and public variables), though I'm not sure that qualifies as a 'good' use case. ;)
This answer right here is, in my opinion, one of the most interesting use cases that is available today.
Provide collateral and take out a loan against that collateral. It allows people to act as their own bank. No longer do you have to go to a bank, ask for permission and then get approved for a loan. Now, you can do that yourself, instantly, without any trouble at all. Amazing really.
What are those loans used for today? Well, mostly it is about interest rate arbitrage and providing liquidity. As a super basic example, you can borrow funds at 2% and then lend them out again at 3% and make 1%. It is essentially risk free (assuming the contract doesn't have bugs/exploits).
The larger picture will be to enable people to be their own Kiva's. Crypto often is pushed to 'bank the unbanked', but it is more than just holding money. It is enabling people to borrow against their existing holdings, effectively allowing anyone, globally, to put their savings to work for them, without having to rely on a centralized banking system to do so. This might not be interesting for USA people, but it is especially valuable in countries that don't have a stable banking system.
For the record NFTs get a bad reputation because the public associates them with silly pictures traded for outrageous prices. However NFT simply means that the token itself is not fungible and can therefore be used to refer to something specific that does not have to be art at all. Tickets would be an example that multiple teams are working on using the same tech, although they may not refer to it as NFT because the name is tainted.
Ethereum name service, more commonly known as ENS.
In ethereum address appear like 0x233eb...042, ENS let's you associate a human readable name like nick.eth with that address.
Works similar to DNS, turning IP addresses into something we humans recognize.
What's the pro of using a smart contract? (DNS works without one).
With a smart contract you can have immutable data store (assuming ethereum continues) that can give you ownership over your name, like nick.eth.
What's the con?
It's immutable which means people can own names they shouldn't with no mediation process possible.
Like a lot of things in life the system is good as long the system works for you, but not everyone is lucky enough to exist in a system that works well enough.
I posted the sibling comment basically dumping on smart contracts, so I wanted to thank you very much for posting this - it helped me understand smart contracts better in my mind and helped crystallize places where they could be useful.
I knew vaguely about ENS (primarily just by seeing .eth addresses), but your comment led me to dig in to how it works. I think the bit of "eureka" moment I had is that smart contracts are really only useful for shuffling around ownership of "pure data", and then it's up to everyone else to interpret what that data actually means.
That is, for an eth name, it's really just storing an association of the name with another piece of data, and putting a mechanism in place for who gets to control that association (i.e. how bidding for a name works). It's then up to other people to decide how (or whether) they want to "interpret" that association. In my mind it's quite similar to NFTs. All NFTs really store is an association that says "this person 'owns' this other piece of data called X, and that other piece of data X actually refers to this shitty digital image of a bored ape." But, of course anyone else can copy the bits of that shitty digital image and do whatever they want with it - it's only if enough people agree that "yes, that NFT really does mean that shitty digital image" for it to be worth anything.
It also helped me because with most contracts people think about how "things in the real world" need to be verified in order to determine contract performance (did the price of wheat go up, was the vacation rental as advertised), but smart contracts really are quite useless in those examples. But there are some examples where you're just storing pieces of data and you do not care about what happens "in the real world". Thus, I still feel smart contracts are often greatly oversold (and often misunderstood) by their boosters, but there are specific "data-mapping" use cases where they make sense. I also appreciate that you pointed out the downsides of not having a mediation process, which I think many crypto boosters think of as a feature but many people feel is a bug in the real world.
Anyway, you really helped me think about this more clearly, and I appreciate it.
At the bottom, it’s an address holding a program that can release funds to another address or a group of addresses (which may be wallets or other smart contracts) based on some predefined conditions.
There’s technically no limit to what you can implement, but there’s no killer app yet, and it’s questionable if there ever will be. For me, it’s mostly an interesting piece of tech to learn about.
I have no direct affiliation with this service (nor am I a user of it) but I recently learned about "Pool Together" which is a "lossless" lottery system. It's a daily lottery that happens automatically, you do not need to collect as it happens automatically, and you can withdraw all of your capital at any time.
First off, wanted to say thanks very much for posting this, primarily because I think it is an example that is straightforward and easy to understand. That said, I'm also thinking "if this is one of the best, straightforward examples people are talking about when referring to 'the value of smart contracts', then smart contracts are just nowhere near the important tech its boosters believe." (To be clear mteigers, not directing this at you, just saying this because what you've posted is probably the best example of a real-world use case I've seen).
In summary, what PoolTogether (https://pooltogether.com/) does is basically act like a normal savings account, except instead of you getting 4% interest a year or whatever, that interest is all pooled and then given out in big chunks at random - most people get nothing, but "winners" will get what is essentially everyone else's interest. Some notes:
1. I'm not clear what activity they're engaging in that actually generates interest (e.g. who they're lending to in order to generate a spread), but in fairness I didn't spend much going into the details. That said, if they really are generating income by lending, then I'm very curious how they can't suffer from some of the same negative edge-cases inherent in fractional reserve banking, like a run on the bank. If they are not generating real income from lending, I'm very suspect about how they can really be generating interest. Again, I didn't look much into this, so totally admit I could just not be understanding the details here.
2. I see absolutely no real benefit that comes from doing this as a smart contract vs. just doing this as any other kind of normal software (e.g. what core banking software provides), despite what their blurbs on the website say.
So still just dumbfounded by the lack of real utility in any of these smart contract examples I've seen.
Sounds really unnecessary. What is there not to trust in an actual lottery? Are the people that go on TV to show the results not worth the job they have?
Why does the website have a starting sentence that includes:
"a passion project I hold dear to my heart."
What is it about lotteries or smart contracts that have people that saying "dear to my heart". The only thing "dear to my heart" is probably my wife and family. I don't know how something related to money could be. And I have a hard time trusting a person that has a passion project dear to their heart related to lossless lottery systems.
That sounds amusing ... albeit the lottery aspect makes me suspect shenanigans. Is anyone reading the contract to understand if it really is what it says it is?
One of those issues is of course that people will need to find someone who can read the contract for them, and hope they get it right.
Still, good example that is easy to get, seems like easy to code and work.
Correspondent banking. So say a bank in the States needs to send money to one in Spain. They may not have a relationship, so they go through an intermediary bank.
You can use a smart contract to eliminate the trust in the intermediary bank, so eliminating that counter party risk
bankC creates a secret number, hashes it and sends it to bankA. bankA sends money to bankB locked to hash. bankB can't get money until they have that secret number. bankB sends money to bankC locked to hash. bankC reveals secret number to bankB to unlock that money. bankB does the same with bankA.
Tada, we eliminated the risk of bankB running away with money. This is the lightning network
Typically I like to read HN comments for insightful discourse focused on details of the topic at hand by relevant experts. It is a terrible failing of HN that this useless comment is promoted to the top.
It is like if there were a detailed blog post about rusts type system and I was to comment “Why would anyone use rust when they could use X instead?”
I find posts like this honestly infuriating because its like you don't know the first thing about an entire, specialized field, yet because its something taking place in tech you feel like you're qualified to write about it. Ask the same question about chemistry, biology, electrical engineering, or any STEM subject, and here's the actual answer: it's beyond the scope of a comment on hacker news to spoon feed you an entire fucking field in a way that will make sense to you.
You will have to read papers, and think about what works and doesn't, over years to understand what is going on. And to be ahead of the curve -- you'll also have to do your own experiments that 9/10 won't yield any interesting results. In the blockchain and 'crypto' industry we also have the problem that entry is easy while skilled execution is not. Consequently: many fuck-ups have happened. It's easy to point to them and say that 'this is the industry' but its really not. Those are a few bad eggs.
I genuinely cannot tell if this comment is veiled sarcasm or not. That or a question about concrete, practical examples of this tech and what unique advantages smart contacts bring to the table has hit a real nerve and set you off. If the latter is the case, that is of course a telling answer in itself.
Genuine question from someone on the outside watching all of this: then who are these things for? Apparently not me, nor GP, nor my mum and dad. Are we waiting until the Smart People sort out all of these complex details to make this stuff accessible for regular people?
Nah, supporters of most of the tech (chemistry, biology, EE, whatever) can easy explain applications to layman, as well as explain why one would use it over alternatives.
There are some exceptions of course -- one example is "memristors", an very specialized EE concept that claims to revolutionize computing for least 20 years and yet never does. And if you look at its HN discussions, you'll see mostly skepticism and negativity, kinda like for blockchains.
counterpoint: engineers building complicated things /and then looking for a problem they would solve/ is bad.
if you are unable to easily explain it to a human who isn't your profession, it's snake oil.
what's a tooth filling? it's a bio-safe, quick setting, similar plasticity to your teeth enamel.
what's shipping logistics software? it's not wasting an idle or half empty truck.
what's S3? durable object storage.
what's the TLS certificate transparency chain? an append only, low power proof of what the CA's issued. No blockchains or smart contracts involved because it's less expensive and less absurd.
what's sigstore? an append only, low power signing proof of binaries, docker images, git commits, etc. No blockchains or smart contracts involved because it's less expensive and less absurd.
Too many blockchains and smart contracts and such seek to be "the engine" that everything runs on. They want web 3.0 because they want a do-over to be kingmakers.
what's HTTP/HTML? a simple way to exchange data between webservers & web browsers, the universal engine.
Yet knowing a lot about crypto and blockchain, thinking about what works and doesn't, and over years reading papers and understanding the technology...
I can not think of a single usable problem that blockchain solves.
We did what I thought was an interesting use case. Giving artists an ability to manage royalties in perpetuity for sales of a digital artwork through cryptography. Here is the breakdown:
From my understanding a smart contract is like a web backend, with completely transparent business logic and data, so anyone can interact with it without any intermediary. If you can deploy your program (smart contract) on the ethereum blockchain or any of the L2 chains, then all the costs of interacting with it and maintaining its data layer are borne by the market participants.
Because of these properties you can create entirely open market infrastructure that anyone can use, which means reduced compliance costs (measured in opportunity and not money) and regulations for the participants.
On the flip side, the issue is that most people are stupid, don't know shit about what they are doing, and the tech itself is vulnerable to all sorts of race conditions because of flaws in Solidity language and the EVM itself which can enable hacks.
I am personally very sympathetic to the crypto efforts and not as sympathetic with the skeptics, because I find the centralisation of the web by some American players to be more dangerous than some individuals losing their life savings playing on web3.
Governance of next-generation automated economies and societies.
It's one thing to make a promise to someone. It's another to marry your business procedures directly to immutable code which guarantees to users, employees and partners that the business operates in the intended and described way.
Most of these benefits require your company to be digital in nature, but many asset-based economic systems can benefit from it.
For example, automatic, trustless guarantee of both quality of transport and payment for shipping goods. Sensors in a transport vehicle continually update a decentralized semi-private blockchain, proving that an item never left a refrigeration state, or was not tampered with.
Automatic payment could be achieved by placing the item inside a locked stationary container at point of delivery and validating through this blockchain that all requirements were met.
A system like this could go even further to make guarantees to the end customer, who could verify at point of sale that their food item remained fresh.
> For example, automatic, trustless guarantee of both quality of transport and payment for shipping goods.
I am very, very skeptical your example would work purely with smart co tracts for this.
I can think of a bunch of ways where real world interactions would cause all sorts of problems that would have to be sorted out by regular contract law.
When architected correctly (as with pretty much all software), it allows for a service to live (effectively) forever, independent from the creators of the service.
Example: I create a smart contract where everyone can post an IPFS hash to it, with added functionality to be able to post on someone's behalf if they give a signature to do so.
(This simple example is deliberately chosen to be a starting point. More complex functions & services can be derived from this starting point alone.)
If I were to kick the bucket, or if I'm not capable of contributing to its development, the service is still accessible to everyone else. If someone else wants to keep developing the service, they can do so via the contacts defined endpoints.
To me, the positives of this starting point outweigh the technical complexities involved with its development & maintenance. It varies wildly for others, but for me, this is the anchor point from which I can build something that can last long after me.
I am building an incentivized market to keep data available on the web(3) without having a centralized entity taking care of it. Without a smart contract running on a block chain this isn't possible. https://permanentum.io
I don't see any good answers here so I'll give it a try.
Smart contracts can be used to build voting systems, multi-signature agreement systems, escrow systems, exchanges etc. But all of these rely on data being in the crypto world e.g. on blockchain.
The most powerful emerging use case for smart contracts is verifying zero knowledge proofs. Using groth16 or PLONK you can compress any amount of information or computation into a constant size proof (constant in both size and verification complexity [1]). This leads to the question, what is the use case for zero knowledge proofs?
TLS notarization: a user can prove they received data from a website by proving the signature in the TLS session. So e.g. i could prove how many twitter (sorry, X) followers i have by proving an element in the HTML that is signed by twitter, or prove that i have a dm with individual X (not the company, a variable meant to indicate some person). This can be extended to proving e.g. bank account balances using TLS signatures. The idea is such a TLS proof can be ingested on the blockchain so anything on the internet can be used as a logical condition for a smart contract. https://tlsnotary.org/
^ a similar case exists for email data verification using RSA
Private user data: companies can track information about users without knowing what information belongs to what user. The idea is, the user data is stored inside a ZK proof and the user manipulates the data in ZK, then provides a proof to the web application that they manipulated it in a way that follows the rules defined by the application. A simple example might be ZKFlix. Each time a user watches a movie they add an entry to their data indicating `moviedId: true`. The web application can store the user state without knowing which user watched which movie. Put more simply, each change to user data is attributed to an anonymous actor. Theoretically it should be possible to build websites with the same functionality of existing websites, but where the website is non-custodial of the user data (this isn't strictly blockchain related). This type of system allows users to make proofs about their application user data and submit them to the blockchain.
^ the more general case is building a state system that exists entirely in ZK and putting a state root on the blockchain. Then anything about the state system can proven onchain
These are the examples I have off the top of my head (though i do work in this space). I think smart contracts by themselves lack functionality and resort to hacky things like permissioned oracles. Combined with ZK though smart contracts become a financial system that is trustlessly bound to the internet. The hard part is making the internet provable as sequences of polynomials.
Hard agree that the current user experience sucks though. I'm of the opinion that in the future users won't directly interact with the blockchain the same way a user doesn't interact directly with e.g. postgreSQL. If to make an account on a website you had to write an SQL query inserting the row that would be a similarly bad experience to managing your own private key xd
[1]: The scaling isn't strictly constant, but small enough to be considered for practical purposes constant
Well it was the same with the internet itself. It's prone to hacks, bugs, and outage, and yet today we all use it to manage our finances and make payments.
Well, for the internet you could say “it allows stores to show pages with their products, and people can choose what they want to order, give their address and pay it with credit card , all without leaving their home”
That’s a pretty obvious killer feature of the internet
Smart contracts are fundamentally a business technology where money is hosted & manipulated natively on the platform.
This is pretty awesome & could be very dirsuptive.
The problem is at least in ecosystems such as Ethereum you have a single line of defense, your smart contract code. And that code is written in a poor language with very little security features.
Worst if something go wrong you can maybe pause, suicide your contract before your money is gone (what goes again the very principle of the platform) or if you are lucky & worked very hard on this you might have the chance to upgrade your contract.
The result is any contract being used seriously need to go through a long & very expensive by one of the few serious company is this field.
For now the Ethereum project have been very focused on solving the scalability & decentralization problem but my guess is without big progresses on the smart contract security & developer experience front no serious actor will ever consider adopting the platform.
There is a thriving community of security researchers and engineers in the smart contract auditing space.
Services like code4rena (https://code4rena.com/) and sherlock (https://www.sherlock.xyz/) make audits a public and competitive process with leaderboards that track the best of the best. Naturally those that rise to the top of these leaderboards tend to end up offering boutique auditing services due to projects wanting audits from the best of the best in the business.
Trust (a pseudo-anonymous auditor's handle) launching Trust Security (https://www.trust-security.xyz/) is a perfect example of someone who turned public contest success into a highly sought after auditing firm. There are other examples, but overall smart contract security is undeniably improving over time.
Yes but as you see on code4rena the cost of an audit is about $100k.
What is ballpark what a company would pay to have a security audit of their website or network for example.
So I would guess Ethereum has become an "Enterprise" technology because of the prohibitive cost of security of its applications?
From what understood originally, blockchain & Ethereum aimed removing those actors like banks who can afford high cost of licenses, compliance & security of complex systems.
Meaning you could write and execute your will without a lawyer and a court system, or write a smart contract to manage a condominium and its treasury with the other landlords (a $100k audit is out of the question for those use cases).
We are hearing less and less about those use cases and talk more and more about "Enterprise Ethereum" (https://ethereum.org/en/enterprise/) as we find out that developing for the platform will be as complex & expensive as for a big corporation.
Do any of the audits ever come back clean i.e. no detected defects?
Are those audits actually serious and representative of the resources available to a profitable attack? Many smart contracts manage millions, tens of millions, hundreds of millions and up in value. Do they actually do multi-year audits with a team of 5 that come back clean?
Do they seriously believe and publicly state their design processes are better than the best IT systems by Google, Apple, Amazon, NSA, FBI, etc.? Because those organizations can not get clean audits against red teams with multiple people and a few years to work.
That would be a extraordinary claim, do they have the extraordinary evidence to back up that claim? Do they even have any verifiable evidence at all to back up that claim other than more marketing drivel?
If the answer to all of that is not yes, then it all sounds like a house of cards and just more “security” bullshit to me.
Yes you're right, there are very talented companies, but that's actually what the OP has been saying... These companies exist because of the language. No language is perfect but Solidity is very imperfect to say the least
These challenges are very interesting https://ethernaut.openzeppelin.com/. The thing is, almost none of these hacks could be possible, if Solidity would be better
You're literally commenting on a post that is a reference to a website that is trying to encourage a higher level of security in smart contracts. People are working on solving this issue.
It's a misunderstanding that smart contracts are just about money. What you have in essence is decentralized verifiable computation, which can and often is used for finance stuff, but isn't limited to that at all.
Every time I hear about another massive hack on Ethereum, I feel a little bit sad that I didn't specialize in software security. For many years there was huge amounts of free cash just sitting on a table waiting to be taken, a victimless crime (VCs and cryptobros are not victims, everyone is playing the same game).
I expect the low-hanging fruit has gone now. And setting up spearfishing attacks to scam teenagers out of their NFTs doesn't seem as noble (or as profitable).
It's amazing how quickly code-is-law becomes regular law is law when the code allows all your money to be stolen. And that is the nail in the coffin of this ideology, proponents of blockchain claim one day your house deed will be on the blockchain. What happens when people hack your house away from you then?
At most you are going to make a few thousand, maybe if you're super lucky and skilled, a few tens of thousands of dollars on bug bounties. Compared to the amount of poorly-secured money that was/is in crypto, it is a pittance.
Add to that the fact that many of the hacks are largely legal consequence free due to crypto's famous lack of regulation (by design, lol), the economics are far more skewed towards the black hats over the white hats.
I appreciate how organized the Consensys guide is laid out. It's pretty easy to read. Trail of Bits has a similar guide that is a little more in-the-weeds technically. It also covers, what we think is, essential background about certain automated analysis techniques like static analysis and how fuzzers work. Check it out!
Hi Dan! Small correction: This is not a ConsenSys guide. It's my own work. As a private person. :)
More content on offensive security techniques is yet to come, so stay tuned!
Beyond the hype, my organization finds that smart contracts are a good area for research in software security methods such as static and dynamic analysis. The reason is that smart contracts are very small compared to general codebases and have a lot of real risks linked to money.
For example, here [1] the thesis is that when TVL rises, the probability of being hacked also rises which means that at some point there is not budget that can scale to protect your TVL.
Has anyone tried vyper instead of solidity and if so does it help mitigate any of these security issues? I haven’t tried it because audited libraries are critical to smart contract development and I don’t know if any decent ones outside of solidity.
Readit News
What is anyone doing with them that they find really handy?
I've never been able to understand how it gets used / why you would use smart contracts. I've googled and read... still don't grok it.
I've seen so many "benefits" listed, but none make sense to me as far as the process you go through and how it works out in the end. Often it's described as a magic thing that eliminates the use of "intermediaries" and so on. I suppose that is true but you only get to that by going through all the complexity of from making sure someone writes a good contract / getting folks from the outside to review and validate it and so on. I'm not sure that saved a lot in the end.
Much like a most things blockchain I find these ideas (not bad ones) and then the practical usage ... much less than ideal.
I'm a reasonably intelligent person. My job requires me to learn complex technical details about a bunch of different domains - it may take me a while to grok it all, but I usually can once I do my research.
The thing that is striking to me whenever smart contracts come up is how extremely rare it is to be just presented with a simple, understandable, real-world use case that is an improvement over existing alternatives. Instead, so often you get:
1. Long missives about how the technology is really cool, but that completely sidestep the original question: show me a simple example of what a smart contract is used for.
2. Lots of examples that are only relevant to crypto in the first place (i.e. just speculating on valuation movements in crypto). What I mean by this is that the purpose of finance (at least the intended purpose) should be to provide capital for real goods and services. Pretty much all of the smart contract examples I've seen are just, for example, triggers related to the prices of a bunch of different tokens.
I would honestly be thrilled if someone could just give a simple example of someone actually using this stuff in the real world.
OK, please commence all the "HN just always hates on crypto" non-responses... (this last sentence is sarcasm but also born out of frustration of getting straightforward answers in this domain).
This does seem solvable, right? Because there's only a few APIs (bank transfers, title queries) that are involved in a fully automatic escrow. Such escrow could be provided as a free service by the government, or it might be pay-per-use (and simply cost less than markup from dealerships/realtors).
They are also used extensively in the crypto sub-genre called DeFi, or decentralized finance. One of the most popular implementations is called Aave, which allows one to take loans out (i.e. give the contract Ether as collateral, receive an amount of USD stablecoin in return) on a given set of assets.
Of course every NFT you ever heard of is essentially its own smart contract (specifically one that implements the ERC-721 standard of functions and public variables), though I'm not sure that qualifies as a 'good' use case. ;)
Provide collateral and take out a loan against that collateral. It allows people to act as their own bank. No longer do you have to go to a bank, ask for permission and then get approved for a loan. Now, you can do that yourself, instantly, without any trouble at all. Amazing really.
What are those loans used for today? Well, mostly it is about interest rate arbitrage and providing liquidity. As a super basic example, you can borrow funds at 2% and then lend them out again at 3% and make 1%. It is essentially risk free (assuming the contract doesn't have bugs/exploits).
The larger picture will be to enable people to be their own Kiva's. Crypto often is pushed to 'bank the unbanked', but it is more than just holding money. It is enabling people to borrow against their existing holdings, effectively allowing anyone, globally, to put their savings to work for them, without having to rely on a centralized banking system to do so. This might not be interesting for USA people, but it is especially valuable in countries that don't have a stable banking system.
In ethereum address appear like 0x233eb...042, ENS let's you associate a human readable name like nick.eth with that address.
Works similar to DNS, turning IP addresses into something we humans recognize.
What's the pro of using a smart contract? (DNS works without one).
With a smart contract you can have immutable data store (assuming ethereum continues) that can give you ownership over your name, like nick.eth.
What's the con?
It's immutable which means people can own names they shouldn't with no mediation process possible.
Like a lot of things in life the system is good as long the system works for you, but not everyone is lucky enough to exist in a system that works well enough.
Crypto* is trying to make things better.
edit: *some people are others are not
I knew vaguely about ENS (primarily just by seeing .eth addresses), but your comment led me to dig in to how it works. I think the bit of "eureka" moment I had is that smart contracts are really only useful for shuffling around ownership of "pure data", and then it's up to everyone else to interpret what that data actually means.
That is, for an eth name, it's really just storing an association of the name with another piece of data, and putting a mechanism in place for who gets to control that association (i.e. how bidding for a name works). It's then up to other people to decide how (or whether) they want to "interpret" that association. In my mind it's quite similar to NFTs. All NFTs really store is an association that says "this person 'owns' this other piece of data called X, and that other piece of data X actually refers to this shitty digital image of a bored ape." But, of course anyone else can copy the bits of that shitty digital image and do whatever they want with it - it's only if enough people agree that "yes, that NFT really does mean that shitty digital image" for it to be worth anything.
It also helped me because with most contracts people think about how "things in the real world" need to be verified in order to determine contract performance (did the price of wheat go up, was the vacation rental as advertised), but smart contracts really are quite useless in those examples. But there are some examples where you're just storing pieces of data and you do not care about what happens "in the real world". Thus, I still feel smart contracts are often greatly oversold (and often misunderstood) by their boosters, but there are specific "data-mapping" use cases where they make sense. I also appreciate that you pointed out the downsides of not having a mediation process, which I think many crypto boosters think of as a feature but many people feel is a bug in the real world.
Anyway, you really helped me think about this more clearly, and I appreciate it.
There’s technically no limit to what you can implement, but there’s no killer app yet, and it’s questionable if there ever will be. For me, it’s mostly an interesting piece of tech to learn about.
I thought that was a decently novel use case.
In summary, what PoolTogether (https://pooltogether.com/) does is basically act like a normal savings account, except instead of you getting 4% interest a year or whatever, that interest is all pooled and then given out in big chunks at random - most people get nothing, but "winners" will get what is essentially everyone else's interest. Some notes:
1. I'm not clear what activity they're engaging in that actually generates interest (e.g. who they're lending to in order to generate a spread), but in fairness I didn't spend much going into the details. That said, if they really are generating income by lending, then I'm very curious how they can't suffer from some of the same negative edge-cases inherent in fractional reserve banking, like a run on the bank. If they are not generating real income from lending, I'm very suspect about how they can really be generating interest. Again, I didn't look much into this, so totally admit I could just not be understanding the details here.
2. I see absolutely no real benefit that comes from doing this as a smart contract vs. just doing this as any other kind of normal software (e.g. what core banking software provides), despite what their blurbs on the website say.
So still just dumbfounded by the lack of real utility in any of these smart contract examples I've seen.
Why does the website have a starting sentence that includes:
"a passion project I hold dear to my heart."
What is it about lotteries or smart contracts that have people that saying "dear to my heart". The only thing "dear to my heart" is probably my wife and family. I don't know how something related to money could be. And I have a hard time trusting a person that has a passion project dear to their heart related to lossless lottery systems.
One of those issues is of course that people will need to find someone who can read the contract for them, and hope they get it right.
Still, good example that is easy to get, seems like easy to code and work.
You can use a smart contract to eliminate the trust in the intermediary bank, so eliminating that counter party risk
bankC creates a secret number, hashes it and sends it to bankA. bankA sends money to bankB locked to hash. bankB can't get money until they have that secret number. bankB sends money to bankC locked to hash. bankC reveals secret number to bankB to unlock that money. bankB does the same with bankA.
Tada, we eliminated the risk of bankB running away with money. This is the lightning network
It is like if there were a detailed blog post about rusts type system and I was to comment “Why would anyone use rust when they could use X instead?”
Please stop upvoting this comment.
You will have to read papers, and think about what works and doesn't, over years to understand what is going on. And to be ahead of the curve -- you'll also have to do your own experiments that 9/10 won't yield any interesting results. In the blockchain and 'crypto' industry we also have the problem that entry is easy while skilled execution is not. Consequently: many fuck-ups have happened. It's easy to point to them and say that 'this is the industry' but its really not. Those are a few bad eggs.
There are some exceptions of course -- one example is "memristors", an very specialized EE concept that claims to revolutionize computing for least 20 years and yet never does. And if you look at its HN discussions, you'll see mostly skepticism and negativity, kinda like for blockchains.
if you are unable to easily explain it to a human who isn't your profession, it's snake oil.
what's a tooth filling? it's a bio-safe, quick setting, similar plasticity to your teeth enamel.
what's shipping logistics software? it's not wasting an idle or half empty truck.
what's S3? durable object storage.
what's the TLS certificate transparency chain? an append only, low power proof of what the CA's issued. No blockchains or smart contracts involved because it's less expensive and less absurd.
what's sigstore? an append only, low power signing proof of binaries, docker images, git commits, etc. No blockchains or smart contracts involved because it's less expensive and less absurd.
Too many blockchains and smart contracts and such seek to be "the engine" that everything runs on. They want web 3.0 because they want a do-over to be kingmakers.
what's HTTP/HTML? a simple way to exchange data between webservers & web browsers, the universal engine.
The blockchain is less like these and more like Astrology and Palm Reading.
I can not think of a single usable problem that blockchain solves.
https://medium.com/valorize-dao/how-we-are-developing-a-smar...
Because of these properties you can create entirely open market infrastructure that anyone can use, which means reduced compliance costs (measured in opportunity and not money) and regulations for the participants.
On the flip side, the issue is that most people are stupid, don't know shit about what they are doing, and the tech itself is vulnerable to all sorts of race conditions because of flaws in Solidity language and the EVM itself which can enable hacks.
I am personally very sympathetic to the crypto efforts and not as sympathetic with the skeptics, because I find the centralisation of the web by some American players to be more dangerous than some individuals losing their life savings playing on web3.
It's one thing to make a promise to someone. It's another to marry your business procedures directly to immutable code which guarantees to users, employees and partners that the business operates in the intended and described way.
Most of these benefits require your company to be digital in nature, but many asset-based economic systems can benefit from it.
For example, automatic, trustless guarantee of both quality of transport and payment for shipping goods. Sensors in a transport vehicle continually update a decentralized semi-private blockchain, proving that an item never left a refrigeration state, or was not tampered with.
Automatic payment could be achieved by placing the item inside a locked stationary container at point of delivery and validating through this blockchain that all requirements were met.
A system like this could go even further to make guarantees to the end customer, who could verify at point of sale that their food item remained fresh.
I am very, very skeptical your example would work purely with smart co tracts for this.
I can think of a bunch of ways where real world interactions would cause all sorts of problems that would have to be sorted out by regular contract law.
When architected correctly (as with pretty much all software), it allows for a service to live (effectively) forever, independent from the creators of the service.
Example: I create a smart contract where everyone can post an IPFS hash to it, with added functionality to be able to post on someone's behalf if they give a signature to do so.
(This simple example is deliberately chosen to be a starting point. More complex functions & services can be derived from this starting point alone.)
If I were to kick the bucket, or if I'm not capable of contributing to its development, the service is still accessible to everyone else. If someone else wants to keep developing the service, they can do so via the contacts defined endpoints.
To me, the positives of this starting point outweigh the technical complexities involved with its development & maintenance. It varies wildly for others, but for me, this is the anchor point from which I can build something that can last long after me.
Smart contracts can be used to build voting systems, multi-signature agreement systems, escrow systems, exchanges etc. But all of these rely on data being in the crypto world e.g. on blockchain.
The most powerful emerging use case for smart contracts is verifying zero knowledge proofs. Using groth16 or PLONK you can compress any amount of information or computation into a constant size proof (constant in both size and verification complexity [1]). This leads to the question, what is the use case for zero knowledge proofs?
TLS notarization: a user can prove they received data from a website by proving the signature in the TLS session. So e.g. i could prove how many twitter (sorry, X) followers i have by proving an element in the HTML that is signed by twitter, or prove that i have a dm with individual X (not the company, a variable meant to indicate some person). This can be extended to proving e.g. bank account balances using TLS signatures. The idea is such a TLS proof can be ingested on the blockchain so anything on the internet can be used as a logical condition for a smart contract. https://tlsnotary.org/
^ a similar case exists for email data verification using RSA
Private user data: companies can track information about users without knowing what information belongs to what user. The idea is, the user data is stored inside a ZK proof and the user manipulates the data in ZK, then provides a proof to the web application that they manipulated it in a way that follows the rules defined by the application. A simple example might be ZKFlix. Each time a user watches a movie they add an entry to their data indicating `moviedId: true`. The web application can store the user state without knowing which user watched which movie. Put more simply, each change to user data is attributed to an anonymous actor. Theoretically it should be possible to build websites with the same functionality of existing websites, but where the website is non-custodial of the user data (this isn't strictly blockchain related). This type of system allows users to make proofs about their application user data and submit them to the blockchain.
^ the more general case is building a state system that exists entirely in ZK and putting a state root on the blockchain. Then anything about the state system can proven onchain
These are the examples I have off the top of my head (though i do work in this space). I think smart contracts by themselves lack functionality and resort to hacky things like permissioned oracles. Combined with ZK though smart contracts become a financial system that is trustlessly bound to the internet. The hard part is making the internet provable as sequences of polynomials.
Hard agree that the current user experience sucks though. I'm of the opinion that in the future users won't directly interact with the blockchain the same way a user doesn't interact directly with e.g. postgreSQL. If to make an account on a website you had to write an SQL query inserting the row that would be a similarly bad experience to managing your own private key xd
[1]: The scaling isn't strictly constant, but small enough to be considered for practical purposes constant
That’s a pretty obvious killer feature of the internet
The problem is at least in ecosystems such as Ethereum you have a single line of defense, your smart contract code. And that code is written in a poor language with very little security features.
Worst if something go wrong you can maybe pause, suicide your contract before your money is gone (what goes again the very principle of the platform) or if you are lucky & worked very hard on this you might have the chance to upgrade your contract.
The result is any contract being used seriously need to go through a long & very expensive by one of the few serious company is this field.
For now the Ethereum project have been very focused on solving the scalability & decentralization problem but my guess is without big progresses on the smart contract security & developer experience front no serious actor will ever consider adopting the platform.
Services like code4rena (https://code4rena.com/) and sherlock (https://www.sherlock.xyz/) make audits a public and competitive process with leaderboards that track the best of the best. Naturally those that rise to the top of these leaderboards tend to end up offering boutique auditing services due to projects wanting audits from the best of the best in the business.
Trust (a pseudo-anonymous auditor's handle) launching Trust Security (https://www.trust-security.xyz/) is a perfect example of someone who turned public contest success into a highly sought after auditing firm. There are other examples, but overall smart contract security is undeniably improving over time.
What is ballpark what a company would pay to have a security audit of their website or network for example. So I would guess Ethereum has become an "Enterprise" technology because of the prohibitive cost of security of its applications?
From what understood originally, blockchain & Ethereum aimed removing those actors like banks who can afford high cost of licenses, compliance & security of complex systems.
Meaning you could write and execute your will without a lawyer and a court system, or write a smart contract to manage a condominium and its treasury with the other landlords (a $100k audit is out of the question for those use cases).
We are hearing less and less about those use cases and talk more and more about "Enterprise Ethereum" (https://ethereum.org/en/enterprise/) as we find out that developing for the platform will be as complex & expensive as for a big corporation.
Do any of the audits ever come back clean i.e. no detected defects?
Are those audits actually serious and representative of the resources available to a profitable attack? Many smart contracts manage millions, tens of millions, hundreds of millions and up in value. Do they actually do multi-year audits with a team of 5 that come back clean?
Do they seriously believe and publicly state their design processes are better than the best IT systems by Google, Apple, Amazon, NSA, FBI, etc.? Because those organizations can not get clean audits against red teams with multiple people and a few years to work.
That would be a extraordinary claim, do they have the extraordinary evidence to back up that claim? Do they even have any verifiable evidence at all to back up that claim other than more marketing drivel?
If the answer to all of that is not yes, then it all sounds like a house of cards and just more “security” bullshit to me.
These challenges are very interesting https://ethernaut.openzeppelin.com/. The thing is, almost none of these hacks could be possible, if Solidity would be better
Deleted Comment
Wasn't Ethereum centralized after switching to Proof-of-Stake?
I expect the low-hanging fruit has gone now. And setting up spearfishing attacks to scam teenagers out of their NFTs doesn't seem as noble (or as profitable).
Meanwhile there are still hundreds of millions of dollars of bounties available for white-hats who responsibly disclose.
The dark-hat hackers who aren't held responsible are likely in either Russia or North Korea
Add to that the fact that many of the hacks are largely legal consequence free due to crypto's famous lack of regulation (by design, lol), the economics are far more skewed towards the black hats over the white hats.
https://secure-contracts.com/
For example, here [1] the thesis is that when TVL rises, the probability of being hacked also rises which means that at some point there is not budget that can scale to protect your TVL.
[1] https://bittrap.com/resources/defis-growing-pains:-as-tvl-ra...