Baidu Security Research Institute: introduction to blockchain smart contract



Smart contract is an event driven, stateful code contract and algorithm contract [11]. With the vigorous development of blockchain technology represented by bitcoin, blockchain technology has gradually surpassed the era of programmable currency and entered the era of smart contract. As the core part of blockchain, smart contract is widely used in technology, which is also one of the reasons why blockchain has become a subversive technology. Through the introduction of the background knowledge and process of smart contract, this paper summarizes the characteristics and application fields of current smart contract, so as to provide certain reference for the development of blockchain smart contract technology.

1 Introduction

Blockchain uses distributed node consensus algorithm to generate and update data, and uses intelligent contract composed of automatic script code to program and operate data, which is a new distributed infrastructure and computing paradigm [10], which has the characteristics of decentralization.

The development of blockchain is mainly divided into three stages [6]. The first stage is the programmable currency led by bitcoin, the second stage is the programmable finance led by smart contracts, and the third stage is the programmable society led by decentralized applications. With the rapid development of bitcoin, the development stage of blockchain gradually transits to the second stage, and the smart contract technology led by Ethereum has been widely concerned.

In 1995, the concept of smart contract was proposed by Szabo, a Cryptologist. Due to the lack of trusted execution environment, smart contract was not applied to the actual industry. After the birth of bitcoin, because the underlying technology of bitcoin blockchain has the characteristics of decentralization, and meets the trusted execution environment required by smart contracts, blockchain can provide mutual trust among the participating nodes.

Smart contract is a kind of computer protocol. After the protocol is formulated and deployed, it can realize self execution and self verification without human intervention. From the technical point of view, smart contract can be regarded as a kind of computer program, which can independently perform all or part of contract related operations, and produce corresponding verifiable evidence to illustrate the effectiveness of contract operation. Before the smart contract is deployed, the logical flow of all terms related to the contract has been formulated. Smart contracts usually have a user interface for users to interact with established contracts. These interactions strictly follow the logic previously formulated. Thanks to cryptography technology, these interactions can be strictly verified to ensure that the contract can be executed smoothly according to the previously established rules, so as to prevent the occurrence of breach of contract.

Baidu Security Research Institute: introduction to blockchain smart contract

Table 1: comparison of traditional contract and smart contract

Smart contract is a kind of contract which improves security and uniqueness on the basis of traditional contract. The commitment defined in digital form is used to guarantee the security and reliability of the contract participants.

The smart contract of blockchain was first established in Ethereum, which uses a piece of code to realize the application of terms in processing hardware and software. This code runs in the virtual machine of Ethereum, performs operations according to specific procedures, and completes the contents of terms at the corresponding time nodes.

Ethereum is an open-source public blockchain platform with smart contract function. The Ethereum project draws lessons from the technology of bitcoin blockchain and expands its application scope. If bitcoin is a special calculator using blockchain technology, Ethereum is a general-purpose computer using blockchain technology. In short, Ethereum = blockchain + smart contract.

Compared with bitcoin, the biggest difference between Ethereum and bitcoin is that it can support a more powerful scripting language, that is, it uses a set of Turing complete script language to build applications, and allows developers to develop any application and realize any smart contract on it. This is also the most powerful point of Ethereum. As a platform, Ethereum is similar to Apple’s app store, where any developer can develop applications and sell them to users.

2 Smart contract type

Smart contract is divided into generalized smart contract and narrow smart contract. In a broad sense, smart contract refers to the computer program running on the blockchain, which has a wide range of applications. In a narrow sense, smart contract is a computer program that runs on the blockchain infrastructure, is event driven, has status, can save assets on the account book, uses program code to encapsulate and verify complex transaction behavior, realizes information exchange, value transfer and asset management, and can automatically execute [9].

2.1 scripted smart contract

The smart contract in bitcoin is called script smart contract. Because the script in bitcoin only contains instructions and data, the script instructions involved only need to complete limited transaction logic, and do not need complex loop, condition judgment and jump operation. The function is limited, but it is easy to write, and less than 200 instructions are supported.

2.2 Turing complete smart contract

The smart contract mainly running in Ethereum and super ledger is called Turing complete smart contract. Script language is designed as a simple execution language that only performs limited functions in a limited scope, which is a non Turing complete language. Although the transaction instructions written by script language can meet the application of bitcoin, it can not meet the development requirements of Ethereum platform. At present, Ethereum mainly uses two smart contract development languages: solidness and serpent.

2.3 verifiable contract smart contract

The smart contract in Kadena project is called verifiable contract smart contract. The syntax of verifiable language is similar to LISP language, which is used to write smart contracts running on the blockchain Kadena, and can realize the functions of data storage and authorization verification of contracts. In order to prevent the possible security loopholes and risks in the programming process of complex contracts, the verifiable contract language adopts non Turing complete design and does not support loops and recursion. The smart contract code written by this language can be directly embedded in the blockchain, and does not need to be compiled into machine code running in a specific environment (such as Ethereum EVM).

3 Smart contract language

3.1 Solidity

Solidity can be used to develop contracts and compile them into Ethereum virtual machine byte code to run on Ethereum virtual machine (EVM). Is a statically typed language that supports inheritance, libraries, and complex user-defined types. Although solidity syntax is close to JavaScript and is an object-oriented language, there are many differences between them

  1. Since the language embedded framework supports payment, keywords such as payable can be provided to support payment directly at the language level, which is more convenient;
  2. Because the bottom layer of Ethereum is based on account rather than utxo, there is a special type of address, which can be used to locate users and contracts, and locate the code of contracts;
  3. Because smart contract changes a simple function call into code execution in network nodes, the call mode of contract or function execution will be more emphasized in decentralized network environment;
  4. In order to ensure the atomicity of contract execution and avoid the data inconsistency in the intermediate state, once the exception mechanism of solidity occurs, all execution will be withdrawn.

Common solidity integrations include remix, visual studio extension, etc. Consider the compiler remix, which is browser based

IDE, which integrates compiler and solidity runtime environment, does not need additional server-side components. Here we use solidity to develop “Hello world”. As you can see, it returns in the decoded output_ HelloW_orld ! 。

3.2 Serpent

Serpent, like python, uses LLL to compile and eventually compiles to EVM bytecode. It can be used for development contract compilation into Ethereum virtual machine byte code. Serpent is a block encryption algorithm, which is more concise. It combines the advantages of low-level language in terms of efficiency and easy operation of programming style. At the same time, contract programming adds unique domain specific functions.

3.3 Lisp Like Language

LISP like language (LLL) is a low-level language similar to assembly. It is more simple, in essence, it is just a little package of Ethereum virtual machine directly. Is a lisp style underlying programming language, constantly updated, and with solidity belong to the same resource library.

4 smart contract operation mechanism

Taking Ethereum development platform as an example, the operation mechanism of smart contract mainly includes the following stages:

  1. Generating code: smart contract generally has two attributes: value and state. If then and what if are used in the code The statement presupposes the corresponding trigger scenarios and response rules of the contract terms. On the basis of reaching an agreement on all aspects of the contract, the evaluation determines whether the contract can be realized by smart contract, that is, “programmable”. Then, the programmer uses the appropriate development language to translate the contract content described in the natural language into an executable machine language;
  2. Compilation: generally, smart contract code written in development language cannot run directly on the blockchain, but needs to be executed in a specific environment (Ethereum is EVM, super ledger is docker container). Therefore, before uploading the contract file to the blockchain, the compiler should be used to compile the original code to generate bytecode that meets the requirements of the environment. ;
  3. Submit: the submission and call of smart contract is completed through “transaction”. When the user initiates the submission of contract file in the form of transaction, it will broadcast the whole network through P2P network, and each node will store it in the block after verification;
  4. Confirmation: the verified effective transactions are packed into new blocks. After reaching an agreement through the consensus mechanism, the new block is added to the main chain of the blockchain. The account address of the smart contract is generated according to the transaction, and then the contract can be called by the account address by initiating the transaction. The node processes the verified valid transaction, and the called contract is executed in the environment.

5 Smart contract project

The simplest contract is: upload information to the blockchain – both parties sign for confirmation – both parties reach a consensus – and the contract is stored.

Baidu Security Research Institute: introduction to blockchain smart contract

Figure 2: contract operation mechanism

Baidu Security Research Institute: introduction to blockchain smart contract

Figure 3: basic contract model

LanguageLanguage is a secure and stable distributed language, which conforms to Szabo’s design concept of smart contract. All remote communications will be encrypted.

HawkHawk is a decentralized smart contract system, which is a framework for privacy protection with smart contracts [2]. In this system, financial transactions will not be stored in the blockchain in an explicit way. Hawk compiler is responsible for compiling the program into a cryptographic protocol between the blockchain and users.

OpenBazzarOpenbazzar platform is a decentralized e-commerce platform that uses bitcoin to conduct transactions. It is an open-source platform, which directly connects users to carry out transactions and realizes point-to-point transaction network. Buyers and sellers can trade directly without the help of centralized platform, which ensures privacy.

EthereumEthereum is a blockchain platform with Turing complete programming language, including public chain and private chain, which can create any application. Using the pow mechanism of consensus mechanism, it has higher processing speed and precision, and can verify the application state without processing all transactions

It is the backbone of distributed application platform. However, the block construction time is affected by the transaction processing speed, and the block building speed is greatly affected.

CodiusCodius is an intelligent protocol released by ripple laboratory, which has the characteristics of decentralization and high security. It can realize the point-to-point transaction network. It is an open-source platform. When applied to ripple platform, the function of codius is to guide the currency circulation.

HyperledgerHyperledger is an open source blockchain platform under the Linux foundation. It runs smart contracts in the form of containers with high security.

6. Basic features of smart contract

6.1 advantages

CredibilityThe commitment of smart contract includes two aspects: one is to execute the contract automatically without trust and justice; the other is to cancel the role of intermediary in all aspects of contract execution [5]. All terms and execution process of smart contract are formulated in advance and executed by computer absolutely. Therefore, the results of all implementation are accurate and there will be no unexpected results.

No third party is required for the transactionThe intelligent contract does not need centralized authority to arbitrate whether the contract is executed according to the provisions, and the contract supervision and arbitration are completed by the computer. In a blockchain network, there is no absolute authority to supervise the execution of the contract, but the consensus mechanism is used to judge whether the contract is executed according to the provisions. The supervision mode is usually implemented by POW or POS technology. Due to the digital characteristics of smart contract, data is stored in the blockchain, and encrypted code is used to enforce the protocol to ensure that the transaction is traceable and irreversible.

Efficient real-time updatesBecause the execution of smart contract does not need the participation of human-made third-party authority or centralized agent service, it can respond to the user’s request at any time, which greatly improves the efficiency of transaction. Users only need to deal with business through the network, which saves manpower and material resources.

Lower costSmart contract has the characteristics of non-human intervention, which can greatly reduce the labor costs of contract performance, adjudication and enforcement. It requires contract makers to determine the details of the contract at the beginning of the establishment of the contract.

6.2 existing problems

IrrevocabilitySmart contract automatically performs the contract content, but in real life, the contract may be terminated due to some force majeure, illegal and other reasons. In contract law, the requirement of contract is to avoid the flexibility of lawyers to predict and negotiate possible results. However, due to the immutability of the blockchain, once triggered, the smart contract will be automatically performed, which is irreversible and has a certain rigidity.

legal effectThe drafting of smart contract needs the third-party computer programmer, and if the third-party computer programmer is responsible for the contract problems, then how to investigate the responsibility for the wrong algorithm. In terms of legal jurisdiction, smart contract, as a new type of contract, needs to be solved, such as which courts can accept litigation and how to modify the existing legal provisions.

Security vulnerabilitiesThe vulnerabilities of smart contracts can be divided into transaction sequence dependency vulnerability, timestamp dependency vulnerability, exception handling vulnerability and reentry defect vulnerability [3]. Dependency vulnerability is due to whether the execution of smart contract is correct or not is related to the state of Ethereum, and effective transactions may affect the state of Ethereum. When a new block contains two transactions, the order of transactions may cause the final state of Ethereum to be different, and the order of transactions depends on the miners, so that the execution of smart contracts depends on the operation of miners [8]. The timestamp dependency vulnerability is that some smart contracts are executed according to the time stamp in the block, and the timestamp is set by the miners according to their own time. If the time is modified by the attacker, it may lead to certain risks. When different smart contracts call each other, there may be an exception handling vulnerability. If the called contract generates an error return value but is not verified correctly, it may be attacked. If a function is called several times before the completion of execution, resulting in unexpected behavior, reentrant vulnerability may occur. Reentrant vulnerability refers to that the attacker can repeatedly call the contract by using the intermediate state of calling the smart contract without changing the state.

7 smart contract application scenarios

7.1 legal aspects

At the legal level, the blockchain smart contract can be seen as a smart contract [10], that is, the use of blockchain technology to achieve legal contracts, and transform written legal language into technology that can be automatically executed.

Taking digital rights protection as an example, open copyright agreements similar to the knowledge sharing protocol under the influence of free culture are constantly emerging. How to ensure the practical behavior of copyright is the core issue of digital rights protection. Due to the limitation of time and space, traditional copyright protection is easy to be affected in terms of copyright registration and regulatory mechanism. The emergence of digital copyright protection has greatly improved this problem and better adapted to the characteristics of diverse forms of digital assets and easy dissemination.

In terms of copyright registration, using the uniqueness and unforgeability of the calculated value in the principle of blockchain technology, different calculated values are generated for different works, and the calculated values are associated as a representative way of works, which can reduce the cost of traceability and storage of works and simplify the process of work query.

In the way of signature, the digital identity is used to sign the work corresponding to the calculated value, and the encryption technology is used to protect the digital works from being tampered with.

According to the proportion of contract code and natural language, smart contract has the following forms: 1. Contract written completely in code form; 2. Contract written in code and natural language. If the law considers that both written in natural language or in computer language are regarded as the written form of contract and the legal effect is the same, then the contract written in two languages constitutes a complete contract.

The problems that smart contract may face are that the second kind of contract is expressed in two languages. If there is a conflict between the two versions of the contract, which version shall prevail? Whether it is based on the natural language version or the code language version, the law needs to be further clarified and judicial interpretation given.

7.2 financial aspects

At the financial level, smart contracts play many roles because they can operate in the blockchain. As an economic participant, smart contract can accept and store information, eliminate manual participation, reduce cost and ensure the efficiency of contract transaction.

Taking the Internet of things as an example, the current social Internet of things includes billions of nodes sharing data through the Internet. Through the integrated application of the Internet of things, blockchain and smart contract technology, the physical equipment or property supported by the Internet of things, such as apartments, cars, parking lots, bicycles, etc., can be rented, sold or shared without middlemen [7].

At present, there are many disputes about the deposit in the rental market. Some bad landlords run away with money after receiving the deposit. The smart contract is introduced into the rental deposit. After the owner sets the amount of rental housing, the user pays the deposit to the blockchain through transaction, thus triggering the permission and obtaining the smart lock permission of the house. At the same time, the deposit is locked in the blockchain until the user decides to send another transaction to the blockchain to return the virtual key (such as paying rent). The smart contract is executed automatically. After deducting the rent in the deposit, the remaining amount is sent to the owner, and the transaction is completed. This process will reduce unnecessary time, only need to operate through mobile phone, improve efficiency and reduce risk.

However, smart contracts may bring new financial crimes and risks, such as the leakage of confidential information and the theft of encryption keys. However, it is difficult for the current courts and regulators to keep pace with the development of this technology. Due to the complexity of smart contracts, it is difficult to understand them in the eyes of some consumers, This is also one of the problems to be solved in the implementation of smart contract.

Baidu Security Research Institute: introduction to blockchain smart contract

Figure 4: subsystem node deployment

7.3 Charity

At the level of public welfare and charity, the biggest problem is that the fund flow is not transparent, so many people will not use crowdfunding platform to make charitable donations. Crowdfunding is a way to raise funds through the Internet, which is characterized by low threshold and open fund-raising. how

It has become one of the hot topics of public charity to solve the problem of transparency of fund information and strengthen supervision and supervision.

Blockchain is the genetic use of cryptographic methods to generate associated data blocks. Each data block also calls out transaction information for a certain time. Each data block contains the hash value of the previous block to verify the effectiveness of its information [12]. Smart contract can control the value flow of crowdfunding system through code contract, and convert crowdfunding business flow into smart contract code. The unchangeable and consensus mechanism of the blockchain ensures the authenticity and reliability of the data, and can improve the credibility of the crowdfunding platform.

The overall design of crowdfunding blockchain includes dual data system, dual private chain design, high-speed and reputation mechanism, smart contract design, audit and supervision design, and extensible chain design.

Due to the distributed storage architecture of blockchain, nodes with different permissions can be placed at different users, so that different users can participate in the management, and the published messages can be tracked and can not be modified. Through continuous interconnection, the blockchain can form an interconnection chain and a chain in the chain, and manage and supervise according to the unified standard, so as to solve the supervision and supervision problems of charity and public welfare.


[1] Bartoletti, M., and Zunino, R. Bitml: A calculus for bitcoin smart contracts. pp. 83–100.

[2] Kosba, A., Miller, A., Shi, E., Wen, Z., and Papamanthou, C. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. pp.839–858.

[3] Luu, L., Chu, D.-H., Olickel, H., Saxena, P., and Hobor, A. Making smart contracts smarter. pp. 254–269.

[4] Mourouzis, T., and Tandon, J. Introduction to decentralization and smart contracts, 03 2019.

[5] Pfitzmann, B., Schunter, M., and Waidner, M. Optimal efficiency of optimistic contract signing.

[6] V.Buterin. A next-generation smart contract and decentralized application platform. white paper (2014).

[7] Liu Delin. Research and application status, problems and suggestions of blockchain smart contract technology in financial field. Hainan finance_ 000_ , 10 (2016), 27–31.

[8] Zhang Jie. Overview of blockchain security. Journal of Xi’an University of Arts and Sciences( Natural Science (2020), 42–55.

[9] Wang Qun, Li fujuan, Wang Zhenli, Liang Guangjun, and Xu Jie. Principles and key technologies of blockchain. Computer science and exploration, 1 – 24

[10] He Xiaomiao. Application of blockchain Technology: smart contract and legal issues. Modern business_ 000_ , 16 (2018), 153–154.

[11] He Haiwu, Yan’an, and Chen Zehua. Overview of smart contract technology and application based on blockchain. Computer research and development_ 55_ , 11 (2018), 112–126.

[12] Huang Jiehua, Gao LingChao, and Xu Yuzhuang. Smart contract design on crowdfunding blockchain. Information security research (2017)