Can someone give me a good use case (even better if you're doing it yourself) for a smart contract?
What is anyone doing with them that they find really handy?
I've never been able to understand how it gets used / why you would use smart contracts. I've googled and read... still don't grok it.
I've seen so many "benefits" listed, but none make sense to me as far as the process you go through and how it works out in the end. Often it's described as a magic thing that eliminates the use of "intermediaries" and so on. I suppose that is true but you only get to that by going through all the complexity of from making sure someone writes a good contract / getting folks from the outside to review and validate it and so on. I'm not sure that saved a lot in the end.
Much like a most things blockchain I find these ideas (not bad ones) and then the practical usage ... much less than ideal.
I'm a reasonably intelligent person. My job requires me to learn complex technical details about a bunch of different domains - it may take me a while to grok it all, but I usually can once I do my research.
The thing that is striking to me whenever smart contracts come up is how extremely rare it is to be just presented with a simple, understandable, real-world use case that is an improvement over existing alternatives. Instead, so often you get:
1. Long missives about how the technology is really cool, but that completely sidestep the original question: show me a simple example of what a smart contract is used for.
2. Lots of examples that are only relevant to crypto in the first place (i.e. just speculating on valuation movements in crypto). What I mean by this is that the purpose of finance (at least the intended purpose) should be to provide capital for real goods and services. Pretty much all of the smart contract examples I've seen are just, for example, triggers related to the prices of a bunch of different tokens.
I would honestly be thrilled if someone could just give a simple example of someone actually using this stuff in the real world.
OK, please commence all the "HN just always hates on crypto" non-responses... (this last sentence is sarcasm but also born out of frustration of getting straightforward answers in this domain).
Arguably the most popular use case is that smart contracts are used to create decentralized exchange services. See: Uniswap.
They are also used extensively in the crypto sub-genre called DeFi, or decentralized finance. One of the most popular implementations is called Aave, which allows one to take loans out (i.e. give the contract Ether as collateral, receive an amount of USD stablecoin in return) on a given set of assets.
Of course every NFT you ever heard of is essentially its own smart contract (specifically one that implements the ERC-721 standard of functions and public variables), though I'm not sure that qualifies as a 'good' use case. ;)
Ethereum name service, more commonly known as ENS.
In ethereum address appear like 0x233eb...042, ENS let's you associate a human readable name like nick.eth with that address.
Works similar to DNS, turning IP addresses into something we humans recognize.
What's the pro of using a smart contract? (DNS works without one).
With a smart contract you can have immutable data store (assuming ethereum continues) that can give you ownership over your name, like nick.eth.
What's the con?
It's immutable which means people can own names they shouldn't with no mediation process possible.
Like a lot of things in life the system is good as long the system works for you, but not everyone is lucky enough to exist in a system that works well enough.
At the bottom, it’s an address holding a program that can release funds to another address or a group of addresses (which may be wallets or other smart contracts) based on some predefined conditions.
There’s technically no limit to what you can implement, but there’s no killer app yet, and it’s questionable if there ever will be. For me, it’s mostly an interesting piece of tech to learn about.
I have no direct affiliation with this service (nor am I a user of it) but I recently learned about "Pool Together" which is a "lossless" lottery system. It's a daily lottery that happens automatically, you do not need to collect as it happens automatically, and you can withdraw all of your capital at any time.
Correspondent banking. So say a bank in the States needs to send money to one in Spain. They may not have a relationship, so they go through an intermediary bank.
You can use a smart contract to eliminate the trust in the intermediary bank, so eliminating that counter party risk
Typically I like to read HN comments for insightful discourse focused on details of the topic at hand by relevant experts. It is a terrible failing of HN that this useless comment is promoted to the top.
It is like if there were a detailed blog post about rusts type system and I was to comment “Why would anyone use rust when they could use X instead?”
I find posts like this honestly infuriating because its like you don't know the first thing about an entire, specialized field, yet because its something taking place in tech you feel like you're qualified to write about it. Ask the same question about chemistry, biology, electrical engineering, or any STEM subject, and here's the actual answer: it's beyond the scope of a comment on hacker news to spoon feed you an entire fucking field in a way that will make sense to you.
You will have to read papers, and think about what works and doesn't, over years to understand what is going on. And to be ahead of the curve -- you'll also have to do your own experiments that 9/10 won't yield any interesting results. In the blockchain and 'crypto' industry we also have the problem that entry is easy while skilled execution is not. Consequently: many fuck-ups have happened. It's easy to point to them and say that 'this is the industry' but its really not. Those are a few bad eggs.
We did what I thought was an interesting use case. Giving artists an ability to manage royalties in perpetuity for sales of a digital artwork through cryptography. Here is the breakdown:
From my understanding a smart contract is like a web backend, with completely transparent business logic and data, so anyone can interact with it without any intermediary. If you can deploy your program (smart contract) on the ethereum blockchain or any of the L2 chains, then all the costs of interacting with it and maintaining its data layer are borne by the market participants.
Because of these properties you can create entirely open market infrastructure that anyone can use, which means reduced compliance costs (measured in opportunity and not money) and regulations for the participants.
On the flip side, the issue is that most people are stupid, don't know shit about what they are doing, and the tech itself is vulnerable to all sorts of race conditions because of flaws in Solidity language and the EVM itself which can enable hacks.
I am personally very sympathetic to the crypto efforts and not as sympathetic with the skeptics, because I find the centralisation of the web by some American players to be more dangerous than some individuals losing their life savings playing on web3.
Governance of next-generation automated economies and societies.
It's one thing to make a promise to someone. It's another to marry your business procedures directly to immutable code which guarantees to users, employees and partners that the business operates in the intended and described way.
Most of these benefits require your company to be digital in nature, but many asset-based economic systems can benefit from it.
For example, automatic, trustless guarantee of both quality of transport and payment for shipping goods. Sensors in a transport vehicle continually update a decentralized semi-private blockchain, proving that an item never left a refrigeration state, or was not tampered with.
Automatic payment could be achieved by placing the item inside a locked stationary container at point of delivery and validating through this blockchain that all requirements were met.
A system like this could go even further to make guarantees to the end customer, who could verify at point of sale that their food item remained fresh.
When architected correctly (as with pretty much all software), it allows for a service to live (effectively) forever, independent from the creators of the service.
Example: I create a smart contract where everyone can post an IPFS hash to it, with added functionality to be able to post on someone's behalf if they give a signature to do so.
(This simple example is deliberately chosen to be a starting point. More complex functions & services can be derived from this starting point alone.)
If I were to kick the bucket, or if I'm not capable of contributing to its development, the service is still accessible to everyone else. If someone else wants to keep developing the service, they can do so via the contacts defined endpoints.
To me, the positives of this starting point outweigh the technical complexities involved with its development & maintenance. It varies wildly for others, but for me, this is the anchor point from which I can build something that can last long after me.
I am building an incentivized market to keep data available on the web(3) without having a centralized entity taking care of it. Without a smart contract running on a block chain this isn't possible. https://permanentum.io
I don't see any good answers here so I'll give it a try.
Smart contracts can be used to build voting systems, multi-signature agreement systems, escrow systems, exchanges etc. But all of these rely on data being in the crypto world e.g. on blockchain.
The most powerful emerging use case for smart contracts is verifying zero knowledge proofs. Using groth16 or PLONK you can compress any amount of information or computation into a constant size proof (constant in both size and verification complexity [1]). This leads to the question, what is the use case for zero knowledge proofs?
TLS notarization: a user can prove they received data from a website by proving the signature in the TLS session. So e.g. i could prove how many twitter (sorry, X) followers i have by proving an element in the HTML that is signed by twitter, or prove that i have a dm with individual X (not the company, a variable meant to indicate some person). This can be extended to proving e.g. bank account balances using TLS signatures. The idea is such a TLS proof can be ingested on the blockchain so anything on the internet can be used as a logical condition for a smart contract. https://tlsnotary.org/
^ a similar case exists for email data verification using RSA
Private user data: companies can track information about users without knowing what information belongs to what user. The idea is, the user data is stored inside a ZK proof and the user manipulates the data in ZK, then provides a proof to the web application that they manipulated it in a way that follows the rules defined by the application. A simple example might be ZKFlix. Each time a user watches a movie they add an entry to their data indicating `moviedId: true`. The web application can store the user state without knowing which user watched which movie. Put more simply, each change to user data is attributed to an anonymous actor. Theoretically it should be possible to build websites with the same functionality of existing websites, but where the website is non-custodial of the user data (this isn't strictly blockchain related). This type of system allows users to make proofs about their application user data and submit them to the blockchain.
^ the more general case is building a state system that exists entirely in ZK and putting a state root on the blockchain. Then anything about the state system can proven onchain
These are the examples I have off the top of my head (though i do work in this space). I think smart contracts by themselves lack functionality and resort to hacky things like permissioned oracles. Combined with ZK though smart contracts become a financial system that is trustlessly bound to the internet. The hard part is making the internet provable as sequences of polynomials.
Hard agree that the current user experience sucks though. I'm of the opinion that in the future users won't directly interact with the blockchain the same way a user doesn't interact directly with e.g. postgreSQL. If to make an account on a website you had to write an SQL query inserting the row that would be a similarly bad experience to managing your own private key xd
[1]: The scaling isn't strictly constant, but small enough to be considered for practical purposes constant
Well it was the same with the internet itself. It's prone to hacks, bugs, and outage, and yet today we all use it to manage our finances and make payments.
Smart contracts are fundamentally a business technology where money is hosted & manipulated natively on the platform.
This is pretty awesome & could be very dirsuptive.
The problem is at least in ecosystems such as Ethereum you have a single line of defense, your smart contract code. And that code is written in a poor language with very little security features.
Worst if something go wrong you can maybe pause, suicide your contract before your money is gone (what goes again the very principle of the platform) or if you are lucky & worked very hard on this you might have the chance to upgrade your contract.
The result is any contract being used seriously need to go through a long & very expensive by one of the few serious company is this field.
For now the Ethereum project have been very focused on solving the scalability & decentralization problem but my guess is without big progresses on the smart contract security & developer experience front no serious actor will ever consider adopting the platform.
There is a thriving community of security researchers and engineers in the smart contract auditing space.
Services like code4rena (https://code4rena.com/) and sherlock (https://www.sherlock.xyz/) make audits a public and competitive process with leaderboards that track the best of the best. Naturally those that rise to the top of these leaderboards tend to end up offering boutique auditing services due to projects wanting audits from the best of the best in the business.
Trust (a pseudo-anonymous auditor's handle) launching Trust Security (https://www.trust-security.xyz/) is a perfect example of someone who turned public contest success into a highly sought after auditing firm. There are other examples, but overall smart contract security is undeniably improving over time.
You're literally commenting on a post that is a reference to a website that is trying to encourage a higher level of security in smart contracts. People are working on solving this issue.
It's a misunderstanding that smart contracts are just about money. What you have in essence is decentralized verifiable computation, which can and often is used for finance stuff, but isn't limited to that at all.
Every time I hear about another massive hack on Ethereum, I feel a little bit sad that I didn't specialize in software security. For many years there was huge amounts of free cash just sitting on a table waiting to be taken, a victimless crime (VCs and cryptobros are not victims, everyone is playing the same game).
I expect the low-hanging fruit has gone now. And setting up spearfishing attacks to scam teenagers out of their NFTs doesn't seem as noble (or as profitable).
I appreciate how organized the Consensys guide is laid out. It's pretty easy to read. Trail of Bits has a similar guide that is a little more in-the-weeds technically. It also covers, what we think is, essential background about certain automated analysis techniques like static analysis and how fuzzers work. Check it out!
Hi Dan! Small correction: This is not a ConsenSys guide. It's my own work. As a private person. :)
More content on offensive security techniques is yet to come, so stay tuned!
Beyond the hype, my organization finds that smart contracts are a good area for research in software security methods such as static and dynamic analysis. The reason is that smart contracts are very small compared to general codebases and have a lot of real risks linked to money.
For example, here [1] the thesis is that when TVL rises, the probability of being hacked also rises which means that at some point there is not budget that can scale to protect your TVL.
Has anyone tried vyper instead of solidity and if so does it help mitigate any of these security issues? I haven’t tried it because audited libraries are critical to smart contract development and I don’t know if any decent ones outside of solidity.
Crypto guys were saying the exact same thing last year too. What changed? I kept hearing how there was all these projects underway and how I could switch jobs into crypto and make way more money.
You post this type of message in nearly every crypto thread yet every time you are pressed you don’t name a single company, project, or thought leader.
Personally I’ve worked at both coinbase and a blockchain company called avalanche. I think crypto is scams all the way down.
From every lawyer I spoke to about this, this was not a win for Ripple but the SEC.
They were found guilty of unregistered offerings to institutional. There's no way that the jury/judge won't take that prior decision into account with the non-institutional tranche. Somehow this was spun as a good thing?
duxup|2 years ago
What is anyone doing with them that they find really handy?
I've never been able to understand how it gets used / why you would use smart contracts. I've googled and read... still don't grok it.
I've seen so many "benefits" listed, but none make sense to me as far as the process you go through and how it works out in the end. Often it's described as a magic thing that eliminates the use of "intermediaries" and so on. I suppose that is true but you only get to that by going through all the complexity of from making sure someone writes a good contract / getting folks from the outside to review and validate it and so on. I'm not sure that saved a lot in the end.
Much like a most things blockchain I find these ideas (not bad ones) and then the practical usage ... much less than ideal.
hn_throwaway_99|2 years ago
I'm a reasonably intelligent person. My job requires me to learn complex technical details about a bunch of different domains - it may take me a while to grok it all, but I usually can once I do my research.
The thing that is striking to me whenever smart contracts come up is how extremely rare it is to be just presented with a simple, understandable, real-world use case that is an improvement over existing alternatives. Instead, so often you get:
1. Long missives about how the technology is really cool, but that completely sidestep the original question: show me a simple example of what a smart contract is used for.
2. Lots of examples that are only relevant to crypto in the first place (i.e. just speculating on valuation movements in crypto). What I mean by this is that the purpose of finance (at least the intended purpose) should be to provide capital for real goods and services. Pretty much all of the smart contract examples I've seen are just, for example, triggers related to the prices of a bunch of different tokens.
I would honestly be thrilled if someone could just give a simple example of someone actually using this stuff in the real world.
OK, please commence all the "HN just always hates on crypto" non-responses... (this last sentence is sarcasm but also born out of frustration of getting straightforward answers in this domain).
jjordan|2 years ago
They are also used extensively in the crypto sub-genre called DeFi, or decentralized finance. One of the most popular implementations is called Aave, which allows one to take loans out (i.e. give the contract Ether as collateral, receive an amount of USD stablecoin in return) on a given set of assets.
Of course every NFT you ever heard of is essentially its own smart contract (specifically one that implements the ERC-721 standard of functions and public variables), though I'm not sure that qualifies as a 'good' use case. ;)
alexslobodnik|2 years ago
In ethereum address appear like 0x233eb...042, ENS let's you associate a human readable name like nick.eth with that address.
Works similar to DNS, turning IP addresses into something we humans recognize.
What's the pro of using a smart contract? (DNS works without one).
With a smart contract you can have immutable data store (assuming ethereum continues) that can give you ownership over your name, like nick.eth.
What's the con?
It's immutable which means people can own names they shouldn't with no mediation process possible.
Like a lot of things in life the system is good as long the system works for you, but not everyone is lucky enough to exist in a system that works well enough.
Crypto* is trying to make things better.
edit: *some people are others are not
mypastself|2 years ago
There’s technically no limit to what you can implement, but there’s no killer app yet, and it’s questionable if there ever will be. For me, it’s mostly an interesting piece of tech to learn about.
mteigers|2 years ago
I thought that was a decently novel use case.
csumtin|2 years ago
You can use a smart contract to eliminate the trust in the intermediary bank, so eliminating that counter party risk
cliftonk|2 years ago
It is like if there were a detailed blog post about rusts type system and I was to comment “Why would anyone use rust when they could use X instead?”
Please stop upvoting this comment.
Uptrenda|2 years ago
You will have to read papers, and think about what works and doesn't, over years to understand what is going on. And to be ahead of the curve -- you'll also have to do your own experiments that 9/10 won't yield any interesting results. In the blockchain and 'crypto' industry we also have the problem that entry is easy while skilled execution is not. Consequently: many fuck-ups have happened. It's easy to point to them and say that 'this is the industry' but its really not. Those are a few bad eggs.
javier123454321|2 years ago
https://medium.com/valorize-dao/how-we-are-developing-a-smar...
kaycey2022|2 years ago
Because of these properties you can create entirely open market infrastructure that anyone can use, which means reduced compliance costs (measured in opportunity and not money) and regulations for the participants.
On the flip side, the issue is that most people are stupid, don't know shit about what they are doing, and the tech itself is vulnerable to all sorts of race conditions because of flaws in Solidity language and the EVM itself which can enable hacks.
I am personally very sympathetic to the crypto efforts and not as sympathetic with the skeptics, because I find the centralisation of the web by some American players to be more dangerous than some individuals losing their life savings playing on web3.
soulofmischief|2 years ago
It's one thing to make a promise to someone. It's another to marry your business procedures directly to immutable code which guarantees to users, employees and partners that the business operates in the intended and described way.
Most of these benefits require your company to be digital in nature, but many asset-based economic systems can benefit from it.
For example, automatic, trustless guarantee of both quality of transport and payment for shipping goods. Sensors in a transport vehicle continually update a decentralized semi-private blockchain, proving that an item never left a refrigeration state, or was not tampered with.
Automatic payment could be achieved by placing the item inside a locked stationary container at point of delivery and validating through this blockchain that all requirements were met.
A system like this could go even further to make guarantees to the end customer, who could verify at point of sale that their food item remained fresh.
x-complexity|2 years ago
When architected correctly (as with pretty much all software), it allows for a service to live (effectively) forever, independent from the creators of the service.
Example: I create a smart contract where everyone can post an IPFS hash to it, with added functionality to be able to post on someone's behalf if they give a signature to do so.
(This simple example is deliberately chosen to be a starting point. More complex functions & services can be derived from this starting point alone.)
If I were to kick the bucket, or if I'm not capable of contributing to its development, the service is still accessible to everyone else. If someone else wants to keep developing the service, they can do so via the contacts defined endpoints.
To me, the positives of this starting point outweigh the technical complexities involved with its development & maintenance. It varies wildly for others, but for me, this is the anchor point from which I can build something that can last long after me.
theK|2 years ago
anonymous-koala|2 years ago
Smart contracts can be used to build voting systems, multi-signature agreement systems, escrow systems, exchanges etc. But all of these rely on data being in the crypto world e.g. on blockchain.
The most powerful emerging use case for smart contracts is verifying zero knowledge proofs. Using groth16 or PLONK you can compress any amount of information or computation into a constant size proof (constant in both size and verification complexity [1]). This leads to the question, what is the use case for zero knowledge proofs?
TLS notarization: a user can prove they received data from a website by proving the signature in the TLS session. So e.g. i could prove how many twitter (sorry, X) followers i have by proving an element in the HTML that is signed by twitter, or prove that i have a dm with individual X (not the company, a variable meant to indicate some person). This can be extended to proving e.g. bank account balances using TLS signatures. The idea is such a TLS proof can be ingested on the blockchain so anything on the internet can be used as a logical condition for a smart contract. https://tlsnotary.org/
^ a similar case exists for email data verification using RSA
Private user data: companies can track information about users without knowing what information belongs to what user. The idea is, the user data is stored inside a ZK proof and the user manipulates the data in ZK, then provides a proof to the web application that they manipulated it in a way that follows the rules defined by the application. A simple example might be ZKFlix. Each time a user watches a movie they add an entry to their data indicating `moviedId: true`. The web application can store the user state without knowing which user watched which movie. Put more simply, each change to user data is attributed to an anonymous actor. Theoretically it should be possible to build websites with the same functionality of existing websites, but where the website is non-custodial of the user data (this isn't strictly blockchain related). This type of system allows users to make proofs about their application user data and submit them to the blockchain.
^ the more general case is building a state system that exists entirely in ZK and putting a state root on the blockchain. Then anything about the state system can proven onchain
These are the examples I have off the top of my head (though i do work in this space). I think smart contracts by themselves lack functionality and resort to hacky things like permissioned oracles. Combined with ZK though smart contracts become a financial system that is trustlessly bound to the internet. The hard part is making the internet provable as sequences of polynomials.
Hard agree that the current user experience sucks though. I'm of the opinion that in the future users won't directly interact with the blockchain the same way a user doesn't interact directly with e.g. postgreSQL. If to make an account on a website you had to write an SQL query inserting the row that would be a similarly bad experience to managing your own private key xd
[1]: The scaling isn't strictly constant, but small enough to be considered for practical purposes constant
freemanon|2 years ago
sunshine-o|2 years ago
The problem is at least in ecosystems such as Ethereum you have a single line of defense, your smart contract code. And that code is written in a poor language with very little security features.
Worst if something go wrong you can maybe pause, suicide your contract before your money is gone (what goes again the very principle of the platform) or if you are lucky & worked very hard on this you might have the chance to upgrade your contract.
The result is any contract being used seriously need to go through a long & very expensive by one of the few serious company is this field.
For now the Ethereum project have been very focused on solving the scalability & decentralization problem but my guess is without big progresses on the smart contract security & developer experience front no serious actor will ever consider adopting the platform.
jjordan|2 years ago
Services like code4rena (https://code4rena.com/) and sherlock (https://www.sherlock.xyz/) make audits a public and competitive process with leaderboards that track the best of the best. Naturally those that rise to the top of these leaderboards tend to end up offering boutique auditing services due to projects wanting audits from the best of the best in the business.
Trust (a pseudo-anonymous auditor's handle) launching Trust Security (https://www.trust-security.xyz/) is a perfect example of someone who turned public contest success into a highly sought after auditing firm. There are other examples, but overall smart contract security is undeniably improving over time.
latchkey|2 years ago
unknown|2 years ago
[deleted]
trompetenaccoun|2 years ago
flooow|2 years ago
I expect the low-hanging fruit has gone now. And setting up spearfishing attacks to scam teenagers out of their NFTs doesn't seem as noble (or as profitable).
pcthrowaway|2 years ago
Meanwhile there are still hundreds of millions of dollars of bounties available for white-hats who responsibly disclose.
The dark-hat hackers who aren't held responsible are likely in either Russia or North Korea
dguido|2 years ago
https://secure-contracts.com/
dmuhs|2 years ago
wslh|2 years ago
For example, here [1] the thesis is that when TVL rises, the probability of being hacked also rises which means that at some point there is not budget that can scale to protect your TVL.
[1] https://bittrap.com/resources/defis-growing-pains:-as-tvl-ra...
simple-thoughts|2 years ago
SkyMarshal|2 years ago
VoodooJuJu|2 years ago
monero-xmr|2 years ago
[deleted]
mikhmha|2 years ago
Now you’re saying this year is the year? n+1
Kretinsky|2 years ago
yao420|2 years ago
Personally I’ve worked at both coinbase and a blockchain company called avalanche. I think crypto is scams all the way down.
zeryx|2 years ago
They were found guilty of unregistered offerings to institutional. There's no way that the jury/judge won't take that prior decision into account with the non-institutional tranche. Somehow this was spun as a good thing?