After Ethereum’s long-awaited merger, it’s an ideal time to think about how we can also improve smart contracts. Essentially apps that run on blockchains, smart contracts are an important component of our Web3 applications. But interacting with them is still quite dangerous, especially for non-developers. Many of the incidents where users lose crypto assets are caused by buggy or malicious smart contracts.
As a Web3 app developer, this is a challenge I think about often, especially as waves of new users continue to enter various blockchain applications. To fully trust a smart contract, a consumer needs to know exact what it’s going to do when they make a transaction – because unlike in the Web2 world, there’s no customer support phone to call and get your money back if something goes wrong. But at the moment it is almost impossible to know if a smart contract is safe or reliable.
Related: Liquid staking is the key to interchain security
One solution is to make the wallets themselves smarter. For example, what if wallets could tell us if a smart contract is safe to interact with? It’s probably impossible to know with 100% certainty, but wallets can at least collect and display many of the signals that developers are already looking for. This will make the process easier and safer, especially for non-developers.
Here’s a deeper look at the pros and cons of smart contracts, why they seem like the Wild West now, and how we can improve the user experience for using them.
The promise and danger of smart contracts
For developers, using a smart contract as a backend for their app has enormous potential. It also increases the potential for errors and exploits. It’s great that smart contracts can be created by developers without asking anyone for permission, but it can also expose users to significant risk. We now have apps making hundreds of millions of dollars with no security guarantees. As it stands, we simply have to trust that these apps are bug-free and do what they promise.
Many non-developers are not even aware of the security issues involved and do not take the necessary precautions when interacting with blockchain-based apps. The average user may sign a transaction thinking it is going to do one thing, only to discover that the smart contract does something completely different. That’s why malicious smart contracts are a primary attack vector for bad actors.
Why are smart contracts the wild west?
When a Web3 app makes a smart contract call, you don’t know exactly what the transaction will do until you actually do it. Will it mint your non-fungible token (NFT) or will it send your money and tokens to a hacker? Of course, this unpredictability applies to all web applications, not just Web3 apps; predicting what the code will do is very difficult. But it’s a bigger problem in the Web3 world since most of these apps are inherently high-stakes (they’re designed to handle your money) and there’s so little protection for consumers.
The App Store is mostly safe because of Apple’s review process, but Web3 doesn’t have that. If an iOS app starts stealing users’ money, Apple will immediately remove it to reduce losses and revoke the account of the person who created it.
Related: Latin America is ready for crypto — Just integrate it with their payment systems
Malicious smart contracts, on the other hand, cannot be taken down by anyone. There is also no way to recover stolen property. If a malicious contract drains your wallet, you can’t just dispute the transaction with your credit card company. If the developer is anonymous, as is usually the case with malicious contracts, there is often not even an opportunity to take legal action.
From a developer’s perspective, it is much better if the code for a smart contract is open source. Popular smart contracts typically publish their source code – a huge improvement over Web2 apps. But even then, it’s easy to miss what’s really going on. It can also be very difficult to predict how the code will run in all scenarios. (Consider this long, creepy Twitter thread by an experienced developer who almost fell for a complex phishing scam, even after reading the contracts involved. Only after another closer inspection did he notice the exploit.)
Compounding these issues, people are often pressured to act quickly when interacting with smart contracts. Consider an NFT drop promoted by influencers: Consumers will be concerned that the collection will sell out quickly, so they will often try to make a transaction as soon as they can, ignoring any red flags they may encounter along the way.
In short, the same features that make smart contracts powerful for developers—such as permissionless publishing and programmable money—make them quite dangerous for consumers.
I don’t think this system is fundamentally flawed. But there are tons of opportunities for Web3 developers like me to provide better handrails for consumers using wallets and smart contracts today.
The use of wallets and smart contracts today
In many ways, wallets like MetaMask feel like they are made for developers. They show a lot of deep technical and blockchain details that are useful when building apps.
The problem with that is that non-developers also use MetaMask — without understanding what it all means. No one expected Web3 to go mainstream so quickly, and wallets haven’t quite caught up with the needs of their new user base.
Related: Learn from Celsius — Stop exchanges from seizing your money
MetaMask has has already done a good job of converting “mnemonic phrase” to “secret phrase” to prevent consumers from unwittingly sharing it with hackers. However, there is much more room for improvement.
Let’s take a look at MetaMask’s user interface (UI), followed by a couple of mock-ups I created that outline some potential improvements that could lead consumers into the “pit of success.” (By the way, MetaMask serves as a reference here since it’s widely used across the Web3 world, but these UI ideas should also apply to pretty much any wallet app.) Some of these design tweaks can be built today, while others may require technical progress on the smart contract side.
The image below shows what the current MetaMask smart contract transaction window looks like.
We see the address of the smart contract we are interacting with, the website that initiated the transaction, and then many details about the funds we are sending to the contract. However, there is no indication of what this contract does or any indicator that it is secure to interact with.
Potential solutions to improve smart contracts
What we really want to see here are signals that help us as end users decide whether or not to trust this smart contract transaction. As an analogy, think of the small green or red lock in the address bar of modern browsers, which indicates whether the connection is encrypted or not. This color-coded indicator steers novice users away from potential hazards, while advanced users can easily ignore it if preferred.
As a visual example, here are two fast user experience (UX) design mockups of MetaMask transactions – one that is likely to be secure, and one that is less secure.
Here are some of the signals in my mock-up:
- Is the contract’s source code published? Open source contracts are generally more reliable because any developer can read them to find bugs and malicious code. MetaMask already includes various links to Etherscan, so this would be an easy and convenient signal to add.
- Audit score. A third-party audit is another signal that can establish reliability. The most important implementation issue here is how to determine this score. Are there any accepted standards for this already? If not, an easy way could be to use Etherscan, which supports uploading revisions. MetaMask, in this example, may also maintain its own list of auditors, or rely on a list of third parties. (From what I can tell, MetaMask already does this for NFT APIs and token detection.) In the future, it is easy to imagine a decentralized autonomous organization to determine audit scores in a more decentralized way.
- What can this transaction do? Can it call external contracts, and if so which ones? This would be very hard to decide perfectly, but I wonder if a simple version for open source contracts would be feasible. There are already many automated vulnerability scanners for smart contracts out there. If this is not possible for Solidity, I wonder if we could design a smart contract programming language that do allow this level of static analysis. Perhaps individual functions can declare the permissions they need and the compiler can guarantee compliance.
- Safety tips and education. If a smart contract does not have many signals of trustworthiness (see mock-up above right), the user interface can recommend an appropriate set of precautions to take, such as checking if the contract address is correct and using a different account. These are suggestions made in the orange text, as opposed to red, since a lack of signals is not necessarily dangerous; here we simply recommend that users choose to be a little more careful with the next steps.
Like many existing features in MetaMask, these proposed features can be turned off in the settings.
Towards a safer future
In the future, there will likely be many security-focused tools built on the primitive components that blockchains provide. For example, it is likely that we will see insurance protocols that protect users from buggy smart contracts become commonplace. (These already exist, but they are still quite niche.)
Related: What Will Drive Crypto’s Likely Bull Run in 2024?
However, consumers are already using Web3 apps, even in these early days, so I’d like to see the developer community add more protections for them now. A few simple improvements to wallets can go a long way. Some of the aforementioned ideas will help protect novice users while streamlining the transaction process for Web3 veterans.
From my perspective, anything outside of trading crypto assets on Coinbase (or other major companies) is still far too risky for the average consumer. When friends and family ask about setting up a self-custodial crypto wallet to use Web3 apps (let’s face it – usually to buy NFTs), always start by warning them of the risks. This scares some of them away, but the more determined will use them anyway. When our wallets are smarter, we’ll be able to feel a lot better about bringing the next wave of new users to Web3.
Devin Abbott (@dvnabott) is the founder of Deco, a startup acquired by Airbnb. He specializes in design and development tools, React and Web3 applications, most recently with The Graph.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed herein are those of the author alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.