CMS lawyers can provide future-facing advice for your business across a variety of specialisms and industries, worldwide.
Apart from offering expert legal consultancy for local jurisdictions, CMS partners up with you to effectively navigate the complexities of global business and legal environments.
Our CMS Expert Guides provide you with in-depth legal research and insights.
Learn moreCMS Press Office
Learn moreCMS Spotlight: join our events and webinars!
Learn more
CMS lawyers can provide future-facing advice for your business across a variety of specialisms and industries, worldwide.
Apart from offering expert legal consultancy for local jurisdictions, CMS partners up with you to effectively navigate the complexities of global business and legal environments.
Our CMS Expert Guides provide you with in-depth legal research and insights.
Learn moreCMS Press Office
Learn moreCMS Spotlight: join our events and webinars!
Learn more
Like other software, smart contracts may contain errors. So there is the risk of a mistaken action, or a failure to act. But there is also the possibility that the software can be exploited in ways not originally intended.
“We have certainly seen some examples of blockchain-based technologies being gamed to effectively steal or gain an economic advantage that was not anticipated, basically because somebody was cleverer than the people who built them.”
Ian Stevens
Partner
Ian Stevens, Partner
Businesses wanting to benefit from a smart contract should ensure it will satisfy both their commercial objectives and their appetite for risk. Any contract should be planned carefully, but a smart contract – which in its final form may be unintelligible to many of the decision-makers in a business – requires an even greater degree of diligence.
As a first principle, you need to have a reasonable belief that the code will do what you expect, most likely based on a thorough assessment of it. If you enter into a smart contract with unfounded assumptions about the way it will perform, you may have very little recourse if you’re wrong.
Adding non-executable comments to the code of a smart contract may make its operation more intelligible to non-programmers, but the parties should make clear the status of such comments – in particular, whether they constitute contract terms.
As well as insisting on extensive testing, businesses are also likely to put a governance framework around smart contracts – increasingly, deploying AI – with the aim of monitoring their outcomes and intervening quickly if anything goes wrong.
Smart contracts can perform a wide variety of functions and interact with a wide variety of parties. In certain situations, if programmed appropriately, a smart contract can even enter into additional smart contracts with other parties (including, potentially, other smart contracts or other machine systems such as AI), just as stock trading algorithms can trade shares with other algorithms in transactions devoid of human intervention.
Such agreements are essentially as binding as any other contract. Parties creating any software that has the ability to offer or accept a contract automatically should thus exercise great care in determining the parameters of what is permissible in such ‘automated agreements’.
The parties to a smart contract can guard against errors by including a failsafe mechanism.
External verification or approval
For instance, external verification or approval might be needed before a particular action is taken, and if that verification or approval is not forthcoming then that action will not be taken and previous actions might be reversed – e.g. the software might return money that had been put into the system, or repatriate assets.
Stopping, not unwinding
If that’s too difficult, an alternative is to stop the action of the contract but not unwind anything. In that case, you’d probably have a contract that sits outside the smart contract, setting out what happens next. In a complex environment involving smart contracts, that might be a framework ‘paper and ink’ agreement within which individual smart contracts are executed, and which provides an overarching contractual failsafe if things start going wrong.
Without such an ‘external’ contract, the parties may find themselves relying on familiar contract law concepts such as frustration or mistake to resolve the situation. The parties might also wish to create a mechanism – probably using a combination of the smart contract and an external contract – that suspends or modifies the automatic performance of the contract if a dispute arises.
Suspension or modification
The parties might also wish to create a mechanism – probably using a combination of the smart contract and an external contract – that suspends or modifies the automatic performance of the contract if a dispute arises.
It is impossible to modify the terms of a smart contract once it has been agreed, unless a mechanism for doing so is built into the contract. Such mechanisms are unusual, as one advantage of a smart contract is its certainty. Any parties creating such a mechanism will want to consider the broader effect it could have on the commercial value of the contract.
Parties with a problematic smart contract sometimes enter into one or more other contracts to mitigate its effect. A governing ‘external’ contract might also contain terms that would be useful in effectively reversing the unwanted impact or unanticipated action of a smart contract.
There is always the risk of external disruption from events such as network errors or internet failures. It is worth bearing in mind that disruption can also be caused by planned events such as system maintenance or software upgrades.
Potentially, smart contracts can be hacked. In practice, this is usually guarded against by cryptography, as it is in smart contracts that use blockchain technology.
The possibility of an oracle (see below) being hacked is also a risk against which the parties need to guard. Some oracles have also been compromised by more traditional methods, such as sport price manipulation.
Where smart contracts rely on external data, that data will often come from third party sources (usually called ‘oracles’). But what happens if that data – which influences the action of the contract – is incomplete, late or even wrong?
The smart contract will just execute a series of instructions. If there are risk factors like reliance on an oracle, the parties have to agree how to deal with that. Sometimes this means having a separate contract to establish, for example, that the provider of the data cannot be held responsible for its accuracy or for any loss arising from its use. This is a common position for data providers to adopt.
In that situation, it is incumbent on the parties to monitor the data, making sure it is timely and correct. They may agree steps to take if the data is manifestly wrong, but they will need to negotiate that commercially to reach a position that reflects their tolerance for risk.
What if a problem with the data or the operation of the contract is discovered only after a number of transactions have already been concluded?
There is no legislative framework to reverse those transactions or establish the terms under which they could be left in place.
So if this eventuality is not covered by a 'failsafe' or 'external' contract, and the problem cannot be mitigated as discussed above, the parties may be left relying on basic legal principles to determine whether they can challenge the operation of the contract – which may mean hoping a court will see things their way.
Courts and regulators
Legally, there is not a great deal of difference between a smart contract and a traditional one. Courts and regulators are essentially technology-agnostic. They will just look for what has been agreed.
Although the nature of a smart contract may make it slightly harder to show what has been contractually agreed, a court will ultimately be able to determine what rules are encoded in a smart contract, and then look at what’s been additionally agreed elsewhere, e.g. in a governing commercial agreement.
There may also be some implied terms or issues around unfair contract terms. In a consumer context, a court might consider whether the contract was set up with appropriate protection for the consumer and was sufficiently transparent.
If a smart contract does not specify governing law and jurisdiction, this could pose significant challenges to a party looking to pursue their rights through the courts.
In the absence of a contractually-specified choice, the courts where the defendant is domiciled are likely to accept jurisdiction. And if no governing law is specified, a close connection with the contract, or the habitual place of the party effecting its characteristic performance, is often the starting point. But this may be more difficult to determine if the characteristic performance is largely digital.
An alternative way to handle a dispute would be arbitration, which the parties can provide for either within the smart contract or in an external contract.
Arbitration enables the parties to allow specialist lawyers (or technical experts) to act as arbiters, and may result in an award that is more internationally enforceable than the judgment of a national court.
It is even possible to encode an arbitration clause in a smart contract, so that the contract itself can initiate the arbitration process if certain events occur. Similarly, the contract can be programmed to enforce an arbitral award automatically. And some contracts incorporate dispute resolution that is entirely ‘on-chain’, with decisions determined by the vote of blockchain users in a sort of decentralised justice system – though it may be some time before such solutions are applied to significant commercial smart contracts.
4. Smart contracts
4.2. Doing business with DAOs
