Smart contracts are changing the way businesses conduct routine transactions to make them more efficient and, in many ways, less prone to human error. But this new technology has associated risks. Is your company adequately prepared?
Basics of Smart Contracts
Smart contracts, sometimes known as self-executing contracts, are contracts that are written in computer code and connected to a blockchain so that an individual or entity can instantly be bound to the terms of the contract. Computing devices may also be bound via a smart contract, which has led to the Internet of Things.
The groundbreaking nature of smart contracts is that contracts that previously depended on human interaction, and the accompanying room for error and delay, are now self-executing. For example, a smart contract could be used to handle escrow payments or to evaluate loan eligibility— simply input your information and then your application is automatically approved or denied. An individual does not need to release the funds or to approve the loan. The range of the utility of smart contracts is still being explored. As smart contracts are associated with blockchains, essentially anything that relies or could rely on a ledger could potentially be handled via smart contract.
Given that the intent of smart contracts is to reduce risk and enhance speed, what are the risks to consider when thinking about coverage?
First, as with anything associated with blockchain technology or computing in general, an error in code could cause loss to the person or entity affected. The error could take place either in the code to set up the blockchain on which the smart contract depends or the code that programmed the smart contract itself.
In addition, contracts with escape clauses may be more susceptible to error, as the power to invoke these clauses resides with individuals who could use them in such a way as to throw off the transaction and nullify the smart contract. Errors of this sort have already been known to happen. For example, a Canadian digital currency exchange called QuadrigaCX reported that a malfunction in a smart contract code prevented the smart contract from operating and caused a loss of $14 million in the cryptocurrency ether.
Errors in smart contracts have been known to happen to devastating effect. In 2016, a hack in an Ethereum (a type of cryptocurrency) smart contract caused the smart contract to act recursively, so that the act of sending funds triggered a corresponding request to send funds. Losses from this hack are estimated to total $150 million. Part of the reason for the high costs is because smart contracts are immutable and can only be replaced by another smart contract. This is generally seen as one of the benefits of smart contracts, i.e. that they cannot be tampered with. Although this often is favorable, it also means that, when an error takes place, it is permanent.
Businesses can—and should—pursue best practices to mitigate these risks, such as using smart contracts that have been tested by other companies and running any potential smart contracts through as an exhaustive series of tests as possible. Regardless, risk can still remain.
Current and Future Coverages
Coverage for errors with smart contracts can be tricky and will depend on the facts and circumstances of a given loss.
Typically, loss from a smart contract does not occur to a third party, meaning that liability coverage does not apply under most scenarios. First-party coverages could apply, however, if the circumstances so warrant. Loss that occurs as the result of hacking could be covered as cyber theft and/or cyber extortion, either under a stand-alone cyber policy or as an add-on to other types of coverage. If the error resulted in a loss of company property, more traditional coverages could be pursued. If the error is due to a coding deficiency in code written by an employee, however, the risk could be excluded under an employee exclusion.
Perhaps the most important takeaway, however, is not what coverage there currently is but what coverage companies should seek in the future. Smart contracts are here to stay, and insurance for risks associated with smart contracts may be a hot topic in coming years.