Amy Wan discusses the Parity Wallet failure here and describes a new SDK that she is rolling out that will offer insurance against similar failures by future smart contracts. One important point is her list of potential failure points for smart contracts, a set of points I agree with:
- smart contracts may contain coding errors (and many developers write code using a fail fast and iterate mentality)
- smart contracts may contain vulnerabilities easily exploited by hackers
- smart contracts may not accurately reflect the intent of parties
- contracting parties may change their mind and wish to amend, modify, or terminate the contract due to misrepresentation, mistake, duress, impossibility, or a change in circumstance
- external data sources, such as other contracts or oracles may provide incorrect data
There are many ways to minimize exposure here. Code audits are a must, particularly for significant, multi-use libraries. Building in failsafes – like Amy’s SDK or other tools – is also prudent. And linking to multiple external oracles with sanity checking for the inputs is likewise necessary.