Professional Documents
Culture Documents
TSMC2019 - Blockchain Enabled Smart Contracts Architecture Applications and Future Trends
TSMC2019 - Blockchain Enabled Smart Contracts Architecture Applications and Future Trends
Abstract—In recent years, the rapid development of cryptocur- Index Terms—Blockchain, parallel blockchain, six-layer archi-
rencies and their underlying blockchain technology has revived tecture, smart contracts.
Szabo’s original idea of smart contracts, i.e., computer protocols
that are designed to automatically facilitate, verify, and enforce
the negotiation and implementation of digital contracts without
central authorities. Smart contracts can find a wide spectrum
of potential application scenarios in the digital economy and I. I NTRODUCTION
intelligent industries, including financial services, management, HE TERM “smart contract” was first coined in mid-
healthcare, and Internet of Things, among others, and also have
been integrated into the mainstream blockchain-based develop-
ment platforms, such as Ethereum and Hyperledger. However,
T 1990s by computer scientist and cryptographer Szabo,
who defined a smart contract as “a set of promises, spec-
smart contracts are still far from mature, and major technical ified in digital form, including protocols within which the
challenges such as security and privacy issues are still awaiting parties perform on these promises [1].” In his famous exam-
further research efforts. For instance, the most notorious case ple, Szabo analogized smart contracts to vending machines:
might be “The DAO Attack” in June 2016, which led to more
machines take in coins, and via a simple mechanism (e.g.,
than $50 million Ether transferred into an adversary’s account.
In this paper, we strive to present a systematic and compre- finite automata), dispense change and product according to
hensive overview of blockchain-enabled smart contracts, aiming the displayed price. Smart contracts go beyond the vending
at stimulating further research toward this emerging research machine by proposing to embed contracts in all sorts of prop-
area. We first introduced the operating mechanism and main- erties by digital means [2]. Szabo also expected that through
stream platforms of blockchain-enabled smart contracts, and
clear logic, verification and enforcement of cryptographic pro-
proposed a research framework for smart contracts based on
a novel six-layer architecture. Second, both the technical and tocols, smart contracts could be far more functional than their
legal challenges, as well as the recent research progresses, are inanimate paper-based ancestors. However, the idea of smart
listed. Third, we presented several typical application scenarios. contracts did not see the light till the emergence of blockchain
Toward the end, we discussed the future development trends technology, in which the public and append-only distributed
of smart contracts. This paper is aimed at providing helpful
ledger technology (DLT) and the consensus mechanism make
guidance and reference for future research efforts.
it possible to implement smart contract in its true sense.
Generally speaking, smart contracts can be defined as the
Manuscript received November 8, 2018; revised December 24, 2018; computer protocols that digitally facilitate, verify, and enforce
accepted January 18, 2019. This work was supported in part by the National
Natural Science Foundation of China under Grant 71472174, Grant 61533019, the contracts made between two or more parties on blockchain.
Grant 71232006, Grant 61233001, Grant 61702519, and Grant 71702182, and As smart contracts are typically deployed on and secured by
in part by the Qingdao Think-Tank Foundation on Intelligent Industries. This blockchain, they have some unique characteristics. First, the
paper was recommended by Associate Editor S. Song. (Corresponding author:
Yong Yuan.) program code of a smart contract will be recorded and veri-
S. Wang and L. Ouyang are with the State Key Laboratory for fied on blockchain, thus making the contract tamper-resistant.
Management and Control of Complex Systems, Institute of Automation, Second, the execution of a smart contract is enforced among
Chinese Academy of Sciences, Beijing 100190, China, and also with the
University of Chinese Academy of Sciences, Beijing 100049, China (e-mail: anonymous, trustless individual nodes without centralized con-
wangshuai2015@ia.ac.cn; ouyangliwei2018@ia.ac.cn). trol, and coordination of third-party authorities. Third, a smart
Y. Yuan, X. Ni, and X. Han are with the State Key Laboratory for contract, like an intelligent agent, might have its own cryp-
Management and Control of Complex Systems, Institute of Automation,
Chinese Academy of Sciences, Beijing 100190, China, and also with the tocurrencies or other digital assets, and transfer them when
Parallel Blockchain Technology Innovation Center, Qingdao Academy of predefined conditions are triggered [3].
Intelligent Industries, Qingdao 266109, China (e-mail: yong.yuan@ia.ac.cn; It is worth noting that Bitcoin1 is widely recognized as the
xiaochun.ni@ia.ac.cn; xuan.han@ia.ac.cn).
F.-Y. Wang is with the State Key Laboratory for Management and Control first cryptocurrency that support basic smart contracts, in the
of Complex Systems, Institute of Automation, Chinese Academy of Sciences, sense that its transactions will be validated only if certain con-
Beijing 100190, China, also with the Parallel Blockchain Technology ditions are satisfied. However, designing smart contract with
Innovation Center, Qingdao Academy of Intelligent Industries, Qingdao
266109, China, and also with the Research Center of Military Computational complex logic is not possible due to the limitations of Bitcoin
Experiments and Parallel Systems, National University of Defense scripting language that only features some basic arithmetic,
Technology, Changsha 410073, China (e-mail: feiyue.wang@ia.ac.cn). logical, and crypto operations.
Color versions of one or more of the figures in this paper are available
online at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TSMC.2019.2895123 1 Bitcoin. https://bitcoin.org/.
2168-2216 c 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
WANG et al.: BLOCKCHAIN-ENABLED SMART CONTRACTS: ARCHITECTURE, APPLICATIONS, AND FUTURE TRENDS 3
WANG et al.: BLOCKCHAIN-ENABLED SMART CONTRACTS: ARCHITECTURE, APPLICATIONS, AND FUTURE TRENDS 5
c) Trusted Data Feeds (Oracles): In order to guar- reasoning, learning, decision-making, and socializing,
antee the security of blockchain network, smart which add intelligence to the smart contracts built on
contracts are generally executed in SEE (e.g., EVM the first three layers. It must be pointed out that current
in Ethereum and Docker container in Hyperledger smart contracts do not have much intelligence. However,
Fabric), which is not allowed to import external we believe that the future smart contracts will not only
information. Hence, smart contract needs trusted be self-enforcing according to the predefined If-Then
data feeds (Oracles) to provide external states about statements but also should have “What-If”-type deduc-
the real world in the form of a transaction (because tion, computation, and intelligent decision-making in
any information that is not generated by a trans- unknown scenarios. As mentioned earlier, smart con-
action has to be introduced as data attached to tracts running on the blockchain network can be consid-
a transaction [11]) in a secure and trusted man- ered as software agents that act on behalf of their users.
ner, thereby ensuring the deterministic of contract With the development of artificial intelligence (AI) tech-
execution results. nology, agents will have a certain degree of intelligence,
2) Contracts Layer: The contracts layer encapsulates the such as perception, reasoning, and learning by virtue of
static contract data, including contract terms, scenario- cognitive computing [13], reinforcement learning [14],
response rules, and interaction criteria. Thus, this layer etc. Hence, those agents are not only autonomous as they
can be regarded as the static database of smart contracts have capabilities of tasks selection, prioritization, and
which includes all the rules about contract invocation, goal-directed behaviors (sometimes referred to as belief-
execution, and communication. When a smart contract desire-intention [15]) but also have sociability through
is being designed, at first all parties (contractors) shall communication, cooperation, and negotiation with each
negotiate and determine the contract terms which may other. The learning and collaboration results will also
involve legal provisions, business logics, and intention be fed back to the contracts layer and the operations
agreements. Then, programmers use software engineer- layer, thus optimizing the contract design and operation,
ing technology, such as algorithm design and design pat- ultimately realizing the truly “smart” contract.
tern to translate the contract terms described in natural 5) Manifestations Layer: The manifestations layer encap-
language into the program code, e.g., a series of If-Then- sulates various manifestation forms of smart contracts
type scenario-response rules. Moreover, interaction cri- for potential applications, including DApps, decentral-
teria (e.g., access authority, communication mode, etc.) ized autonomous organizations (DAOs), decentralized
should also be enacted in this layer for the interactions autonomous corporations (DACs), and decentralized
between contracts and users (or contracts and contracts) autonomous societies (DASs). Smart contracts that
according to the characteristics of the development encapsulate the complex behaviors of network nodes are
platforms and contractors’ intentions. equivalent to the application interfaces of blockchain,
3) Operations Layer: The operations layer encapsulates all which enable blockchain to embed different applica-
the dynamic operations on the static contracts, including tion scenarios. For instance, by writing legal provi-
mechanism design, formal verification, security analy- sions, business logics, and intention agreements into
sis, updates, and self-destruction. Maintenance layer is smart contracts, a variety of DApps can be devel-
the key to the correct, safe, and efficient operation of oped. Furthermore, the multiagent systems built on
smart contracts because malicious or vulnerable smart the fourth layers will gradually evolve into various
contracts can bring huge economic losses to users. From DAOs, DACs, and DASs. These high-level manifesta-
the perspective of smart contracts’ life-cycle from nego- tion forms are expected to improve traditional business
tiation to self-destruction, before the smart contracts and management, and lay the foundation for the future
are deployed onto the blockchain, mechanism design programmable society. Taking the DAO as an exam-
operations use information and incentive theory to help ple, DAOs are organizations that are powered and
contracts achieve their function efficiently. Formal ver- run by smart contracts, their business and adminis-
ification [8] and security analysis operations are used trative rules are all recorded on blockchains. DAOs
to verify the correctness and security of contract codes, can reduce transaction costs and introduce the possi-
and ensure that the codes will be executed according to bility of aligning interests for stakeholders in a more
the programmers’ actual semantics [12]. After the smart decentralized manner. Therefore, DAOs are expected to
contracts are deployed onto the blockchain, updates can bring disruptive influence to the traditional management
be implemented technically when the contract func- paradigms which are typically in a top-down hierarchical
tion is difficult to meet users’ demands or the contract structure [16].
has repairable vulnerabilities, although all the historical 6) Applications Layer: The applications layer encapsu-
updates are recorded on the blockchain and cannot be lates all the application domains that built upon the
tampered. At the end of the smart contracts’ life cycle or manifestation layer. For instance, based on DAO, an
when a high-risk vulnerability occurs, self-destruction is application called Plantoid (also named as the distributed
conducted to insure network security. autonomous art) was developed in Ethereum, which
4) Intelligence Layer: The intelligence layer encapsu- realized a truly aesthetic economy that binds artists,
lates various intelligent algorithm, including perception, designers, artworks, and audiences into a symbiotic
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
relationship, thereby emancipating art from concentrated 4) Re-Entrancy Vulnerability: When a contract calls
and hierarchically organized capitalist markets [17]. another one, the current execution waits for the call to
Theoretically, smart contracts can be used in all indus- finish. As the fallback mechanism allows an attacker
tries, e.g., finance, IoT, healthcare, supply chain, etc. We to re-enter the caller function, attacker may use the
will introduce them in detail in Section IV. intermediate state of the caller to conduct repeated calls,
It is worth noting that the proposed framework is in only leading to loops of invocations which retrieve multiple
an ideal framework, especially for the intelligence layer. refunds and empty the balance [12]. The most notorious
However, just as pointed out by Glaser [11], it is a functional re-entrancy vulnerability is The DAO attack [21].
limitation that any activity in the blockchain needs to be trig- 5) Callstack Depth: Each time a contract invokes another,
gered by a node controlled from outside of the network, and the call stack associated with the transaction grows by
smart contract should implement autonomous mechanisms or one frame. The call stack is bounded to 1024 frames
complex microservice interactions which, in total, realize more for Ethereum. When this limit is reached, a further
sophisticated service logic like an autonomous portfolio man- invocation throws an exception. An adversary starts by
agement service. Future smart contracts should have a certain generating an almost-full call stack, and then he/she
autonomy and intelligence. invokes the victim’s function, which will throw an
The proposed framework is of a certain theoretical and prac- exception. If the exception is not properly handled by the
tical value for researchers and practitioners. On the one hand, victim’s contract, the adversary could manage to succeed
the framework covers the key elements in the whole life-cycle in his/her attack [22].
of smart contract. On the other hand, the framework indicates To deal with those contract vulnerabilities, some secu-
the research direction and possible development trends. rity analysis tools are developed. For example, as many
contract bugs stem from a semantic gap between the program-
III. C HALLENGES AND R ECENT P ROGRESSES mers about the underlying execution semantics and the actual
semantics of the smart contracts, Luu et al. [12] developed a
As an emerging technology in its infancy, smart contracts
symbolic execution tool called Oyente to find potential secu-
currently face many problems and challenges. Based on the
rity bugs in Ethereum smart contracts. Among 19 366 smart
proposed research framework which employs a six-layer archi-
contracts in Ethereum, Oyente flagged 8833 of them as vulner-
tecture, this section will outline the challenges and recent
able, including The DAO bug [12]. Securify [23] is a security
research progresses of smart contracts.
analyzer for Ethereum smart contracts. Its analysis consists of
two steps: first, it symbolically analyzes the contract’s depen-
A. Contract Vulnerabilities dency graph to extract precise semantic information from the
Contract vulnerabilities mainly appear in the contracts layer code. Then, it checks compliance and violation patterns that
in the research framework we proposed. The malicious miners capture sufficient conditions for proving if a property holds
or users can exploit them to gain profit. Here are some typical or not. Securify can analyze many vulnerabilities, such as
cases [18]–[20]. transaction-reordering, recursive calls, insecure coding pat-
1) Transaction-Ordering Dependence (TOD): Each block terns, etc. Manticore9 is another symbolic execution tool for
contains several transactions, and the order in which analysis of binaries and smart contracts which can record an
transactions are executed depends on the miner. TOD instruction-level trace of execution for each generated input
occurs when several dependent transactions invoke the and discover inputs that crash programs via memory safety
same contract that the miner can manipulate the order violations. Remix10 is a web-based IDE which serves as a
in which the transactions are executed. security tool by analyzing the Solidity code to reduce coding
2) Timestamp Dependence: The miners set the timestamp mistakes and identify potential vulnerable coding patterns.
for the block they mined (generally according to the
miner’s local clock system). The miner can modify the B. Limitations of the Blockchain
timestamp by a few seconds on the promise that other The limitations in blockchain itself are important factors
miners accept the block they proposed. The vulnerability hindering the development of smart contract. These limita-
lies in the fact that some smart contracts take times- tions correspond to the infrastructures layer of the smart
tamp as a trigger condition, e.g., transferring money, contract framework we proposed. Some typical limitations are
thus adversary may manipulate the timestamp-dependent as follows.
contracts for their own interests. 1) Irreversible Bugs: Due to the irreversible nature of the
3) Mishandled Exceptions: When a contract (caller) calls blockchain, once the smart contracts are deployed, they
another contract (callee), if the callee runs abnormally, are finalized and cannot be changed. In other words,
it terminates and returns false. This exception may or if there exists a bug in a smart contract, there is no
may not be passed to the caller. In principle, the caller direct way to fix it. Thus, if you find a defect in a smart
must explicitly check the return value from the callee to contract, you need to update it. And when you deploy
verify that the call was executed successfully. However, a new version of an existing contract, data stored in the
If the caller does not properly check the return value, it
will bring potential threats. A typical case is the King 9 Manticore. https://github.com/trailofbits/manticore.
of the Ether Throne contract in Ethereum. 10 Remix. https://github.com/ethereum/remix.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
WANG et al.: BLOCKCHAIN-ENABLED SMART CONTRACTS: ARCHITECTURE, APPLICATIONS, AND FUTURE TRENDS 7
previous contract is not automatically transferred—you feeds privacy, involving the infrastructures layer and contracts
have to manually initialize the new contract with the past layer of the research framework we proposed. Currently, not
data which makes it very cumbersome. only transactions but also contract-related information are pub-
2) Performance Issues: Performance issues in blockchain licly available [30] (especially for the information on the
systems, such as limited scalability, throughput bottle- public blockchain), such as the bytecode, invoking param-
neck, transactions latency [24], and storage constraints eters, etc. So it represents a real challenge to keep critical
also limit the performance of smart contracts. Taking functions/methods secret, apply cryptography, and avoid dis-
the throughput as an example, in the current blockchain closing data that should not have been public. Kosba et al. [31]
systems, smart contracts are executed serially by miners proposed a decentralized smart contract system called Hawk
and validators. Serial execution limits system through- that allows developers to write privacy-preserving smart con-
put and fails to exploit today’s concurrent multicore and tracts without the need of implementing any cryptography,
cluster architectures. Dickerson et al. [25] presented a and its compiler automatically generates an efficient cryp-
novel way to permit miners and validators to execute tographic protocol where contractual parties interact with
smart contracts in parallel, based on techniques adapted the blockchain, using cryptographic primitives such as zero-
from software transactional memory. knowledge proofs. Watanabe et al. [32] proposed to encrypt
3) Lack of Trusted Data Feeds (Oracles): As mentioned smart contracts before deploying them on the blockchain.
before, the execution of smart contract requires the exter- Only those participants who involved in a contract can access
nal data about real-world states and events from outside its content by using the decryption keys [32]. For trusted
the blockchain, trusted data feeds (Oracles) serve as data feeds privacy, TC [27] supported private and custom
the bridge between blockchain and the external world data requests, enabling encrypted requests and secure use of
(e.g., Web API). Lacking a substantive ecosystem of access-controlled, off-chain data sources.
trustworthy data feeds is often regarded as a critical The legal issues of smart contract are mainly embodied
obstacle to the evolution of smart contracts [26], [27]. in the contracts layer. Some scholars argue that smart con-
For this problem, Zhang et al. [27] built a town tract is merely a type of computer code that can self-enforce,
crier (TC) solution that acts as a reliable connection self-verify, and self-constrain the performance of its instruc-
between HTTPS-enabled websites and blockchain to tions, which may represent all, part, or none of a valid legal
provide authenticated data feeds for smart contracts. contracts under the existing laws. Hence, there may be a con-
Oraclize11 is an Oracle service for smart contracts flict between relational contract theories and smart contracts.
and blockchain applications, which guarantees the data For example, data privacy laws in European stipulate that cit-
fetched from the original data-source is genuine and izens have a “right to be forgotten” which is incompatible
untampered by accompanying the returned data together with the immutable nature of blockchain-enabled smart con-
with a document called authenticity proof. In addition, tracts. Other legal issues include, but are not limited to, the
some prediction market platforms, such as Augur12 and following.
Gnosis13 can also serve as Oracles, as they can pro- 1) What laws otherwise apply to the transactions taking
vide external information for smart contracts, such as place within the smart contract application?
the results of sports events or political elections. 2) What hazards are posed by use of the smart contract
4) Lack of Standards and Regulations: One of the pri- application alone (e.g., a) a loss of data; b) business
mary blockchain security issues and risks is the lack interruption; c) privacy breach; and/or d) a failure to
of standards and regulations. Juels et al. [28] proposed perform)?
the concept of criminal smart contracts (CSCs), and 3) What happens when the outcomes of a smart
listed some typical CSCs, e.g., leakage of confidential contract diverge from the outcomes that the law
information, theft of cryptographic keys, and various demands [33]–[35]?
real-world crimes (murder, arson, and terrorism). When In addition to the above challenges on infrastructures layer
malicious behaviors occur in smart contracts, it is dif- and contracts layer, there are some other challenges. For exam-
ficult to supervise these malicious acts due to lack of ple, on operations layer, poor mechanism design of smart
effective regulation mechanism. In face of the potential contracts will increase contracts execution costs and reduce
high security risks of blockchain and smart contracts, contracts execution efficiency. Designers need to design a
some regulatory authorities, e.g., U.S. Securities and set of incentive mechanisms to align the individual interests
Exchange Commission began to pay attention to the with the overall interests of the organization/society, thus
regulatory and operational challenges arising from these to achieve incentive compatibility. On intelligence layer, the
new technologies [29]. malicious intelligent agents may profit from their malicious
behavior, etc.
C. Privacy and Legal Issues
The privacy issues of smart contracts can be divided into IV. A PPLICATION S CENARIOS OF S MART C ONTRACTS
two categories: 1) contract data privacy and 2) trusted data Currently, applications of smart contracts are springing up.
11 Oraclize. http://www.oraclize.it/. This section will take finance, management, IoT, and energy
12 Augur. https://www.augur.net/. as examples to introduce the application scenarios of smart
13 Gnosis. https://gnosis.pm/. contracts.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
A. Finance B. Management
Blockchain and smart contracts enable increased visibility Blockchain-enabled smart contracts can provide appropriate
and trust across the participants while bring huge savings in and transparent accountability in terms of roles, responsibili-
infrastructures, transactions, and administrative costs [36]. The ties, and decision processes in management. Some use cases
following are several typical applications of smart contracts in follow.
finance. 1) Digital Properties and Rights Management: Storing
1) Securities: Security industry involves complex proce- cryptographic certification of properties or rights on
dures that are time consuming, cost inefficient, cum- blockchain can facilitate the access and validation.
bersome, and prone to risks. Smart contracts can de la Rosa et al. [41] proposed to use smart contracts
circumvent intermediaries in the chain of securities to certify the proof of existence and authorship of intel-
custody and facilitate the automatic payment of div- lectual properties. Propy15 allows owners and brokers
idends, stock splits, and liability management, while to register their real estate properties, where buyers can
reducing operational risks. In addition, smart con- search and negotiate the sale. Both parties participate
tracts can facilitate the clearing and settlement of in the smart contracts together and specific steps are
securities. At present, major markets in the U.S., taken throughout the process to ensure fair and legal
Canada, and Japan still have a 3-day settlement cycle play. Smart contracts can also be applied in digital rights
(T+3) [37] that involves many institutions, such as management. For example, a DApp called Ujo Music16
securities depositories and collateral management agen- enforce the royalty payments for a musician once his/her
cies. The centralized clearing entails labor-intensive work is used for commercial purposes.
activities and complex internal and external reconcili- 2) Organizational Management: Now, most organizations
ations. Blockchain enables bilateral peer-to-peer execu- are managed by and centered on a board of direc-
tion of clearing business logic using smart contracts. The tors who hold majority of decision-making power. It
Australian Securities Exchange is working on a DLT- is believed that the future organizational management
based post-trade platform to replace its equity settlement will be flattened and decentralized. Smart contracts can
system [38]. remove unnecessary intermediaries that impose artificial
2) Insurances: The insurance industry spends tens of mil- restrictions and unnecessarily complex regulations. For
lions of dollars each year on processing claims and loses example, Aragon17 is a project powered by Ethereum
millions of dollars to fraudulent claims. Smart contracts that aims to disintermediate the creation and mainte-
can be exploited to automate claims processing, verifi- nance of organizational structures, and empowers people
cation, and payment, thus to increase the speed of claim across the world to easily and securely manage their
processing as well as to eliminate fraud and prevent organizations. In Aragon, tokens represent your stake in
potential pitfalls [39]. For example, The French airline, the organization, you can utilize crowdfunding to raise
AXA,14 is taking flight insurance to the smart con- funds globally and use voting for more effective results,
tracts. If passengers’ flight is more than two hours late, you can also add a new employee to your organization.
they will get automatically notified with the compensa- 3) E-Government: Smart contracts can simplify bureau-
tion options. Smart contracts may also be used in auto cratic processes and improve the efficiency and authority
insurance, because contracts can record the insurance of E-government. For example, Chancheng District in
clauses, driving records, and accident reports, allowing Foshan, China, established the first E-government ser-
IoT-equipped vehicles to execute claims shortly after an vice platform using blockchain and smart contracts
accident. technology for the sake of improving the quality of
3) Trade Finance: Trade finance is currently full of inef- government services, developing the individual credit
ficiencies and the industry is extremely vulnerable system, strengthening the government’s credibility, and
to fraud. Besides, the paper-based processes of trade promoting the integration of resources [42]. Other appli-
finance desperately need to be upgraded or replaced with cation areas of smart contracts in E-Government include
digitalized operations. Smart contracts allow businesses novel payment systems for work and pensions, strength-
to automatically trigger commercial actions based on ening international aid systems, E-Voting [43], [44], etc.
predefined criteria that will boost efficiency by stream-
lining processes, and reduce both fraud and compliance C. Internet of Things
costs. In July 2017, a trade transaction was completed IoT is an ecosystem of connected physical devices, vehi-
between Australia and Japan. This trade transaction saw cles, home appliances, and other items that are accessible
all the trade-related processes, from issuing a letter of through the Internet. IoT is believed to be widely used in smart
credit to delivering trade documents completed entirely grid, smart home, intelligent transportation system, intelligent
via the Hyperledger Fabric platform, which reduced the manufacturing, and other fields. The traditional centralized
time required to transmit documents, as well as the labor Internet system is difficult to meet IoT’s development needs,
and other costs [40].
15 Propy. https://propy.com/.
16 Ujo Music. https://ujomusic.com/.
14 AXA. https://fizzy.axa/en-gb/. 17 Aragon. https://aragon.org/.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
WANG et al.: BLOCKCHAIN-ENABLED SMART CONTRACTS: ARCHITECTURE, APPLICATIONS, AND FUTURE TRENDS 9
such as the security of sensitive information and trusted verification, Layer 2, and smart contracts-driven parallel orga-
interaction between multidevices. Therefore, the combination nizational/societal management.
of IoT and blockchain becomes an inevitable tendency, and
smart contracts will help to automate the complex workflow, A. Formal Verification
promote resource sharing, save costs, and ensure safety and Formal verification means applying a proof that the pro-
efficiency [45]. Dorri et al. [46], [47] proposed a smart home gram behaves according to a specification. In general, this is
model based on blockchain and smart contracts, they dis- done with a concrete specification language used to describe
cussed various interaction processes in the model and proved how input and output of functions are related. Formal ver-
that the proposed model can significantly reduce the daily ification of smart contracts involves proving that a contract
management costs of IoT devices through simulation exper- program satisfies a formal specification of its behavior [54].
iments. Zhang et al. [48] proposed a smart contract-based It corresponds to the operations layer in the research frame-
framework, which consists of multiple access control con- work we proposed. Hirai defined a formal model for the
tracts, one judge contract, and one register contract, to achieve EVM using the Lem language. The proposed model proved
distributed and trustworthy access control for IoT systems. safety properties of a smart contract using the interactive the-
Iotex18 is a privacy-focused blockchain-driven decentralized orem provers [55]. Amani et al. [54] extended an existing
IoT network that supports multiple IoT ecosystems, includ- EVM formalization in Isabelle/HOL by a sound program logic
ing shared economy, smart home, identity management, and at the level of bytecode. Hildenbrandt et al. [56] presented
supply chain. KEVM, an executable formal specification of the EVM byte-
code stack-based language built with the K Framework [57],
D. Energy which designed to serve as a solid foundation for further for-
With the rise of energy revolution, the future develop- mal analyses. Bhargavan et al. [8] outlined a framework to
ment trend of the energy industry is distributed and clean analyze and formally verify the functional correctness and run-
energy. Blockchain technology can be used to build distributed time safety of Ethereum smart contract by translating both
energy system and deploy energy supply and trading smart Solidity program and EVM bytecode into F*, a functional
contracts, so as to build the decentralized energy trading mar- programming language aimed at program verification. Most
kets, improve energy utilization efficiency, and reduce grid of these formal verification tools are still in the experimental
operating costs. At present, the main application scenarios of stage and have not been widely used. In the future, formal
energy blockchain projects include distributed energy, electric verification will become an important research direction as
vehicle, energy trading, carbon tracking, and registries [49]. it provides the highest level of confidence about the correct
Exergy19 is a consortium blockchain platform that creates behavior of smart contracts.
localized energy marketplaces for transacting energy across
existing grid infrastructures. On the Exergy platform, pro- B. Layer 2
sumers who generate the energy through their own renewable As mentioned earlier, smart contract faces many challenges,
resource can transact energy autonomously with consumers in e.g., poor performance, inability to handle complex logic exe-
their local marketplace. The Sun Exchange20 is a blockchain- cution and high-throughput data, lack of privacy protection,
enabled marketplace that enables its members to purchase and inability to implement cross-chain. A viable solution in
and then lease solar cells to schools, businesses, and com- the future is called Layer 2. It corresponds to the infrastruc-
munities in the sunniest locations on Earth (mainly Africa) tures layer in our research framework. Layer 2 creates an
and its members’ earnings are calculated on the amount of off-chain contract execution environment, where blockchain
electricity their solar cells have produced. The Sun Exchange acts as the “consensus layer” which is responsible for the tran-
will arrange the monthly lease rental collection and distribu- sition of contract-related states and token payment, thereby
tion. Knirsch et al. [50] presented a reliable, automated, and separating the execution of smart contracts from the consen-
privacy-preserving selection of charging stations based on pric- sus process of the blockchain and thus realizing high level of
ing and the distance to the electric vehicles. The proposed performance and privacy. One implementation of Layer 2 is
protocol was built on a blockchain where electric vehicles Off-Chain State Channels, which provide state maintenance
signal their demand and charging stations send bids [50]. services between different entities by establishing a bidirec-
There are some other application scenarios of smart con- tional channel between different users or between users and
tracts, e.g., healthcare [51], prediction markets [52], intelligent services. State Channels allow performing transactions and
transportation system [53], etc. other state updates off-chain, while still having full confi-
dence that they can revert back to the main-chain if necessary.
In addition, Plasma [58] can conduct off-chain transactions
V. F UTURE D EVELOPMENT T RENDS
by allowing for the creation of “child” Ethereum blockchains
In this section, we will introduce the future development attached to the main-chain while relying on the underlying
trends of smart contracts from three aspects, namely, formal blockchain to ground its security. Truebit21 makes it possible
to perform computationally expensive computations off-chain
18 Iotex. https://iotex.io/.
19 Exergy. https://exergy.energy/.
as a smart contract.
20 The Sun Exchange. https://thesunexchange.com/. 21 Truebit. https://truebit.io/.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
WANG et al.: BLOCKCHAIN-ENABLED SMART CONTRACTS: ARCHITECTURE, APPLICATIONS, AND FUTURE TRENDS 11
[19] M. Alharby and A. V. Moorsel, “Blockchain-based smart contracts: A [43] P. McCorry, S. F. Shahandashti, and F. Hao, “A smart contract for board-
systematic mapping study,” in Proc. Int. Conf. Artif. Intell. Soft Comput., room voting with maximum voter privacy,” in Proc. Int. Conf. Financ.
2017, pp. 125–140. Cryptography Data Security, 2017, pp. 357–375.
[20] K. Delmolino et al., “Step by step towards creating a safe smart contract: [44] A. B. Ayed, “A conceptual secure blockchain-based electronic voting
Lessons and insights from a cryptocurrency lab,” in Proc. Int. Conf. system,” Int. J. Netw. Security Appl., vol. 9, no. 3, pp. 1–9, 2017.
Financ. Cryptography Data Security, 2016, pp. 79–94. [45] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for
[21] D. Siegel. Understanding the DAO Attack. Accessed: Sep. 19, 2018. the Internet of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016.
[Online]. Available: https://www.coindesk.com/understanding-dao-hack- [46] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for
journalists/ IoT security and privacy: The case study of a smart home,” in Proc. IEEE
[22] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on Ethereum Int. Conf. Pervasive Comput. Commun. Workshops (PerCom Workshops),
smart contracts,” in Principles of Security and Trust. Heidelberg, 2017, pp. 618–623.
Germany: Springer, 2017, pp. 164–186. [47] A. Dorri, S. S. Kanhere, and R. Jurdak, “Towards an optimized
[23] P. Tsankov et al., “Securify: Practical security analysis of smart blockchain for IoT,” in Proc. ACM 2nd Int. Conf. Internet Things Design
contracts,” arXiv preprint arXiv:1806.01143v2, 2018. Implement., 2017, pp. 173–178.
[24] R. Qin, Y. Yuan, and F.-Y. Wang, “Research on the selection strategies [48] Y. Zhang et al., “Smart contract-based access control for the Internet of
of blockchain mining pools,” IEEE Trans. Comput. Soc. Syst., vol. 5, Things,” arXiv preprint arXiv:1802.04410, 2018.
no. 3, pp. 748–757, Sep. 2018. [49] The Energy Web Foundation. Promising Blockchain Applications
[25] T. Dickerson, P. Gazzillo, M. Herlihy, and E. Koskinen, “Adding con- for Energy: Separating the Signal From the Noise. Accessed:
currency to smart contracts,” in Proc. ACM Symp. Principles Distrib. Sep. 2, 2018. [Online]. Available: http://www.coinsay.com/wp-content/
Comput., 2017, pp. 303–312. uploads/2018/07/Energy-Futures-Initiative-Promising-Blockchain-Appli
[26] G. Greenspan. Why Many Smart Contract Use Cases Are cations-for-Energy.pdf
Simply Impossible. Accessed: Sep. 30, 2018. [Online]. Available: [50] F. Knirsch, A. Unterweger, and D. Engel, “Privacy-preserving
https://www.coindesk.com/three-smart-contract-misconceptions/ blockchain-based electric vehicle charging with dynamic tariff
[27] F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi, “Town crier: decisions,” Comput. Sci. Res. Develop., vol. 33, nos. 1–2, pp. 71–79,
An authenticated data feed for smart contracts,” in Proc. ACM SIGSAC 2018.
Conf. Comput. Commun. Security (CCS), Vienna, Austria, Oct. 2016, [51] Q. Xia et al., “MeDShare: Trust-less medical data sharing among
pp. 270–282. cloud service providers via blockchain,” IEEE Access, vol. 5,
[28] A. Juels, A. Kosba, and E. Shi, “The ring of Gyges: Investigating pp. 14757–14767, 2017. doi: 10.1109/ACCESS.2017.2730843.
the future of criminal smart contracts,” in Proc. ACM SIGSAC [52] S. Wang et al., “A preliminary research of prediction markets based
Conf. Comput. Commun. Security (CCS), Vienna, Austria, Oct. 2016, on blockchain powered smart contracts,” in Proc. IEEE Int. Conf.
pp. 283–295. Blockchain (Blockchain), Jul./Aug. 2018, pp. 1287–1293.
[29] U.S. Securities and Exchange Commission. Investor Bulletin: Initial [53] Y. Yuan and F.-Y. Wang, “Towards blockchain-based intelligent trans-
Coin Offerings. Accessed: Nov. 3, 2018. [Online]. Available: portation systems,” in Proc. IEEE 19th Int. Conf. Intell. Trans. Syst.
https://www.sec.gov/oiea/investor-alerts-and-bulletins/ib_coinofferings (ITSC), Rio de Janeiro, Brazil, 2016, pp. 2663–2668.
[54] S. Amani, M. Bégel, M. Bortin, and M. Staples, “Towards verifying
[30] T.-H. Chang and D. Svetinovic, “Improving bitcoin ownership identi-
Ethereum smart contract bytecode in Isabelle/HOL,” in Proc. 7th ACM
fication using transaction patterns analysis,” IEEE Trans. Syst., Man,
SIGPLAN Int. Conf. Certified Progr. Proofs (CPP), Los Angeles, CA,
Cybern., Syst., to be published. doi: 10.1109/TSMC.2018.2867497.
USA, Jan. 2018, pp. 66–77.
[31] A. Kosba, A. Miller, E. Shi, Z. K. Wen, and C. Papamanthou, “Hawk:
[55] Y. Hirai, “Defining the Ethereum virtual machine for interactive theorem
The blockchain model of cryptography and privacy-preserving smart
provers,” in Proc. Int. Conf. Financ. Cryptography Data Security, 2017,
contracts,” in Proc. IEEE Symp. Security Privacy (SP), San Jose, CA,
pp. 520–535.
USA, May 2016, pp. 839–858.
[56] E. Hildenbrandt et al., “KEVM: A complete formal semantics of the
[32] H. Watanabe et al., “Blockchain contract: A complete consensus using Ethereum virtual machine,” in Proc. IEEE 31st Comput. Security Found.
blockchain,” in Proc. IEEE 4th Glob. Conf. Consum. Electron. (GCCE), Symp. (CSF), 2018, pp. 204–217.
2015, pp. 577–578. [57] G. Roşu and T. F. Şerbănuţă, “An overview of the K semantic frame-
[33] J. Caytas, “Blockchain in the U.S. regulatory setting: Evidentiary work,” J. Logic Algebr. Program., vol. 79, no. 6, pp. 397–434, 2010.
use in Vermont, Delaware, and elsewhere,” in Columbia [58] J. Poon and V. Buterin. (2017). Plasma: Scalable Autonomous Smart
Science and Technology Law Review, 2017. [Online]. Available: Contracts. [Online]. Available: https://plasma.io/plasma.pdf
https://ssrn.com/abstract=2988363 [59] J. J. Zhang et al., “Cyber-physical-social systems: The state of the
[34] J. D. Hansen and C. L. Reyes, “Legal aspects of smart contract applica- art and perspectives,” IEEE Trans. Comput. Soc. Syst., vol. 5, no. 3,
tions,” Perkins Coie’s Blockchain Ind. Group, Seattle, WA, USA, White pp. 829–840, Sep. 2018.
Paper, May 2017. [60] F. Y. Wang, “Software-defined systems and knowledge automation:
[35] B. Marino and A. Juels, “Setting standards for altering and undoing A parallel paradigm shift from Newton to Merton,” Acta Automatica
smart contracts,” in Proc. Int. Symp. Rules Rule Markup Lang. Semantic Sinica, vol. 41, no. 1, pp. 1–8, 2015.
Web, 2016, pp. 151–166. [61] R. W. Rauchhaus, “Principal-agent problems in humanitarian interven-
[36] B. Ojetunde, N. Shibata, and J. Gao, “Secure payment system utilizing tion: Moral hazards, adverse selection, and the commitment dilemma,”
MANET for disaster areas,” IEEE Trans. Syst., Man, Cybern., Syst., to Int. Stud. Quart., vol. 53, no. 4, pp. 871–884, 2009.
be published. doi: 10.1109/TSMC.2017.2752203. [62] D. Wen, Y. Yuan, and X.-R. Li, “Artificial societies, computational exper-
[37] R. R. Bliss and R. S. Steigerwald, “Derivatives clearing and settlement: iments, and parallel systems: An investigation on a computational theory
A comparison of central counterparties and alternative structures,” Econ. for complex socioeconomic systems,” IEEE Trans. Services Comput.,
Perspectives, vol. 30, no. 4, pp. 22–29, 2006. vol. 6, no. 2, pp. 177–185, Apr./Jun. 2013.
[38] Australian Securities Exchange. CHESS Replacement. Accessed: [63] F.-Y. Wang, Y. Yuan, C. Rong, and J. J. Zhang, “Parallel blockchain:
Oct. 15, 2018. [Online]. Available: https://www.asx.com.au/services/ An architecture for CPSS-based smart societies,” IEEE Trans. Comput.
chess-replacement.htm Soc. Syst., vol. 5, no. 2, pp. 303–310, Jun. 2018.
[39] V. Gatteschi, F. Lamberti, C. Demartini, C. Pranteda, and V. Santamaria,
“Blockchain and smart contracts for insurance: Is the technology mature
enough?” Future Internet, vol. 10, no. 2, p. 20, 2018. Shuai Wang received the master’s degree in con-
[40] A. Peyton. (2017). Mizuho Trials Australia–Japan Trade Transaction trol engineering from the University of Chinese
on Blockchain. [Online]. Available: https://www.bankingtech.com/ Academy of Sciences, Beijing, China, in 2015.
2017/07/mizuho-trials-australia-japan-trade-transaction-on-blockchain/ He is currently pursuing the Ph.D. degree in
[41] J. L. de la Rosa et al., “On intellectual property in online open innovation social computing with the State Key Laboratory
for SME by means of blockchain and smart contracts,” in Proc. 3rd for Management and Control of Complex Systems,
Annu. World Open Innov. Conf. (WOIC), Barcelona, Spain, Dec. 2016, Institute of Automation, Chinese Academy of
pp. 1–16. Sciences, Beijing.
[42] H. Hou, “The application of blockchain technology in E-government His current research interests include social com-
in China,” in Proc. 26th Int. Conf. Comput. Commun. Netw. (ICCCN), puting, parallel management, blockchain, and smart
2017, pp. 1–4. contracts.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Liwei Ouyang received the bachelor’s degree in Xuan Han received the master’s degree in soft-
automation from Xi’an Jiaotong University, Xi’an, ware engineering from the University of Chinese
China, in 2018. She is currently pursuing the mas- Academy of Sciences, Beijing, China, in 2018.
ter’s degree in social computing with the State Key She is currently an Assistant Engineer with the
Laboratory for Management and Control of Complex State Key Laboratory for Management and Control
Systems, Institute of Automation, Chinese Academy of Complex Systems, Institute of Automation,
of Sciences, Beijing, China. Chinese Academy of Sciences, Beijing. Her current
Her current research interests include social com- research interests include theory of cryptography and
puting and blockchain. blockchain technology.