Smart Contracts, Business Logics, Upgrades and Security


Thinking about business logic and smart contracts ...

Every smart contract on Ethereum implements a business logic. Mostly the logic is trivial, like a token, which can be transfered from one party to another. In some cases complex business logics have been tried. But complexity in a smart contract increases security risks. An example was the DAO, but there are many more.

It seems like love's labour lost trying to pack any kind of business logic in a smart contract. It is impossible to predict how market actors behave and represent all this in a smart contract. The DAO for example did not only fail because it was hacked - its business logic was flawed, so that the organisation was unable to even come close to the voting quotes needed to decide an investment of its funds.

To be able to represent real business logics, a smart contract must be able to be updated to react on what people do. This can be done with Ethereum. Researching it I found two posts, written in 2018:


I don't know if this is all to know about it. But it seems to introduce more complexity and the interaction between several smart contracts. This causes further security issues. An example is the hack of parity's multisig contract, which used a script stored on another smart contract. When the auxiliary contract was killed by a bug, all funds in the multisig contract where frozen. Making a smart contract upgradable allows to render the business logic, but it just puts the problem to another contract,

This smells like one of those solutions where the solutions creates another problem, and you find yourself in a unfinite loop of fixing the problems birthed by the solutions. At very least, creating tokens and smart contracts requires a lot more human resources, which could be spent better to create business cases.

By separating business logic and smart contract, Tokenscript cuts the Gordian Knot. It allows to represent complex business logics, without increasing the security risk of a smart contract, and it enables the releaser of a token to upgrade its business logic without introducing more complexity and insecurities.