Simplifying Smart Contracts To My Web2 Developer Friend

You'll find out how they work and how prone to attack they are.

D: Please o, I am taking this web3 course and this guy is simply trying to explain what smart contracts are, and as much as I am trying to wrap my head around it .. it’s looking “blehhh”

Can you explain it in simpler terms, sir?

M: Hehehehe, you've caught the web3 bug too, like what I seeeee!

Let me use what you already know to explain it.

You know how you write JS, Typescript and React to execute an action on the Web, yeah?

That's exactly what Smart contract is for; to execute an action on the Web.

The only difference is that your familiar web2 codes are executed on the centralised platforms (like Chrome, safari, etcetera ― centralised because a singular entity controls the data and they can do whatever they want with it. E.g. sell it)

Smart contracts are only executed on the blockchain network. Which means, it is decentralized (because the blockchain network is decentralized). A singular entity does not control it. The data and interactions obtained from the execution of Smart contracts can not be sold because it is not controlled by a singular entity. Plus, it is public and transparent.

If it is public and transparent, it is nonsensical to try to sell it. Because yo, I can see this thing online myself, what do you mean you want to sell it to me???

Also, the reason why you almost always hear "solidity" whenever you hear "smart contract" is because it is one of the top programming languages for writing it. There are a couple more like Rust, Vyper, Cairo, etc.

Let me know if you get this analogy, then we can track from there later.

D: I think this explanation makes sense

I am following, please proceed.

M: Great! Proceeding …

To execute a command on Web2 (be it setting up an account on a social app, creating an app of your own, connecting with an API to build an app, executing financial transactions, OTPs, USSD codes..., in short, everything that has to do with interconnectivity on Web2) there has to be an underlying source code that runs it. So it is with Web3, and these codes are encoded in smart contracts.

The underlying source code of everything that runs on Web3 is in smart contracts. Whether it is in creating NFTs, connecting with a virtual machine, building a dApp (decentralized application), or building a DAO (decentralized autonomous organization1), they are all encoded in a smart contract source code.

Source codes are also available on the blockchain network and anybody can read through them. Although some features and key things might be made private for security purposes.

D: hmmmm, makes sense, but the takeaway is that once a smart contract is deployed, it cannot be altered, it just continues to operate like that, yeah?

M: Technically, that is correct.

However, some smart contracts are configured to be upgradable per time. But before any upgrade is done, every stakeholder (including the creator, the users, the members, etc) must have a consensus on the said upgrade before it is added. Because it is decentralized, the decision-making process could be by public voting. If it passes, the upgrade is deployed. If not (perhaps it doesn't serve the full interest of all stakeholders), it doesn't pass.

The actual takeaway is that once it is deployed, it can't be taken off the blockchain network. If it no longer serves its original purpose, it can only be left alone, abandoned.

D: that makes sense, 'cos I was wondering how it keeps up with trends and all of that.

M: Like Quality Assurance Testers, there are Smart Contract Auditors too. Their job is to ensure that there are no loopholes and errors in smart contracts before they are deployed because once they are deployed, (without upgradeable features) "o ti lo permanently niyan oo."

D: ?? it’s like making an irreversible mistake

M: Yeaaah, correct!

D: How prone to attack are they? how many smart contracts have you heard were attacked successfully?

M: It's not very frequent but when they happen, boy, they are always very baaaaddd, costly. Like people lose millions and millions of dollars. There was one read of that that happened in 2016, The DAO Hack. About 3.6 million Ether ($60 million at the time) was siphoned. There was another in 2018, the Parity Multisig Wallet Hack. About 150,000 Ether ($30 million at the time) was exploited due to a vulnerability in the smart contract.

Also, there are other forms of attack on DAOs not directed at the smart contract but would impact it still. Like social engineering (doing internal work) or human error (when executing transactions). It requires very detailed attention because once you execute anything, it cannot be reversed.

People have even sent millions of dollars to the wrong addresses before lmao.

D: ahhh. these stories are crazyy

I get the idea of smart contracts now.?

thank you idolo, "aa ma ri yin ba o" ????

M: ?? "amin baba, eseun" ?? . Catch you on Telegram!

Glossary:

• "o ti lo permanently niyan oo" translated from the Yoruba language as "it is gone permanently"
• "aa ma ri yin ba o" translated from the Yoruba language as “We’ll continue to meet you when we come looking”
• "amin baba, eseun" translated from the Yoruba language as "Amen, father. Thank you” Of course, he’s not a father (yet) but it’s a subtle way of reciprocating respect as he’s earlier addressed me as “idolo” (web3 slang for idol)"
• I created a Telegram group for Web2 developers who want to get into Web3 dev. Come access a network of like-minded learners & earners. Click here to join