Blockchain Smart Contracts Part 3: Deployment and Integration With Existing Information Technology Systems

It can be challenging to integrate blockchain smart contracts with existing (legacy) IT systems. Although standard software development and implementation practices are relevant, there are also special considerations pertaining to blockchain smart contracts. Blockchain smart contracts do not replace legacy systems; rather, they are tools with many potential benefits that can be added to the existing IT infrastructure.

As the adoption of blockchain smart contracts spreads, libraries of standard templates are becoming prevalent. These libraries reduce the cost of smart contract adoption and are available through the Linux Foundation’s Hyperledger projects,¹ among other sources, as described in the article “Blockchain Smart Contracts, Part 2, Applications and Recommendations.”² These templates and open-source libraries are good starting points for any enterprise looking to take advantage of the many benefits of blockchain smart contracts.

Blockchain smart contracts do not replace legacy systems; rather, they are tools with many potential benefits that can be added to the existing IT infrastructure.

Pre-Implementation of Smart Contract Technology: Architecture Choices

Before integrating smart contracts into legacy systems, an enterprise must identify which architectural components and functions of smart contracts need to be standardized and which components need to be individualized.³ There are multiple architecture factors to consider when implementing a blockchain smart contract solution, specifically with regard to the legacy IT domain.

Immutability and Data Feeds
Smart contracts cannot be changed once they have been deployed on distributed ledgers; thus, they are commonly referred to as immutable systems.^4, 5 This immutability makes having a pre-implementation strategy even more important for a blockchain smart contract system than for a traditional IT system. The blockchain’s architecture imposes this immutability, which allows secure executions of smart contracts through both public and private interfaces with the blockchain. These public and private interfaces allow access to data feeds by public external stakeholders, permitting them to validate transactions on the blockchain while still providing the level of privacy and security required by best business practices and financial regulators. System requests between operating smart contracts on a blockchain and other components operating off the blockchain can be sent and received with confidence via these public or private interfaces. These interfaces allow more traditional centralized Internet software systems, including cloud services, to interact almost natively with decentralized blockchain systems in a safe, secure manner.⁶

Determining which oracles should be trusted can be done through economic incentives, trusted execution environments or decentralized organizational hierarchy.

On-Chain, Off-Chain and Hybrid Deployments
Common types of distributed computational architectures include on-premises computational resources (e.g., mainframes), off-premises computational resources (e.g., the cloud) and hybrid systems. Similarly, “on chain” refers to data stored directly on the blockchain (nodes), and “off chain” refers to data stored off the blockchain; “hybrid,” in the context of blockchain, refers to some combination of the two modes. Software to solve blockchain smart contract implementation issues is emerging, but in terms of enterprise-ready deployment options, it is still in its infancy compared to cloud resources.⁷

Use of the on chain, off chain and hybrid vocabulary is essentially an extension of the traditional enterprise cloud literature and can be found in the open source Hyperledger Fabric documentation. Hyperledger Fabric is a platform built on blockchain-based distributed ledger technology (DLT) designed for enterprise and governmental contexts.⁸ One significant difference compared with traditional cloud software providers (e.g., IBM, Microsoft Azure, Amazon Web Services [AWS], Google Cloud Platform [GCP]) is that blockchain smart contract software is almost always open source, such as the Hyperledger Foundation projects established under the Linux Foundation and governed by a technical committee of diverse participants from various enterprises worldwide.^{9, 10}

Oracles: Linking On Chain and Off Chain
Oracles, which are data feeds that act as a bridge between legacy systems and blockchain smart contracts or similar applications, might be the answer to integrating blockchain technology with traditional centralized technology operations.¹¹ Oracles retrieve data from external systems and deliver them to their specified blockchain network, acting as secure blockchain middleware.¹² An oracle is not the data source itself, but a layer that queries, verifies and authenticates the data it receives from external sources and then relays those data. Some oracles are physical Internet of Things (IoT) devices, such as hardware that tracks global positioning system (GPS) coordinates or weather, and others are intangible and consist only of software. To call the data from these oracles, one must invoke a smart contract and spend blockchain network resources, which are verified and governed by the blockchain network participants. At the enterprise level, older legacy systems or non-blockchain systems may be connected bidirectionally to blockchain smart contracts via oracles.¹³

Some oracles may operate partly on a blockchain network and partly outside that same blockchain network, but every step of an oracle process requires constant validation so that the validity of the blockchain network is never compromised.¹⁴ Oracles operate via methods such as application programming interfaces (APIs), which allow different sets of software to communicate or interact through other data feeds. Using the API method, oracles must retrieve data only from highly verifiable APIs and be able to show proof of the trustworthiness of that data source whenever needed. For example, when determining a product’s market price, a network of oracles that supports access to authenticated data sources, credential management capabilities and multiple layers of security defense should be employed.¹⁵

In summary, because smart contracts cannot execute software outside the context of their delegated blockchains, oracles (trusted third parties) give smart contracts the ability to interact with the external world through their smart contract inputs and outputs. Oracles solve many of the inherent obstacles of data connectivity when deploying a blockchain smart contract and are, therefore, indispensable for the practical use of such smart contracts.¹⁶ Determining which oracles should be trusted can be done through economic incentives, trusted execution environments or decentralized organizational hierarchy.

Special attention to regulatory, legal, security and privacy concerns is warranted when integrating smart contracts with legacy IT or auditing systems.

Benefits and Challenges Compared to Legacy Systems

Smart contracts can play essential roles in replacing legacy systems by changing how operations are completed. The benefits of smart contracts include:

• Secure transactions—Smart contracts use a decentralized network consisting of nontrusting parties to check on one another, ascertain that each transaction is carried out properly and ensure consensus regarding transaction status.¹⁷
• Reduced transaction costs—Unlike legacy systems, smart contracts are self-regulating and thus minimize the reliance on existing institutions and third-party enforcement mechanisms, thereby facilitating economic exchange.¹⁸
• Real-time transactions—With the increased use of digital payments, the need for foolproof remittance has grown. Smart contracts facilitate the payment process and allow the real-time, secure, authenticated and accurate transfer of funds, accelerating the speed of business processes and reducing turnaround time.¹⁹
• Enhanced transparency—In many industries, the management of traditional contracts takes up excessive time and resources. Smart contracts automate the management of transactions, allowing instantaneous payment from buyers to sellers, increasing transparency and reducing opportunities for fraud.²⁰
• Gains for enterprises and consumers—Financial institutions experience economic gains from better risk management, reduced operating costs and enhanced coordination. Enhanced automation reduces operational risk, costs and physical documentation.²¹
• Internet of Things—Smart contracts applied to the IoT can reduce costs by eliminating intermediaries and handling property transfers to any person or entity worldwide. This innovation will have a substantial global economic impact.²²

Although there are many benefits, there are also unique challenges in integrating legacy systems and new blockchain smart contract systems.^{23, 24, 25} Special attention to regulatory, legal, security and privacy concerns is warranted when integrating smart contracts with legacy IT or auditing systems. Although smart contract software development tools are improving, they have not achieved the utility of traditional software tools. Therefore, smart contract software will continue to be difficult to edit and modify after deployment.²⁶

What Is Next

Blockchain smart contracts are evolving rapidly, but there are two conceptual areas that could limit their widespread adoption: scale and speed. Both are currently active areas of research.

Scalability
Every blockchain network configuration has its own scalability and performance issues because of differences between public and private and permissioned and permissionless blockchain networks, as discussed in “Blockchain Smart Contracts, Part 1, Introduction for Accounting and Auditing Professionals.”²⁷ Bitcoin is a public and permissionless blockchain network widely considered to have a scalability issue regarding transaction throughput.^{28, 29} Ethereum, in contrast, can be deployed as a public and permissioned blockchain and is known to have scalability issues surrounding node communications and data storage.^{30, 31}

For most enterprises that require modern security standards, a better option might be private and permissioned blockchains. The Hyperledger Foundation’s Fabric project is one example of private and permissioned blockchain software, and it exists under an open-source Apache License 2.0.³² Given the centralized nature of most governments, enterprises and nonprofit organizations, and given the scalability, communication and overall performance benefits of private and permissioned blockchains over public and permissionless blockchains, there are reasons to consider the private and permissioned blockchain architecture.^{33, 34}

Sharding
Having a subset of nodes means that transactions are operated in parallel (simultaneously), so the load on the primary node is divided among a set of subnodes. This process, called “sharding,” helps avoid scalability issues and enhances the performance of smart contract applications while maintaining system security.³⁵ Sharding is an area of active research and may not solve all scalability issues. Numerous sharding designs have been proposed that improve the scalability, latency and throughput of smart contract–based blockchain systems.^{36, 37}

With smart contracts, no modifications—in the traditional editing sense—can be made after deployment.

Implementation of Smart Contract Technology

Once architecture choices, desired business outcomes and other pre-implementation issues have been resolved, the next step is building the software to create and deploy the blockchain smart contract system.

Software Development
One of the best open source implementations of smart contract technology for private and permissioned blockchains is Hyperledger Fabric, which is known for its flexibility and extensibility, as it is designed with a modular architecture.³⁸ Hyperledger Fabric is used in various industries, including finance, healthcare, insurance and banking, and it is one of the standards for enterprise blockchain platforms.³⁹ There is a well-established group of early adopters and a support system for enterprises led by IBM, Microsoft, Intel, JP Morgan and many other Fortune 500 companies that are subsidizing the Hyperledger Fabric open source project.^{40, 41}

Hyperledger Fabric is one of the first DLTs built to support smart contracts developed using programming languages that are familiar to IT professionals such as Java, Node.js (JavaScript) and Go. Other smart contract applications have been created using domain-specific languages, but because Hyperledger Fabric uses general-purpose programming languages, enterprises that already have resources in these general-purpose programming languages need little additional workforce training.⁴²

Automated Bug Detection
There are numerous methods to identify bugs and other problems in smart contracts before and after deploying them. A smart contract’s bytecode (e.g., on the Ethereum Virtual Machine or on Solidity smart contracts) is commonly translated into intermediate programming languages to detect any potential issues or bugs.⁴³ However, the intermediate language applied to interpret smart contracts must also be validated for equivalence with the high-level smart contract programming language, such as a general-purpose programming language.⁴⁴ The numerous conceptual methods, along with software tools to perform the functions (with examples provided from the Ethereum blockchain network), include:

• Program (static) analysis—Methods include control flow graphs, decompilers for smart contract bytecode, transaction history-based tools and source code-level analysis. This is one of the most applicable areas of development, so there are many software tools. For example, SmartCheck, Slither, RemixIDE, Vandal and MadMax are static analysis security tools for Ethereum-deployed smart contracts.^{45, 46} In addition, Symbolic execution is a subtype of static analysis, and Mythril and Oyente are popular symbolic execution tools for smart contracts.⁴⁷
• Fuzzing—This is automatic testing through random, unexpected or invalid data input into the smart contract, usually via its normal data input path. Fuzzing can detect unwanted behavior or outcomes (e.g., failures, crashes, permission errors) from smart contracts. There are many fuzzing tools available, including ContractFuzzer and sFuzz.⁴⁸
• Formal verification—This includes methods that rely on mathematics to prove or disprove the correctness of any system. Formal verification tools that have some overlap with fuzzing include KEVM and ZEUS.⁴⁹
• Machine learning—Methods based on machine learning to maintain and identify issues in smart contracts can predict and label vulnerabilities and security issues in a programmatic fashion. There are many machine learning-based software tools, such as S-gram and Structural Code Embedding.⁵⁰
• Emerging methods—Other methods usually have the goal of automatically generating secure and bug-free smart contracts or checking previously developed smart contracts for vulnerabilities or errors.⁵¹ Tools such as instant patching have become important because smart contracts are always online. Some researchers have proposed an automated EVMPatch framework that patches faulty smart contracts instantaneously.⁵²

Post-Implementation of Smart Contract Technology

In the traditional software development life cycle, the long-term maintenance phase plays an important role in identifying bugs and making changes to accommodate evolving needs. With smart contracts, no modifications—in the traditional editing sense— can be made after deployment. This creates new post-deployment maintenance challenges for smart contract-based applications that require a new set of software tools. Although smart contracts cannot be modified once they are deployed, by using the DelegateCall software function, one contract can utilize or execute the code of another contract, thereby bypassing the previous contract. Using free software tools such as OpenZeppelin, enterprise developers can create these upgradable smart contracts with just a few lines of code.⁵³ Software such as OpenZeppelin helps enterprises reduce the risk of vulnerabilities through the use of standard, community-reviewed code and extensive open-source libraries for blockchain smart contract development.⁵⁴

Generally, to modify any smart contract-based applications, there are two options:

1. Self-destruct functions—This function can delete the old smart contract and deploy a new smart contract.
2. Upgradable smart contracts—Blockchain smart contract systems must be able to update their functions to deal with dynamic business environments—that is, they must be upgradable. This is an area of active research, and there are currently two main methods of upgrading smart contracts: redeployment and proxy smart contracts, with examples open sourced on the Ethereum blockchain.^{55, 56}

Several libraries of open-source software tools are available to help implementers analyze, debug and maintain smart contract applications.

However, neither option fulfills all the requirements of the smart contract maintenance phase. In addition, some customers or participants may react negatively to a self-destruct function that could destroy a smart contract at any time.⁵⁷

Conclusion

There are many challenges in integrating blockchain smart contracts into legacy systems, but there are numerous potential benefits as long as early adopters understand and address those challenges and limitations. Several libraries of open-source software tools are available to help implementers analyze, debug and maintain smart contract applications. It is essential that accounting, auditing and IT management professionals make informed decisions regarding their enterprises’ adoption of smart contracts.

Endnotes

¹ Sahu, M.; “Top 15 Hyperledger Projects to Drive Blockchain Adoption,” UpGrad, 6 January 2021, https://www.upgrad.com/blog/hyperledger-projects-to-drive-blockchain-adoption/
² Smith, S. Z.; A. Garcia; “Blockchain Smart Contracts, Part 2, Applications and Recommendations,” ISACA^® Journal, vol. 4, 2022, https://www.isaca.org/archives
³ Sillaber, C.; B. Waltl; H. Treiblmaier; U. Gallersdörfer; M. Felderer; “Laying the Foundation for Smart Contract Development: An Integrated Engineering Process Model,” Information Systems and E-Business Management, vol. 19, 2020, https://doi.org/10.1007/s10257-020-00465-5
⁴ Crosby, M.; P. Nachiappan Pattanayak; S. Verma; V. Kalyanaraman; “Blockchain Technology: Beyond Bitcoin,” Applied Innovation Review, vol. 2, 2016
⁵ Liu, M.; K. Wu; J. J. Xu; “How Will Blockchain Technology Impact Auditing and Accounting: Permissionless Versus Permissioned Blockchain,” Current Issues in Auditing, vol. 13, iss. 2, 2019, p. A19–A29, https://doi.org/10.2308/ciia-52540
⁶ Fahmideh, M. et al.; “Software Engineering for Blockchain-Based Software Systems: Foundations, Survey, and Future Directions,” arXiv, 2021, http://arxiv.org/abs/2105.01881
⁷ Ducasse, S.; H. Rocha; S. Bragagnolo; M. Denker; C. Francomme; “Smartanvil: Open-Source Tool Suite for Smart Contract Analysis,” Blockchain and Web 3.0, Routledge, UK, 2019
⁸ Eckard, J.; J. Cuomo; “Storage for Blockchain and Modern Distributed Database Processing,” IBM, 2019, https://www.ibm.com/blogs/blockchain/2019/02/storage-for-blockchain-and-modern-distributed-database-processing/
⁹ AllCode, “Hyperledger Fabric Software Development,” 2021, https://allcode.com/hyperledger-fabric/
¹⁰ Op cit Sahu
¹¹ Egberts, A.; “The Oracle Problem: Analysis of How Blockchain Oracles Undermine the Advantages of Decentralized Ledger Systems,” SSRN, 2019, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3382343
¹² Shukla, S. N. P.; Bridging the Governance Gap: Interoperability for Blockchain and Legacy Systems, World Economic Forum, Switzerland, December 2020, https://www3.weforum.org/docs/WEF_Interoperability_C4IR_Smart_Contracts_Project_2020.pdf
¹³ Beniiche, A.; “A Study of Blockchain Oracles,” arXiv, 2020, https://doi.org/10.48550/arxiv.2004.07140
¹⁴ Op cit Shukla
¹⁵ Ibid.
¹⁶ Op cit Egberts
¹⁷ Nzuva, S.; “Smart Contracts Implementation, Applications, Benefits, and Limitations,” Journal of Information Engineering and Applications, vol. 9, iss. 5, 2019, https://www.researchgate.net/publication/336369143_Smart_Contracts_Implementation_Applications_Benefits_and_Limitations
¹⁸ World Bank Group, Smart Contract Technology and Financial Inclusion, USA, 2020, https://documents.worldbank.org/pt/publication/documents-reports/documentdetail/710151588785681400/smart-contract-technology-and-financial-inclusion
¹⁹ Xu, Y.; H. Y. Chong; M. Chi; “A Review of Smart Contracts Applications in Various Industries: A Procurement Perspective,” Advances in Civil Engineering, 2021, https://www.hindawi.com/journals/ace/2021/5530755/
²⁰ Ibid.
²¹ Op cit World Bank Group
²² Harder, F.; “The Impact of Smart Contracts on Transaction Costs in Financial Markets,” 2017, https://essay.utwente.nl/74074/1/Harder_MA_Business%20Administration.pdf
²³ Allison, I.; “Deloitte, Libra, Accenture: The Work of Auditors in the Age of Bitcoin 2.0 Technology,” International Business Times UK, 18 August 2015, https://www.ibtimes.co.uk/deloitte-libra-accenture-work-auditors-age-bitcoin-2-0-technology-1515932
²⁴ Dai, J.; “Three Essays on Audit Technology: Audit 4.0, Blockchain, and Audit App,” Rutgers University, New Brunswick, New Jersey, USA, 2017, https://rucore.libraries.rutgers.edu/rutgers-lib/55154/PDF/1/play/
²⁵ Dai, J.; M. A. Vasarhelyi; “Toward Blockchain-Based Accounting and Assurance,” Journal of Information Systems, vol. 31, iss. 3, 2017, p. 5–21, http://140.116.51.3/chinese/faculty/shulc/courses/cas/articles/Toward%20blockchain-based%20accounting%20and%20assurance.pdf
²⁶ Op cit Shukla
²⁷ Smith, S. Z.; A. Garcia; “Blockchain Smart Contracts, Part 1: Introduction for Accounting and Auditing Professionals,” ISACA Journal, vol. 4, 2022, https://www.isaca.org/archives
²⁸ Khan, D.; L. T. Jung; M. A. Hashmani; “Systematic Literature Review of Challenges in Blockchain Scalability,” Applied Sciences, vol. 11, iss. 20, 2021, p. 9372, https;//doi.org/10.3390/app11209372
²⁹ Singh, A. et al.; “Public Blockchains Scalability: An Examination of Sharding and Segregated Witness,” In Blockchain Cybersecurity, Trust and Privacy, Springer, Switzerland, 2020
³⁰ Malik, H.; A. Manzoor; M. Ylianttila; M. Liyanage; “Performance Analysis of Blockchain Based Smart Grids with Ethereum and Hyperledger Implementations,” 2019 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), USA, 2019, https://ieeexplore.ieee.org/document/9118072
³¹ Chen, J.; X. Xia; D. Lo; J. Grundy; X. Yang; “Maintenance-Related Concerns for PostDeployed Ethereum Smart Contract Development: Issues, Techniques, and Future Challenges,” Empirical Software Engineering, vol. 26, iss. 6, 2021, p. 1–44
³² Hyperledger Foundation, “An Overview of Hyperledger Foundation,” October 2021, https://www.hyperledger.org/wp-content/uploads/2021/11/HL_Paper_HyperledgerOverview_102721.pdf
³³ Scherer, M.; “Performance and Scalability of Blockchain Networks and Smart Contracts,” DiVA Portal, 2017, https://www.diva-portal.org/smash/get/diva2:1111497/FULLTEXT01.pdf.10
³⁴ Op cit Sahu
³⁵ Op cit Scherer
³⁶ Tao, Y. et al.; “On Sharding Open Blockchains With Smart Contracts,” 2020 IEEE 36^th International Conference on Data Engineering (ICDE), USA, 2020, https://ieeexplore.ieee.org/document/9101451
³⁷ Wang, Y.; J. Li; W. Liu; A. Tan; “Efficient Concurrent Execution of Smart Contracts in Blockchain Sharding,” Security and Communication Networks, 2021, https://doi.org/10.1155/2021/6688168
³⁸ Ma, C.; X. Kong; Q. Lan; Z. Zhou; “The Privacy Protection Mechanism of Hyperledger Fabric and Its Application in Supply Chain Finance,” Cybersecurity, vol. 2, iss. 1, 2019, p. 1–9
³⁹ IBM, “What Is Hyperledger Fabric?” 2021, https://www.ibm.com/topics/hyperledger
⁴⁰ Op cit Scherer
⁴¹ Op cit Sahu
⁴² Androulaki, E. et al.; “Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains,” Proceedings of the 13^th EuroSys Conference, USA, 2018
⁴³ Grishchenko, I.; M. Maffei; C. Schneidewind; “Foundations and Tools for the Static Analysis of Ethereum Smart Contracts,” International Conference on Computer Aided Verification, Springer, Switzerland, 2018
⁴⁴ Jiao, J.; “Automatic Program Analysis and Verification and Their Applications in Smart Contracts,” Nanyang Technological University, Singapore, 2021, https://dr.ntu.edu.sg/handle/10356/147268
⁴⁵ Gupta, B. C.; “Analysis of Ethereum Smart Contracts—A Security Perspective,” Indian Institute of Technology, Kanpur, India, 2019, https://security.cse.iitk.ac.in/node/142
⁴⁶Op cit Chen
⁴⁷ Vivar, A. L.; A. T. Castedo; A. L. S. Orozco; L. J. G. Villalba; “An Analysis of Smart Contracts Security Threats Alongside Existing Solutions,” Entropy, vol. 22, iss. 2, February 2020, http://doi.org/10.3390/e22020203
⁴⁸ Op cit Chen
⁴⁹ Ibid.
⁵⁰ Ibid.
⁵¹ Ibid.
⁵² Rodler, M.; W. Li; G. O. Karame; L. Davi; “EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts,” 30^th USENIX Security Symposium (USENIX Security 21), 2021
⁵³ Op cit Chen
⁵⁴ Pierro, G. A.; R. Tonelli; “Analysis of Source Code Duplication in Ethereum Smart Contracts,” 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), USA, 2021, https://ieeexplore.ieee.org/document/9426068
⁵⁵ Op cit Chen
⁵⁶  Lohr, M.; S. Peldszus; “Maintenance of LongLiving Smart Contracts,” CEUR Workshop Proceedings, 2020, http://ceur-ws.org/Vol-2581/emls2020paper3.pdf
⁵⁷ Ibid.

SAMUEL SMITH

Is a Ph.D. candidate at the University of Nevada, Reno (Nevada, USA), and is associated with its Center for Cybersecurity. He has extensive IT experience as a full-time employee, management consultant and researcher for Bank of America, Microsoft, AT&T and the US National Science Foundation. His research interests include artificial intelligence, blockchain, security and distributed systems.

ANDY GARCIA | PH.D., CPA

Has worked for a global accounting firm and a Fortune 500 company as an international auditor. He is a professor at Bowling Green State University (Ohio, USA) and has authored papers published in the ISACA^® Journal, the International Journal of Accounting and Information Management, Research on Professional Responsibility and Ethics in Accounting, the Journal of Accounting Education and Internal Auditing. He can be reached at https://www.linkedin.com/in/samuelzsmith/.