One of the questions that often comes up in discussions about Ethereum is how to earn money with developing dapps, when anyone can just copy the contract code, remove or lower the fee and deploy it as their own. While this is a legitimate question, I don’t think that it is limited to blockchain code only. No technology prevents you in principle from removing the copy-protection code of the latest photo editing software and just selling your own copies.

Of course you can use law enforcement to prevent people from copying your code, but a much stronger force, network effects, usually kicks in even before law enforcement: People trust you to create good software because it worked for them in the past and they give you money not only for compensating your efforts but also because they want you to keep improving the software.

The interesting fact is that Turing-complete blockchains like Ethereum can be used to leverage this model in a trustless way:

Take the viewpoint of an AI-controlled DAO that lives on the Ethereum blockchain. As a simple example, let us assume that at some point, it uses a publicly-available library to compute the square root of a number. The DAO has some funds available and because one of its main goals is self-improvement, it wants to reduce the gas usage of this library. So it decides to post a bounty to the Ethereum software development market to create an improved version of the square root function. Some developer picks up the task, improves the function, deploys it to the network and claims the bounty.

I would say this is a viable business model: People get paid for the work they do and after their work is finished, it is available for anyone to use. The challenging task is how to perform the software quality assurance and bounty payout in a fully automated and trustless way. The DAO might use Oraclize and Amazon Mechanical Turk to check that the contract actually does what it claims, but we can even go a bit further:

The developer hands over the software to a code-verification contract together with the “job description” the DAO initially posted to the software development market. This job description consists of the mathematical property that sqrt(x)*sqrt(x) = x should be true for all x (actually it should only be “close enough” to x if it is not a square, but you get the idea) and that executing it should not cost more than y gas. The code-verification contract can now either use formal methods to verify these conditions or ask the general public to come up with some input that violates the condition, because once such an input is known, the condition can be easily checked. In both situations, code has to be executed (formal verification is just running a specific program). For that, the Ethereum computation market can be used to perform the

computation off-chain in a trustless way. As an interesting side note, even if verification is done off-chain, and even if it is done in an interactive way to make it cheaper, it might be necessary to implement an EVM-interpreter inside the EVM, a task that could be fun in itself. An initial attempt (that does not perform gas metering) can be seen below. Such an interpreter or code analysis tool could also be useful for other things: It would allow a smart contract to check simple facts about other contracts, like that they will not forward the Ether sent to them (because they do not contain any of the CALL opcodes) or that a library does not modify the calling contract’s storage because it does not contain any CALL or SSTORE opcodes.

Now that we have a Turing-complete blockchain, we should also make use of its Turing-completeness! Let us create contracts that inspect other contracts and move verification on the blockchain — why do we need blockchain explorers to perform source code verification, what keeps us from creating a contract that checks that some source code compiles to a specific bytecode this in a trustless way?