Konstantinos Karagiannis is what you would call a hands on CTO. One of his responsibilities at BT Americas is to try to hack financial applications and lately that has included the smart contracts — that is, an automated contract that is pre-programmed — that are the heart of a blockchain application. His opinion on the subject, smart contracts are not ready for prime time yet, but eventually will be.

First of all, they are very difficult if not impossible to change. “The tiniest mistake can be so costly,” he said. The danger of smart contracts that many programmers fall victim to, in Karagiannis’ view, is that smart contracts are read sequentially and if a critical piece is missing, the contract won’t run. “Every now and then I’ll see a team that gets it,” he says. “They have made their contracts super tiny and then they have them invoke over contracts to do subroutines.”

But perhaps more significantly, smart contracts are not necessarily secure, again depending on the programming. This may come as a surprise to anyone who has heard that one of blockchain’s advantages is its security. In time this will change, he predicts, as the model matures, but today Karagiannis says he is routinely able to hack smart contracts.

Related Article: Blockchain: 10 Questions To Ask Before Diving In

Not Ready For Use In The Business World

Karagiannis is not alone in his view. The industry has been rattled by at least one high profile breach that occurred in 2016 when a hacker exploited a vulnerability in Ethereum, causing the the Decentralized Autonomous Organization to lose about $150 million. The flaw was not in the blockchain platform, but rather in the smart contract, Gartner writes in a research note. “Etherium had done exactly what it was supposed to do, but a loophole in the smart contract code exposed the organization to a hack.”

Some of these issues are being addressed. For example, Parikshit Joshi, Lead, IoT and Data Science principal with Simform Solutions has a work around for the issue of not being able to change a smart contract once it goes live. “If you directly replace a smart contract with an upgraded one, you will lose all of your smart contract bound information from the blockchain,” he said. “We have been replacing developing smart contracts with modular smart contract development for this exact same reason. So, whenever we write a smart contract — let’s take the case of smart contracts built on top of Ethereum — we have modular.sol files that can be easily upgraded without losing any information. This has helped us in making smart contracts a reality.”

Related Article: Will Blockchain Disrupt ECM or Is it Just a Lot of Hype?

The Legal Issues

There are also significant legal issues that need to be resolved before smart contracts can be used in anything but the most rudimentary of applications, says Todd Kartchner at Fennemore Craig, P.C. “This limitation is based, at least in part, on their current inability to account for implied expectations or deal with unforeseen circumstances.”

Kartchner explains that US courts recognize a concept called the implied covenant of good faith and fair dealing, which is a presumption that contractual parties will deal with one another fairly and will not rob the other party of its rights to receive its anticipated contractual benefits. This is something that is implied in every contract despite not being expressly stated anywhere in its terms, he says. “With a smart contract, it is unclear as to how a self-enforcing agreement would account for an implied term like this,” he says.

Similarly, contractual disputes often arise over unexpected circumstances that were not intended or anticipated and that fundamentally alter the parties’ expectations, he continues. He gives the example of someone that agrees to sell a first edition of Ernest Hemingway’s For Whom the Bell Tolls with the author’s signature to someone else. The buyer is only interested in the book because it is autographed. Later it turns out that, unbeknownst to the seller, the signature was forged several decades earlier. “Under contract law, the buyer should be able to rescind or cancel the agreement,” Kartchner says. “At their current stage of development, it seems unlikely that parties would be able to account for all contingencies in a self-contained, self-executing smart agreement.”