Smart contracts handle significant amounts of value to optimise and replace existing centralised offerings. They are software programmes which automatically execute, control or document legally relevant events and actions. Until today, such smart contracts were perceived as insecure and unreliable by traditional financial market stakeholders, concerns that were coupled with a substantial lack of understanding about the possibilities such smart contracts would allow for.
At PwC Switzerland, we built a framework that allows us to create trustworthy smart contract environments for the traditional financial market and new incumbents from blockchain and fintech. As such, we’re pleased to announce that we’ve issued our first assurance report based on ISAE 3000 (revised) for smart contracts.
"Transparency and thus trust in smart contracts is crucial for users as well as regulators. Assurance reports are the instrument to provide this transparency and trust to the affected stakeholders."
The smart contracts assessed during our engagement are used to tokenise a multi-million-dollar real estate project. Regulated by the Thailand Securities and Exchange Commission, the tokens being issued represent ownership. To help the issuer company provide the required level of trust in their technical set-up and related security configuration to the regulator, we analysed the smart contracts specification and code to make sure that they are functioning as intended. Our framework for such assurance reports uses state-of-the-art techniques like formal verification and an in-depth analysis of the smart contracts code. We were able to highlight several weaknesses in both the technical specification and the code itself, all of which have been successfully addressed prior to the go-live.