WhyManySmartContractUseCasesAreSimplyImpossible - kukgini/blockchain GitHub Wiki

Why Many Smart Contract Use Cases Are Simply Impossible ์š”์•ฝ

์Šค๋งˆํŠธ ์ปจํŠธ๋ž™ํŠธ์— ๋Œ€ํ•œ 3๊ฐ€์ง€ ์˜คํ•ด์ค‘ ์ฒซ๋ฒˆ์งธ Contaxting external services ๊ฐ€ ์˜ค๋ผํด์ด ํ•„์š”ํ•œ ์ด์œ ๋ฅผ ์„ค๋ช…ํ•œ๋‹ค.

Often, the first use case proposed is a smart contract that changes its behavior in response to some external event. For example, an agricultural insurance policy which pays out conditionally based on the quantity of rainfall in a given month.

์Šค๋งˆํŠธ ์ปจํŠธ๋ ‰ํŠธ๊ฐ€ ์™ธ๋ถ€ ์‚ฌ๊ฑด์— ๋”ฐ๋ผ ๋‹ค๋ฅธ ํ–‰๋™์„ ํ•˜๋„๋ก ํ•œ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด ๋†์—… ๋ณดํ—˜์ด ๊ทธ๋‹ฌ์˜ ๊ฐ•์ˆ˜๋Ÿ‰์— ๊ธฐ๋ฐ˜ํ•˜์—ฌ ์ง€๋ถˆ๋˜๋Š” ๊ฒฝ์šฐ.

The imagined process goes something like this: The smart contract waits until the predetermined time, retrieves the weather report from an external service and behaves appropriately based on the data received.

์ƒ์ƒํ•œ ํ”„๋กœ์„ธ์Šค๋Š” ์ด๋Ÿด ๊ฒƒ์ž„: ์Šค๋งˆํŠธ ์ปจํŠธ๋ž™ํŠธ๊ฐ€ ์ •ํ•ด์ง„ ์‹œ๊ฐ„๋™์•ˆ ์™ธ๋ถ€ ์„œ๋น„์Šค์—์„œ ๋‚ ์”จ ๋ฆฌํฌํŠธ๋ฅผ ๋ฐ›๊ณ  ๋‚˜์„œ ๋ฐ›์€ ๋ฐ์ดํ„ฐ๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ์ ์ ˆํžˆ ํ–‰๋™ํ•œ๋‹ค.

This all sounds simple enough, but itโ€™s also impossible. Why? Because a blockchain is a consensus-based system, meaning that it only works if every node reaches an identical state after processing every transaction and block.

์•„์ฃผ ์‰ฌ์›Œ ๋ณด์ด์ง€๋งŒ ๋ถˆ๊ฐ€๋Šฅํ•˜๋‹ค. ์™œ๋ƒํ•˜๋ฉด ๋ธ”๋ก์ฒด์ธ์€ ์ปจ์„ผ์„ ์Šค ๊ธฐ๋ฐ˜ ์‹œ์Šคํ…œ์ด๊ธฐ ๋•Œ๋ฌธ. ์ด๋ง์€ ๋ชจ๋“  ๋…ธ๋“œ๊ฐ€ ํŠธ๋žœ์ ์…˜๊ณผ ๋ธ”๋ก์„ ์ฒ˜๋ฆฌํ•œ ํ›„ ๋™์ผํ•œ ์ƒ๋Œ€์— ๋„๋‹ฌํ•ด์•ผ๋งŒ ์‹œ์Šคํ…œ์ด ๋™์ž‘์„ ํ•œ๋‹ค๋Š” ๊ฒƒ์ด๋‹ค.

Everything that takes place on a blockchain must be completely deterministic, with no possible way for differences to creep in. The moment that two honest nodes disagree about the chainโ€™s state, the entire system becomes worthless.

๋ธ”๋ก์ฒด์ธ์—์„œ ์ผ์–ด๋‚˜๋Š” ์ผ์€ ๊ฒฐ์ •๋ก ์ ์ด์–ด์•ผ ํ•จ. ๋‘ ๋…ธ๋“œ๊ฐ€ ์ฒด์ธ์˜ ์ƒํƒœ์— ๋‹ค๋ฅธ ์˜๊ฒฌ์„ ๊ฐ€์ง€๋ฉด ์ „์ฒด ์‹œ์Šคํ…œ์€ ์“ธ๋ชจ์—†์–ด์ง.

Now, recall that smart contracts are executed independently by every node on a chain. Therefore, if a smart contract retrieves some information from an external source, this retrieval is performed repeatedly and separately by each node. But because this source is outside of the blockchain, there is no guarantee that every node will receive the same answer.

๋ชจ๋“  ๋…ธ๋“œ์—์„œ ์Šค๋งˆํŠธ ์ปจํŠธ๋ ‰ํŠธ๋Š” ๋…๋ฆฝ์ ์œผ๋กœ ์‹คํ–‰๋จ์„ ์ƒ๊ธฐํ•˜์ž. ๊ทธ๋Ÿฌ๋ฏ€๋กœ ๋งŒ์•ฝ ์Šค๋งˆํŠธ ์ปจํŠธ๋ ‰ํŠธ๊ฐ€ ์™ธ๋ถ€ ์ž์›์„ ์กฐํšŒํ•˜๋ฉด ์ด๊ฒƒ์€ ๋ชจ๋“  ๋…ธ๋“œ์—์„œ ๋ฐ˜๋ณตํ•ด์„œ ์‹คํ–‰๋  ๊ฒƒ์ด๋‹ค. ํ•˜์ง€๋งŒ ์ด ์ •๋ณด๊ฐ€ ๋ธ”๋ก์ฒด์ธ ๋ฐ–์—์„œ ๋“ค์–ด์˜ค๋ฏ€๋กœ ๋ชจ๋“  ๋…ธ๋“œ๊ฐ€ ๊ฐ™์€ ๋‹ต์„ ๋ฐ›์•„์˜จ๋‹ค๋Š” ๋ณด์žฅ์ด ์—†๋‹ค.

Perhaps the source will change its response in the time between requests from different nodes, or perhaps it will become temporarily unavailable. Either way, consensus is broken and the entire blockchain dies.

์•„๋งˆ ์†Œ์Šค๋Š” ์‹œ๊ฐ„์— ๋”ฐ๋ผ ๋ฐ”๋€”๊ฒƒ์ด๋‹ค. ๋˜๋Š” ์ผ์‹œ์  ์žฅ์• ๊ฐ€ ๋ฐœ์ƒํ•  ์ˆ˜๋„ ์žˆ๋‹ค. ์–ด๋Š์ชฝ์ด๋˜ ์ปจ์„ผ์„ ์Šค๋Š” ๋ง๊ฐ€์ง€๊ณ  ์ „์ฒด ๋ธ”๋ก์ฒด์ธ์€ ์ฃฝ๋Š”๋‹ค.

So, whatโ€™s the workaround? Actually, itโ€™s rather simple. Instead of a smart contract initiating the retrieval of external data, one or more trusted parties (โ€œoraclesโ€) creates a transaction which embeds that data in the chain. Every node will have an identical copy of this data, so it can be safely used in a smart contract computation. In other words, an oracle pushes the data onto the blockchain rather than a smart contract pulling it in.

ํšŒํ”ผํ•  ๋ฐฉ๋ฒ•์€? ๋‹จ์ˆœํ•˜๋‹ค. ์Šค๋งˆํŠธ ์ปจํŠธ๋ž™ํŠธ๊ฐ€ ์™ธ๋ถ€ ์ž์›์„ ๊ฐ€์ ธ์˜ค๋Š” ๋Œ€์‹ , ์‹ ๋ขฐํ•  ์ˆ˜ ์žˆ๋Š” ์ œ3์ž ์ฆ‰, ์˜ค๋ผํด ์ด ๋ฐ์ดํ„ฐ๋ฅผ ํŠธ๋žœ์ ์…˜์— ๋‹ด์•„ ๋ฐ€์–ด ๋„ฃ์–ด ์ฃผ๋Š” ๊ฒƒ์ด๋‹ค. ๋ชจ๋“  ๋…ธ๋“œ๋Š” ๋™์ผํ•œ ๋ฐ์ดํ„ฐ ์‚ฌ๋ณธ์„ ๊ฐ€์ง€๋ฏ€๋กœ ์Šค๋งˆํŠธ ์ปจํŠธ๋ž™ํŠธ์—์„œ ์•ˆ์ „ํ•˜๊ฒŒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค.

When it comes to smart contracts causing events in the outside world, a similar problem appears. For example, many like the idea of a smart contract which calls a bankโ€™s API in order to transfer money. But if every node is independently executing the code in the chain, who is responsible for calling this API?

์Šค๋งˆํŠธ ์ปจํŠธ๋ž™ํŠธ๊ฐ€ ์™ธ๋ถ€ ์„ธ๊ณ„ ์‚ฌ๊ฑด์˜ ์›์ธ์ธ ๊ฒฝ์šฐ, ๋น„์Šทํ•œ ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•จ. ์˜ˆ๋ฅผ ๋“ค์–ด, ์Šค๋งˆํŠธ ์ปจํŠธ๋ž™ํŠธ๊ฐ€ ์€ํ–‰ API ๋ฅผ ํ˜ธ์ถœํ•˜์—ฌ ๋ˆ์„ ์ „์†กํ•˜๋Š” ์•„์ด๋””์–ด๋ฅผ ์ข‹์•„ํ•œ๋‹ค. ํ•˜์ง€๋งŒ, ๋ชจ๋“  ๋…ธ๋“œ๊ฐ€ ๋…๋ฆฝ์ ์œผ๋กœ ์‹คํ–‰๋œ๋‹ค๋ฉด ๋ˆ„๊ฐ€ API ํ˜ธ์ถœ์˜ ์ฑ…์ž„์ด ์žˆ๋Š”๊ฐ€?

If the answer is just one node, what happens if that particular node malfunctions, deliberately or not? And if the answer is every node, can we trust every node with that APIโ€™s password? And do we really want the API called hundreds of times? Even worse, if the smart contract needs to know whether the API call was successful, weโ€™re right back to the problem of depending on external data.

๋งŒ์•ฝ ํ•œ ๋…ธ๋“œ๋ผ๊ณ  ํ•œ๋‹ค์น˜๋ฉด, ๊ทธ ํŠน์ • ๋…ธ๋“œ๊ฐ€ ์˜๋„์ ์ด๋˜ ์•„๋‹ˆ๋˜ ๊ฐ„์— ์˜ค์ž‘๋™ ํ•˜๋ฉด ์–ด์ฉŒ๋‚˜? (์ฆ‰, ๋น„์ž”ํ‹ด ๋…ธ๋“œ์ด๋ฉด ์–ด์ฉŒ๋‚˜?) ๋งŒ์•ฝ ๋ชจ๋“  ๋…ธ๋“œ๋ผ๊ณ  ์น˜๋ฉด, ๋ชจ๋“  ๋…ธ๋“œ์˜ API ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ๋ฏฟ์–ด์•ผ ํ•ด? ๊ทธ๋ฆฌ๊ณ  API ๊ฐ€ ์ˆ˜๋ฐฑ๋ฒˆ ํ˜ธ์ถœ๋˜๋„๋ก ๋‚ด๋ฒ„๋ ค ๋‘˜๋ž˜? ๋” ์ตœ์•…์€ API ์‹คํ–‰์ด ์„ฑ๊ณตํ–ˆ๋Š”์ง€ ํ™•์ธํ•˜๋Š” ๊ณผ์ •์ด ์™ธ๋ถ€ ์ž์›์— ์˜์กดํ•˜๋Š” ์•„๊นŒ ๊ทธ ์ƒํ™ฉ์œผ๋กœ ๋˜๋Œ์•„ ๊ฐ„๋‹ค.

As before, a simple workaround is available. Instead of the smart contract calling an external API, we use a trusted service which monitors the blockchainโ€™s state and performs certain actions in response. For example, a bank could proactively watch a blockchain and perform money transfers which mirror the on-chain transactions. This presents no risk to the blockchainโ€™s consensus because the chain plays an entirely passive role.

์•„๊นŒ์™€ ๋งˆ์ฐฌ๊ฐ€์ง€๋กœ ๋‹จ์ˆœํ•œ ํ•ด๋ฒ•์ด ์žˆ๋‹ค. ์Šค๋งˆํŠธ ์ปจํŠธ๋ž™ํŠธ๊ฐ€ ์™ธ๋ถ€ API ๋ฅผ ํ˜ธ์ถœํ•˜๋Š” ๋Œ€์‹  ๋ธ”๋ก์ฒด์ธ์˜ ์ƒํƒœ๋ฅผ ๋ชจ๋‹ˆํ„ฐํ•˜๋‹ค๊ฐ€ ํ•„์š”ํ•œ ํ–‰์œ„๋ฅผ ํ•˜๋Š” ๋ฏฟ์„๋งŒํ•œ ์„œ๋น„์Šค๋ฅผ ์ด์šฉํ•˜๋Š” ๊ฒƒ์ž„. ์˜ˆ๋ฅผ ๋“ค์–ด ์€ํ–‰์ด ๋Šฅ๋™์ ์œผ๋กœ ๋ธ”๋ก์ฒด์ธ์„ ๋ณด๊ณ  ์žˆ๋‹ค๊ฐ€ ๋ˆ์„ ์ „์†กํ•  ์ˆ˜ ์žˆ๋‹ค. ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด ๋ธ”๋ก์ฒด์ธ์ด ์ˆ˜๋™์ ์ธ ์—ญํ• ์„ ํ•˜๋ฏ€๋กœ ์ปจ์„ผ์„ ์Šค์— ์•„๋ฌด ์œ„ํ—˜์„ ์ดˆ๋ž˜ํ•˜์ง€ ์•Š์Œ.

Looking at these two workarounds, we can make some observations.

์ด ๋‘๊ฐ€์ง€ ์ž”๋จธ๋ฆฌ๋ฅผ ๋ณด๊ณ  ์žˆ์ž๋‹ˆ ๋‹ค์Œ ๋ช‡๊ฐ€์ง€๋ฅผ ๊ด€์ธกํ•  ์ˆ˜ ์žˆ์Œ.

First, they both require a trusted entity to manage the interactions between the blockchain and the outside world. While this is technically possible, it undermines the goal of a decentralized system.

๋‘˜์งธ, ๋‘˜ ๋‹ค ๋ธ”๋ก์ฒด์ธ๊ณผ ์™ธ๋ถ€ ์‹œ์Šคํ…œ ์‚ฌ์ด์— ๋ฏฟ์„ ๋งŒํ•œ ๋ˆ„๊ตฐ๊ฐ€๊ฐ€ ์žˆ์–ด์•ผ ํ•จ. ์ด๊ฒŒ ๊ธฐ์ˆ ์ ์œผ๋กœ ๊ฐ€๋Šฅํ•˜๊ธด ํ•˜์ง€๋งŒ, ํƒˆ์ค‘์•™ํ™”๋Š” ํ›ผ์†ํ•˜๋Š” ๊ฒƒ์ž„.

Second, the mechanisms used in these workarounds are straightforward examples of reading and writing a database. An oracle which provides external information is simply writing that information into the chain. And a service which mirrors the blockchainโ€™s state in the real world is doing nothing more than reading from that chain. In other words, any interaction between a blockchain and the outside world is restricted to regular database operations.

๋‘˜์งธ, ๋‘˜ ๋‹ค ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค๋ฅผ ์ฝ๊ณ  ์“ฐ๋Š” ๊ฐ„๋‹จํ•œ ๊ฒƒ์ž„. ์™ธ๋ถ€ ์ •๋ณด๋ฅผ ์ œ๊ณตํ•˜๋Š” ์˜ค๋ผํด์€ ๊ทธ์ € ์ •๋ณด๋ฅผ ์ฒด์ธ์— ์“ฐ๋Š” ๊ฒƒ์ž„. ๋ธ”๋ก์ฒด์ธ์˜ ์ƒํƒœ๋ฅผ ๋ฐ˜์˜ํ•˜๋Š” ์„œ๋น„์Šค๋Š” ์ฒด์ธ์„ ์ฝ๋Š” ๊ฒƒ ์ผ ๋ฟ์ž„. ๋‹ค์‹œ ๋งํ•˜๋ฉด, ๋ธ”๋ก์ฒด์ธ๊ณผ ์™ธ๋ถ€ ์‹œ์Šคํ…œ ๊ฐ„ ์ƒํ˜ธ์ž‘์šฉ์ด๋ž€ ์ผ๋ฐ˜์ ์ธ ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค ๊ธฐ๋Šฅ์œผ๋กœ ์ œํ•œ๋จ.