San Francisco Blockchain Week (SFBW) is imminent, and I wanted to share a bit about what I’ll be talking to developers about there (November 1st at 10am on the Technical Stage at the San Francisco Marriott Marquis).

Deciding to send a payment to a blockchain address can be nerve-racking. You think you’re getting something in return, but will you? You think you’ve looked at the contract code, but maybe you missed something. Contracts have bugs. If only there was a way to guarantee that the money that you send isn’t stolen. If you could guarantee that you would get what you wanted, or get a refund, that’d address much of your concern. That’s what we call “offer safety,” and it’s enforced in a new smart contract platform: a breakthrough JavaScript library we call Zoe.

At Agoric, our goal is to leverage the decentralized network to bring the world’s economy online. We do this by enabling developers to write safer, simpler smart contracts so individuals can cooperate safely with anyone, anywhere. Zoe is the fruit of decades of our collective work in programming languages, security models, and economics.

To explain Zoe, I will contrast it with what I characterize as the current, “low-level” status quo. By appreciating the benefits and shortcomings of the low-level status quo, we can learn how to improve safety in a decentralized world, and how to make it easier to participate in and facilitate that envisioned world. This will be the subject of my SFBW talk, and it is in essence why smart contracts are what blockchain needs.

Taking Stock of the Low-Level Status Quo

We have all seen the low-level user interfaces where instead of clicking buttons, you enter the hexadecimal address of the functions you would like it to invoke. Similarly, my “concert ticket”, instead of being an object with a venue and audio clips, is a random number like “CB45FDC374.” It’s like entering latitude and longitude for a location, instead of getting a link to a maps display with directions.

But much more important is the low-level way that transactions currently work. The business transactions and commerce in the crypto-economy are currently built with operations at the level, conceptually, of handing over a pointer to a low-level object. At this point, we hope that the code that runs at the other end — the code that runs completely out of touch with no accountability — is going to do the right thing. In the end, we hope the low-level approach gives you what you thought you negotiated for in the first place, whatever that may be.

Clearly, if your purview is evolving the world’s economy in full, the low-level approach isn’t up to the task. Of course, the low-level mechanisms are crucial, and our ERTP (Electronic Rights Transfer Protocol) captures those into an abstraction that lets you talk about them in an asynchronous world across chains and beyond. We’re not discarding the low-level. We’re building on it. Fundamentally, what the low-level approach really provides is a set of building blocks that can get us to entirely new dimensions of providing smart contracts.

There Are Many Sides to Every Contract

One of the key things about contracts is that they aren’t one-sided things: It’s what am I going to do? What are you going to do? And often what is some other party going to do? Smart contracts are code, where the behavior of the program enforces the terms of the contract. When we engage with contracts and in commerce, we don’t just send money or other assets, we have an expectation or requirement of what outcome we expect or require.

So, fundamental to the Zoe level of smart contracts is that exchanges, cooperation, and interactions are characterized in terms of “offers.” The key user action then is not “send something”; it’s “make an offer” with the terms and the assets: “I’ll pay 4 quatloos for 1 epic concert ticket (until Friday).” The assets go to Zoe rather than the unknown contract, and Zoe will only release them to the target contract when the terms of the offer are met. Otherwise Zoe returns my quatloos, independent of the behavior of the contract!

This is what we at Agoric call “offer safety”: I will either get my quatloos back, or I’ll get the concert ticket I was looking for. What I haven’t done is that I haven’t handed my quatloos to a strange contract on the network that I may or may not actually trust. “Offer safety” is just one of many of the essential safety properties inherent in Zoe. Like previous safety properties such as concurrency safety and type safety, these properties don’t eliminate all bugs, but they do take a big chunk of bugs off the table.

Simplifying an Async World

Similarly, Zoe also helps address the asynchronous challenges of the evolving digital world. Whether as a result of sharding, Cosmos zones, or chain interop via IBC, the economy of digital assets and online cooperation is necessarily asynchronous. But because Zoe first escrows the assets provided with an offer, contracts can have simple synchronous assurance that offered assets are available, even if the assets are remote on other chains. This approach keeps contracts simple, while preventing re-entrancy bugs, and uniformly supporting layer 1, layer 2, cross-chain, and off-chain assets.

How Zoe Changes Everything

By implementing Zoe, in contrast with the low-level approach, we have accomplished three key things:

  1. We provided new safety properties to each of the participants, protecting clients from smart contract misbehavior.
  2. We simplified contract construction by eliminating money handling boilerplate and absorbing platform asynchrony.
  3. We produced a much clearer expression for contracts of what their clients want, how they want it, what are the expiration terms, and more.

In other words, Zoe changes everything. We have evolved to a higher level for arranging cooperation and commerce.

Even the wallet experience has changed for the better. In low-level systems, wallets have a limited interaction with dApps, only allowing users to see balances and approve payments. In Zoe, rich dApp UIs can help you construct an offer you like. The wallet securely shows the offers for approval: “OK, so this is what they were proposing for the deal; do you want to do it or not?” And of course, with offer safety, if you say yes, you can be sure you get the deal or your assets back!

Now, it’s one thing to read a high-level overview like this blog post, and it’s another thing entirely to see Zoe in action. I’ll be doing a presentation of Zoe, running on our Tendermint/Cosmos-based testnet, at my SF Blockchain Week presentation. The talk is on November 1st at 10am on the Technical Stage at the San Francisco Marriott Marquis. I hope to see you there.

Dean Tribble is CEO and Co-Founder of Agoric. He designed the negotiation process and contract for the first smart contracting system, AMiX. As a Principal Architect at Microsoft, he designed the Midori distributed object-capability operating system. As founder and CTO for Agorics (acquired by Microsoft), he developed the brokerage information system for Schwab’s active traders, the WebMart system for electronic contracts, and the first electronic check project by the FSTC for the DoD. As CTO of VerifyValid and VP of Deluxe, Dean developed echeck systems that have carried billions of dollars. He is presently an active member of the TC39 (Javascript) standards committee.

Thanks for reading! You can join the Agoric community on TwitterTelegramLinkedIn, and catch us at these upcoming events.