The Corda paradigm
Corda smart contracts define what you can’t do, not what you can.
The normal programming paradigm is that in a given context you have a set of available functions that take inputs and produce outputs. Other Blockchains, for example Ethereum, use this approach: what you can do with a Solidity smart contract is defined by the methods which are made available to the user of the smart contract.
Corda smart contracts work in a different way. Corda lets the creator of the transaction do what ever they want as long as it conforms to the rules set out in the Contract class. This approach gives massive flexibilty for the CorDapp developer, but that flexibility shouldn’t necessarily be passed on to the user of the Smart Contract as it can increase the risk of misuse.
In the extreme case, if the contract class verify() function is empty the transaction can contain anything. This might be fine depending on what your CorDapp is doing, but, for example, it’s not fine if the security of the CorDapp assumes that your counterparty can’t change the price that they are agreeing to pay for the goods you are shipping them when, because of a lack of adequate constraints, they can.
So if the actions that a smart contract user can take need to be limited, which is most cases, then the smart contract designer needs to have confidence that the constraints in the smart contract adequately box in the user.
The structure provided by CDL aims to help the Smart Contract designer make sure there are no ‘Holes in the Fence’ which unwanted behaviour can slip through.
Was this page helpful?
Thanks for your feedback!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.
We're sorry this page wasn't helpful. Let us know how we can make it better!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Create an issue
Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.