| Group of smart contract risks | Meaning/Description | Source |
| Transparency in the context of corporate governance | To be understood as a digital public ledger of time-stamped transactions that is available for every participant in the blockchain network. All transactions are recorded in the blockchain and any transaction can be visited by the eligible user on the network and can verify the validity of any transaction. Therefore, all transactions are visible, accessible and auditable to everyone who is entitled to perform it. The risk is if the code is not translated to be visible or auditable to stakeholders, which might imply a lack of trust in the entire system | [16] [40] [41] |
| IT Security | A cryptographically secured transaction is possible due to cryptography science and allows the protection of sensitive information either in storage or communication. The use of the hash function allows a digital fingerprint on the block created in the blockchain. The hash function is also time-stamped, which provides additional security design. One block or transaction cannot be erased, copied, replaced or changed once it is registered in the blockchain. The risk is the cyberattacks or hackers trying to destroy, manipulate, disrupt or change the private blockchain environment and its smart contract. That might happen with the temporary suspension or even shutdown of the system in case of a cyberattack. It can incur financial losses, cause a lack of confidence in the system and identity disclosure | [2] [3] [15] [17] [42] [43] |
| Automation | The smart contract is the translation of the traditional contract to a programming language. Thus, the terms and conditions are machine-readable, enforcing agreed upon rules previously established and agreed in consensus among all the involved parties without the requirement of any hierarchical power structure, i.e., self-executing smart contracts if conditions are satisfied. It will imply an instantaneous settlement, effectively eliminating counterparty risk. Consequently, the process can be classified as automated. However, the parties can determine the extent of the automation process. It was proposed to have three levels: 1) fully automated, 2) semiautomated and 3) little automated. | [1] [3] [44] |
| Legality | It refers to the legal perspective. The agreed terms and conditions translated to a machine-readable form are possible due to a specific programming language such as Ethereum, avoiding human misinterpretation of contract terms which might lead to a dispute between parties. The smart contract shall encompass all legal agreements made in consensus among the parties. Additionally, it shall respect the applicable laws and regulations regarding the government, society, and organization where the digital contract will be established. There will be a risk if the initial legal framework translated to a machine programming language does not comprehend all necessary rules which would impact the overall system validity. The expected outcomes must be extensively discussed and approved by everyone who is impacted by them. | [22] [23] [24] [39] |