We identify a subtle security issue that impacts the design of smart contracts caused by the fact that agents may themselves deploy smart contracts. Typically, equilibria of games are analyzed in vitro, under the assumption that players cannot arbitrarily commit to strategies. However, equilibria obtained in this fashion do not hold in general in vivo, when games are deployed on a blockchain. Being able to deploy side contracts changes fundamental game-theoretic assumptions by inducing a meta-game, specifically a Stackelberg game with multiple commitments, wherein agents strategize to deploy the best contracts. Not taking these commitment capabilities into account thus fails to capture an important aspect of deploying smart contracts in practice. A game that remains secure when the agents can deploy contracts is said to be Stackelberg resilient. We show that Stackelberg resilience can be computed efficiently for any two-player game of perfect information and show that it is hard to compute in general. We show that if a game is Stackelberg $k$-resilient, that is, resilient when there are $k$ contracts, it is also resilient when there are fewer contracts. We demonstrate the non-triviality of side contract resilience by analyzing two smart contracts for decentralized commerce from the literature. These contracts have the same intended functionality, but we show that only one is Stackelberg resilient. Our work highlights an issue that is necessary to address to ensure the secure deployment of smart contracts and suggests that other contracts already deployed on major blockchains may be susceptible to these attacks.

翻译：我们识别了一个影响智能合约设计的微妙安全问题，其根源在于智能体自身可以部署智能合约。通常，博弈均衡是在体外分析的，假设玩家无法任意承诺策略。然而，当博弈部署在区块链上时，以这种方式获得的均衡在体内通常不成立。能够部署侧合约通过引入一个元博弈（具体而言，是一种具有多重承诺的Stackelberg博弈）改变了基本的博弈论假设，其中智能体策略性地部署最优合约。因此，不考虑这些承诺能力无法捕捉到实践中部署智能合约的一个重要方面。当智能体能够部署合约时，一种保持安全的博弈被称为Stackelberg弹性。我们证明，对于任何完美信息的双人博弈，Stackelberg弹性可以高效计算，并表明一般情况下计算是困难的。我们证明，如果一个博弈是Stackelberg $k$弹性（即对$k$个合约具有弹性），则它对更少合约也有弹性。通过分析文献中两种去中心化商务的智能合约，我们展示了侧合约弹性的非平凡性。这些合约具有相同的预期功能，但我们证明只有一种是Stackelberg弹性。我们的工作强调了确保智能合约安全部署必须解决的一个问题，并表明主区块链上已部署的其他合约可能容易受到这些攻击。