We identify a subtle security issue that impacts the design of smart contracts, because agents may themselves deploy smart contracts (side contracts). Typically, equilibria of games are analyzed in vitro, under the assumption that players cannot arbitrarily commit to strategies. However, equilibria thus obtained do not hold in general in vivo, when games are deployed on a blockchain. Being able to deploy side contracts changes fundamental game-theoretic assumptions by inducing a meta-game wherein agents strategize to deploy the best contracts. Not taking side contracts into account thus fails to capture an important aspect of deploying smart contracts in practice. A game that remains secure when the players can deploy side contracts is said to be side contract resilient. We demonstrate the non-triviality of side contract resilience by analyzing two smart contracts for decentralized commerce. These contracts have the same intended functionality, but we show that only one is side contract resilient. We then demonstrate a side contract attack on first-price auctions, which are the transaction mechanisms used by most major blockchains. We show that an agent may deploy a contract ensuring their transaction is included in the next block at almost zero cost while forcing most other agents to enter into a lottery for the remaining block space. This benefits all the users, but is detrimental to the miners. This might be cause for re-evaluation of the use of auctions in transaction fee mechanisms. We show that the attack works under certain conditions that hold with high probability from natural distributions. The attack also works against the transaction mechanism EIP-1559. Our work highlights an issue that is necessary to address to ensure the secure deployment of smart contracts and suggests that other contracts already deployed on major blockchains may be susceptible to these attacks.

翻译：摘要：我们识别出一个影响智能合约设计的微妙安全问题，因为智能代理本身可以部署智能合约（侧合约）。通常，博弈均衡是在体外分析的，假设玩家无法任意承诺策略。然而，当博弈部署在区块链上时，通过这种方式获得的均衡在体内通常不成立。能够部署侧合约通过引入一个元博弈改变了基本的博弈论假设，其中代理策略性地部署最佳合约。因此，不考虑侧合约就无法捕捉到在现实中部署智能合约的一个重要方面。如果游戏在玩家可以部署侧合约时仍保持安全，则称其具有侧合约弹性。我们通过分析两个去中心化商务的智能合约来证明侧合约弹性的非平凡性。这些合约具有相同的预期功能，但我们表明只有一个是具有侧合约弹性的。接着，我们展示了对第一价格拍卖（大多数主要区块链使用的交易机制）的侧合约攻击。我们表明，代理可以部署一个合约，确保其交易几乎以零成本被包含在下一个区块中，同时迫使大多数其他代理为剩余区块空间进行抽签。这对所有用户都有利，但不利于矿工。这可能是重新评估交易费用机制中使用拍卖的原因。我们表明，在自然分布中高概率成立的某些条件下，该攻击有效。该攻击同样针对交易机制EIP-1559有效。我们的工作突出一个必须解决的问题，以确保智能合约的安全部署，并表明已在主要区块链上部署的其他合约可能容易受到这些攻击。