> In that context, "smart contract" is just a way of saying that you're not relying on the promise of a third party to perform the refund—it's automatic
What if the code is malicious, and instead of auto refund it steals the money? I mean, not everyone would read the code to see what it really does, so what happens in that case?
That is a very good question that is the subject of a lot of denial. You might want to read about the DAO hack and the Parity wallet hack. You will notice there are two different possible outcomes: in the first case, some of the Ethereum founders were major victims, and they used their influence to persuade a majority of the miners to implement a 'hard fork' to essentially roll back the blockchain. In the second case, the victims do not appear to be well-connected, and it seems their missing ~$30M of Eth is irretrievably lost (and it is not clear to me that a second hard fork would be feasible at this point, regardless of who the victims are.)
Except that in real-world contract and criminal law, there are various mechanisms that attempt, with some degree of success, to dissuade fraudulent behavior and allow for some form of restitution. Blockchain currencies, on the other hand, have been promoted partly on the premise that they are free of this sort of governmental interference.
You can put anything in "real world" contracts (in a 'put words on the paper' sense), but there are things that would be considered illegal if brought to court. In a sense there are reasonable defaults. So if you sign without reading a contract that 'you sell your self as a slave to me' this contract would have no power because slavery is illegal.
But real world contracts are never 100% clear, and can be modified retroactively in court when their terms violate the law, are vague, or are otherwise deemed unenforceable.
Unless the attacker is careless enough to reveal his identity, or puts his ill-gotten gains at risk of being hacked back, or the victims are Ethereum foundation members, your chances of restoration are slim to none.
Yes. If one party makes a mistake, or does something underhanded/surreptitious, you have no recourse. This exact situation (a bug in the DAO contract leading to a malicious actor stealing from the DAO) led to the recent Ethereum fork: https://news.ycombinator.com/item?id=14819268
Which is just my point. It's not that no means of recourse exists outside the contract code; it's that there exists no option between zero and global thermonuclear war. The broad range of subtleties that contract law has developed to answer complex situations, and the option to exercise judgment in those cases not yet captured by precedent, is completely absent in Ethereum, because the people who designed it saw no reason why any such thing should be needed.
Unfortunately, that they failed to see it doesn't mean it isn't so, and now every new conflict among blockchain participants is an exciting new opportunity to reinvent another piece of several hundred years' worth of too hastily discarded prior art.
We did devalue the dollar against the gold standard significantly in 1934. Not entirely unlike a "fork", since it's a declaration that, whoops, your dollars are now worth 40% less gold than you thought.
In 1931 Britain floated the pound, which arguably the US ought to have done too. Suddenly, your paper is no longer convertible to gold at a fixed rate. That's an even more dramatic change than the Ethereum fork.
More accurately - judges and lawyers interpret law, contract and otherwise. This sort of interpretation is explicitly ruled out in Ethereum's case, except when enough stakeholders decide it's not.
One approach is that contracts can be associated with their hash. It is a bit silly for everyone to be writing the same smart contract over and over, with some versions being erroneous or malicious. So instead of having to run a potentially malicious contract, you are given a hash that points to one of a few different smart contracts that are known to be safe. The community has "white listed" a bunch of these known contracts and their hashes, so you are relatively safe using any contracts in these lists. Most miners in various cryptocurrencies will only run code that is on their communities version of the whitelist. Of course this only helps with some issues, not all.
*edit: and this is not ethereum specific. This approach was one way bitcoin tried to solve the problem and it has spread to most other cryptocurrencies I believe.
There's no good solution for that problem yet. It's still in some sense better than centralized trust, because you can in principle understand the contract code. But we need to develop much better tools for auditing. Fortunately that's a really fun and interesting problem to work on!
What if the code is malicious, and instead of auto refund it steals the money? I mean, not everyone would read the code to see what it really does, so what happens in that case?