My thoughts on the debate currently occurring in the Ethereum community over The DAO hack

in #ethereum5 years ago

I felt like sharing my opinions on the hardfork or no-hardfork debate happening in the Ethereum community now as a result of the hack on The DAO. I think the particular choice to make should depend on the values the Ethereum community wishes to continue with for their smart contract platform. I'm not actually part of that community and it is not my intention to push my values onto that community with this post. What I will say is that in a DApp or smart contract platform built and used by people sharing my values, this debate would ideally be a settled issue for the community well before any hack even occurred: agree to hardfork to fix bugs to match the intent behind DApps. In fact, that platform would ideally be designed from the beginning to easily handle the eventuality that all DApp code will have bugs that will require human consensus to fix with a hardfork.

As you can probably tell from the above, the "iron will of immutable code" argument never really appealed to me. I think reducing ambiguity in contracts is important, and automating the execution of contracts where possible is useful and efficient. But it will never be possible to resolve all ambiguity in the intent of the deal made by all parties of a contract, and it will never be feasible to perfectly translate that intent to a programming language. And I think living in a world where intent isn't considered at all in contract execution is a silly world given how infeasible it is to write code that perfectly executes what all parties wanted; it would just scare people away from using "smart" contracts in the first place. So I think some sort of backup human-based dispute resolution process is necessary for a system to gain any serious traction. I'd prefer the "judge" for that process to be decentralized and also agreed to a priori by all the contract parties.

In the case of fully independent blockchains, the ultimate judge (ignoring any possible legal requirements/restrictions imposed) are the people using the blockchain. They choose which fork of the blockchain they wish to continue using (and therefore which is the one that retains the economic value in its core tokens). However, to make the process of reaching social consensus on a fork easier on them, they might just go along with the fork chosen by the dynamic decentralized group responsible for producing blocks and maintaining blockchain consensus (e.g. majority witnesses in DPoS systems, or majority miners in PoW systems). And in the case of a DPoS system, their views are in a sense being represented in that choice anyway, since they voted in the people in that dynamic decentralized group and can change their vote at any time if they don't like their decisions. The platform can also have more formal processes of gauging stakeholder preferences directly for more controversial (and less urgent) hardfork changes.

In the case of a DApp running on a sidechain, the multisig authority holding the assets/tokens needed for the DApp could act as the judge. But they could also delegate judgement to some other dynamic group whose membership rules were codified (as a simpler program that should be less likely to have bugs) a priori for the DApp; and, if even the simpler delegated judge program had a severe bug, then the multisig asset custodian authority would act as the backup judge. These judges would be the ones to ultimately decide on the hardfork to carry on with, where the decision is based on the intent behind the contact/DApp they are executing. Their incentive to make the judgement in this manner is to keep a good reputation with users for future business as witnesses/custodians for sidechains (and perhaps also to avoid legal liabilities they would likely face if they were to blatantly disregard the common sense intent of the contract/DApp).

Okay, but what do I think should be done in the particular case of Ethereum and The DAO? I don't know. On one hand, the only common understanding that existed before people entered into any Ethereum smart contract is that there would be no judges for dispute arbitration (e.g. in the case where the "smart" contract execution deviated from the intent of the contract). People bought into The DAO while seemingly subscribing to the (IMHO misguided) notion of the "iron will of immutable code." Under this philosophy, it is wrong for any soft or hard forks to be used to thwart the "attacker" (attacker is in quotes because under this philosophy it is logically inconsistent to consider the person who exploited/activated the recursive-split vulnerability/feature to be an attacker or thief). So in that case, The DAO token holders just need to eat the loss. A white hat hacker could still try to exploit the same hack (and use other clever hacks like the stalker attack) to try to mitigate the damage by saving some of the funds and/or pressuring the "attacker" into cutting a deal to return some of the ETH. (Note: Even under this common understanding by the Ethereum community for entering into Ethereum smart contracts, it doesn't mean a court ruling would be aligned with this philosophy. Who knows what a court would rule if it actually came down to that. Also, I am not a lawyer and none of this is legal advice anyway.)

On the other hand, people did (or should) know that the blockchain consensus rules means that the majority of miners get to decide on which fork to follow. So it is perfectly valid for them to all hardfork Ethereum to whatever they like. And people who disagree with that fork can also create their own Ethereum fork (perhaps the fork with the original rules) that maintains their values. But in that case they would need to tweak the consensus PoW algorithm to be different from the other fork and hope other miners don't try to take over their fork (or even better switch to PoS and not worry about those kinds of mining attacks, although it is too early to try to rush into a large technical change like that). Obviously it would be pretty bad for Ethereum's network effect and thus future success if there was such a large split in their user base. There is a strong incentive for the community to reach consensus and go one way or the other (hardfork to return ETH to The DAO token holders, or don't and find some other solution which likely involves The DAO token holders taking a huge loss). The only reason this should not be done is if there is truly a large and irreconcilable philosophical divide in the community on the nature of smart contracts and whether intent should matter, in which case it may be best to just split Ethereum according to those values now and get it over with before it leads to more problems later on. Now if the community does decide it is more important to stand together rather than split (which I believe they will), there is the big question of which side will win the debate (hardfork or no hardfork?). Who knows the answer to that, but what I can say as someone who doesn't have stake in that ecosystem is that it sure is interesting and fun to watch this debate unfold from the sidelines.

My prediction is that they go through with the hardfork because that seems to be the position that influential and critical members (people like Vitalik, and many core devs and researchers) currently hold. And currently the (still nascent) project is too dependent on these people to risk losing them to a fork. Some might say this indicates that Ethereum isn't actually decentralized. My thoughts are that claim is a little bit unfair, but also not really incorrect. Decentralization isn't black and white. Ethereum certainly isn't completely centralized, but in these early stages of the technology it is normal to expect it to not be very (politically) decentralized either. Decentralization is a process that can happen over time.


The reason I'm opposed to forking comes from the bold claims they made before. The DAO stated explicitely that only the code counts, and any other agreement beyond that is invalid. Vitalik said the DAO has nothing to do with ETH, and it's run by private individuals on their own risk.
The "only the code counts" made me stay away from it, because I couldn't tell if it were bug free. Imo investors should learn their lesson the hard way, like most of us did at some point during our time in crypto.

Yeah, the word "immutable" was plastered all over ETH roll out so it all felt really pathetic for them to back track.

Also if meat-bags can intervene then why don't I just go to a normal real life company? Why am I doing all this stupid messing around unless this completely eliminate the gatekeepers?

Here's the terms and conditions for the creation of the DAO. They ruled out compensation for a situation like this. This is a terrible precedent if they really fork.

The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation.

It's a great precedent, showing that the community rejects that sort of nonsensical bluster.

Great balanced views. That's a good point about the difficulty in writing a code that perfectly executes the intent of all parties possibly scaring away people from "smart" contracts. It would have been great if these types of issues had reached consensus before the first major hack, especially since they seem like fundamental issues to the platform.

Thanks for writing this, arhag, and saving me a lot of time! I've been so annoyed by the "immutability of code" posts, a concept which to me as a programmer is a total joke, and I thought I would be forced to write a post to point out how just devastating this would be to the crypto movement if we took this as a guiding principle.

We can all be so happy to have CNX and blocktrades on our forefronts who understand the ecosystem, the needs and the economics.

I was also glad to see that Dan once mwntioned that anything done by the code that is not specified as such is considered a bug which will be fixedby a hard fork no matter what ..

This makes crystal clear (at least to me) that Plasma is the way to go.

I don't get it. Why is it a joke?
What you advocate is having some sort of "supreme court" capable of overriding the outcome of a smart contract. For some people this is an acceptable necessity and that's fine. But for others it is not the case - they prefer the risk of bugs instead of having the risk of someone freezing or confiscating their funds for whatever reason. For many this was the main motive attracting them to the crypto-space, e.g. this post on Reddit:

Historically "code as law" is the main selling point of smart contracts. Without that guarantee, there would be no point to using them. You might as well just use PayPal or eBay or Kickstarter for example, because they are able to serve human interests better when you make a mistake. You can cancel payments you made in error, you can make chargebacks if you are unhappy, you can launch a dispute resolution process. And these platforms have much more experience fighting scammers and fraudsters. They also have access to some of the finest legal systems around.

Reasonable people don't expect any guarantee that a smart-contract is free of bugs. For those less reasonable there should be a clear clause in terms & conditions which explicitly states that there might be unintended bugs in the code and in an extreme situation you might lose all your funds. The DAO creators fucked it up because they failed to add this warning and instead they hyped the whole thing.

EDIT: Actually there is appropriate clause in the Risk section of the DAO explainer:

  1. Risk of Security Weaknesses in The DAO’s Software
    The DAO concept is both experimental in nature and unproven. There is a risk that, as an open source project, any contributor to The DAO’s software could introduce weaknesses or bugs into the DAO software, causing the loss of DAO tokens or ETH in one or more or even all of the DAO Token Holder’s accounts.

It's a joke because the action of complex code is not predictable enough, especially when it's new code. Bugs inevitably exist in all complex software, and deciding to abide by those bugs rather than fixing them and achieving a reasonable outcome is not an improvement over current forms of human cooperation.

As a simple example, imagine what would have happened in bitshares if the first time the blockchain stalled due to a bug, everyone said "well, that's what the code did, so we have to live with it. All your bitshares are gone...".

Sure, the the ethereum guys overhyped this whole "code is law" thing, this is a common practice in advertising, unfortunately. It's usually referred to as "puffery" here in the USA, since it's generally accepted that advertisers overhype their claims, whereas in some countries you're not even allowed to compare your products to others.

But the underlying mechanism by which all crypto holds its value is a shared agreement by the users of that cryptocurrency. Anyone, at any time, can submit an alternate version of any crypto client that operates under different rules from the existing one, and if that person can persuade enough people to transition to his new client, the majority of the "value" of that cryptocurrency will move to his client operating under those rules, since all the value is really based on the actions of people who treat the coin as having value.

I think you are mixing up two things: fixing a bug is not the same as reversing cash-flows that occurred before the bug was fixed. There were many bugs in BitShares but never any transaction was reversed by a hardfork. Those who gained profits (or loss) due to a bug were rightfully allowed to keep it.

Even in traditional legal systems, if there is a loophole in a bill passed by a parliament, and some people take advantage of it before the bill is amended, is it common practice to confiscate the money they've gained?

"rightfully" is a value judgement, and not one I agree with. Exploitation of software bugs for personal enrichment is not morally right, in my opinion.

Arhag really already covered the "legal arguments" in his initial post: under traditional legal systems, there is a distinction made between the spirit of the law and the letter of the law, and I'm very happy I live in a country where the spirit overrides the letter.

But please read the last paragraph of my last post and understand that all "rules" are just agreements between people, and there's no way I know of to currently enforce blind obedience to such laws in the face of disagreement by enough people. I'm very glad this is the case, and I fear a world in which it's not.

The word "rightfully" was not my value judgement - it is one of the fundamental principles the western civilization is based upon: the law does not apply retroactively.

I didn't address your previous point about mixing up two things, fixing a bug versus reversing cash flows, so I let me create a plausible hypothetical case of a "buggy" cash flow and how the consensus agreements we come to as users of cryptocurrency prevent them.

Imagine than one of the primary developers of a cryptocurrency slips in a line of code that enables him to grab as much of the coin as he wants (and then proceeds to use this function whenever he needs a new toy). What will happen? Practically speaking, one of two things will probably happen: 1) almost everyone will exit the coin and devalue it down to near zero, or 2) someone else will come along with a new client that removes this line of code and negates the impact of the transfers. I think you're essentially proposing a 3rd option: he should be able to keep any coin he transfers before he's caught. A forking of the coin is also a possibility in such cases, and this will generally be an unfavorable outcome for the group as a whole, especially if the split is fairly even.

Now, I'm not interested in arguing which of these stances is the most moral, that's a big topic and I don't have the time. But I strongly suspect that based on prevalent moral standards, most people are going to choose 2), assuming the coin is otherwise stable and they derive value from its usage. Anyways, whichever choice is made, it's a choice made by each individual involved and this coin only holds value because of these people. The nice thing about crypto is it is a voluntary association, and you can leave if you disagree with the group.

The nice thing about crypto is it is a voluntary association, and you can leave if you disagree with the group.

This is exactly my point. Some people want a safety net, some don't - even if they face such an extreme abuse as you described. Brushing off those people and treating them with contempt (by calling their attitude a joke) does not bring any value to the discussion. It's their choice and their freedom to take the risk. The crypto-space is big enough to accommodate all needs.

A loophole in a law is not analogous. A law is not a contract. In contracts, it is common practice to confiscate money gained by exploiting a loophole in a contract that deprives other parties to the contract of the benefit of the contract they reasonably expected.

The code is law concept can not survive, does everyone participating in a contract need to be a coder? understand what every bit of code means? If that is the case then where is the everyday people and adoption? We leave them at the mercy of the contract developer and they have to put 100% faith that his code will not harm them in anyway?
Let's all rethink this a bit, code does not come from thin air, someone has to put down the law before the masses follow the law, the same with code do we have to assume the code is flawless, if we do then the whole concept is doomed. Flawless code does not exist, so a contract by design will be working against it's own participants, which makes every single contract illegal and in violation of it's declared/undeclared intent. What is the point of having a development team in the first place? is it not to go back and look at how the code performs and fix it? the other choice would be to keep coming up with code after code from scratch until we find one that is flawless and adopt it without changes, that will never happen because there is no such code. Some would love to see us pursuit this perfect code indefinitely, because they think it's immoral to change anything. One thing everyone does not look at is the fact the code is beta , which means the code is not perfect. Yet they argue for not going back and changing what already happened, just change the future. What if someone finds a bug where they can steal every ether in existence, and they decide to take 50% of all ether for themselves, will you let such a dictator live with you on the same blockchain because you do not want to change the past?

Great balanced views! This is a question whether or not social consensus shall overthwart one bad actors actions over 10,000 stake holders of the DAO who invested thinking their funds where safe. Technically, the DAO attacker followed the code but the fact is he stole 50 million Ether that were not his to begin with. Miners, exchanges and community will ultimately decided what's best to do here. This shall be interesting to say the least!

Very informative article. I have a lot of time studying Ethereum and its possibilities. Fully endorse your thoughts. In turn, I spent a little analysis of Bitcoin and its prospects. I know what you think about it. I would be grateful if you take the time to analyze it.

It's a case of the "iron will of immutable code" (thou shalt not fork) vs. the reality of hundreds of law suits ("please agree to fork-the-fuck-out-of-this-shit before me and my pals end up bankrupt or in prison!").

(Not to mention thousands of people getting shafted out of millions of dollars by an attacker, when there is a reasonable opportunity to attempt to avert it).

In fact, that platform would ideally be designed from the beginning to easily handle the eventuality that all DApp code will have bugs that will require human consensus to fix with a hardfork.

Could you expand on this? IMO this is not practically feasible. For big smart contracts - maybe it's doable, but what about thousands of small ones? And what criteria will be used to differentiate between those smart contracts which are worth a hardfork and those which are not? Surely we cannot do a hardfork whenever there is a bug in a contract.

In my view the fundamental concept of Ethereum is badly flawed. If they had used the sidechain solution - then yes, a multisig authority could act as the ultimate judge for a sidechain. Having a single chain implies only one possible path to follow: immutable code.

For big smart contracts - maybe it's doable, but what about thousands of small ones?

So this comes down to a philosophical difference I have about the usefulness of DApps and smart contracts (and part of the reason I didn't buy into the Ethereum idea). Personally, I don't think there is all that much value in thousands of small smart contracts written by various authors. And I think the synergy arguments are overrated.

But this is a very good point:

And what criteria will be used to differentiate between those smart contracts which are worth a hardfork and those which are not?

One could think of a very small smart contract as being an instantiation of an existing smart contract template with certain dynamic parameters (so no Turing complete code in that case at all). If someone instantiates that template with bad parameter values that could lead to loss of funds. Is that a bug in the smart contract code? Does it warrant a hardfork to fix (perhaps by limiting the range of values for the dynamic parameters to safe ones)?

What about other mistakes like someone accidentally sending their coins to the wrong address (one that it is virtually impossible to find the private key to)? Does that warrant a hardfork to return the coins back the original owner?

I think the reasonable answer to this is no. But who gets to make that call? Ultimately the people in charge of the DApp or platform in which these flawed operations occur. The people who have the authority to make the hardfork decision (witnesses or even stakeholders in a fully independent DPoS blockchain, or the multisig custodians in the sidechain DApp) have to have some blockchain-based consensus process to decide whether some mistake or bug is even important enough to warrant a hardfork to correct. This consensus process would normally be so difficult to reach a sufficient quorum that it would likely only be used to correct serious bugs.

Having a single chain implies only one possible path to follow: immutable code.

Yes, Ethereum's model means there are serious complications to "hardforking" to fix bugs in smart contracts. It requires disrupting the main chain to fix one DApp even if all others DApps are just fine. Which is why I don't think there is a clear good solution to this particular case with The DAO hack. I think the best that can be hoped for going forward for smart contracts running on Ethereum's model (assuming their model wasn't changed) is for the smart contract to build in the multisig judge into the code (and hope that at least that part of the smart contract code isn't seriously buggy). I just very recently (in the last hour) read a post describing a similar concept that the author of the post named contract stewards.

After listening to the attorney's talking with Andreas yesterday, this could become a big legal mess for TheDAO for not stating a jurisdiction up front if any legal proceedings were to occur.

From a legal standpoint it sounds like no matter what they do there could be a wide range of ramifications that could end up dragging many people through courts all around the world. Basically anyone filing a lawsuit could cherry pick the jurisdiction that would benefit them the most and file there. And a fork is not going to fix that.

I hope @dan & @ned listened to that conversation and have handled things on their end better than TheDAO. Any crypto-project could end up in this kind of legal mess without such T&C's in place and from what the attorney's were saying it's easily avoidable and a site is setup ( to handle all of this for such projects.

To make it worse, there are "platforms" that were "censoring" chatbox and controlling the flow of information when it happened, i sat back and watched, and was amazed at what info was being shifted aside (banning people for truth). The exchanges are unhealthy and need some regulations in crypto if you ask me.