My thoughts on the debate currently occurring in the Ethereum community over The DAO hack

in #ethereum8 years ago

I felt like sharing my opinions on the hardfork or no-hardfork debate happening in the Ethereum community now as a result of the hack on The DAO. I think the particular choice to make should depend on the values the Ethereum community wishes to continue with for their smart contract platform. I'm not actually part of that community and it is not my intention to push my values onto that community with this post. What I will say is that in a DApp or smart contract platform built and used by people sharing my values, this debate would ideally be a settled issue for the community well before any hack even occurred: agree to hardfork to fix bugs to match the intent behind DApps. In fact, that platform would ideally be designed from the beginning to easily handle the eventuality that all DApp code will have bugs that will require human consensus to fix with a hardfork.

As you can probably tell from the above, the "iron will of immutable code" argument never really appealed to me. I think reducing ambiguity in contracts is important, and automating the execution of contracts where possible is useful and efficient. But it will never be possible to resolve all ambiguity in the intent of the deal made by all parties of a contract, and it will never be feasible to perfectly translate that intent to a programming language. And I think living in a world where intent isn't considered at all in contract execution is a silly world given how infeasible it is to write code that perfectly executes what all parties wanted; it would just scare people away from using "smart" contracts in the first place. So I think some sort of backup human-based dispute resolution process is necessary for a system to gain any serious traction. I'd prefer the "judge" for that process to be decentralized and also agreed to a priori by all the contract parties.

In the case of fully independent blockchains, the ultimate judge (ignoring any possible legal requirements/restrictions imposed) are the people using the blockchain. They choose which fork of the blockchain they wish to continue using (and therefore which is the one that retains the economic value in its core tokens). However, to make the process of reaching social consensus on a fork easier on them, they might just go along with the fork chosen by the dynamic decentralized group responsible for producing blocks and maintaining blockchain consensus (e.g. majority witnesses in DPoS systems, or majority miners in PoW systems). And in the case of a DPoS system, their views are in a sense being represented in that choice anyway, since they voted in the people in that dynamic decentralized group and can change their vote at any time if they don't like their decisions. The platform can also have more formal processes of gauging stakeholder preferences directly for more controversial (and less urgent) hardfork changes.

In the case of a DApp running on a sidechain, the multisig authority holding the assets/tokens needed for the DApp could act as the judge. But they could also delegate judgement to some other dynamic group whose membership rules were codified (as a simpler program that should be less likely to have bugs) a priori for the DApp; and, if even the simpler delegated judge program had a severe bug, then the multisig asset custodian authority would act as the backup judge. These judges would be the ones to ultimately decide on the hardfork to carry on with, where the decision is based on the intent behind the contact/DApp they are executing. Their incentive to make the judgement in this manner is to keep a good reputation with users for future business as witnesses/custodians for sidechains (and perhaps also to avoid legal liabilities they would likely face if they were to blatantly disregard the common sense intent of the contract/DApp).

Okay, but what do I think should be done in the particular case of Ethereum and The DAO? I don't know. On one hand, the only common understanding that existed before people entered into any Ethereum smart contract is that there would be no judges for dispute arbitration (e.g. in the case where the "smart" contract execution deviated from the intent of the contract). People bought into The DAO while seemingly subscribing to the (IMHO misguided) notion of the "iron will of immutable code." Under this philosophy, it is wrong for any soft or hard forks to be used to thwart the "attacker" (attacker is in quotes because under this philosophy it is logically inconsistent to consider the person who exploited/activated the recursive-split vulnerability/feature to be an attacker or thief). So in that case, The DAO token holders just need to eat the loss. A white hat hacker could still try to exploit the same hack (and use other clever hacks like the stalker attack) to try to mitigate the damage by saving some of the funds and/or pressuring the "attacker" into cutting a deal to return some of the ETH. (Note: Even under this common understanding by the Ethereum community for entering into Ethereum smart contracts, it doesn't mean a court ruling would be aligned with this philosophy. Who knows what a court would rule if it actually came down to that. Also, I am not a lawyer and none of this is legal advice anyway.)

On the other hand, people did (or should) know that the blockchain consensus rules means that the majority of miners get to decide on which fork to follow. So it is perfectly valid for them to all hardfork Ethereum to whatever they like. And people who disagree with that fork can also create their own Ethereum fork (perhaps the fork with the original rules) that maintains their values. But in that case they would need to tweak the consensus PoW algorithm to be different from the other fork and hope other miners don't try to take over their fork (or even better switch to PoS and not worry about those kinds of mining attacks, although it is too early to try to rush into a large technical change like that). Obviously it would be pretty bad for Ethereum's network effect and thus future success if there was such a large split in their user base. There is a strong incentive for the community to reach consensus and go one way or the other (hardfork to return ETH to The DAO token holders, or don't and find some other solution which likely involves The DAO token holders taking a huge loss). The only reason this should not be done is if there is truly a large and irreconcilable philosophical divide in the community on the nature of smart contracts and whether intent should matter, in which case it may be best to just split Ethereum according to those values now and get it over with before it leads to more problems later on. Now if the community does decide it is more important to stand together rather than split (which I believe they will), there is the big question of which side will win the debate (hardfork or no hardfork?). Who knows the answer to that, but what I can say as someone who doesn't have stake in that ecosystem is that it sure is interesting and fun to watch this debate unfold from the sidelines.

My prediction is that they go through with the hardfork because that seems to be the position that influential and critical members (people like Vitalik, and many core devs and researchers) currently hold. And currently the (still nascent) project is too dependent on these people to risk losing them to a fork. Some might say this indicates that Ethereum isn't actually decentralized. My thoughts are that claim is a little bit unfair, but also not really incorrect. Decentralization isn't black and white. Ethereum certainly isn't completely centralized, but in these early stages of the technology it is normal to expect it to not be very (politically) decentralized either. Decentralization is a process that can happen over time.

Sort:  

The reason I'm opposed to forking comes from the bold claims they made before. The DAO stated explicitely that only the code counts, and any other agreement beyond that is invalid. Vitalik said the DAO has nothing to do with ETH, and it's run by private individuals on their own risk.
The "only the code counts" made me stay away from it, because I couldn't tell if it were bug free. Imo investors should learn their lesson the hard way, like most of us did at some point during our time in crypto.

Yeah, the word "immutable" was plastered all over ETH roll out so it all felt really pathetic for them to back track.

Also if meat-bags can intervene then why don't I just go to a normal real life company? Why am I doing all this stupid messing around unless this completely eliminate the gatekeepers?

Here's the terms and conditions for the creation of the DAO. They ruled out compensation for a situation like this. This is a terrible precedent if they really fork.

The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation.

https://daohub.org/explainer.html

It's a great precedent, showing that the community rejects that sort of nonsensical bluster.

Great balanced views. That's a good point about the difficulty in writing a code that perfectly executes the intent of all parties possibly scaring away people from "smart" contracts. It would have been great if these types of issues had reached consensus before the first major hack, especially since they seem like fundamental issues to the platform.

The code is law concept can not survive, does everyone participating in a contract need to be a coder? understand what every bit of code means? If that is the case then where is the everyday people and adoption? We leave them at the mercy of the contract developer and they have to put 100% faith that his code will not harm them in anyway?
Let's all rethink this a bit, code does not come from thin air, someone has to put down the law before the masses follow the law, the same with code do we have to assume the code is flawless, if we do then the whole concept is doomed. Flawless code does not exist, so a contract by design will be working against it's own participants, which makes every single contract illegal and in violation of it's declared/undeclared intent. What is the point of having a development team in the first place? is it not to go back and look at how the code performs and fix it? the other choice would be to keep coming up with code after code from scratch until we find one that is flawless and adopt it without changes, that will never happen because there is no such code. Some would love to see us pursuit this perfect code indefinitely, because they think it's immoral to change anything. One thing everyone does not look at is the fact the code is beta , which means the code is not perfect. Yet they argue for not going back and changing what already happened, just change the future. What if someone finds a bug where they can steal every ether in existence, and they decide to take 50% of all ether for themselves, will you let such a dictator live with you on the same blockchain because you do not want to change the past?

Great balanced views! This is a question whether or not social consensus shall overthwart one bad actors actions over 10,000 stake holders of the DAO who invested thinking their funds where safe. Technically, the DAO attacker followed the code but the fact is he stole 50 million Ether that were not his to begin with. Miners, exchanges and community will ultimately decided what's best to do here. This shall be interesting to say the least!

Very informative article. I have a lot of time studying Ethereum and its possibilities. Fully endorse your thoughts. In turn, I spent a little analysis of Bitcoin and its prospects. I know what you think about it. I would be grateful if you take the time to analyze it. https://steemit.com/bitcoin/@valspeaks/digest-of-economic-news-on-bitcoins

It's a case of the "iron will of immutable code" (thou shalt not fork) vs. the reality of hundreds of law suits ("please agree to fork-the-fuck-out-of-this-shit before me and my pals end up bankrupt or in prison!").

(Not to mention thousands of people getting shafted out of millions of dollars by an attacker, when there is a reasonable opportunity to attempt to avert it).

After listening to the attorney's talking with Andreas yesterday, this could become a big legal mess for TheDAO for not stating a jurisdiction up front if any legal proceedings were to occur.

From a legal standpoint it sounds like no matter what they do there could be a wide range of ramifications that could end up dragging many people through courts all around the world. Basically anyone filing a lawsuit could cherry pick the jurisdiction that would benefit them the most and file there. And a fork is not going to fix that.

I hope @dan & @ned listened to that conversation and have handled things on their end better than TheDAO. Any crypto-project could end up in this kind of legal mess without such T&C's in place and from what the attorney's were saying it's easily avoidable and a site is setup (www.commonaccord.org) to handle all of this for such projects.

To make it worse, there are "platforms" that were "censoring" chatbox and controlling the flow of information when it happened, i sat back and watched, and was amazed at what info was being shifted aside (banning people for truth). The exchanges are unhealthy and need some regulations in crypto if you ask me.

In fact, that platform would ideally be designed from the beginning to easily handle the eventuality that all DApp code will have bugs that will require human consensus to fix with a hardfork.

Could you expand on this? IMO this is not practically feasible. For big smart contracts - maybe it's doable, but what about thousands of small ones? And what criteria will be used to differentiate between those smart contracts which are worth a hardfork and those which are not? Surely we cannot do a hardfork whenever there is a bug in a contract.

In my view the fundamental concept of Ethereum is badly flawed. If they had used the sidechain solution - then yes, a multisig authority could act as the ultimate judge for a sidechain. Having a single chain implies only one possible path to follow: immutable code.

For big smart contracts - maybe it's doable, but what about thousands of small ones?

So this comes down to a philosophical difference I have about the usefulness of DApps and smart contracts (and part of the reason I didn't buy into the Ethereum idea). Personally, I don't think there is all that much value in thousands of small smart contracts written by various authors. And I think the synergy arguments are overrated.

But this is a very good point:

And what criteria will be used to differentiate between those smart contracts which are worth a hardfork and those which are not?

One could think of a very small smart contract as being an instantiation of an existing smart contract template with certain dynamic parameters (so no Turing complete code in that case at all). If someone instantiates that template with bad parameter values that could lead to loss of funds. Is that a bug in the smart contract code? Does it warrant a hardfork to fix (perhaps by limiting the range of values for the dynamic parameters to safe ones)?

What about other mistakes like someone accidentally sending their coins to the wrong address (one that it is virtually impossible to find the private key to)? Does that warrant a hardfork to return the coins back the original owner?

I think the reasonable answer to this is no. But who gets to make that call? Ultimately the people in charge of the DApp or platform in which these flawed operations occur. The people who have the authority to make the hardfork decision (witnesses or even stakeholders in a fully independent DPoS blockchain, or the multisig custodians in the sidechain DApp) have to have some blockchain-based consensus process to decide whether some mistake or bug is even important enough to warrant a hardfork to correct. This consensus process would normally be so difficult to reach a sufficient quorum that it would likely only be used to correct serious bugs.

Having a single chain implies only one possible path to follow: immutable code.

Yes, Ethereum's model means there are serious complications to "hardforking" to fix bugs in smart contracts. It requires disrupting the main chain to fix one DApp even if all others DApps are just fine. Which is why I don't think there is a clear good solution to this particular case with The DAO hack. I think the best that can be hoped for going forward for smart contracts running on Ethereum's model (assuming their model wasn't changed) is for the smart contract to build in the multisig judge into the code (and hope that at least that part of the smart contract code isn't seriously buggy). I just very recently (in the last hour) read a post describing a similar concept that the author of the post named contract stewards.

Coin Marketplace

STEEM 0.23
TRX 0.12
JST 0.029
BTC 66466.45
ETH 3595.87
USDT 1.00
SBD 2.90