Ethereum’s Not-so-Smart Contracts
It turn’s out I was right about The DAO being Dead on Arrival. Today a bug in the so-called smart contract enabled an attacker to drain The DAO of millions of dollars worth of ETH. The fallout of this attack will be long lasting. In the best of all possible outcomes, the ETH will be returned and the DAO will be shutdown. In the worst case investors in the DAO will lose tens of millions of dollars.
Smart Contracts are Dumb
The problem with Smart Contracts is that they are actually incredibly dumb. They possess no intelligence at all. Unlike normal contracts which can be interpreted by smart people, smart contracts are interpreted by computers. Computers are dumb. They can only do what they are told.
When a lawyer drafts a traditional contract, she attempts to capture the meeting of the minds. This means there is a common understanding on the intent and purpose of the contract.
When people use Smart Contracts the intent is to replace faulty legal contracts, which might not be enforced as intended, with unambiguous code contracts which are guaranteed to be executed as coded.
Meeting of Mind and Machine
The problem with Smart Contracts is that they assume there is an accurate agreement between the people who use the contract and the machine which will execute the contract. In the case of The DAO, the authors and reviewers were unable to detect that the computer had a different understanding than they did.
Even the best coders are often surprised by unintended side effects of the code they write. Any sufficiently complex (aka smart) piece of software is bound to have bugs. This means that putting your money in the hands of a new smart contract can be just as risky as leaving your money any place else.
Implications for Smart Contract Design
If we are going to move into a world of smart contracts, then we need to make sure our smart contracts are smart enough to recognize and accommodate their own fallibility. This means every non-trivial smart contract needs a governance model that allows people to be the final judge and/or enforcers of the contract.
When someone writes a smart contract, they must first document the intent in terms that the human parties to the contract can clearly understand. Any deviation from the stated intent is a bug and the parties involved need the ability to rectify it.
This means every smart contract must be built on top of a sophisticated foundation smart contract that implements a governance model advanced enough to reliably upgrade the contract to express its desired outcome.
Separation Interface from Implementation
Experienced software developers know the importance of separating the interface from the implementation. This allows a program to do the same thing in two different ways. More importantly, it allows complex systems to be built on modular parts. The parts provide an interface that everyone else expects to (and depends on) behave in a particular manner.
Any deviation from the intended behavior is considered a bug in the implementation of the interface, not the interface itself. Having multiple independent implementations of the same interface provides a degree of redundancy that makes it unlikely that both implementations will suffer the same bugs. The more independent implementations that agree, the less likely there is a bug in the result.
User Actions are Abstract Inputs
User actions are signed messages that serve as the inputs to smart contracts. The purpose of a blockchain should be limited to establishing the order of messages. The outcome of a smart contract needs to be an independent interpretation of these messages. If there is a bug in the contract, then the messages should be re-interpreted as the people involved originally intended.
Side Chains are Superior
A side chain is nothing more than a smart contract with a proper governance model. One or more people are selected to evaluate inputs to the contract and generate signed messages that cause the desired effect within other chains.
If The DAO were a Side-chain, then the DAO token holders would elect curators who would interpret the rules of The DAO and then sign messages to initiate payments to the desired contractors. If a bug were found in the implementation of The DAO’s interface, then the curators could update their code.
Assuming the rules of The DAO Sidechain allowed ample time to review the outputs for potential bugs, then everyone could rest assured that no money would escape without adhering to the intent of the DAO.
Reliance on Humans
Many people are loath to rely on humans as the final arbiter of smart contract interpretation. More still are skeptical of systems that depend upon voting.
The reality is that you either rely upon human coders and code reviewers to be infallible in implementing and interpreting the intended interface, or you rely upon a panel of human judges to determine if the code is behaving as intended and to change the code after the fact if an unexpected bug in the implementation is discovered.
While it is possible to trust most people to do the right thing most of the time, it is impossible for the most trustworthy coder to certify that their code will always do the right thing. The logical conclusion is that it is better to trust someone with the power to change the code than it is to trust the code to be perfect.
Smart Contracts with Human Backup
The combination of smart contracts with human governance gives us the strengths of both. The very existence of a smart contact and well documented interface means that human judges have a much more objective job.
Contracts written in legalese are often ambiguous and/or self contradictory. The process of writing a smart contract involves a level of clarity that leaves little room for subjective reinterpretation. Humans merely have to judge whether the output matches the specification and intended meaning of the code. Resolving the dispute means approving a new implementation of an existing interface.
The Future is Standardized Contracts
The risks involved with writing new smart contracts are huge. Only the most heavily used and tested contracts can be trusted for any mission critical business operations. The longer a contract is used, the less likely it is to contain undiscovered bugs.
This means the cost of developing and deploying new smart contracts will be incredibly high. Platforms like Ethereum have attempted to lower the barrier to entry by eliminating many common bugs, but no one has invented a programming language capable of doing what we mean instead of what we say.
Anyone serious about implementing smart contracts on Ethereum will need to design their contracts on top of rock-solid governance systems that give people the power to correct bugs in the code. This in turn means giving people the power to steal the funds held by the contract if they collude to intentionally change the contract.
By the time you make a complex Ethereum contract robust against human programing errors you end up with the trust profile of a Sidechain. Sidechains are more flexible and scalable than having every computation performed by a single blockchain.
Conclusion
Due the the nature of Etheruem and the implementation of The DAO, the intent of the contract is ultimately being left to human judges which will decide if and how to hard fork Ethereum to correct a bug in a specific contract.
The principle is clear, despite all of the hype around “objective” and “decentralized” platforms, Ethereum and other platforms are governed by a small group of people whose job it is to enforce the intent. It is time we stopped pretending these platforms are trust free, and instead recognize that we will always end up trusting someone with the power to fix bugs. The power to fix bugs is the power to destroy.
New smart contracts are like new companies, they cannot be fully trusted. Old smart contracts are like large, well-established companies: people implicitly trust them with their money. It is time we started acting accordingly.
The problem is even old software can sometimes not be trusted. OpenSSL?
In some cases intelligence agencies put backdoors (bugs) strategically in certain software.
Turing complete smart contracts will never be fully trusted but as Dan says, the best we can do is use the most established code which has been checked the most. At the same time the purpose of smart contracts, blockchains, or code is to serve communities. These communities may include participants that are machines and humans but in the end a community requires some kind of governance to determine what to do if code fails or in order to always make sure the best interests of the community are considered.
I was talking about this with my dad. It feels like there is no way to escape the Greek classics on political philosophy. Whenever decision making and ressources are involved, we have to deal with politics and governance. In the case of blockchain technology, the devs are the legislators, the "smart" contracts the legislations, etc.
Blockchain forces us to reconsider the way we come to consensus but to this day, we haven't been able to find an alternative to what was brought forward thousands of years ago.
Posted on hackernews: https://news.ycombinator.com/item?id=11924892 please upvote.
I don't like vote brigading or asking people to upvote something. Share it and they will vote how they like.
The problem wasn't Ethereum or The Dao it was an exploit in a contract. That and greed. Really it could have gone the other way and just been fixed. The only problem some people are evil.
The contract is code. Ethereum executed perfectly and did exactly what the code said to do. This is the problem. Now ethereum is being changed even though it functioned perfectly. The problem is that regardless of how perfect ethereum is, coders of smart contracts will never be perfect.
The problem is centralized trust is masked by puritan idealists. Puritan idealists will say smart contracts are trustless and we should trust the math but if you can't understand what the code is doing because the code is obfuscated then you can only trust the programmers rather than the code.
Turing complete smart contracts by design require ultimate trust in the programmers who write it, the auditors who check it, and the curators who stamp approval. All of the security checks and trust in the core developers failed and if it could fail for The DAO it could fail for future smart contracts of Ethereum itself.
The main thing to do is to restore trust. The community which cannot trust the developers is failed. At the same time maybe we will never be able to trust Turing complete smart contracts running on Ethereum and in that case other projects must be considered.
Ethereum isn't being changed. It will be the same as before.
It won't. Making a hard-fork and a "chargeback" makes it centralized and trustless. Next time they will do another hard-fork and rewind normal transactions?
It's going to be amazing if they have to roll back now and 'turn back time.' That almost defeats the purpose of a blockchain, doesn't it?
It's already centralized around complete trust in developers. You can't know what any smart contract is going to do prior to running it because it's Turing complete. Bugs can be obfuscated and this could be the tip of the iceberg for what we might find in the future.
I also want to say that the bug we see here doesn't just apply to TheDAO. It's a general bug which will apply to many smart contracts which use the code base of TheDAO.
As far as the purpose of a blockchain goes, it only has a purpose if the community can use it as a central point of trust. If the community doesn't trust a particular chain then the community should always have the right to abandon the untrusted chain to move to the chain they trust. Ethereum is not a cryptocurrency if we remember right so it's all about the smart contracts and Ether only exists to support the smart contracts.
I don't think the community will trust Ethereum smart contracts ever again if trust is not restored. If it means going to a hard fork then that will be fine if it maintains the community but if the community is gone then Ethereum will have no users and no one will give money to smart contracts because no one will trust them enough or the developers.
A truly greedy person would have siphoned off just enough to where it wouldn't be detected. Whoever exposed the DAO bug had a benevolent heart.
Or maybe they wanted to destroy Ethereum. Did they really think they'd be able to spend it? And by doing this it puts every smart contract project in jeopardy and trust in all developers of smart contracts in question.
How do you prove a developer or group of developers aren't deliberately obfuscating the code to sneak backdoors or bugs in it? I don't think this issue is over. Wait and see...
Next time some developers ask you to feed their smart contract with ETH you'll put a lot less money in it or perhaps you wont bother at all. I mean if you can't prove for sure you can trust the developer or the smart contract then how do you know it's not a donation to anonymous hackers somewhere and that the programmers aren't the hackers?
Hi Dan, I wanted to let you know I just posted this article to linkedin today and it got over 94 hits so far. Keep being awesome and relevant even when your ahead of the curve, which you usually are. commercecoin.com :-)
This post contains a lot of information, and I'm only technically equipped to understand part of it. I do understand about coders writing code that they think will work one way, only to find the computer follows the code exactly but does something the coder didn't expect! The information about using sidechains is something I need to study. Thanks for putting this out for all of us to see and discuss!
but , its most smartest new coin today
Great points. Thanks for posting. It sounds like I need to learn more about sidechains and how they work.
My only interaction with DAO was when I read the information on their webpage. Although a bold initiative it was obvious that was flawed, mainly on its economics rather than its smart contracts side. I did not even bother to buy a single token.
I will agree with those who pointed out, it was the human factor that caused the havoc, since the machine just went ahead and executed the code introduced. Of course this assesement may change as soon as new information come into light and the incident is studied thoroughly.
Regardless of the abovementioned I would go a step further, and for the sake of the argument, even dismiss it all. The reason of this failure is too many new features were tried upon a single platform on a single shot. Most of the time this ends badly, as there are too many "X factors", and according to Murphy's Law, the probability of failure is increased significantly.
Smart contracts need not anyone to intrepret them or give a final approval as long as it is widely understood their limitations and advantages. As soon as this is a fact, then it will be possible to develop the field. Let's not compare the discipline of contract composition being around for centuries, with a fresh trustless effort of just a few months (smart contracts) or years (blockchain).
I could not agree more with the points made about interface-implementation, sidechains and standardized contracts for the masses.
Governance is not critical and will only serve as a middle step so as to allow those involved in smart contracts to mature, feeling safe and shielded by malicious or accidental incidents in the mean time.
My advise as always, is to start making simple smart contracts, with the lowest degree of freedom, and as soon as there is confidence built up, then move to more complex structures. Even in that case, initially, I would still just bind together simple smart contracts with predicates, working with "truth tables".
Just another exciting day in the never boring world of blockchain.
Always do your own research before you invest and remember. If it is too much for you to understand, either skip or wait until you do understand what is going on.
Cheers!
Honestly I think the real problem here is that there was so much value tied up in the DAO.
IMHO theDao investors need to lose big here so future DAO are approached more cautiously.
It's so freaking interesting isn't it?
If you don't want your ETH anymore, you could burn it in tribute, by sending it to the address 0xACDCacDcACdCaCDcacdcacdCaCdcACdCAcDcaCdc.
http://www.colabug.com/thread-1566099-1-1.html