My humble statement on TheDAO
I will try to be short. 2 ways to go:
- do not support hard and soft fork, thus allowing the guy who withdrew huge chunk of ethers live in peace;
- do support hard and soft fork, thus acknowledging that Smart contract is the Law is a bullshit concept.
I do own a tiny stake both in TheDAO and Ethereum as a person. Also I have about 200 mHash of ethash mining power.
Moreover I have influence on ~1/10000 stake in Ethereum, ~1/2500 stake in TheDAO and ~1/30000 of blockchain ecosystem as Satoshi•Pie's fund manager.
Hereby I have a conflict of interests. As a fund manager, for sure, I want to get back funds. But as a person, especially as the guy who fund Ethereum project during Genesis Sale, and did a lot of job in Russia to spread this brilliant idea that Smart contract is the Law, I am against any forks.
I respect any opinion on the subject but do believe that possible forks will break the most important principle - Code is Law. Breaking this principle will harm blockchain ecosystem long term much more than ~4% loss of narrow ether supply or ~1/600 of blockchain ecosystem in favor of guy who learned us this principle.
The Code is the Law has nothing to do with what happened here.
The Code is the Law means the code executes the intent of the parties.
Here the code has a bug/ defect/ exploit that a hacker is attempting to exploit. Luckily the parties are fortunate enough to be able to remedy the matter before the thief leaves the building. Common sense says remedy it!
TheDAO would have to compromise of COMPLETE IDIOTS to let a thief get away with stealing millions of dollars because they've misunderstood a concept!!
Smart contracts a merely a tool to make our lives easier. A mechanism to automate rules, cut out middle men etc. They are not a substitute for common sense.
An example:
There is nothing wrong with "Smart contracts" only that they should be described as "Simple Self-Executing Contracts" so people do not attach an unwarranted mystic to their importance.
There is no conflict of interest here, soft fork then hard fork, retrieve the $millions and move on. Everyone involved should be counting their luck stars that the thief is still locked in the vault (as it were) and they're able to do something about it. Different matter completely if the thief was in the wild spending their booty. But they're not. So that's that really.
Human intent was ruled out. They contradict their own terms and conditions.
https://daohub.org/explainer.html
I believe too much is being made of this clause and an attackers ability to rely on it (see further here). Just because The DAO creators purport to rule out human intent (and leave all who signed up as slaves to the code), doesn't mean a court would take the same view.
In most parts of the world, a court would also rule a simple send to a wrong address as unintentional...
And that's exactly what I don't like. We had a chance to get away from courts (or other groups) overruling clear agreements. Giving that power up now will open doors for later.
I'm not sure we can get away from courts, unless arbitration is built into these agreements/ Smart Contracts. Even then, courts are usually a weapon of last resort should one side still feel aggrieved after arbitration. The "rule of law" is a key tenant in most countries.
If we live in a nation states, that power is already ceded whether we like it or not (or even attempt to contract out of it).
The whole point is how to objectively define what is a bug or what is a feature?
Objective definition of that is impossible if you don't have a formal specification. If you have a formal specification then that would be the start. If you have that then the code has to meet that or it's wrong. In addition to the formal specification you should probably also write out a document of intent which reveals the intentions of the developers on a regular basis, or just add some comments to the code which says "this part of the code intends to do only x and only for y purposes. TheDAO code was very well commented and people still missed the bug, even after it was audited, even after many people looked at it.
If it's a bug then it's not a hidden feature and the smart contract is not a scam. The developers simply made a mistake. If it's a hidden feature then maybe it's deliberate and the smart contract is a scam. When written in a Turing complete imperative language like Solidity it is very hard to determine exactly what a piece of code is doing. Code becomes like poetry with a lot of room for obfuscation or mistakes.
How do we determine whether it's a bug, a defect, or a feature? Honestly we can't. We can only look at the behavior of the code as it runs to determine that.
A "feature" would be something that parties to be in the contract intended. A "bug/ defect/ exploit" will be something that the parties never intended to be in the contract and needs fixing.
To say the recursive-split attack is a "feature" of the DAO is like saying (in the example I gave) paying $100,000 dollars is a "feature" of the mowing contract. It isn't. No-one would "objectively" say that the parties intended that a feature of the DAO was to allow any single person to siphon off millions of dollars of other peoples money when they split.
"The computer says yes" would hold no water in a court of law.
It could be a hidden feature but if it is a hidden feature it's a scam because it's a feature no one knew about except the programmer who wrote the code. If it's a bug or defect then even the programmer who wrote the code didn't understand what the code was doing so even the writer of the smart contract couldn't read it.
As much as I agree with you to a point and am currently taking personal losses in this matter, is this bug not a feature of the arrogance of some prominent parties involved in this project. Its one thing to create functional digital cash as in the case of bitcoin, but expecting to eliminate lawyers without an in-depth understanding of law is a bit naive.
Yes, "the intent of the parties" is the key.
Again! How to objectively define "the intent of the parties"? Doesn't this that thing for which smart contracts was invented?
Well, yes. That's the thing. Smart contracts work when they reflect the intent of the parties and fail when they don't. Here, the smart contract did not reflect the intent of the parties and so it failed. We have a legal system to fix such failures because it's unreasonable to expect every contract to be perfect and it would be foolish to make everyone who wants to enter into a contract bear the cost of ensuring the contract is perfect.
Thanks for reaching that conclusion... and now think about the intent of the BitShares SmartCoin contract wrt the settlement guarantee, and reconsider your vote on BSIP-0016. :-)
https://bitsharestalk.org/index.php/topic,22531.msg294969.html#msg294969 and https://bitsharestalk.org/index.php/topic,22531.msg294989.html#msg294989 provide some key points about BitShares bitassets aka smartCoins.
Unless the plan is to create a completely separate nation-state with a separate legal system, there is no reason to not take into consideration the background law of contracts that has been developed over centuries.
First, to the extent there was activity in the United States, there will be jurisdiction in U.S. courts, both civil and criminal.
Second, relying on an obviously defective provision in a contract, that leads to a completely unintended result has come up many times. If the price is $2 million and by mistake it is listed as $2, the court will not enforce it. There is no contract if a mistake of fact on one side alone exists - there needs to be a genuine "meeting of the minds" where both parties are actually agreeing to the same thing for a contract to even exist. The claim of the attacker that the defective smart contract gives them the right to "snap up" an unfair and unreasonable benefit is at odds with the law, and should be rejected by most courts in the U.S.
Third, the attacker's claimed interpretation of the contract is bizzarely at odds with contract law, and there is thus no legitimate defense to a charge of grand larceny that "I thought I owned it, or was entitled to it". That said, there is no guarantee the FBI or any other law enforcement agency will have the resources to pursue this, or be effective. But it is probably worth the effort - someone should be designated to hire a lawyer and file a criminal complaint - to at least one district attorney, one state attorney general, and the FBI.
Fourth, as a general matter, when technical innovation happens with the attitude that existing laws can be ignored, and there's no reason to get legal advice, stupid consequences are sure to happen. I admit to not being fully informed on the extent legal advice was obtained in crafting this project. But the attitude that the law doesn't matter is right up there with saying that your feet don't matter because your project is to build a self -driving car. Be a little more pragmatic, and open doors instead of trying to break through them with your head.
A positive attitude, that is pragmatic and sensitive to the nuances of the world will be much more effective than any ideological blinders that prevent making the best of ANY circumstance youre faced with. Letting the slimy attacker rob you of tens of millions is just bizzare martyrdom. All you prove is your rigidity and "does not compute" robotic self-destruction mindset.
Yes I am a lawyer. No, I do not provide legal advice for hire or otherwise (i.e. free). So I hope I do not have any bias or conflict here. Just trying to spread sunshine and roses. Not providing legal advice, and not speaking for anyone else.
Why not just call them self executing scripts? If we thought of them as scripts would that make a difference? If there is a scripting error would we treat it different from an error in a smart contract?
Smart contract is law is possible only if you have perfect smart contracts. It's the immutable idea which is the problem because in order to have law in the sense that humans think of it you need the ability to reinterpret the law.
This is why I never liked to call it "law" and why I called it "rules". Rules are much more clear because rules are based on formal logic. The problem with the imperative Turing complete smart contract language is that you don't have consistent logic. This might not be the only problem but myself and others have identified that it is the primary problem.
To illustrate you can take propositional logic and when it's consistent you will always know that in the end there is either a TRUE or a FALSE. There is no TRUE and FALSE because that would be a contradiction and logically impossible. This shows that at the core of security of any language is the logic itself because only through the logic can you control for unexpected behaviors and even predict in advance all the possible behaviors without having to run through the smart contract to find out.
The idea is to minimize the risks of financial loss by being extremely careful and formal about writing the code for the smart contracts which manage potentially millions or billions of dollars.
References
https://en.wikipedia.org/wiki/Propositional_calculus