by Jamie Holmes
Following the attack on one of Ethereum’s main applications, the DAO, where $50 million worth of ether (ETH) was moved to another entity, a debate about the proposed solutions has raged on in the community. The DAO is a digital pool of funds governed by code and the latest responses to a proposal to change the underlying code have drawn criticism. Concerns have been expressed concerning whether this is a move away from decentralization and about the power of a few individuals in influencing the development of such projects.
On the one hand, there is the argument that the code underlying the DAO was flawed and the attacker simply executed the ‘splitting’ feature to gain additional Ether; therefore, we should let it fail and learn from our mistakes. Others argue that the code should be modified by means of a ‘hard-fork’, to protect the DAO’s token holders and deny the attacker access to any of the misappropriated funds.
The code of the contract making up The DAO could be changed with a simple contract and would prevent the attacker accessing his ether; this is known as introducing a hard fork into the Ethereum blockchain. Miners will refuse chains that move coins to certain addresses and Ethereum will continue as normal, given that there is 51% consensus of the community’s mining power. Unlike other virtual currency hacks, the community has time to decide on their options as the attacker cannot access the funds until 27 days after moving the funds into a ‘child DAO’. The community could propose a soft-fork which would prevent the funds from moving.
One reason for intervention in such a way is that, absent any regulatory protection for consumers, many would ask why should consumers pay the price for the loss? There is an argument to be made that the community should do whatever it can to help them out. Ultimately, an event like this, if no hard-fork is proposed it could damage the reputations of Ethereum and other decentralized projects both within and without the community. Bitcoin experienced something similar during the Mt. Gox collapse as consumers conditioned bitcoin and scams together. If a hard-fork is not implemented there could be a large-scale image problem with Ethereum.
This proposal is favored by many, such as co-founder of Colony Jack Du Rose, because although some will lose out over the long-term, they will still benefit from the rise in value in ether and blockchain technology from this sort of response. Allowing the whole project to fail and just learning from this mistake could bear more costs to wider participants; the hacker will gain at the expense of not just consumers but of the developers and other people who have put in their time and effort to build the network. Viewed in this way, the benefits of a hard-fork far outweigh the costs. The ability of the community to pull together and protect itself will demonstrate the security of the network and DeRose argues that first and foremost the implications of the concession to this attacker should be considered, the hard-fork considerations are secondary.
“If we are worried about the political and economic implications of a hard fork, let’s first worry about the political and economic implications of the tacit concession that we are able but unwilling to support our own community in their hour of need.”
A move away from decentralization?
But wasn’t the whole idea of smart contracts was to eliminate the need for resolution or enforcement? Some have criticized the move towards a hard-fork solution as this is seen by some as going against the ideology underlying Ethereum. Ryan Shea, co-founder of Blockstack, highlights that the Ethereum project is essentially giving up on the application of coding as laws and raises doubts as to the extent to which the project can be decentralized. If we cannot implement ‘code as law’, then the emerging technology will increasingly attract the attention of regulators and law-makes which may stifle the industry’s innovation if the pursuit of ‘code as law’ is relinquished; it now becomes a back-to-the-usual social contract.
When Ethereum allows forks to happen and override smart contract code, it’s giving up on “code as law” and allowing the spirit of code to trump it when the execution deviates from the spirit.
Furthermore, Shea points out the influence of a small number of players over the contracts and the perceived movement away from decentralization should raise cause for concern. The argument against this interpretation is based on the fact that miners are voting to get a consensus on the new hard-fork. As Vitalik Buterin, founder of Ethereum, highlighted, the fact they were reduced to begging the various exchanges and spamming their own blockchain to slow the attacker shows the decentralization of the project.
Some have argued that there is a conflict of interest in play, with the Ethereum developers having a lot of stake in The DAO; many have argued against saving the DAO but allowing ether to survive. After all, the problem was with The DAO’s code, not Ethereum’s, but ETH-USD is experiencing negative consequences as a result.
The move towards human interference also poses the risk of moral hazard, argues Patrick Murck, lawyer and blockchain expert, which refers to the concept of hidden actions. Implementing a hard-fork risks a situation where insiders will take hidden actions to benefit themselves at the expense of the community. Although the Ethereum developers may not do this, it sets the tone for others to do so and heightens the risk of something like this happening once the Ethereum Foundation has set a precedent.
DAO bailout is a terrible idea –
Sets bad precedent on censorship
Favors reckless insiders
Creates moral hazard
— Patrick Murck (@virtuallylaw) June 17, 2016
This concern is also shared by Andreas Antonopoulos who said that, “many see it as an intervention in a smart contract and you have this seeming contradiction between the idea that the contract is the law, it stands alone, is self-executing and subject to no interference to human interference — unless of course we f**k it up really bad in which case we will call Vitalik and Vitalik fixes everything for us, which is a very dangerous precedent.”
ETH-USD as a hostage
The attacker has a financial incentive over Ethereum miners; with more than 3.5 million Ether, it could be likely that the attacker will capitalize on this holding. Although the funds are frozen, a letter purporting to be from the attacker aims to to force miners to abandon any kind of hard-fork through bribery. Also, over 6 bitcoin was given away to the DAO slack channel but other than this there is no proof that the person is really the attacker. With this amount of ether, they can significantly move markets, and selling such an amount in a short period would be catastrophic for the price of ether, seriously damaging miner margins.
It could be argued the attacker was enforcing his legal right as in the terms of his smart contract which allowed him to leak these funds. After all, the reward they have earned has brought about a much-needed discussion about the capabilities of new blockchain technology. The initial letter from the supposed attacker is adamant his “theft” is legal. Peter Vessenes, former chairman of the Bitcoin Foundation, mentions that the attacker pointed to further attacks and could show that the letter is genuine, as he found further problems in the DAO code which leaves it vulnerable to further attack.
As Emin Gün Sirer states in his Hacking Distributed post, both scenarios have their drawbacks.
There is no good solution here. Practically speaking, the miners will probably put a freeze in effect and provide some time for The DAO investors to withdraw their funds, to minimize heartache. But in the end, there is no outcome that’ll make everyone happy.
In a Reddit post, Ethereum’s Vitalik Buterin attempted to explain that while he supports a hard fork fix, he recognizes that this decision must be made in a decentralized fashion.
“I recognize that there are very heavy arguments on both sides, and that either direction would have seen very heavy opposition … I will not attempt to prevent or discourage [Foundation members] from speaking their minds including in public forums, or even from lobbying miners to resist the soft fork. I steadfastly refuse to vilify anyone who is taking the opposite side from me on this particular issue.”
At present, miners that have voted are in favor overwhelmingly of a soft-fork with only a small minority voting against the proposal. However, a substantial majority of the network has not yet voted. If there are other problems with the code, that means the DAO is still vulnerable. One thing is certain, these next few weeks are crucial for the future path of development of not just Ethereum and DAOs but cryptocurrencies and blockchain technology in general.
… the recent fiasco resulted from bad code/coding (“The” DAO) rather than bad tech (Ethereum)
– Ethereum co-founder, Mihai Alisie
What is clear is that there needs to be more cross-fertilization between the fields of programming and law to come to a solution and keep regulatory forces at bay in the virtual currency sphere. Codes will always contain bugs and for smart contracts to run effectively, there needs to be an appropriate balance between the laws governed by code and humans. While there are costs to implementing a ‘hard-fork’, many supporters stress that the key determining factor is the loss of reputation. The damage this could do to the sector as a whole is potentially much larger.