RE: My humble statement on TheDAO

You are viewing a single comment's thread from:

My humble statement on TheDAO

in ethereum •  8 years ago  (edited)

The Code is the Law has nothing to do with what happened here.

The Code is the Law means the code executes the intent of the parties.

Here the code has a bug/ defect/ exploit that a hacker is attempting to exploit. Luckily the parties are fortunate enough to be able to remedy the matter before the thief leaves the building. Common sense says remedy it!

TheDAO would have to compromise of COMPLETE IDIOTS to let a thief get away with stealing millions of dollars because they've misunderstood a concept!!

Smart contracts a merely a tool to make our lives easier. A mechanism to automate rules, cut out middle men etc. They are not a substitute for common sense.

An example:

If I agree to pay you $100 a month for mowing my lawn (via a Smart Contract) and the coder inadvertly codes a payment $100,000 a month into the Smart contract. Do I turn into "Dumb human" and say the 'code is the law' and let you keep the $100,000, lest ALL Smart contracts go to shit??

Of course not.

The code is the law simply means I cannot renege on the $100 a month payment as the code will automatically execute our intention.

There is nothing wrong with "Smart contracts" only that they should be described as "Simple Self-Executing Contracts" so people do not attach an unwarranted mystic to their importance.

There is no conflict of interest here, soft fork then hard fork, retrieve the $millions and move on. Everyone involved should be counting their luck stars that the thief is still locked in the vault (as it were) and they're able to do something about it. Different matter completely if the thief was in the wild spending their booty. But they're not. So that's that really.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Human intent was ruled out. They contradict their own terms and conditions.

The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation.

https://daohub.org/explainer.html

I believe too much is being made of this clause and an attackers ability to rely on it (see further here). Just because The DAO creators purport to rule out human intent (and leave all who signed up as slaves to the code), doesn't mean a court would take the same view.

  ·  8 years ago (edited)

In most parts of the world, a court would also rule a simple send to a wrong address as unintentional...

And that's exactly what I don't like. We had a chance to get away from courts (or other groups) overruling clear agreements. Giving that power up now will open doors for later.

I'm not sure we can get away from courts, unless arbitration is built into these agreements/ Smart Contracts. Even then, courts are usually a weapon of last resort should one side still feel aggrieved after arbitration. The "rule of law" is a key tenant in most countries.

If we live in a nation states, that power is already ceded whether we like it or not (or even attempt to contract out of it).

  ·  8 years ago (edited)

Here the code has a bug/ defect/ exploit

The whole point is how to objectively define what is a bug or what is a feature?

Objective definition of that is impossible if you don't have a formal specification. If you have a formal specification then that would be the start. If you have that then the code has to meet that or it's wrong. In addition to the formal specification you should probably also write out a document of intent which reveals the intentions of the developers on a regular basis, or just add some comments to the code which says "this part of the code intends to do only x and only for y purposes. TheDAO code was very well commented and people still missed the bug, even after it was audited, even after many people looked at it.

If it's a bug then it's not a hidden feature and the smart contract is not a scam. The developers simply made a mistake. If it's a hidden feature then maybe it's deliberate and the smart contract is a scam. When written in a Turing complete imperative language like Solidity it is very hard to determine exactly what a piece of code is doing. Code becomes like poetry with a lot of room for obfuscation or mistakes.

How do we determine whether it's a bug, a defect, or a feature? Honestly we can't. We can only look at the behavior of the code as it runs to determine that.

A "feature" would be something that parties to be in the contract intended. A "bug/ defect/ exploit" will be something that the parties never intended to be in the contract and needs fixing.

To say the recursive-split attack is a "feature" of the DAO is like saying (in the example I gave) paying $100,000 dollars is a "feature" of the mowing contract. It isn't. No-one would "objectively" say that the parties intended that a feature of the DAO was to allow any single person to siphon off millions of dollars of other peoples money when they split.

"The computer says yes" would hold no water in a court of law.

It could be a hidden feature but if it is a hidden feature it's a scam because it's a feature no one knew about except the programmer who wrote the code. If it's a bug or defect then even the programmer who wrote the code didn't understand what the code was doing so even the writer of the smart contract couldn't read it.

As much as I agree with you to a point and am currently taking personal losses in this matter, is this bug not a feature of the arrogance of some prominent parties involved in this project. Its one thing to create functional digital cash as in the case of bitcoin, but expecting to eliminate lawyers without an in-depth understanding of law is a bit naive.

Yes, "the intent of the parties" is the key.

Again! How to objectively define "the intent of the parties"? Doesn't this that thing for which smart contracts was invented?

Well, yes. That's the thing. Smart contracts work when they reflect the intent of the parties and fail when they don't. Here, the smart contract did not reflect the intent of the parties and so it failed. We have a legal system to fix such failures because it's unreasonable to expect every contract to be perfect and it would be foolish to make everyone who wants to enter into a contract bear the cost of ensuring the contract is perfect.

Thanks for reaching that conclusion... and now think about the intent of the BitShares SmartCoin contract wrt the settlement guarantee, and reconsider your vote on BSIP-0016. :-)

  ·  8 years ago (edited)

Unless the plan is to create a completely separate nation-state with a separate legal system, there is no reason to not take into consideration the background law of contracts that has been developed over centuries.

First, to the extent there was activity in the United States, there will be jurisdiction in U.S. courts, both civil and criminal.

Second, relying on an obviously defective provision in a contract, that leads to a completely unintended result has come up many times. If the price is $2 million and by mistake it is listed as $2, the court will not enforce it. There is no contract if a mistake of fact on one side alone exists - there needs to be a genuine "meeting of the minds" where both parties are actually agreeing to the same thing for a contract to even exist. The claim of the attacker that the defective smart contract gives them the right to "snap up" an unfair and unreasonable benefit is at odds with the law, and should be rejected by most courts in the U.S.

Third, the attacker's claimed interpretation of the contract is bizzarely at odds with contract law, and there is thus no legitimate defense to a charge of grand larceny that "I thought I owned it, or was entitled to it". That said, there is no guarantee the FBI or any other law enforcement agency will have the resources to pursue this, or be effective. But it is probably worth the effort - someone should be designated to hire a lawyer and file a criminal complaint - to at least one district attorney, one state attorney general, and the FBI.

Fourth, as a general matter, when technical innovation happens with the attitude that existing laws can be ignored, and there's no reason to get legal advice, stupid consequences are sure to happen. I admit to not being fully informed on the extent legal advice was obtained in crafting this project. But the attitude that the law doesn't matter is right up there with saying that your feet don't matter because your project is to build a self -driving car. Be a little more pragmatic, and open doors instead of trying to break through them with your head.

A positive attitude, that is pragmatic and sensitive to the nuances of the world will be much more effective than any ideological blinders that prevent making the best of ANY circumstance youre faced with. Letting the slimy attacker rob you of tens of millions is just bizzare martyrdom. All you prove is your rigidity and "does not compute" robotic self-destruction mindset.

Yes I am a lawyer. No, I do not provide legal advice for hire or otherwise (i.e. free). So I hope I do not have any bias or conflict here. Just trying to spread sunshine and roses. Not providing legal advice, and not speaking for anyone else.

Why not just call them self executing scripts? If we thought of them as scripts would that make a difference? If there is a scripting error would we treat it different from an error in a smart contract?