
The DAO, the Hack, the Soft Fork and the Hard Fork - jacquesm
https://www.cryptocompare.com/coins/guides/the-dao-the-hack-the-soft-fork-and-the-hard-fork/
======
DannyBee
The thing i never understand is the people who act like the ability to have
"code as law" is new. The reason code hasn't been law since the time of
hammurabi isn't because of lack of capability to precisely and logically
express conditions, or even executing them reliably. It's because society
didn't want it. I haven't seen much that says this changed today.

Even today, the reason contracts today haven't been written in symbolic logic
and enforced rigidly isn't because we lack the capability or some legal
hurdle. It's because, often, the result of negotiation on a specific point is
very deliberately "let's worry about this later" (IE in court). It allows
agreement on the major things while putting off the improbable events to a
time when they actually happen, and gives a resolution mechanism when that
occurs.

~~~
erikpukinskis
I don't want Code to be Law when it comes to whether I get thrown into prison.

But I don't mind if Code is Law with respect to paying out suppliers for my
bakery today.

Especially if, when things go sideways, I can choose to use different Code
tomorrow.

I wouldn't trust Ethereum with the cash balance of my business, or all its
assets, but I might trust it with the daily float.

------
nkrisc
I've only just started following Ethereum in light of this incident and the
other recent one I saw on HN yesterday. That said, if I understand it, the
"attacker" was just the first person to truly understand the contract and
exploit that understanding, no? If what happened isn't what the creators of
the contract intended, then that's the fault of the creators, not the
"attacker". Lastly, if they'll fork for one bad contract, why not fork for all
bad contracts?

~~~
jesusthatsgreat
If you were watching a building go up in flames due to arson, exasperated by
faulty construction and you knew there were people inside you could save what
would you do?

I'm pretty sure you wouldn't just say "It's their own fault for living there
and it's also the construction company's fault for not carrying out safety
tests. Let them burn because intervening now will only let the construction
company & tenants off the hook - they all should have known better."

~~~
gst
That's essentially what happens in real life in some places: Don't pay for the
fire department (although you should have known better) and in case of a fire
the fire department will protect your neighbor's house, but will watch as your
house burns to the ground: [http://www.kfvs12.com/story/13281481/fire-chief-
responds-to-...](http://www.kfvs12.com/story/13281481/fire-chief-responds-to-
burning-questions-after-home-left-to-burn)

~~~
dmoy
Worth noting that it doesn't work like that for the overwhelming majority of
residences in the US. Only places where you have to pay a specific fire
subscription.

------
koolba
> This is not a bailout as you are not taking money from the community, it is
> just a return of funds to the original investors

Isn't this the exact definition of a bailout? Specifically it's bailing out
the investors in the DAO.

~~~
hectorr
The question isn't who gets their money back, the question is who has to pay
and/or take on the risk. In 2008, the banks were largely bailed out by
taxpayers. In this case the hacker 'paid' because what they held was no longer
recognized as ETH.

Even then, the hacker didn't lose anything. He might have a legal argument
that he has been unjustly deprived of his wealth, but the legal system isn't
generally available to criminals. Also, there's an alternative timeline where
ETH fails because of this breach of trust, ETC takes off, and the hacker gets
rich. But since the value creating developers supported to forked chain,
that's where the value went.

~~~
celticninja
I am not 100% certain that the hacker did anything illegal. As I understand it
he exploited a loophole in the contract, that has been going on since
contracts have existed and is not illegal in itself.

~~~
throwawayjava
For me, this is the most interesting question. I suspect this was illegal,
though. CFAA is pretty broad for exactly this reason -- the effect and intent,
not the vector -- is what matters.

~~~
koolba
Why would the CFAA[1] apply? I don't think US law is the governing law for
everything that happens on the Internet (though they'd probably love that...).

[1]:
[https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act](https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act)

~~~
throwawayjava
You mean jurisdictionally? E.g. if the hacker was located in the US, or in one
of the many, many countries with an extradition agreement since some of those
distributed computations almost certainly occurred in the us. Or in one of the
many, many countries whose hacking laws are explicitly modeled on cfaa...

------
shp0ngle
There is way too much Ethereum and Bitcoin stuff on HN now. :/

~~~
ricksharp
From my reading, many comments are negative. I was interested in crypto
currency, but after reading enough HN, it has made me very cautious. I
especially enjoyed learning about the horrible design flaws of the Solidity
language.

I think HN plays a vital role and these opinions by very intelligent people
are very helpful to me.

Your comment also made me wonder about a sentiment analysis of HN comments.
Something like:

"What does HN Think about It?" App

~~~
flush
Careful--there is a tendency for engineers to conflate superior technology
with the success of a product.

~~~
saurik
FWIW, many of these negative comments that I read and most remembered as
making powerful points happily admitted, as part of the criticism (not a hedge
against it), that the security issues inherent in Ethereum are due to the very
factors that might have made it successful (such as making web developers
think they can now write smart contracts by offering a language that looks
like JavaScript and is even as quirky as JavaScript, and sweeping verification
under the rug).

I actually see lots of parallels to companies like StackMob, Parse, and
Firebase, which launched incredibly insecure "serverless" database products
that didn't even support any notion of security and even as they added
security would almost encourage "anyone can read and even write all of your
data" in the documentation as even mentioning security in a tutorial made the
product look hard to use.

But the result, of course, was that there were even companies offering dating
apps that even claimed in their marketing "we are actually secure, unlike
others", which were listed as featured users on the StackMob website, where
you could just dump their entire database--including both offline Facebook
access tokens for all the supposedly-anonymous users as well as the entire
database of what they were saying to each other in their supposedly-private
messages--as it was all public.

The market is _fundamentally incapable_ of optimizing for secure products in
the same way it is incapable of optimizing for open products. Both of these
properties of a product are too complex for users to analyze and the benefits
often come in some difficult to measure effect that happens on some difficult
to predict timescale. We need to work on this problem before the "Internet of
things" becomes too popular and we hit truly dystopian levels of insecure
centrally-controlled products.

------
sanxiyn
It was wrong to fork Ethereum. Terms of DAO were pretty clear and there was no
reason to refund.

~~~
davidiach
I wish there was a way to test this hypothesis.

Some sort of A/B test where there were two versions of Ethereum, one with the
fork and another one without the fork. That way we could have known for sure
if forking was a good idea or not.

~~~
zhte415
That's exactly what happened.

~~~
Paul-ish
No its not. There is only Etherium with the fork. There is no version of
Etherium that never forked. If we could peek into the multiverse and see a
universe where Etherium wasn't forked, davidiach's wish could come true.

------
npongratz
> The super majority of people (89%) voted for the Hard-Fork...

Wasn't it 89% of those who voted? What was the voter participation rate?

------
tromp
> A few hours before it was supposed to be released a few members of the
> community found a bug with the implementation that opened a denial-of-
> service attack vector. This soft fork was designed to blacklist all the
> transactions made from The DAO

In particular, blacklisting DAO operations means that one can broadcast
transactions that perform huge computations but just before running out of
gas, perform a DAO operation. This huge waste of resources by miners cannot be
compensated if the transaction cannot be included...

------
biggerbistro
The long-lasting angst I continue to observe on the part of those (usually
casual observers without skin in the game)denied their schadenfreude always
impresses me. No one's opinion was excluded by the split between Ethereum and
Classic, both sides "got their way" by making the conscious choice of which
chain they would like to continue with. I suspect some of the folks who chose
the chain in which the hack did succeed are perhaps sour grapes that their
specific view of Ethereum is significantly less popular (with a similarly
small market cap) though.

This I see as a wonderful property of blockchain currencies, everyone can get
what they want in an entirely democratic way, except the haters who just want
to see other people's fun ruined.

------
GrumpyNl
As i predicted then in my statements, a fork would be the start of the
downfall of the crypto currency. They smashed the foundation of crypto
currency down, the unbreakable block chain. Solution, just fork it :(

~~~
Grangar
With wide support of the community.

~~~
dingo_bat
You can't have majority ignore the rules just because they are the majority.
The software was law. It was disregarded. Now whatever the law is, it's
meaningless. Note how in real life, people cannot be prosecuted retroactively.
If what they did was a crime _at that time_ , only then will there be
punishment.

~~~
jvdizzle
Actually you can-- look up jury nullification.

When the slaves from the southern US started escaping north and towards
Canada, many northerners who aided them were put on trial because technically
they broke a law because slaves were considered property.

The jury would acquit them because they did not believe in the spirit of the
law.

Some people believe jury nullification is required for a truly democratic
justice system.

Also in this scenario, the fork is essentially the majority's way of saying
"we don't believe in the spirit of this contract, it wasn't meant to behave
that way." Obviously, that brings up many complications. But the majority
believed that a fork is essential to save the platform and worth the potential
split in the community.

