Hacker News new | comments | ask | show | jobs | submit login
Ethereum’s $150M DAO Opens as Researchers Call for a Halt (ieee.org)
170 points by sangfroid on May 28, 2016 | hide | past | web | favorite | 81 comments

Discussion around the issues outlined in the report have already begun (before the report was published) in the DAO forums. It's not unexpected that there will be problems. This has never been done before. But the fact that this report exists, the problems are being discussed, and there are already talks of proposals for resolving some of the issues is a good sign that the DAO is working as intended... The community discovers problems, the community fixes problems.

Compare this to a traditional investment fund where you hand over your money to a private organization with opaque investment strategies, business operations, and technology. If I invest in a Vanguard or Fidelity fund, they only report back what is required of them by regulators. They take little to no input from investors, and may be running their business on decades old technology filled with flaws and bugs.

I view the DAO as an open source investment fund in the same spirit as "The Cathedral and The Bazaar". It's not perfect, it's messy, some people are more influential than others, there's a lot of noise, and it could collapse on itself at any time. But everyone gets to participate (for better or worse). Lots of eyeballs are constantly watching, and plenty of concerns will be voiced.

I know the HN crowd is a skeptical one, but try to keep an open mind. This could grow into something great. And if it doesn't... hey, it's not your money, so don't sweat it.

The "investors" risk losing all their money, and the curators and contractors risk going to prison because they are conducting an illegal securities offering with no valid exemption.

In a way, this is like Uber or Airbnb, you can't ask permission or you'd be out of business before you managed to change the laws. Asking forgiveness is not only easier than asking permission, sometimes it's the only viable route.

They may lose money, they may make some. But it's a grand experiment of a kind that's never been tried before and I'm curious to see the results.

Uber runs up against municipal taxi regulators. The DAO runs up against the SEC, DOJ, and state securities regulators, just to focus on the US cops. These people are a bit more serious than the City of Austin transit authority. As we've already seen in multiple cases, e.g., SatoshiDice, US regulators are aware of efforts to use profit-sharing contracts to raise funds, and view this (correctly) as a securities offering that should be registered unless there's a valid exemption. I was on a train some months ago and saw Preet Bharara reading the WSJ. At least I'm pretty sure it was him. How long do you think before a failed DAO crowdfunding ends up on the WSJ front page? If investors lose $100mm you can bet it will get that kind of publicity. Then it's just a matter of identifying the ideal defendant for symbolic punishment. If I were involved in slock.it, I would be careful not to travel through the US.

The DAO exists outside of the laws of the United States. If the US curators are arrested, they will be replaced with non-US residents.

This is the fundamental premise of decentralized systems. They are resilient to the interventions of governments. Bitcoin is definitely illegal in many places in the world, and occupies something of a gray area in the US. Yet, it operates just fine.

The "dao" here is not designed in a way that is truly decentralized. It is susceptible to certain centralizing flaws. There could be a dao that is designed in a way that resists censorship, that would be more interesting.

You've obviously never heard of extradition have you?

No country is going to extradite one of its own citizens for selling a financial product that doesn't happen to be approved by the US SEC and isn't a ponzi scheme / scam (the DAO may be a lot of things, but it is likely not an explicit confidence scheme). Not to mention the fact that there are plenty of countries who won't extradite to the US for any reason.

But I am speaking exactly of the scenario where a dao project curator/contractor is perpetrating a financial crime. In that case, most countries would in fact extradite. If that's even necessary. I mention US laws not b/c I'm in favor of US imperialism but b/c I am familiar with these laws. I'm sure that there are other relevant jurisdictions that would frown upon financial crimes regardless of new age window dressing.

I don't think it's clear that the DAO represents a 'financial crime'. Especially not on the part of the curators. It is an unregulated, unlicensed investment vehicle, but it's certainly not predatory, and especially not on the part of the curators (who are the only arrestable individuals).

The problem as I see it is that a curator could be affiliated with a contractor, and the same person could also hold a large stake of tokens. At some point the dao is not truly decentralized, and the parties with the power to influence voting decisions for their own benefit do not disclose this conflict.

Ya that's certainly a possibility. Of course, in such a situation, the curator could be fired. However, you face the same issue in any publicly traded corporation, but with even less recourse for the shareholders.

Don't get me wrong, even though i'm invested in the DAO a bit, I fully expect there will be serious disasters like this along the way. I'm not blind to how overwhelmingly likely it is that at least some people will run off with at least some of the money they get. But I do think these issues will get shaken out over time. And then we'll simply be left with: is it a good idea to let the wisdom of crowds make investment decisions? (also, likely the answer here is an emphatic: no, but it'll be interesting to find out).

I don't know about the law of other countries, but my home country (Austria) does not extradite its own citizens, no matter what the crime is. However, it is possible that you end up in front of an Austrian court, even if you commited the crime in another country. This will only happen in cases where the crime is actually a crime in Austria. Furthermore, the court will use Austrian law, so US law would be quite irrelevant in that case.

There might be an exception when the extradition request is issued by an EU country, but I'm not sure how this would be handled. Afaik the EU requires member states to extradite citizens and non-citizens to other member states. However, (afaik) the law that prevents Austria from extraditing its own nationals is at the constitution level.

Austrian citizens are subject to arrest and direct surrender to other EU states under execution of a European Arrest Warrant without extradition, since 2002. See http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A3...

Austria did reserve the limited possibility of refusing enforcement of EAWs on its citizen for acts not punishable under Austrian law, but that's it; which is not much different from the optional non-execution provision available to all EU states.

It also has bilateral extradition treaties with other non-EU states including the USA, again, with some reservations for its own citizens. But to say Austria doesn't extradite its citizens is wrong. For most crimes, any other EU state can issue a warrant and have Austrian citizens arrested and summarily removed without any full-blown extradition proceeding.

That's why I mentioned that I'm not sure about extradition to other EU countries. Extradition of its own citizens to other non-EU countries is currently not possible.

The law for this is "§ 12 ARHG Verbot der Auslieferung österreichischer Staatsbürger" which is part of the Austrian constitution: http://www.jusline.at/12_Verbot_der_Auslieferung_%C3%B6sterr...

https://books.google.com/books?id=0H5XqvUu3B4C provides an English explanation of that law:

1173. Extradition of Austrian nationals is not admissible pursuant to Article 12, paragraph 1 of the ARHG. The authorities mentioned that this provision has the rank of a constitutional provision and, as such, requires a 2/3 majority of Parliament to be amended. Nevertheless, as of January 1, 2009, Austria will be in a position to extradite its own nationals to other EU-Member States in accordance with Section 5 EU-JZG.

1174. Where extradition for ML is denied on the sole ground of nationality, the Austrian courts are competent under Article 65, paragraph 1, no. 1 of the StGB (jurisdiction over acts committed by Austrians abroad) and must conduct the proceedings in the same way as for any other criminal offense under national law. The Austrian courts also have explicit jurisdiction over terrorist acts and terrorist financing when the perpetrator is Austrian (Article 64, paragraph 1, nos. 9 and 10 of the StGB).

Not to mention the fact that there are plenty of countries who won't extradite to the US for any reason.

Try setting up a business in one of them and let me know how you like the environment.

You're missing the point. The DAO does not care about the business climate of any particular country. The curators can reside in any country in the world and finance any company anywhere in the world.

So, set up in a repressive place with no extradition to the US, and see how well the "we operate under magical Internet law, it means you can't touch us" defense works there.

Are you serious? Take a look around eastern europe. Take a look at international pharmacies that ship prescription drugs into the US. Take a look at chinese labs that ship research chemicals (recreational drugs) into the US.

There are tons of examples of this happening in practice, in the real world, right now. All you have to do is look.

The US doesn't rule the world (yet).

We don't and never will. Does that mean that US law is irrelevant? From from it.

Yes - US law is pretty irrelevant for most people who live outside the US and who don't do business with the US.

How relevant is China's law for an US citizen who doesn't leave the country?

US law is not applicable in some countries, because they maintain independence from the US legal system.

Mulitply this times (countries in the world) and you got a legal abyss the DAO is looking into.

At least german authorities will be interested since Slock.it UG is registered there.

NB: They do not even have a website that is conformant with german law. This is not a big deal, however, it does not strengthen my confidence that these guys are able to create code able to manage a few hundred million dollars crowdfunded capital.

> you can't ask permission or you'd be out of business before you managed to change the laws.

That strategy didn't work out too well for Zenefits.

But it has worked out for others. Risks are still risks.

It's a matter of degree. It might be a good risk to run a licensed recreational pot business in Colorado. Technically you're committing a federal crime, but there's a non-enforcement policy and as long as there's safety in numbers and a D in the White House you're probably OK. However, it's a bad idea to run a recreational cocaine business in any state. Requires a knowledge of the specific regulators, their views, and unofficial policies, to get this kind of decision right. Bringing this back to bitcoin-land, it seems that many bitcoin exchanges have knowingly operated without required state licenses for some years. However, the founders are not in jail. Why not? I think they have taken a considered approach to "partial" compliance, working out informal agreements with state regulators for eventual compliance, and avoiding operations in states that take a more hardline view. Eventually the top exchanges like Coinbase will get whatever licenses they need to, just a matter of time and $$$.

Yes, it comes down to risk management and decision making under uncertainty. i.e. how much of a competitive advantage can we gain by pushing the regulatory limits, and what are the potential downsides and probability associated with such downsides.

PG has expressed a view that he favors start ups that push regulatory boundaries, but I'm sure his view is more nuanced than such a blanket statement.

That is an interesting thing to say, so because the DAO acts as one entity, one could easily rely on a Reg S + Reg D exemption to get around pesky US laws. Reg S because the dao would be a foreign entity, and Reg D because it would be a private placement with only one investor.

So no disclosure laws necessary!

And honestly nobody in the international community cares about other country's securities laws. You can copy and paste some small exemption text from bank's private placements, so something for the UK, Hong Kong, Japan to make it also exempt.

The DAO itself relies on sanctioning from Switzerland just like Ethereum, so I'd say all the bases are covered, until it gets challenged.

But individual liability for all parties is pretty mitigated from the threat of securities regulators.

All investments carry risk. Thankfully, permissionless innovation platforms don't care what governments think. If it turns out that governments do try to ban DAOs, we'll just need to enhance their privacy.

yes, risk is risk. Anyone in the cryptocurrency space is well aware of the fact that tomorrow we could all wake up with a 0 balance. As for the legal aspect, the creators and curators have been assailed on all sides by critics and naysayers from the beginning, and yet they move forward. They either understand the risks, and deem it worthy, or are just plain stupid. Given the credentials of the individuals involved, I doubt it's the latter.

Curators may face legal risk, but contractors are just contracting. Nothing illegal about that.

In many cases, like slock.it, they appear to be the same groups on all sides (curators, contractors, token-holders), but do not necessarily disclose the relationships or voting power.

Which prison do they go to?

Did anyone discuss "even minor bug fixes that would be trivial in centralised code are near-infeasible in a DAO"?

I absolutely agree with your argumentation. It is a very interesting construct that could be the future - or just a test ballon that disappears as fast as it rose. Personally I found it worth investing 100$ in such an interesting concept to participate and raise it's chances.

If it turns out bad I loose a tiny bit of money and we all have learnt something.

If it turns out good - awesome, curious to learn from it and see how it develops.

PS: At least I can tell my grand-children to have participated at the biggest crowd-funding event so far ;)

Mutual funds are not hedge funds. They cannot just invest your money in anything.

I have to say that as far as flawed systems of incentives go, the one outlined in the article seems pretty tame. I feel like it is something people don't understand in general and something that is often manipulated, but simply not paying attention roughly amounting to an implicit 'yes' doesn't strike me as a fatal flaw.

That being said I think ethereum is very interesting but enormously risky (even more so than some other crypto-currencies). I think experiments like this are fantastic, but starting with 150 million is not. It would be much better in my opinion if it started with 1000 dollars and tried to grow from there gradually.

As far as incentives go, 150 million is a huge incentive to play fast, loose, and dirty by any means necessary to get balance into keys you control and cash out. From what I've seen of kickstarter, the internet is WAY less skeptical than they should be and it seems everyone needs to learn the lessons of their grandparents on how not to lose money to false promises.

DAO's claim of being "jurisdictionless" -- and thus not subject to any state or federal laws governing the rights and duties of business organizations, fiduciaries and beneficiaries or creditors and debtors -- then its equity owners (i.e., those who spent Ether in exchange for proportional ownership tokens) wouldn't enjoy the investor liability limitations and other protections provided by those laws.

As a result those equity owners could be on the hook for claims and judgments against the DAO for sums in excess of the value of the Ether they've paid in or the tokens they've received.

Does the governance structure of the DAO support permanently shutting itself down? What system of checks and balances exists to govern its behavior if things get really bad?

It allows a way to 'split' the DAO, and also take your 'share' of what's left and just leave.

For instance, you are already scared and don't want to deal with this anymore, you can just take all the ETH that you put into this and forget the whole thing happened.

However, there are some issues with timing, and other attack vectors/flaws in this mechanism outlined in the research being referred to in the article.

Here's the original research paper. It's a very good read: https://docs.google.com/document/d/10kTyCmGPhvZy94F7VWyS-dQ4...

I believe you'd have to wait like 21 days for your ether to clear so that you're completely out. But I am not sure.

This ultimately ends with Vitalik receiving a subpoena from the feds on behalf of a U.S. based investor who loses and gets pissed. Then he either complies and builds a backdoor for Ethereum, or he gets banned from the U.S. has trouble going back to Russia because they want the same thing. So he will ultimately become like the Bobby Fischer of crypto in effort to not give government backdoor access to Ethereum. Will it work? Tune in next week!

Ethereum is defined by a 32-page spec and has seven independent implementations so far, each in a different language, with only one produced by the organization that Vitalik leads. It might be a bit challenging introducing a back door.

And what will Vitalik testify in this subpoena? What could he reveal that wouldn't already be public? It's like giving a subpoena to a hammer maker to ask them what happened with hammer x that built thingy Y that they sold long time ago.

The no vote bias looks like a serious flaw in the DAO. As the authors say, it is safe for an informed investor to split than to vote "no" on a proposal (for reference, users who split are still entitled to the proceeds of any proposal they funded so far). So passive investors would either be in danger of an attack from a bad proposal, or would find a way to automatically split if the investor wasn't available, defeating the purpose of the DAO.

Put another way, the stock market rewards passive investors with exactly the same rewards as active investors (which has its own problems - shareholder control over management is notoriously lax), but the DAO goes to the opposite extreme.

I personally think that calling for a moratorium is presumptuous - I'm certainly glad there was no moratorium of the stock market when it was introduced because some economists identified some real flaws. But it is a well researched critique.

But wouldn't that end up being all or nothing? If there were many investments going on and someone splits, do they retain all the previous investments? I suppose the answer is yes, but then are the same curators working for them?

I would be interested to know how much the creators of the DAO have studied the history of democracy.

I can't speak for the individual creators, but the 'tyranny of the majority' has been discussed at length and is the basis for the 51% attack mitigation. DAO and Ethereum enthusiasts also seem to enjoy discussing 'delegative democracy' (or 'liquid democracy') at length.

Could ethereum be used to create verifiable transparency in investment funds? Something that would prevent fraud, such as the Bernie Madoff ponzie scheme, from occurring.

Yes, and kind of. You'd probably avoid a Madoff-like kind of scheme, but scammer will always exist and they'll find new ways.

So the same people behind the DAO are behind Slock? That is, the people behind the exchange are also pushing the first offering?

Uh oh.


Transcript: http://pastebin.com/raw/ATJSADgr

One could argue that the thread consists of nothing but trolling, and that no one could possibly be so stupid as to invest their entire life savings, take out loans, and attempt to use credit cards to buy coins. Unfortunately, I've seen it happen.

The conversations on that thread are almost exactly the same as they were several years ago. "Hold. Things will get better, you simply must hold." "But I lost half my life savings..."

Everyone learns their lesson at some price, but for some it is higher than others.

Wake me up when the DAO does something interesting

Haven't you heard they are going to destroy airbndb because they invented a self install lock app, people will be rushing to the stores to install these locks because it solves so many lock related issues, it's more expesive then what's already on the market, it's a great signal to local regulations that your illegally renting your house, and as a bonus they do zero marketing, it's all win.

> and as a bonus they do zero marketing

The locks or the company does zero marketing?

Also, I went to their page:


First thought: "OMG this looks like just another bullshit startup". Pages looking like that are a pretty reliable signal of very low value to presentation ratio...

This is the funniest take on dao/slock that I've seen so far

Raising 150M is no small feat. Anything that happens to that money will be interesting. Everything about the DAO is interesting given that it has never happen before. So if you can't find it interesting right now, you won't probably find it interesting later either.

I read the article as saying "passive investors might get screwed". So this discussion should be healthy for the DAO if it gets these passive folks to become more active. Creating the future will require some work.

No, it's worse than that. Everyone (with money in the DAO) may be screwed.

What advantages does the DAO offer over a regular fund for investors?

It looks like you get less regulartion and legal weight if things go wrong...am I missing something?

Its transparent and everyone can vote. So its like being able to read over all contracts and investment strategies that a fund manager is considering ahead of time and voting whether you want to be part of it. Then you can see every single transaction the 'fund manager' makes.

If you understand how Wall St. works then the question becomes 'why does anyone use regular funds'.

People use regular funds because they want their capital to grow without having to think or work.

Lower overhead if things go right, I think is the point.

Slock has responded to this by creating a proposal to fix these security issues: https://blog.slock.it/slock-it-security-proposal-1-is-now-ve...

I spent a few days in the DAO chat room discussing a potential proposal.

The general consensus among the developers was that the DAO isn't ready for a real business, and any business owner intending to use the DAO would face real potential risks for loss of funds or worse.

Still, it's a really interesting idea. Wish it was ready for prime-time.

That's just the difference between honest problem solving people and the average Wall St. sales guy. One tells you about the risks, the other doesn't really understand the risks or care, he is just trying to get more of your money to play with.

I bet you an Ether it's also highly vulnerable to polarized voting.

>“In general what you really want in any kind of a voting-governed structure like the DAO is you want the voters to vote their true preferences. You want them voting in line with what they want to see happen,” says Sirer. In other words, if a token-holder thinks that the proposal will yeild[sic] profits and increase the net worth of the DAO, he should vote yes. If not, he should vote no. But that’s not what we’re likely to see, according to the analysis.

Sorry, but I had to stop reading there. The sentences do not logically follow each other. The other words used by the author are not equivalent to what Sure was quoted as saying. In fact, the author's assertion removes all autonomy from a token holder and reduces them to a revenue maximizing rubber stamp.

Edit: if you can't deal (or even read), pls downmod

I suppose the statements agree if all the voter is interested in is profit.

It removes all autonomy from the voter being able to express their true preferences as the author has subjugated them to profit.

You are missing the point - whether their motivation is purely profit, or altruistic, or whatever - if they do not want to fund a project, they have an incentive not to vote 'No' against it because as soon as they do they can no longer remove their money from the DAO, and have committed to funding the project if it passes.

Maybe you are missing the point?

The author conflates an (presumably autonomous) individual's true preference with necessarily increasing the net worth of the DAO. There is no a priori reason to believe that.

Edit: you could, like, you know, post a reason to believe the equivalency.

I think .. I believe the point of the featured article was the example:

(given the voter is mainly interested in profit, then) IF a voter thinks that the proposal will yield profits and increase the net worth of DAO: vote yes

but only if their interests align that way. if they don't, obviously their decision will be based on other factors.

the point being, it should be straightforward and obvious to vote yes or no, depending on whether the result of a majority-vote yes or no, would align with your particular interests yes or no.

while that statement seems almost tautological, it's a very desirable requirement for voting systems. I'm not 100% sure on the terminology (it's been a while since I studied it) but it might be called "monotonicity" or something.

the point of the article was that in some cases it would be advantageous to do something different instead of voting yes or no along with your particular interests. in this case that it would be better to split than to vote no, in many cases. that demonstrates the (mathematical/logical) assumption of monotonicity (if it was called that) is violated.

but you only need one example to demonstrate that. so it doesn't quite matter that this is not everybody's incentive, as long as it's a reasonable incentive that people may choose.

I admit the added bit about "increasing the net worth of DAO" raised my eyebrows as well. I just assumed many profit-interests would align with the net worth of DAO, and that it'd be healthy for the system or something (I don't know).

I love the idea of a corporation ran completely by rules and regulations. But the blockchain sours it for me. I just do not believe that operates in any way like a currency must.

In this case, the blockchain isn't acting like a currency, it's acting like a impartial applyer of decisions made by people..

Interesting, got a link?

Here's the main site, link to the whitepaper at the bottom of this page: https://daohub.org/about.html

You need a blockchain so that you can secure funding

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact