ETH is advising, "Contract authors should ... be very careful about recursive call bugs, and listen to advice from the Ethereum contract programming community," which indicates there's some subtle behaviors to be aware of and secure contracts are apparently not easy to write.
Lest you think, "we'll just be careful, review and QA it", consider the bug in the "Programming Pearls" binary search. Bentley was clearly an expert who had proven the algorithm correct and the algorithm had 20 years of careful study by thousands of professionals. Yet it had a simple overflow.
How do _you_ know your contract is secure?
But this incident has set a precedent, at least within Ethereum, that the project leadership will intervene to enforce the spirit of a smart contract.
So what now are the benefits of Ethereum smart contracts over the traditional legal system?
The way I see it, at least with traditional contracts you have the benefit of a trained and experienced judge making the call in case of a serious problem.
PS: Also a second thought: Given that the "attacker" used apparently existing functionality of the DAO and that the DAO site clearly states "[n]othing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code", I am wondering: If this (as measured by the DAO code: rightfully obtained) ether is now taken from him/her, might this not be an opportunity to sue the developers implementing this fork in a real-world court?
"To be clear, if this happened due to an exploit in the software, then I can accept a hard fork fixing the issue. However, if the DAO team made a mistake in the way they designed their smart contract, as an issue of principle, they should not be "bailed out" by the Ethereum team because they are "to big to fail." Hard lessons like these teach the cryptocurrency community at large to do their homework and to be excessively (and obsessively) diligent with their security."
I agree with this.
No, I do not own any ethereum and have had only a casual interest in the entire project. My own investments have been in "Oh By Codes" most recently :)
That's not really fair. His decree does not make it so. It still must be accepted by a majority of the miners, and this is and always has been a known property of the system. The collective will of the miners ultimately trumps the contract system. However, consensus there is purposely extremely difficult to achieve, and likely only possible in extreme cases like this.
Since this was a known property of the system, and since the agreement is inherently democratic, I don't see how this is a problem. Hard forks are simply another behavior of the network. Nothing more, nothing less.
As you say, that's a known property of the system. And it might be one of those things that's only viable in practice when the network is young. But can a CFO be considered to have satisfied their fiduciary duty if they write a contract which can be subverted in this way?
I think this really can be considered a 'one time thing'. It isn't like miners can be pressured by a government to halt contracts for terrorists or other things. They have to be convinced and agree with the argument being made. There isn't a sole individual to whom pressure can be applied here. Granted, Vitalik may wield some influence, but if he started advocating things that were clearly not in the best interest of Ethereum, people simply wouldn't take on his suggested upgrades.
EDIT: I'd also add that for the record, as a DAO token holder, my personal opinion on what should be done is this: A soft fork to prevent ether from moving out of the child DAO, and then nothing. Just burn that ether forever. This avoids the moral hazard problem while minimizing harm to the overall ecosystem. People like me who made the mistake of investing still feel the pain, but Ethereum itself moves forward.
The "hacker" simply used the DAO as it was meant to be used (i.e. according to the smart contract code), and deserves the funds. If there is a hard fork, I hope he sues slock.it for controlling the DAO, and for stealing the funds he is owed according to their own terms ("The contract is king").
Actually, the Bitcoin devs deserve a huge amount of credit for not attempting to "improve" the block reward or total supply during their multi-year bleed down from $1200->$200.
Step 2: Find someone foolish enough to accept the other side of the insurance contract, in a world where "insurance fraud" is no excuse
Step 3: Use Ethereum maliciously, stealing your own Ether under another identity
Step 4: Collect insurance
Step 5: Profit (in Ether)
Step 6: Good luck turning your Ether into actual money when people figure out how broken everything about it is
Is there any extant insurance company that would want to review my code in exchange for a lower premium?
If not, why would one be willing to do this for a flash-in-the-pan cryptocurrency, but not a useful, real-world device?
That would make for a very interesting trial, where a very rigid ideology would be put to the test.
The project leadership can only propose change. Change requires "ratification" by a majority of miners as well as the support of node operators and holders.
> So what now are the benefits of Ethereum smart contracts over the traditional legal system?
The contract can only be invalidated by a significant majority / supermajority of the community through the consensus process. Therefore this is unlikely to happen often if ever, and if so, only in very extreme, clear circumstances in which the entire community is in jeopardy. 
Proposal #5 "Moratorium on proposals" only reached 8.86% of 20% quorum before voting ended.
Yet the moratorium is already in effect... as you can see there aren't any other real proposals out. Everyone is waiting to sort out these huge bugs in the framework.
It is the beginning of a precedent but precedent is fairly weak because Ethereum in its early stages and very experimental (many hard forks are in Ethereum future). Bitcoin rolled back the blockchain at one point as well but it wouldn't happen today.
>So what now are the benefits of Ethereum smart contracts over the traditional legal system?
My view is that smart contracts can most useful for low value contracts that you would never want to take to court. No judge wants to listen to two people arguing over 18 dollars.
Will the project leadership offer a soft- and/or hard-fork every time a poorly-implemented smart contract is exploited in a manner that is not intended by the contract creators?
If every smart contract is going to be "guaranteed" in this way, then this introduces significant overheads for the project and can also create moral hazard.
Alternatively, if only some contracts are "guaranteed" but not others, this can introduce opportunities for favouritism or discrimination...
Are cases only considered when they affect the ether price or where there is personal involvement with the contract? Is that fair?
Interventions and their resolution can also quickly get politicized just like the bank bailouts from the financial crisis.
It is not clear this is setting a good precedent.
Edit: reworded for clarity
This was a plot mechanism in some SciFi story I read a few years back.
Edit: one of the in-universe early Revelation Space books.
The fork won't be enacted unless a majority of the community agrees to run its code. That's not likely to happen except in extreme cases, like this one.
Because it implies that some contracts will have a greater probability of being "bailed out" if they are backed by more ether.
It may turn out to be a bad thing because it will establish the idea that not all Ethereum contracts are created equal.
And this can lead the system to be more centralized.
Edit: for the record, I don't own use Ethereum or own any ether, so I would also hope that a hard fork doesn't happen to bail out a single contract, but I have no financial incentive on the line.
a) It is being bailed out by referendum, not mandate. Everyone gets a vote, if you don't want to install the patch, don't do it.
b) The funds to bail it out are those stolen by the attacker. Nobody is asking people without DAO tokens to suddenly contribute their ether to restoring the DAO or take debt.
I mean, the contract executed exactly as specified.
If the system was well designed, there would be no way to undo the results. Such a system may never exist, but the fact that ethereum can sometimes change contract results means it isn't living up to its ideals.
Of course, miners not associated with the DAO would never normally consider risking such a thing, but the rapidly falling price of their ether may convince them that it's the safest move.
2) The American people were paid back.
This is really too bad. The best outcome would be for the community to learn from this and build tools and practices that make new contracts significantly more reliable.
Smart contract design practices will have to undergo the same kind of gradual hardening that web servers have over the past 20 years. Let's hope it happens a bit quicker.
Look, self-driving cars required humans to take over and require updates to deal with new challenges -- until they don't, or very rarely do.
Smart contracts are different from self-driving cars in that the former have competing intents within while the latter have a common goal of "not hitting anything".
The only way to eliminate the human interpretation factor is to eliminate the possibility for human interpretation. This is effectively impossible in a pre-singularity world, so there can be no such thing as a contract enshrined in code which is binding.
Perhaps that is only a reasonable hope for values under $50-100M USD.
Well that's the fantasy of the century. Has no one learned this lesson with Bitcoin? An electronic currency doesn't magically wave away the fact it's being built and used by humans.
Personally I hate the term "smart contracts" because of the confusion they create on what they actually are.
If you're not familiar with anarcho-capitalist theory, there's a concept called a DRO -- dispute resolution organization  -- that can perform arbitration functions in a decentralized manner, i.e. without a monopoly on judicial services like the state.
In the future, as the infrastructure matures, I'd be willing to bet DROs will arise to handle these types of disputes. Forthcoming DAOs can be more competitive by integrating dispute resolution clauses into their contracts.
For example, maybe there's a flag that must pass before any transaction takes place, and can fail if X% of DAO stakeholders vote to halt transactions and defer to a DRO for arbitration.
Hard to say exactly how things will evolve, but what's great about Ethereum is that contract law has the potential to evolve at a much quicker, cost effective pace than does the monopolistic, bureaucratic justice system we have in place today.
What does surprise me is that people poured the equivalent of tens of millions of dollars into this new, unproven thing. To me, this says that while Ethereum itself may be technologically fine, the community is completely bonkers.
The underlying tech is clever though; the speculation is just a side-effect of cryptocurrency systems that they attract a lot of people who attempt to make a quick buck from during the rapid growth phase.
As others have pointed out, this is not a bad thing b/c speculation is one legitimate way that cryptocurrencies can bootstrap themselves, even if (over time) their strengths are not likely to result in more speculative behavior than is found in other established currencies.
The outrageous investment in Ethereum/DAO does seem to highlight a desire for governance models outside of the corporatist status quo we live under today, though. Personally, I don't think it's bonkers to yearn for something better. But it's a hope that needs to be tempered with vigilance if people are going to avoid being duped.
The non-aggression principle is a central tenet in ancap philosophy which would preclude violence in most cases, however, it is permitted in self defense of ones person or property. Still, most people who subscribe for a DRO probably aren't going to want to pay the high costs for a standing militia. Would you voluntarily pay taxes for the War on Terror, or the numerous other military boondoggles across the globe, if you had a choice and knew the actual costs?
This ventures into the territory of private defense agencies, which decentralize security services, and is a deeper subject. If you want to dive in, I'd suggest Michael Huemer's book "The Problem of Political Authority: An Examination of the Right to Coerce and the Duty to Obey" in which he debunks the Hobbesian war of all against all scenario. "Practical Anarchy" by Stefan Molyneaux is also a decent (and free to read) overview of how ancap voluntarism could work, but Huemer's arguments are more comprehensive.
... Unless that impacts their bottom line. In reality, this is unsolvable - if it were, boycotts, divestments, and employer blacklists would be far more effective. You can always find scabs that will compromise on principle in order to put food on their table.
What if someone disagrees with the non-agression principle or uses a very liberal definition of "self defense"? If I'm the only one who is permitted to use violence to defend myself, does this mean I have to carry a weapon with me at all times (and hope the other one doesn't have a bigger gun/has hired the more expensive security force)?
Generally, I think ancaps would argue that violence wouldn't occur because it is too costly (as they do in the context of private defence agencies ).
Anyway, I believe this argument is flawed, in the sense that people have resorted to violence, despite the fact that it was nonsensical in economic terms (I'm looking for the quote of some prominent intellectual who argued around ~1914 that no big war could ever happen again, because it would be devastating in economic terms. He was proven both wrong and right in the sense that it indeed was devastating for the economy and that it occurred anyway as we know. If somebody knows the name of this gentleman please let me know).
Also, there are methods to make the software ultra secure using formal models.
So Slock.it could raise money, obviously. A common complaint right around when Slock.it launched the DAO was that Slock.it planned to offer the first funding proposal on it but only provided a brief 2-week period for review and debate before the voting started. It had the appearance of an attempt at railroading the crowdfunding process for a quick payoff.
Fortunately cooler heads uncovered the problems and spoke out, putting the brakes on. Now it's a big learning experience for the ~23,000 people who blindly jumped on the hypetrain and put money into a flawed investment vehicle. You'd think the first 7 years of Bitcoin would have taught people a lesson that this technology is risky, but dollar signs in the eyes tend to obscure hindsight I guess.
I haven't touched ETH or the DAO personally, but it is unfair to label every investment in them irrational. Over the past 5 years cryptocurrencies have provided multiple opportunities to convert, say, $10k into $100k or even $1M within a year or two; once your networth exceeds a certain amount, risking 1-2% of it on an opportunity like that is arguably wise - i.e. would be worth repeating - even if it does fail spectacularly.
It is certainly true that as long as that reasoning delivers 10-100x+ returns to some of the people some of the time, a giant fount of speculative money will continue to moisten a lot of scammers, con artists, and insufficiently-careful SW developers though.
A contract should present an interface that includes a declaration of its behavior. The declared behavior should be well defined, and if a bug in the implementation is discovered, the contract should be updatable to fix the bug. There could even be futures expressing the probability that a contract will be found to have a bug.
The willingness of participants to use a contract would depend on the chances that something about the interface is bug-prone, untested, etc.
As long as bugs do not result in reversal of money flow, the incentives seem to align properly toward a well-defined approach for declarative contracts.
The first part, a "declaration of...[future] behaviour," is basically a normal contract.
There ought to be a way to have highly vetted primitives. In meatspace legalese, boilerplate words and phrases are the closest we get to this... once a contract (or open source license, etc.) has been through litigation, its vulnerabilities become better known.
If a dispute gets decided the "wrong" way because a few clarifying words were absent, the contract is modified and future deals use the new contract.
Doing this is a tradeoff. On the one hand it lets you fix bugs and vulnerabilities, on the other your users have to trust you not to abuse your power.
1) a significant delay between the announcement of an upgrade and the actual upgrade (enforced by the blockchain)
2) a mechanism to opt-out or cash out before the upgrade happens
No-one can write bug-free code, so why are these people building a huge, expensive system that relies on no bugs being found?
No, we can. We just don't, because it's very expensive, and we lack proper tooling to make it cheaper and/or faster. The flaw as I see it is that ETH jumped the gun, and tried to move to software law enforcement without investing the right amount of time/money in the code.
Worthwhile goal (though the desirability and practicality remains debatable), bad execution.
Eh, it depends on how amenable your standards for correctness are to formalization. Also when it comes to security, where clearly bugs tend to hurt a lot more, we're almost always at the mercy of "unproven" (in the formal sense) algorithms. Don't get me started on quantum computing's effects.
Reasoning about concurrent programs (let alone distributed ones) is something where I don't think we've got many reasonable schemes, even at the academic level. Though it's great to hear the Ethereum foundation is willing to drop some cash on that problem! I wish luck to anyone who takes them up on that, it's something I'd love to work on if I didn't have existing projects.
There's no evidence of that, and lots of evidence to the contrary.
"As one example of Ada in an undergraduate setting, students at Vermont Technical College in the U.S. used the SPARK language (a formally analyzable subset of Ada) to develop the software for a CubeSat satellite that recently completed a successful two-year orbital mission. SPARK was chosen because of its reliability benefits. The students had no previous experience in Ada, SPARK, or formal methods, but were able to quickly come up to speed.
Of the twelve CubeSats from academic institutions that were included in the launch, the one from Vermont Tech was the only one that completed its mission. Many of the others met their doom because of software errors. The Vermont Tech group credits its success to the SPARK approach, which, for example, allowed them to formally demonstrate the absence of run-time errors."
I've read similar success stories for Lisp and Haskell. Rust will likely add more evidence as it becomes more widely used. Agda and Idris are also capable in this respect.
The problem is too many engineers are just day-jobbers, who want to crank out LOC and quickly add features that get them paid, regardless how sloppy their work or the tools they use may be, or how much work/cost it adds to the maintenance overhead down the road. That work can either be done up front writing bug-free code, or later during maintenance putting out fires, but it can't be avoided. Programmers who chose the former use the excuse "bug-free code is impossible so we don't have to try" to justify pushing the work off on the maintenance team later. But it's demonstrably false.
The catch is that this is difficult and the time and cost both scale non-linearly with the complexity of the software. But if you can do it for dead-simple programs running on hardware you understand very well, you can do it for complex software as well. Just be prepared to pay millions of dollars for it.
Not necessarily when you're bounded by reality and finite amounts of time and energy. Just because you can count to 2^8 doesn't mean you can count to 2^128.
Perhaps, but nobody can write a bug-free legal contract either, and no legal system is without bugs.
Sadly, for the legal system, many of the bugs are due to corruption, so they are actually more akin to systematic exploits being done again and again by malicious actors (who often happen to be wealthy or powerful).
Also, in terms of how drastic this bug is, suppose $5M gets stolen over a few days. If the community can strengthen itself and become resilient to a whole class of attacks, that is likely far superior to a meatspace improvement in contract law, which would likely take years to become law (and would be selectively enforced once it did).
The difference is that when there is an issue with a legal contract you can defer to an arbiter (a judge) and discuss whether that is a bug or a feature as soon as a divergence of interpretation is detected.
Hell, even just having a sentient empowered human in the loop is sufficient, with fully automated response systems we'd never have survived the cold war as a civilisation, the first false-positive detection (and there have been several) would have ended it.
The problem (and the thing you propose as a solution) is deferring to an arbiter. This is not human judgement as much as it is human authority. We conflate the two in meatspace because of the social rank conferred upon such positions (this is the same drive that makes humans bow before gods and dictators)
The very idea of decentralization is a different authority model than what is typically in human institutions. In theory, institutions managed in a decentralized and anonymous way have the potential to achieve a form of democratic governance that is far more resistant to corruption than any form previously invented.
In meatspace, a judge must be chosen, elected/appointed, confirmed, etc., and when that judge needs to be replaced we take an entirely different (largely unknown) judge and do a full-scale migration to that new judge's "firmware".
With smart contracts, we can divide the execution into many smaller smart-contracts, each with a specific domain of expertise. This makes versioning, incremental improvement, and extreme transparency possible.
If you listen to us SCOTUS argument, particularly when a case involves discussion of the intent of specific words in a law, it becomes clear how utterly mutable all of the constructs are. While the SCOTUS is a world-class institution in terms of its overall quality, it is reinforced using a highly centralized model of human authority, with all its problems.
"If there is a typo, error, fraud, crime etc. a contract is considered invalid or the part of the contract that is flawed"
With software bugs you have something similar :
> NO WARRANTY. THE SOFTWARE IS PROVIDED TO YOU “AS IS” AND “WITH ALL FAULTS.”
"Oh, that contact for 1000 dollars is really 10 dollars because they 'missed' a decimal place. You still have to uphold your part though."
Corruption of judges can be a problem in that space and that is in part what this is attempting to solve. A lofty goal, maybe even impossible, but certainly worth the time to try.
[even had a typo in the first publish of this comment!]
Situation was basically a table rendered in prose format. I can’t recall the precise verbiage, but it read something like:
In 2015, the requirement shall be 0.05%. In 2016, the requirement shall be 0.7. In 2017, the requirement shall be 0.09%
Very subtle typo which, had it been treated as The Truth of The Text would have bankrupted anyone attempting to adhere to the regulation.
That sounds like a terrible amount of power to give someone without a vote.
If I offered a new car for 10€ — obviously it should have been 10k€, so others cannot expect me to fulfil that (ask your local police).
If I had offered it for 8.5k€ and suddenly claim it should have been 10k€, it’s far from obvious that this was a mere error, so I’d likely have to stand for it.
If I offered a used car for 10€, the case becomes murky.
Which is why people don't understand basic human institutions and are surprised when they run into issues trying to re-invent from scratch
Aside from everything. In writing a contract, it's very common to write price with numbers and letters in brackets next to them. E.g. 1000$ ( one thousand dollars ), exactly because typos happen.
The decision what a typo is is made by the parties, in case of dispute then by several courts ( based on the evaluation of the contract ). That's at least in continental law system.
There's a way to specify a 3rd party court ( non-corrupted one, called arbitrage ) which can solve disputes for that contract.
Corruption of judges problem is being fixed also in several ways. Usually decisions in high courts are decided by 3 judges ( again continental law ) and sometimes a jury ( prevailing in anglo-saxon law system ). Also there is a way to appeal the decision of the court to a higher court(s).
I certainly distrust the American legal system enough to use something like this in the future.
It most likely is not, looking at the recent post on contract security, most if not all examples ever posted as best practice are flawed and can be exploited:
https://blog.ethereum.org/2016/06/10/smart-contract-security... (currently down, cached version https://webcache.googleusercontent.com/search?q=cache:https:...)
Turing machine, meet halting problem.
Or, to put it another way, it sounds like the language is Turing complete in roughly the same way C is Turing complete even though every C program ever instantiated is actually a linear bounded automaton because there's no such thing as an infinite tape.
Like, I can announce that my C-like language will always halt after a trillion-trillion operations and therefore the halting problem is "solved" for it, but for all other purposes it's almost exactly as difficult to reason about as a Turing machine.
The real void smart contracts fill is the type of contracts that cannot be trusted to be enforced by the current court systems.
For example, consider prediction markets. Just about any economist or rational person will tell you these are a huge boon to the world, but the CFTC shut down InTrade just a few years ago. It makes a lot of sense for these types of contracts to move onto ETH or similar.
Isn't that just a fancy term for betting anyway?
Prediction markets can also be called "information markets" because they expand the class of things we can understand the risk characteristics of beyond the traditional instruments.
Lloyds of London began by issuing insurance on shipping vessels so that ship owners shared the risk of a wreck across all their fleets, reducing the devastation of losing a ship for each individual owner. Prediction markets let us do this for a host of other outcomes.
A prediction market is nothing more than a betting market, the innovation (attributable to Robin Hanson, I believe) is the idea of the binary future, which makes the probabilistic outcome work nicely with a traditional futures contract structure, and allows for a lot of nice intuitions based on price movement.
Consider a business that needs to reason about the probability of a law passing, severity of global warming, or any number of other difficult to predict events. Prediction markets would provide by far the most accurate insight.
It's wisdom of crowds + skin in the game.
Surely such prediction markets are a guarantee of corruption?
That or I just don't understand - if a market exists that takes bets on human actions such as passing laws, how long someone will live etc, the betters will have a very active interest in doing everything they can to make a large profit, of which corruption alone is the most obvious target.
I mean in a way you're right - it is wisdom of crowds, albeit crowds of people that "know" only because they're corrupted the final event.
Like the probability of a smart contract being exploited via a loophole? ;)
It's very frustrating for me to see "probability of a law passing" and "severity of global warming" being thrown in the same basket.
While the first lends itself naturally to be framed as a binary prediction market (and there are good reasons to believe that the market will produce reliable forecasts), "severity" doesn't lend itself to be framed in this way (in Taleb terms, it is a non-linear payoff from a complex domain, "4th quadrant"). Ignoring that there is a lot of ideology involved in defining the exact terms, in my mind it is just unreasonable to expect prediction markets (or any mechanism for that matter) to deliver reliable results in this case.
Even when not accepting the Taleb argument regarding our ability to predict, at least it should be acknowledged that it is not straight-forward to generalize from binary outcomes to open-ended ones.
True, but I think said people still haven't taken the whole Taleb idea to heart. I'm pretty sure there are certain domains where the wisdom of the crowd is no wiser then a chimp throwing darts.
As an extreme example, assume you ran a prediction market that predicted the value of the s&p500 x days from now. Would you expect to make money based on these predictions?
This is not to say that they can't be useful in certain domains. It is well known that they do well for binary outcomes like sport events and elections.
They might also be valuable in situations where there are behavioural factors that prevent the spread of information (e.g. whether a project will finish on time). However, there might be simpler mechanisms (like whistle blowing) which could solve the problem or it might not be a problem at all (Bent Flyvbjerg's research on mega projects suggests reliable forecasts are simply undesirable and "true" forecasts are known sub rosa anyway)
A relaxation of the law or more exemptions a la IEM could be beneficial from a research perspective, but I wouldn't expect a "huge boon" just because. These are a lot of words to basically say, it's not a black and white issue.
The S&P already is a prediction market for the future value of the S&P. So no, there would be no additional information here.
I agree that wisdom of crowds does not always work, but remember that this is not just wisdom of crowds, it's wisdom of crowds PLUS skin-in-the-game.
All of the things in quadrant 4 are difficult to predict. I would trust the predictions of people who have put money where there mouth is far more than the predictions of those who haven't, and I think Taleb would too.
Adding a prediction market to ethereum or some other crypto coin isn't going to revolutionise anything.
I sort of assumed this DAO thing was intended in this spirit, as an experimental stab on the path to robust contracts.
With millions of dollars in prizes if you could exploit it?
Edit: If this is not how it is, I'd be interested to know who is putting money into the DAO, sociologically speaking. I hope nobody's investing their life savings in it.
Why would it be any different for "bespoke ethereum contracts"?
Compare with "old fashioned" contract law or e.g. national currencies or gold. The errors there (theft, counterfeit and fraud) tend to impact only one or a few transactions. It's all more localized/
In case of broader failure of old fashioned money (e.g. national currencies being destroyed through inflation): at least this is a very slow process that is usually being telegraphed years in advance.
In that sense smart contracts are a tool for a specific purpose (and maybe a replacement for people who don't have the luxury of a working court system) as opposed to the end-all-be-all solution that some make it out to be.
Ethereum's smart contract language is not one which makes it easy to write secure smart contracts. There are dragons everywhere, and the DAO is far and away not the only smart contract to incur their wrath.
In general I am in favor of moving to programatic, unforgiving law. But we need to do so at a pace that matches our technological progress. Today, the technology is not there to make advanced contracts. Simple ideas like 'this coin is owned by this person until a signature from this key transfers ownership to someone else' are pretty easily enforceable. Bitcoin has a scripting system with a variety of safe scripts in widespread use.
But as soon as you start aiming at things like 'this investment fund is owned by this group of people and is able to make investments under conditions X, Y, Z, and can split... etc.', you've outpaced what we currently know how to do safely.
It's much worse than that!! What you've just said applies to building an airplane or getting to Mars, too. Mother nature won't care what you meant to do.
But this is worse: mother nature might give you turbulence, but She won't carefully cycle or time the turbulence in a code injection vulnerability to try to get your avionics to lock up at some particular moment. With these kinds of systems, you have humans actively doing everything in their power to break the system, even using the most subtle possible tricks. It's not just noise: it's a malicious attacker.
It's not enough to "get it right". You have to get it right against someone with lockpicking tools, budget, time, and no legal, social, or moral checks and balances. By that standard, every vehicle NASA has ever built is completely broken, and NASA has never built a single thing that works.
It's not just about code that's correct. It's about code to held to literally supernatural standards of correctness.
It's a social problem.
Ideally, using formal methods , one can write a provably correct program. Just because software can have bugs does not mean it must have bugs. Human contract law has no analogue.
Personally I'd be wary of any electronic contract that wasn't formally verified. The DAO exploit is unsurprising.
Stuff like patent-trolling (and patents) suggest to me the law isn't so consistently trustworthy as you suggest.
After all, there are almost always small mistakes in complex systems. The system of case law is, essentially, a structured way of turning differing interpretations into a stricter framework over time.
My point is, the institution of law needs to be trusted, yet patent-trolling exists because the institution has failed to apply fair judgment and common sense such that ridiculous legal structures have prevailed.
But my point was the patent trolling exists because the law is unfavourable. Not because there is a system of mediation in place. If the patent system should be abolished or not doesn't really relate to how inconsistencies in contracts are handled, as far as I can see?
The legal system is complex and messy sometimes because moneyed interests have been keeping a thumb on the scales and sometimes because the world is complex and millions of people have spent hundreds of years patching bugs and extending the code to handle all the weird corner cases.
Smart contracts are a neat idea, but it is also kind of like the guy who wants to rewrite the production system in a weekend.
I also consider the strictness, and lack of third-party mediation a "pro", not a "con".
Interactive theorem proving is already at the level that verifying something like the DAO (a few hundred lines of code!) isn't too complicated. By the time smart contracts become relevant we'll probably have all the tools in place to make this an industry instead of a research project.
It is really the whole cryptographic ambition for trust less systems that is possibly problematic.
I'm trying to be open minded. I'll concede that maybe they are will be proven right with time, but maybe not.
If this hack can be stopped, then it demonstrates that the currency can be manipulated, that the decentralised system is not so fault tolerant or uncensored after all, and that people out there know this.
Also to your point, yes, Ethereum is not as decentralized as some would like to claim, either from a stakeholder perspective, or from a mining perspective, or even from a 'who holds the power' perspective. I suspect that's what makes it so efficient though, in terms of changing protocol, or making decisions on behalf of stakeholders.
When adoption is low it stands to reason centralization would be high, and so it enables them to move faster to increase adoption, and hence lower centralization as other players and stakeholders enter the game.
However it does also stand the risk of allowing the current influential parties (the developers or miners) to influence the system in their favor. So far though, I don't think this has been the case, but we'll see how this situation plays out.
Also, centralization/decentralization is a a scale, not discrete boolean values.
It will definitely be interesting to see how this plays out. Good luck to everyone involved.
Since if this is a problem and will be fixed, it will presumably be by consensus. We already know that with consensus the entire system can be changed (or forked, if you like). This is no secret and there was never any claim otherwise. This is exactly what they mean by decentralised.
What should worry you is if a change happens without consensus, but there is no such indication here.
Decentralization doesn't prevent coordination.
The reason for this is that ethereum exchanges are not decentralized and the "program" that the owners of the exchanges execute on their brains partly allows "dynamic mental code update" by Vitalik Buterin.
Exchanges are in a difficult position once the 'head' of ethereum tells them to stop. It's a sign that the blockchain might be forked, so any further trades they make might be undone - they simply have little choice but to stop after being told to do so.
Not at all. This is a classic "coordination problem". It is advantageous for many participants in the overall system to take an action, but only if the other participants are ALSO taking the action. In such a case, a widely followed and popular leader is one possible coordinating mechanism. And it does not give that popular leader the ability to do ANYTHING, only things that actually ARE popular but require coordination.
That's the exact opposite of decentralized. Are we going to have to redefine the word?
How do you imagine decentralised decisions happening otherwise? Everyone choosing their own solution without ever talking to each other and seeing what is most popular?
My idea of "decentralized" includes things like "continues to function perfectly well if any one person or small group is removed from the process" and "continues to function perfectly well if any one person or small group becomes malicious".
In this case, if Vitalik Buterin were not around to announce the problem, someone else could announce it and that would provide a coordinating signal for all of the independent players to act on. If Vitalik Buterin were malicious and decided to announce a rollback of a big spend he had done, then the independent miners and mining pool operators would (I hope) choose to ignore the announcement and refuse to participate.
I guess to me, having a centralized group or individual make decisions seems to violate "decentralized", but having one of several possible groups or individuals make announcements which signal the population to take action does not.
I didn't stop eating excess salt until my doctor asked me to do so - and it was totally in my interest.
This is, of course, absurdly optimistic.
And the governmental powers-that-be can press a button and prevent citizens from exchanging cash?
The anti-fiat crowd should think for a minute on how money actually works in practice.
Halting trading is a show of force too, if they believed a single thing of what they preach they'd let the free market continue its course with the hacker walking away with the money.
Looking at your comment history it seems clear you have an agenda here, so I'll ignore the ad hominem.
In the history of organization structures, for example, Peter Drucker in 1946 wrote the "Concept of the Corporation", a study on General Motors, which was arguably one of the early detailed studies of Decentralized governance in an organization.
Decentralisation does not preclude "force". The one really has nothing to do with the other. Unless your idea of "decentralization" is actually the solipsist view that every person is an island, and social structures hold no benefit for survival.
Why is that different for Ethereum?
So while there is no clear single party that makes decisions, active developers have the most say.
It's sad, being able to write blockchain apps like with ethereum and lisk is cool tech, but we'll have to deal with the idea that once is out, it's out. Programming NASA style.
My thought exactly. And despite putting a little money into the DAO myself, this is the kind of risk I was willing to take. I should lose my money. Miners should vote strongly against this fork.
I know in the Bitcoin community this wouldn't be accepted, not so sure about Ethereum though where the developers have a lot more control (than they should IMO).
The counterpoint to your statements is simply that consumers need safety with their money. It is no badge of honor to let unsophisticated technical people lose money for some extreme libertarian ideals.
With all respect Peter, this is not FUD and OP is raising a valid concern. Yes, the miners vote on the patch - but given the infant state of the ecosystem and the large loss incurred, even further controversy or delay in finding a resolution may cause them permanent economic harm; so it would appear that there is little leeway in the choice involved.
> The counterpoint to your statements is simply that consumers need safety with their money. It is no badge of honor to let unsophisticated technical people lose money for some extreme libertarian ideals.
Yes, that's certainly the argument, particularly that if there is majority agreement than the protocol change is justified. But this doesn't at all invalidate OP's concern that fundamentally algorithmic contract's aren't binding if such an alteration can be adopted. The case could be made that in a more mature ecosystem such case specific alterations are more potentially damaging than useful and that this is a transitional phase, yet I think the burden of proof is on the one responding.
I think we agree on this. The reality is that an active choice will still have to be made by a consensus group, though. It's not a matter of something being forced down the throats of a majority by an oligarchy, it's utilizing the existing consensus mechanism.
I think OP should be well warned here as to what is binding with smart contracts, for sure. This isn't any different than risk calculations in Bitcoin, though -- early days advice was to wait six blocks for transactions over $20, because the cost of subverting the network was very low. This is part of the give and take of mining and distributed consensus with current technologies.
A soft fork will undeniably require distributed consensus. It is the number of people with the actual right to vote that may be worrisome.
Perhaps the pool owners should extend their voting rights to their pool contributors, pooling votes as they pool mining shares.
(Disclaimer: I hold a small amount of ETH and participate in a mining pool.)
All the talk of /ethereum/ being decentralized.
So, in computer science terms, consensus algorithms are about approximating distributed consensus in the face of benign and malicious threats or communication failures, which devolves to "quorum / majority" pretty quickly in a crisis.
After the crisis, some kind of compensation, reconciliation or excommunication has to happen with the portion that disagreed.
A distributed system can easily make a majority decision that is unwise, like if the votes are based off of bad information. But if the different options of the decision could be formalized and checked/proven as part of the decision making process, based off of axioms and values that participants all agree on, then perhaps the most rational decision could be selected even if it's not what the majority was initially in favor of.
I realize this is the wallet development but they are absolutely related and shows the culture of this software is not as professional or thought out as it should be.
Once it gets bigger the security goes up as events like this affect the currency less and less.
Edit: to be clear, the 51% attack I'm referring to is actually the defense of the network by developers/miners/users that the parent post is complaining about.
But when did he know how to do this? Was it a secret that he was sitting on, or has he only learnt about it from the existing attack?
I wonder how different ether will turn out to be, will they bail it out by rolling back the blockchain?