Hacker News new | past | comments | ask | show | jobs | submit login

This is what concerns me about contract programming. With human contract law, if there's a minor typo or loophole, participants can generally see the spirit and intent, and at worst go to a judge who will usually enforce the intent. But with software contracts, only the characters matter and there's no intent anywhere: either you get paid or you don't.

ETH is advising, "Contract authors should ... be very careful about recursive call bugs, and listen to advice from the Ethereum contract programming community," which indicates there's some subtle behaviors to be aware of and secure contracts are apparently not easy to write.

Lest you think, "we'll just be careful, review and QA it", consider the bug[1] in the "Programming Pearls" binary search. Bentley was clearly an expert who had proven the algorithm correct and the algorithm had 20 years of careful study by thousands of professionals. Yet it had a simple overflow.

How do _you_ know your contract is secure?

1. https://research.googleblog.com/2006/06/extra-extra-read-all...




Unlike traditional contracts, the idea was that smart contracts were going to eliminate the need for enforcement or dispute resolution. So that law is enshrined in code.

But this incident has set a precedent, at least within Ethereum, that the project leadership will intervene to enforce the spirit of a smart contract.

So what now are the benefits of Ethereum smart contracts over the traditional legal system?

The way I see it, at least with traditional contracts you have the benefit of a trained and experienced judge making the call in case of a serious problem.


Agreed. If this soft and hard fork idea really goes through, it seems that now you are in fact getting the worst of both worlds: For your contract, you have to write code that apparently is very hard to get right and bug-free[1], while at the same time you are at the whim of a "community" -- whose decisions (sorry, "suggestions") can apparently be announced by one guy in a blog post -- not to deem what you are doing an "attack".

PS: Also a second thought: Given that the "attacker" used apparently existing functionality of the DAO and that the DAO site clearly states "[n]othing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code", I am wondering: If this (as measured by the DAO code: rightfully obtained) ether is now taken from him/her, might this not be an opportunity to sue the developers implementing this fork in a real-world court?

[1]: http://hackingdistributed.com/2016/06/16/scanning-live-ether...


I think this comment on the original blog post says it very well:

"To be clear, if this happened due to an exploit in the software, then I can accept a hard fork fixing the issue. However, if the DAO team made a mistake in the way they designed their smart contract, as an issue of principle, they should not be "bailed out" by the Ethereum team because they are "to big to fail." Hard lessons like these teach the cryptocurrency community at large to do their homework and to be excessively (and obsessively) diligent with their security."

I agree with this.


Do you own ethereum that will undoubtedly fall in value if the attacker is allowed to start dumping their earnings? It's within the network at larges interest to fork, so that is what will happen.


"Do you own ethereum that will undoubtedly fall in value if the attacker is allowed to start dumping their earnings?"

No, I do not own any ethereum and have had only a casual interest in the entire project. My own investments have been in "Oh By Codes"[1] most recently :)

[1] https://0x.co


> Agreed. If this soft and hard fork idea really goes through, it seems that now you are in fact getting the worst of both worlds: For your contract, you have to write code that apparently is very hard to get right and bug-free[1], while at the same time you are at the whim of a "community" -- whose decisions (sorry, "suggestions") can apparently be announced by one guy in a blog post -- not to deem what you are doing an "attack".

That's not really fair. His decree does not make it so. It still must be accepted by a majority of the miners, and this is and always has been a known property of the system. The collective will of the miners ultimately trumps the contract system. However, consensus there is purposely extremely difficult to achieve, and likely only possible in extreme cases like this.

Since this was a known property of the system, and since the agreement is inherently democratic, I don't see how this is a problem. Hard forks are simply another behavior of the network. Nothing more, nothing less.


The troubling issue with the system that this highlights is that a majority of users can agree to implement a fork which invalidates an existing contract.

As you say, that's a known property of the system. And it might be one of those things that's only viable in practice when the network is young. But can a CFO be considered to have satisfied their fiduciary duty if they write a contract which can be subverted in this way?


Ya, it's a tricky issue to be sure. But the miners are strongly incentivized to act in a way that minimizes harm to the currency itself. If they start accepting hard forks left and right then ether will lose all its value extremely rapidly. So i'm not really sure the slippery slope argument applies here.

I think this really can be considered a 'one time thing'. It isn't like miners can be pressured by a government to halt contracts for terrorists or other things. They have to be convinced and agree with the argument being made. There isn't a sole individual to whom pressure can be applied here. Granted, Vitalik may wield some influence, but if he started advocating things that were clearly not in the best interest of Ethereum, people simply wouldn't take on his suggested upgrades.

EDIT: I'd also add that for the record, as a DAO token holder, my personal opinion on what should be done is this: A soft fork to prevent ether from moving out of the child DAO, and then nothing. Just burn that ether forever. This avoids the moral hazard problem while minimizing harm to the overall ecosystem. People like me who made the mistake of investing still feel the pain, but Ethereum itself moves forward.


I respect that position, the moral hazard question is quite significant, particularly this early in the lifecycle of this network.


This basically sounds like, should we bail out Greece?


Commenting on your second thought: I hoped that people behind DAO (and Ethereum?) will stick to the terms they themselves proposed but it seems they will push hard for forking the chain (see: Ethereum blog).


The DAO was officially introduced by slock.it with "the code of the contract is the absolute truth, any other description is just a guideline", which was hailed as a new miracle by the investors, but now that it doesn't mean mountains of gold the founding principles are suddenly not important anymore, it seems.

The "hacker" simply used the DAO as it was meant to be used (i.e. according to the smart contract code), and deserves the funds. If there is a hard fork, I hope he sues slock.it for controlling the DAO, and for stealing the funds he is owed according to their own terms ("The contract is king").


Whenever they're about to lose, those with the power to do so usually change the rules to ensure they win. Cryptocurrency developers are rarely an exception to that.

Actually, the Bitcoin devs deserve a huge amount of credit for not attempting to "improve" the block reward or total supply during their multi-year bleed down from $1200->$200.


Maybe someone can write an insurance contract that future DAO authors can hire, as an alternative to interventions. It would have to be bug free.


Step 1: Write an insurance contract against the malicious use of Ethereum

Step 2: Find someone foolish enough to accept the other side of the insurance contract, in a world where "insurance fraud" is no excuse

Step 3: Use Ethereum maliciously, stealing your own Ether under another identity

Step 4: Collect insurance

Step 5: Profit (in Ether)

Step 6: Good luck turning your Ether into actual money when people figure out how broken everything about it is


This is a smart response. The insurance company could also review the contract code in order to provide cover -- this would give investors extra confidence.


Suppose that I want to make a medical device, and I want to get liability insurance for when a bug in its code administers a lethal dose of radiation to a patient.

Is there any extant insurance company that would want to review my code in exchange for a lower premium?

If not, why would one be willing to do this for a flash-in-the-pan cryptocurrency, but not a useful, real-world device?


For an insurance policy like that, they wouldn't offer any policy without auditing the device, including the code.



Sounds like kernel space code.


It might also be a question of survival. If $36 million+ is drained from the DAO itself unintentionally at such an early stage, can they continue, and how confident can anyone be that their implementation will be successful if the reference implementation itself is not?


If the DAO is not ready for survival now, then no amount of protecting it will make it ready for survival. What will make the DAO survive is code that only contains bugs that are too difficult to find relative to the value of finding them.


> might this not be an opportunity to sue the developers implementing this fork in a real-world court?

That would make for a very interesting trial, where a very rigid ideology would be put to the test.


> the project leadership will intervene

The project leadership can only propose change. Change requires "ratification" by a majority of miners as well as the support of node operators and holders.

> So what now are the benefits of Ethereum smart contracts over the traditional legal system?

The contract can only be invalidated by a significant majority / supermajority of the community through the consensus process. Therefore this is unlikely to happen often if ever, and if so, only in very extreme, clear circumstances in which the entire community is in jeopardy. [0]

[0] Theoretically.


Not a single TheDAO proposal has even been close to reaching a quorum [0] to pass a vote. How is this ratification supposed to happen?

[0] https://dao.report/?sort=popular&keywords&status%5B0%5D=1&st...


So far there hasn't been a single serious proposal, so naturally nobody is voting.


That's not true.

Proposal #5 "Moratorium on proposals" only reached 8.86% of 20% quorum before voting ended.

Yet the moratorium is already in effect... as you can see there aren't any other real proposals out. Everyone is waiting to sort out these huge bugs in the framework.

https://www.reddit.com/r/ethereum/comments/4ns5nl/news_on_th...


I'm a Dao member (or at least I was this morning..!) and didn't vote on that one -- I didn't see the point in voting on proposals that are polls as opposed to votes on moving money to a specific address. There are forums to discuss general strategy, doesn't need to be a poll.


>But this incident has set a precedent, at least within Ethereum, that the project leadership will intervene to enforce the spirit of a smart contract.

It is the beginning of a precedent but precedent is fairly weak because Ethereum in its early stages and very experimental (many hard forks are in Ethereum future). Bitcoin rolled back the blockchain at one point as well but it wouldn't happen today.

>So what now are the benefits of Ethereum smart contracts over the traditional legal system?

My view is that smart contracts can most useful for low value contracts that you would never want to take to court. No judge wants to listen to two people arguing over 18 dollars.


Even if we agree that Ethereum is still in its early stages we have to ask whether this response is setting a good or bad precedent going forward.

Will the project leadership offer a soft- and/or hard-fork every time a poorly-implemented smart contract is exploited in a manner that is not intended by the contract creators?

If every smart contract is going to be "guaranteed" in this way, then this introduces significant overheads for the project and can also create moral hazard.

Alternatively, if only some contracts are "guaranteed" but not others, this can introduce opportunities for favouritism or discrimination...

Are cases only considered when they affect the ether price or where there is personal involvement with the contract? Is that fair?

Interventions and their resolution can also quickly get politicized just like the bank bailouts from the financial crisis.

It is not clear this is setting a good precedent.

Edit: reworded for clarity


Not to mention: you can use the mere claim of yourself knowing a bug in a smart contract to force the other side to do as you say. If it's sufficiently hard to check for bugs, the other party might accept the cost of doing as you say as cheaper than the cost of checking for bugs again.

This was a plot mechanism in some SciFi story I read a few years back. Edit: one of the in-universe early Revelation Space books.


In this particular case the contract holds 15% of all ether.

The fork won't be enacted unless a majority of the community agrees to run its code. That's not likely to happen except in extreme cases, like this one.


I don't think such a scenario is entirely neutral.

Because it implies that some contracts will have a greater probability of being "bailed out" if they are backed by more ether.

It may turn out to be a bad thing because it will establish the idea that not all Ethereum contracts are created equal.

And this can lead the system to be more centralized.


Is 15% really that extreme? This is a game; nothing of real value in the world is being created or destroyed (that wasn't already during mining). I personally hope the ethereum community decides to play this game out and not bail out the DAO. It's way too early in the social experiment to change the rules.


Lots of people have traded serious amounts of real money for those game tokens.


I agree that 15% may not be that extreme, but 15% is not all that's at stake. 100% of all ether existing has so far lost 20% of its value (relative to other currencies at the time of the article's writing). I wouldn't be surprised if it continued to drop further. This may cause enough panic among miners to actually get a majority to agree to a hard fork.

Edit: for the record, I don't own use Ethereum or own any ether, so I would also hope that a hard fork doesn't happen to bail out a single contract, but I have no financial incentive on the line.


In other words, this contract is too big to fail?


Perhaps, but:

a) It is being bailed out by referendum, not mandate. Everyone gets a vote, if you don't want to install the patch, don't do it.

b) The funds to bail it out are those stolen by the attacker. Nobody is asking people without DAO tokens to suddenly contribute their ether to restoring the DAO or take debt.


Is there really an attacker and stolen funds though?

I mean, the contract executed exactly as specified.

If the system was well designed, there would be no way to undo the results. Such a system may never exist, but the fact that ethereum can sometimes change contract results means it isn't living up to its ideals.


I disagree in part with (b). A hard fork could split the community and cause the price of ether to crash further. While miners who fork may not actually lose ether in the process, they may actively cause it to lose whatever value it has left.

Of course, miners not associated with the DAO would never normally consider risking such a thing, but the rapidly falling price of their ether may convince them that it's the safest move.


1) TARP arguably had a referendum immediately afterward in the form of the election.

2) The American people were paid back.


Exactly. This is being pitched as a negative, when really, consensus-based changes are probably always for the best.


Precisely, because this company is at the root of Ethereum. They can do these kinds of tomfoolery, and anyone who uses and trusts Ethereum is to blame for not doing their homework.


> But this incident has set a precedent, at least within Ethereum, that the project leadership will intervene to enforce the spirit of a smart contract.

This is really too bad. The best outcome would be for the community to learn from this and build tools and practices that make new contracts significantly more reliable.

Smart contract design practices will have to undergo the same kind of gradual hardening that web servers have over the past 20 years. Let's hope it happens a bit quicker.


Disagree. Over time, there will be less and less human intervention and people will be able to rely on a system of contracts assembled from tested and trusted components. And avoid expensive litigation fees.

Look, self-driving cars required humans to take over and require updates to deal with new challenges -- until they don't, or very rarely do.


In the place of litigation fees you pay software development fees. Not that I am really against it as a developer.

Smart contracts are different from self-driving cars in that the former have competing intents within while the latter have a common goal of "not hitting anything".


If anyone can intervene, intervention will happen, even if it takes a new law to make it so.

The only way to eliminate the human interpretation factor is to eliminate the possibility for human interpretation. This is effectively impossible in a pre-singularity world, so there can be no such thing as a contract enshrined in code which is binding.


Interesting from a practical perspective; I hope that ideologically we exercise enough restraint to prevent this historic circumstance.

Perhaps that is only a reasonable hope for values under $50-100M USD.


> the idea was that smart contracts were going to eliminate the need for enforcement or dispute resolution

Well that's the fantasy of the century. Has no one learned this lesson with Bitcoin? An electronic currency doesn't magically wave away the fact it's being built and used by humans.


IMO smart contracts are more about decentralized "serverless" services than they are about law contracts.

Personally I hate the term "smart contracts" because of the confusion they create on what they actually are.


I prefer robo contracts. Implies cheap and no humans (with pros and cons of all robo services). Code is only as smart as the humans who program it.


Yep. Ethereum just rendered themselves pointless.


This real highlights the genius of Satoshi imo. If she had not disappeared she would have surely become a benevolent dictator for life and thus a single point of failure. By being anonymous and going silent, that outcome was prevented.


The miners have always been the arbiters. That's implicit in verifying transactions via their consensus.


Keep in mind Ethereum is less than a year old, the DAO is even younger. It's still new, risky, and fraught with problems that need to be solved.

If you're not familiar with anarcho-capitalist theory, there's a concept called a DRO -- dispute resolution organization [1] -- that can perform arbitration functions in a decentralized manner, i.e. without a monopoly on judicial services like the state.

In the future, as the infrastructure matures, I'd be willing to bet DROs will arise to handle these types of disputes. Forthcoming DAOs can be more competitive by integrating dispute resolution clauses into their contracts.

For example, maybe there's a flag that must pass before any transaction takes place, and can fail if X% of DAO stakeholders vote to halt transactions and defer to a DRO for arbitration.

Hard to say exactly how things will evolve, but what's great about Ethereum is that contract law has the potential to evolve at a much quicker, cost effective pace than does the monopolistic, bureaucratic justice system we have in place today.

[1] https://en.wikipedia.org/wiki/Dispute_resolution_organizatio...


What's crazy to me about the whole thing isn't the bug in the DAO nor the fact that it's being taken advantage of. As you say, it's all very early stuff, and there's no surprise that it hasn't been fully worked out yet.

What does surprise me is that people poured the equivalent of tens of millions of dollars into this new, unproven thing. To me, this says that while Ethereum itself may be technologically fine, the community is completely bonkers.


There is a lot of speculative fervor going on. It's like any fad, except you can count the "value" generated by the waves of PR.

The underlying tech is clever though; the speculation is just a side-effect of cryptocurrency systems that they attract a lot of people who attempt to make a quick buck from during the rapid growth phase.

As others have pointed out, this is not a bad thing b/c speculation is one legitimate way that cryptocurrencies can bootstrap themselves, even if (over time) their strengths are not likely to result in more speculative behavior than is found in other established currencies.


Isn't pouring millions of dollars into new, unproven things the entire premise of venture capitalism? Great risk for great reward.

The outrageous investment in Ethereum/DAO does seem to highlight a desire for governance models outside of the corporatist status quo we live under today, though. Personally, I don't think it's bonkers to yearn for something better. But it's a hope that needs to be tempered with vigilance if people are going to avoid being duped.


Usually the millions of dollars comes after there's some sort of promise shown. This is basically the equivalent of doing an IPO with nothing but a nice-sounding business plan, and having people shower you with money only to discover that, oops, your real business plan is to take the money and flee to the Cayman Islands with it.


To be fair, people poured millions of dollars into a drunken pirate investment company (pirateat40). "I'm going to take your money and drink it away, har har" was somehow better than the alternatives, which often involve basically-impossible-to-circumvent paperwork requirements(buying stock without a phone/mailing address, say), obtrusive spy-on-your-customer policies, risk of having your wealth appropriated by governments like the government of Venezuela and so on.


Consider the fact that many who bought ETH did so with BTC, and that these BTC might have been acquired for a lot less than what the equivalent ETH are now worth.


Tulips.


Or their other options are ripe for disruption


This is fascinating. How do ancaps propose that DRO's will enforce their judgments? With violence? What's to stop the losing party from just gathering a bigger militia and shooting back to prevent collection?


The most effective way is likely ostracism, or some other penalty based on reputation. If someone doesn't pay their debts, people just stop trading with them. I'd posit that most people are interested in restitution, rather than punitive measures, which would be the primary goal of a DRO -- making the victim whole again. This is why DROs would likely function similar to an insurance agency.

The non-aggression principle is a central tenet in ancap philosophy which would preclude violence in most cases, however, it is permitted in self defense of ones person or property. Still, most people who subscribe for a DRO probably aren't going to want to pay the high costs for a standing militia. Would you voluntarily pay taxes for the War on Terror, or the numerous other military boondoggles across the globe, if you had a choice and knew the actual costs?

This ventures into the territory of private defense agencies, which decentralize security services, and is a deeper subject. If you want to dive in, I'd suggest Michael Huemer's book "The Problem of Political Authority: An Examination of the Right to Coerce and the Duty to Obey" in which he debunks the Hobbesian war of all against all scenario. "Practical Anarchy" by Stefan Molyneaux is also a decent (and free to read) overview of how ancap voluntarism could work, but Huemer's arguments are more comprehensive.


"If someone doesn't pay their debts, people just stop trading with them."

... Unless that impacts their bottom line. In reality, this is unsolvable - if it were, boycotts, divestments, and employer blacklists would be far more effective. You can always find scabs that will compromise on principle in order to put food on their table.


> The non-aggression principle is a central tenet in ancap philosophy which would preclude violence in most cases, however, it is permitted in self defense of ones person or property.

What if someone disagrees with the non-agression principle or uses a very liberal definition of "self defense"? If I'm the only one who is permitted to use violence to defend myself, does this mean I have to carry a weapon with me at all times (and hope the other one doesn't have a bigger gun/has hired the more expensive security force)?


The collection could be written as part of the smart contract that wants to use the service of the DRO (of course that part would have be be bug-free…).

Generally, I think ancaps would argue that violence wouldn't occur because it is too costly (as they do in the context of private defence agencies [1]).

Anyway, I believe this argument is flawed, in the sense that people have resorted to violence, despite the fact that it was nonsensical in economic terms (I'm looking for the quote of some prominent intellectual who argued around ~1914 that no big war could ever happen again, because it would be devastating in economic terms. He was proven both wrong and right in the sense that it indeed was devastating for the economy and that it occurred anyway as we know. If somebody knows the name of this gentleman please let me know).

[1]: https://en.wikipedia.org/wiki/Private_defense_agency


A counter-argument is that most of the American population did not want to enter either of the world wars, but were dragged into it by state and corporate interests who, unlike the general population, did stand to profit enormously from the war. PDAs would not have the authority to do this.


As far as I understood it though, ancap wouldn't forbid any of the corporations that did profit from the war. (Or, in fact couldn't forbid it as this is the whole point). So what would prevent those corporations from engaging in the same war propaganda that the states did?


One solution would be for (some) individual contracts to be programmed to have "curators" with an expanded role. These curators would have dictatorial powers (via a supermajority vote of the curators) to nullify and replace the entire contract. However, they would promise to do this only in case of a genuine software bug, or if ordered to do so by a court with jurisdiction over them, not for any other reason. There would be many curators. Many of them would be professional curators, similar to professional accountants or trust executors, who work for huge firms which, like Big Four accounting firms, have a lot to lose if any of their members are caught misusing their power.


I see a different problem here: Ethereum and the DAO were not in a mature state to handle this amount of money. For example, there is a limited support for upgrading contracts in Ethereum and the DAO was not reviewed enough to handle hundreds of million dollars.

Also, there are methods to make the software ultra secure using formal models.


I always wondered why there was such a rush to launch the DAO. As opposed to what Ethereum itself did: develop a proof of concept for over a year, then release a beta version and provide bounties for security bugs, all the while collaborating with testers and security researchers to stress the software.


>I always wondered why there was such a rush to launch the DAO.

So Slock.it could raise money, obviously. A common complaint right around when Slock.it launched the DAO was that Slock.it planned to offer the first funding proposal on it but only provided a brief 2-week period for review and debate before the voting started. It had the appearance of an attempt at railroading the crowdfunding process for a quick payoff.

Fortunately cooler heads uncovered the problems and spoke out, putting the brakes on. Now it's a big learning experience for the ~23,000 people who blindly jumped on the hypetrain and put money into a flawed investment vehicle. You'd think the first 7 years of Bitcoin would have taught people a lesson that this technology is risky, but dollar signs in the eyes tend to obscure hindsight I guess.


> ~23,000 people who blindly jumped on the hypetrain

I haven't touched ETH or the DAO personally, but it is unfair to label every investment in them irrational. Over the past 5 years cryptocurrencies have provided multiple opportunities to convert, say, $10k into $100k or even $1M within a year or two; once your networth exceeds a certain amount, risking 1-2% of it on an opportunity like that is arguably wise - i.e. would be worth repeating - even if it does fail spectacularly.

It is certainly true that as long as that reasoning delivers 10-100x+ returns to some of the people some of the time, a giant fount of speculative money will continue to moisten a lot of scammers, con artists, and insufficiently-careful SW developers though.


TheDAO effectively turned into a massive bug bounty, a pot up for grabs.


Indeed an important question that will be decided soon is whether the "hacker" will get to keep the reward pot, or whether the rules of the game will change to deny it.


I am curious if a huge DAO-like organization could avoid being a target solely by keeping very of its wealth liquid at any moment... i.e. what would have happened if 99.99% of the DAO's eth were loaned out... would the hacker have bothered? (assuming it wasn't an inside job)


It's pretty obvious and simple. Because they want to run away with your money NOW. Ethereum had money already so they could survive while waiting to scam you even more.


Core problem: If contracts can be upgraded while in use, everything reduces to a game of Nomic.


That depends on whether you think of a contract as an interface or as an implementation.

A contract should present an interface that includes a declaration of its behavior. The declared behavior should be well defined, and if a bug in the implementation is discovered, the contract should be updatable to fix the bug. There could even be futures expressing the probability that a contract will be found to have a bug.

The willingness of participants to use a contract would depend on the chances that something about the interface is bug-prone, untested, etc.

As long as bugs do not result in reversal of money flow, the incentives seem to align properly toward a well-defined approach for declarative contracts.


What you're trying to solve is something very similar to the recursive self improvement problem that MIRI[1] and friends are trying to solve in the sphere of "friendly" artificial intelligence. If something rewrites its own source code, how can you assert invariants that can be relied upon? So going and looking over there at what they've come up with may be fruitful.

[1] https://intelligence.org/


Very interesting! Looking at the papers and going to read them. Any specific papers you'd recommend?


"Tiling agents" would be the most arguably relevant. Provably correct agents that approve the construction of other probably correct agents obeying similar invariants.


Is "probably" there meant to be "provably"? I assume so, but I'm not sure.


Probably.


Thanks! Looks very interesting!


Sorry, not qualified to have an opinion. Opening this question to the floor?


Note that this probably means that designing contracts of this sort of "friendly AI complete" in some sense, and therefore not a good thing to be betting on in the short term.


> A contract should present an interface that includes a declaration of its behavior. The declared behavior should be well defined, and if a bug in the implementation is discovered, the contract should be updatable to fix the bug.

The first part, a "declaration of...[future] behaviour," is basically a normal contract.


Indeed. However in a normal contract, the implementation is specified fairly loosely the laws (and enforcement mechanisms) can change drastically over the life of the contract.

There ought to be a way to have highly vetted primitives. In meatspace legalese, boilerplate words and phrases are the closest we get to this... once a contract (or open source license, etc.) has been through litigation, its vulnerabilities become better known.

If a dispute gets decided the "wrong" way because a few clarifying words were absent, the contract is modified and future deals use the new contract.


Why is that a problem?


Contracts can be upgraded if they're designed that way. You can have a wrapper contract that just calls out to other contracts, where the addresses of the other contracts are updateable. You can even make the callee run in the context of the caller, so all the data is held at the caller, which calls an external function that manipulates it.

Doing this is a tradeoff. On the one hand it lets you fix bugs and vulnerabilities, on the other your users have to trust you not to abuse your power.


It completely obviates the point, because a contract no longer means what it says, it means what Bob says. So just wire your money to Bob, it's simpler.


While I prefer non-upgradable contracts for the same reason, there are mechanisms to reach some middle ground, like:

1) a significant delay between the announcement of an upgrade and the actual upgrade (enforced by the blockchain)

2) a mechanism to opt-out or cash out before the upgrade happens


Are you referring to this kind of upgrades https://gist.github.com/Arachnid/4ca9da48d51e23e5cfe0f0e14dd... ? Because you have an important limitation if you use that approach.


Until such time as a College of Hortators gets invented and people start including standard provisions to defer some decisions to them. Yay, the courts have been reintroduced.


Formal verification is the right approach. Do you know of any specifics for this goal that exist for ETH now?


Vlad Zamfir, Greg Meredith, and Emin Gun Sirer are working on this for Ethereum's next consensus algo, Casper. Not aware that they've published anything on it yet though.



I agree completely. 'Smart' contracts are terribly flawed in this regard. Operating outside of contract law is a weakness, not a strength.

No-one can write bug-free code, so why are these people building a huge, expensive system that relies on no bugs being found?


No-one can write bug-free code

No, we can. We just don't, because it's very expensive, and we lack proper tooling to make it cheaper and/or faster. The flaw as I see it is that ETH jumped the gun, and tried to move to software law enforcement without investing the right amount of time/money in the code.

Worthwhile goal (though the desirability and practicality remains debatable), bad execution.


> No, we can. We just don't, because it's very expensive, and we lack proper tooling to make it cheaper and/or faster.

Eh, it depends on how amenable your standards for correctness are to formalization. Also when it comes to security, where clearly bugs tend to hurt a lot more, we're almost always at the mercy of "unproven" (in the formal sense) algorithms. Don't get me started on quantum computing's effects.

Reasoning about concurrent programs (let alone distributed ones) is something where I don't think we've got many reasonable schemes, even at the academic level. Though it's great to hear the Ethereum foundation is willing to drop some cash on that problem! I wish luck to anyone who takes them up on that, it's something I'd love to work on if I didn't have existing projects.


The Ethereum virtual machine isn't concurrent even though the network is. The model is a relatively simple serial sequence of operations, state machine style.


The Ethereum VM is only a small issue, the contracts running on it are the actual problem. DAO isn't falling to an ethereum bug.


With enough effort, you can prove that your code conforms to the specification, but how do you prove that the specification conforms to your expectations?


You struggle to even do that. You can normally prove that some code conforms to a version of the specification that is explicitly formalised, but in practice, a large number of bugs are specification bugs and that will only increase the more you are forced to formalise the specification.


> No, we can.

There's no evidence of that, and lots of evidence to the contrary.


Sure there's evidence of that. Maybe not in the move-fast break things social/mobile/local web world, but in the mission/safety/life-critical and real-time systems engineering world there is. Just takes a quick google search, for example:

http://electronicdesign.com/dev-tools/11-myths-about-ada

"As one example of Ada in an undergraduate setting, students at Vermont Technical College in the U.S. used the SPARK language (a formally analyzable subset of Ada) to develop the software for a CubeSat satellite that recently completed a successful two-year orbital mission. SPARK was chosen because of its reliability benefits. The students had no previous experience in Ada, SPARK, or formal methods, but were able to quickly come up to speed.

Of the twelve CubeSats from academic institutions that were included in the launch, the one from Vermont Tech was the only one that completed its mission. Many of the others met their doom because of software errors. The Vermont Tech group credits its success to the SPARK approach, which, for example, allowed them to formally demonstrate the absence of run-time errors."

I've read similar success stories for Lisp and Haskell. Rust will likely add more evidence as it becomes more widely used. Agda and Idris are also capable in this respect.

The problem is too many engineers are just day-jobbers, who want to crank out LOC and quickly add features that get them paid, regardless how sloppy their work or the tools they use may be, or how much work/cost it adds to the maintenance overhead down the road. That work can either be done up front writing bug-free code, or later during maintenance putting out fires, but it can't be avoided. Programmers who chose the former use the excuse "bug-free code is impossible so we don't have to try" to justify pushing the work off on the maintenance team later. But it's demonstrably false.


You can write a formally verified, simple Hello World program and prove that it adheres to both your design and implementation specifications. You can this all the way down to how the specific processor will run the resulting machine code.

The catch is that this is difficult and the time and cost both scale non-linearly with the complexity of the software. But if you can do it for dead-simple programs running on hardware you understand very well, you can do it for complex software as well. Just be prepared to pay millions of dollars for it.


> But if you can do it for dead-simple programs running on hardware you understand very well, you can do it for complex software as well.

Not necessarily when you're bounded by reality and finite amounts of time and energy. Just because you can count to 2^8 doesn't mean you can count to 2^128.


> No-one can write bug-free code

Perhaps, but nobody can write a bug-free legal contract either, and no legal system is without bugs.

Sadly, for the legal system, many of the bugs are due to corruption, so they are actually more akin to systematic exploits being done again and again by malicious actors (who often happen to be wealthy or powerful).

Also, in terms of how drastic this bug is, suppose $5M gets stolen over a few days. If the community can strengthen itself and become resilient to a whole class of attacks, that is likely far superior to a meatspace improvement in contract law, which would likely take years to become law (and would be selectively enforced once it did).


> Perhaps, but nobody can write a bug-free legal contract either, and no legal system is without bugs.

The difference is that when there is an issue with a legal contract you can defer to an arbiter (a judge) and discuss whether that is a bug or a feature as soon as a divergence of interpretation is detected.

Hell, even just having a sentient empowered human in the loop is sufficient, with fully automated response systems we'd never have survived the cold war as a civilisation, the first false-positive detection (and there have been several) would have ended it.


You are describing human judgement or human discretion. It's probably a given that AI will surpass humans in judgement and discretion of many things in the coming years and would be at least as able to avoid reacting to a false-positive as any human.

The problem (and the thing you propose as a solution) is deferring to an arbiter. This is not human judgement as much as it is human authority. We conflate the two in meatspace because of the social rank conferred upon such positions (this is the same drive that makes humans bow before gods and dictators)

The very idea of decentralization is a different authority model than what is typically in human institutions. In theory, institutions managed in a decentralized and anonymous way have the potential to achieve a form of democratic governance that is far more resistant to corruption than any form previously invented.

In meatspace, a judge must be chosen, elected/appointed, confirmed, etc., and when that judge needs to be replaced we take an entirely different (largely unknown) judge and do a full-scale migration to that new judge's "firmware".

With smart contracts, we can divide the execution into many smaller smart-contracts, each with a specific domain of expertise. This makes versioning, incremental improvement, and extreme transparency possible.

If you listen to us SCOTUS argument, particularly when a case involves discussion of the intent of specific words in a law, it becomes clear how utterly mutable all of the constructs are. While the SCOTUS is a world-class institution in terms of its overall quality, it is reinforced using a highly centralized model of human authority, with all its problems.


There's nothing preventing a contract from adding fallback modes that require interaction from human agents. Indeed, most of the more high-assurance contracts will probably require this.


I agree, for now. What I argue is that just like nobody can write bug free code, nobody can write bug free contracts as well. I think this might have a good use case down the road once all the bugs are worked out. That said, it's not ready for prime time yet.


Indeed, but you have bug-safety law around the world which incorporates something like :

"If there is a typo, error, fraud, crime etc. a contract is considered invalid or the part of the contract that is flawed"

With software bugs you have something similar :

> NO WARRANTY. THE SOFTWARE IS PROVIDED TO YOU “AS IS” AND “WITH ALL FAULTS.”


Who decides what a typo is?

"Oh, that contact for 1000 dollars is really 10 dollars because they 'missed' a decimal place. You still have to uphold your part though."

Corruption of judges can be a problem in that space and that is in part what this is attempting to solve. A lofty goal, maybe even impossible, but certainly worth the time to try.


I actually found a typo of a 100x magnitude in a Washington, D.C. law about ten years ago. Submitted it, and it was administratively adjusted. No need to even take it back for another vote. I believe is happens with much greater frequency than anyone outside the business of maintaining legal documents imagines.

[even had a typo in the first publish of this comment!]


Sounds like a story worth telling; details?


Just realized someone actually read my comment!

Situation was basically a table rendered in prose format. I can’t recall the precise verbiage, but it read something like: In 2015, the requirement shall be 0.05%. In 2016, the requirement shall be 0.7. In 2017, the requirement shall be 0.09%

Very subtle typo which, had it been treated as The Truth of The Text would have bankrupted anyone attempting to adhere to the regulation.


> administratively adjusted

That sounds like a terrible amount of power to give someone without a vote.


for obvious fixes, that’s not actual power: They could not do that if the correct answer weren’t obvious.

If I offered a new car for 10€ — obviously it should have been 10k€, so others cannot expect me to fulfil that (ask your local police).

If I had offered it for 8.5k€ and suddenly claim it should have been 10k€, it’s far from obvious that this was a mere error, so I’d likely have to stand for it.

If I offered a used car for 10€, the case becomes murky.


This is hacker news. If this was some code rather than in meatspace and you trusted a single client to modify a turning complete config file for everyone else you'd call it a massive security vulnerability. I don't understand how having humans involved changes that. Yes, they probably have good intentions but has that assumption ever worked out in human history? If it's not used today for something nefarious, it will be used tomorrow.


> This is hacker news

Which is why people don't understand basic human institutions and are surprised when they run into issues trying to re-invent from scratch


Grace Hopper said it best 'The most dangerous phrase in the language is, "We've always done it this way."'


A legislative body is a conflict resolution mechanism, and one that is basically in the business of writing the code of law (literally). For something to be considered a typo, there must be negligible conflict over that interpretation. If not, the legislative body addresses it again or it’s handled by the judiciary. The legal register who maintains the official version of the text works at the behest of the legislative body. These things are not occurring without supervision.


I UPvoted your comment.

Aside from everything. In writing a contract, it's very common to write price with numbers and letters in brackets next to them. E.g. 1000$ ( one thousand dollars ), exactly because typos happen.

The decision what a typo is is made by the parties, in case of dispute then by several courts ( based on the evaluation of the contract ). That's at least in continental law system.

There's a way to specify a 3rd party court ( non-corrupted one, called arbitrage ) which can solve disputes for that contract.

Corruption of judges problem is being fixed also in several ways. Usually decisions in high courts are decided by 3 judges ( again continental law ) and sometimes a jury ( prevailing in anglo-saxon law system ). Also there is a way to appeal the decision of the court to a higher court(s).


It's impossible to corrupt a 3rd party judge (shouldn't all courts be third parties?), or 3 judges? I agree it's the best system we have today, but it won't be tomorrow.


There are relatively few cases where $1000 and $10 are both reasonable numbers. It should be pretty obvious to both parties from context which is the 'correct' interpretation.


To a rational person without ulterior motives yes, but remember in my country "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause" means "Go ahead and take papers (cash) from peoples cars without warrants, and then the burden is on them to prove they obtained it legally"

I certainly distrust the American legal system enough to use something like this in the future.


I don't know why you're getting downvoted, seems like a very prudent and informed sentiment to me.


> How do _you_ know your contract is secure?

It most likely is not, looking at the recent post on contract security, most if not all examples ever posted as best practice are flawed and can be exploited:

https://blog.ethereum.org/2016/06/10/smart-contract-security... (currently down, cached version https://webcache.googleusercontent.com/search?q=cache:https:...)


that's the gist of the problem

Turing machine, meet halting problem.


The halting problem is easy to solve for Ethereum programs by design. Programs are made of instructions, each instruction requires fuel to run, and fuel is limited, so every program must halt eventually.


I'm not familiar with Ethereum programs, but it seems to me that it's not possible to answer the practically-identical question, "How much gas does this program need to start with to guarantee it will either get into a loop or halt of its own accord before it runs out of gas?"

Or, to put it another way, it sounds like the language is Turing complete in roughly the same way C is Turing complete even though every C program ever instantiated is actually a linear bounded automaton because there's no such thing as an infinite tape.

Like, I can announce that my C-like language will always halt after a trillion-trillion operations and therefore the halting problem is "solved" for it, but for all other purposes it's almost exactly as difficult to reason about as a Turing machine.


100% agreed and anyone who expects these types of smart contracts to replace typical contracts is overlooking this.

The real void smart contracts fill is the type of contracts that cannot be trusted to be enforced by the current court systems.

For example, consider prediction markets. Just about any economist or rational person will tell you these are a huge boon to the world, but the CFTC shut down InTrade just a few years ago. It makes a lot of sense for these types of contracts to move onto ETH or similar.


Why are prediction markets a huge boon for the world?

Isn't that just a fancy term for betting anyway?


The entire finance industry does a fancy form of betting. Risk and reward are packaged up and bought and sold by people according to their preferred allotment, and once the outcome is known the spoils (or losses) are correspondingly shared.

Prediction markets can also be called "information markets" because they expand the class of things we can understand the risk characteristics of beyond the traditional instruments.

Lloyds of London began by issuing insurance on shipping vessels so that ship owners shared the risk of a wreck across all their fleets, reducing the devastation of losing a ship for each individual owner. Prediction markets let us do this for a host of other outcomes.

A prediction market is nothing more than a betting market, the innovation (attributable to Robin Hanson, I believe) is the idea of the binary future, which makes the probabilistic outcome work nicely with a traditional futures contract structure, and allows for a lot of nice intuitions based on price movement.


They provide a far more accurate insight into the likelihood of events than any other alternative. You can think of it as betting if you like, but it's betting with lots of positive externalities.

Consider a business that needs to reason about the probability of a law passing, severity of global warming, or any number of other difficult to predict events. Prediction markets would provide by far the most accurate insight.

It's wisdom of crowds + skin in the game.


>Consider a business that needs to reason about the probability of a law passing, severity of global warming, or any number of other difficult to predict events. Prediction markets would provide by far the most accurate insight.

Surely such prediction markets are a guarantee of corruption?

That or I just don't understand - if a market exists that takes bets on human actions such as passing laws, how long someone will live etc, the betters will have a very active interest in doing everything they can to make a large profit, of which corruption alone is the most obvious target.

I mean in a way you're right - it is wisdom of crowds, albeit crowds of people that "know" only because they're corrupted the final event.


They don't guarantee corruption, because if the corruption shows up on the prediction market it has occurred (or will occur) elsewhere already, and if large amounts of money are betting on a certain outcome, others will follow, and thus the payout won't be as large.


> Consider a business that needs to reason about the probability of a law passing, severity of global warming, or any number of other difficult to predict events

Like the probability of a smart contract being exploited via a loophole? ;)


This is OT now, but in addition to the corruptive effects of traders influencing results they are betting on mentioned by mootothemax, another possible negative externality is the conservative effect the prediction market would have on the traders. Eg. if you got a whole population to bet on the market, suddenly it is in the interest of the majority to uphold past predictions, thus making society resistant to change.


EDIT: Moved to the correct location in the discussion tree.

It's very frustrating for me to see "probability of a law passing" and "severity of global warming" being thrown in the same basket.

While the first lends itself naturally to be framed as a binary prediction market (and there are good reasons to believe that the market will produce reliable forecasts), "severity" doesn't lend itself to be framed in this way (in Taleb terms, it is a non-linear payoff from a complex domain, "4th quadrant"). Ignoring that there is a lot of ideology involved in defining the exact terms, in my mind it is just unreasonable to expect prediction markets (or any mechanism for that matter) to deliver reliable results in this case.

Even when not accepting the Taleb argument regarding our ability to predict, at least it should be acknowledged that it is not straight-forward to generalize from binary outcomes to open-ended ones.


Presumably he meant a specific prediction like "Greenwich will be permanently flooded by 2025" ?


> Just about any economist or rational person will tell you these are a huge boon to the world

True, but I think said people still haven't taken the whole Taleb idea to heart. I'm pretty sure there are certain domains where the wisdom of the crowd is no wiser then a chimp throwing darts.

As an extreme example, assume you ran a prediction market that predicted the value of the s&p500 x days from now. Would you expect to make money based on these predictions?

This is not to say that they can't be useful in certain domains. It is well known that they do well for binary outcomes like sport events and elections.

They might also be valuable in situations where there are behavioural factors that prevent the spread of information (e.g. whether a project will finish on time). However, there might be simpler mechanisms (like whistle blowing) which could solve the problem or it might not be a problem at all (Bent Flyvbjerg's research on mega projects suggests reliable forecasts are simply undesirable and "true" forecasts are known sub rosa anyway)

A relaxation of the law or more exemptions a la IEM could be beneficial from a research perspective, but I wouldn't expect a "huge boon" just because. These are a lot of words to basically say, it's not a black and white issue.


> As an extreme example, assume you ran a prediction market that predicted the value of the s&p500 x days from now. Would you expect to make money based on these predictions?

The S&P already is a prediction market for the future value of the S&P. So no, there would be no additional information here.

I agree that wisdom of crowds does not always work, but remember that this is not just wisdom of crowds, it's wisdom of crowds PLUS skin-in-the-game.

All of the things in quadrant 4 are difficult to predict. I would trust the predictions of people who have put money where there mouth is far more than the predictions of those who haven't, and I think Taleb would too.


Prediction markets already widely exist and have been around for ages, just not in America. You can bet on all kinds of real world events, not just sports, in many countries.

Adding a prediction market to ethereum or some other crypto coin isn't going to revolutionise anything.


I am fascinated with prediction markets, is there an existing place to do this now with ethereum?


Augur and Hivemind are the two that get talked about the most. Neither are out.


I'm mostly an ethereum skeptic, but maybe this doesn't actually indicate that all smart contracts are doomed? Maybe all it means is that bespoke ethereum contracts are risky, and people will have to use boilerplate contracts that have proven robust in the past.

I sort of assumed this DAO thing was intended in this spirit, as an experimental stab on the path to robust contracts.


> I sort of assumed this DAO thing was intended in this spirit, as an experimental stab on the path to robust contracts.

With millions of dollars in prizes if you could exploit it?


My hope is that the people putting millions of dollars into it are well off people who are OK with putting their spare money into something obviously risky and experimental.

Edit: If this is not how it is, I'd be interested to know who is putting money into the DAO, sociologically speaking. I hope nobody's investing their life savings in it.


My impression is that the DAO people are early adopters mostly from the Ethereum Foundation itself, so the "150 million dollars" number that is bandied about would be mostly paper profits from a much smaller investment. It doesn't mean they ever had 150 million dollars in actual money between them, or any practical way to get it.


With millions of dollars in prizes if you could exploit it!


There are bugs in critical shared software infrastructure like Linux, libc, OpenSSL, and so on as well and not just a few minors ones.

Why would it be any different for "bespoke ethereum contracts"?


If an ethereum contract was the size and complexity of any of those projects I would certainly expect it to contain many errors.


Another way to say the same: there is no slack. Errors can be sudden and complete.

Compare with "old fashioned" contract law or e.g. national currencies or gold. The errors there (theft, counterfeit and fraud) tend to impact only one or a few transactions. It's all more localized/

In case of broader failure of old fashioned money (e.g. national currencies being destroyed through inflation): at least this is a very slow process that is usually being telegraphed years in advance.


This hopefully provides further evidence that smart contracts currently are not and probably never will be a replacement for traditional contracts and court systems. Instead they are a low-cost alternative for specific off-the-shelf problems (like ownership) for which battle-tested implementations will eventually exist.

In that sense smart contracts are a tool for a specific purpose (and maybe a replacement for people who don't have the luxury of a working court system) as opposed to the end-all-be-all solution that some make it out to be.


Attempting to enforce the spirit of the law is a problem in its own right though. The flexibility of written law is repeatedly abused. Whether it's politicians taking land from their constituents, or drug laws being used to drive racism, we really shouldn't be looking at the flexibility of written law as a good thing. Or at the very least, we should be acknowledging that it's a double edged sword.

Ethereum's smart contract language is not one which makes it easy to write secure smart contracts. There are dragons everywhere, and the DAO is far and away not the only smart contract to incur their wrath.

In general I am in favor of moving to programatic, unforgiving law. But we need to do so at a pace that matches our technological progress. Today, the technology is not there to make advanced contracts. Simple ideas like 'this coin is owned by this person until a signature from this key transfers ownership to someone else' are pretty easily enforceable. Bitcoin has a scripting system with a variety of safe scripts in widespread use.

But as soon as you start aiming at things like 'this investment fund is owned by this group of people and is able to make investments under conditions X, Y, Z, and can split... etc.', you've outpaced what we currently know how to do safely.


I don't know much about Ethereum, but why aren't the contracts declarative? Surely, it would be much easier to see the logic behind the contract and avoid the impossible task of a bug free turing complete language.


The Turing-completeness of the language is the whole point of Ethereum. That's what differentiates it from other (Bitcoin-like) crypto currencies. It allows anyone to build arbitrary business logic--an exchange, a venture capital firm, a game--that is run directly by the participants in the blockchain.


In retrospect, a declarative language might have been a better choice. There's a tendency in open-source projects to make things Turing-complete because it's too hard to agree on what the declarative primitives ought to be. (Hence JavaScript.) This is not what you want in contracts for substantial amounts of money. It's passing the buck to the users.


>This is what concerns me about contract programming. With human contract law, if there's a minor typo or loophole, participants can generally see the spirit and intent, and at worst go to a judge who will usually enforce the intent. But with software contracts, only the characters matter and there's no intent anywhere: either you get paid or you don't.

It's much worse than that!! What you've just said applies to building an airplane or getting to Mars, too. Mother nature won't care what you meant to do.

But this is worse: mother nature might give you turbulence, but She won't carefully cycle or time the turbulence in a code injection vulnerability to try to get your avionics to lock up at some particular moment. With these kinds of systems, you have humans actively doing everything in their power to break the system, even using the most subtle possible tricks. It's not just noise: it's a malicious attacker.

It's not enough to "get it right". You have to get it right against someone with lockpicking tools, budget, time, and no legal, social, or moral checks and balances. By that standard, every vehicle NASA has ever built is completely broken, and NASA has never built a single thing that works.

It's not just about code that's correct. It's about code to held to literally supernatural standards of correctness.

It's a social problem.


I'm surprised no one has mentioned: Human contract law still applies in this case. DAO members can still go to the FBI and try to find the "attacker". They can still ask the courts to try to take their Ethers back.


> How do _you_ know your contract is secure?

Ideally, using formal methods [1], one can write a provably correct program. Just because software can have bugs does not mean it must have bugs. Human contract law has no analogue.

Personally I'd be wary of any electronic contract that wasn't formally verified. The DAO exploit is unsurprising.

1. https://en.wikipedia.org/wiki/Formal_methods


> participants can generally see the spirit and intent, and at worst go to a judge who will usually enforce the intent

Stuff like patent-trolling (and patents) suggest to me the law isn't so consistently trustworthy as you suggest.


I don't think that is the same - There is no claim that rules of written law always gives the most favourable outcome. But rather that the written law (or contract, in this case) allows for the reality of human error or omission by leaving space for human interpretation, enforcing the underlying intent, rather than strictly enforcing 'bugs' in the contract.

After all, there are almost always small mistakes in complex systems. The system of case law is, essentially, a structured way of turning differing interpretations into a stricter framework over time.


There are no bugs, there is just the contract, and the intent, and the difference between the two.

My point is, the institution of law needs to be trusted, yet patent-trolling exists because the institution has failed to apply fair judgment and common sense such that ridiculous legal structures have prevailed.


A bug is the difference between the intent and the produced document.


I disagree. While the use of the word 'bug' is often stretched (i.e. feature requests being made in the issue tracker), the contracts in this case are not purely the product of a writer - they are also a contract, as in a written, explicit agreement. Calling an unintended consequence a bug may be true from the perceptive of the writer, but not necessarily from the perspective of the second-party, who may have agreed to the written contract, but not the "intent". Hence a document with two parties does not have objective bugs in that sense, unless both parties agree, which is not the case in disputes requiring a judge.


I agree with your analysis there.

But my point was the patent trolling exists because the law is unfavourable. Not because there is a system of mediation in place. If the patent system should be abolished or not doesn't really relate to how inconsistencies in contracts are handled, as far as I can see?


My own skepticism isn't so much stemming from any belief that the current legal systems are particularly great as it is from the learned reflex to be wary of anyone rewriting a system from scratch.

The legal system is complex and messy sometimes because moneyed interests have been keeping a thumb on the scales and sometimes because the world is complex and millions of people have spent hundreds of years patching bugs and extending the code to handle all the weird corner cases.

Smart contracts are a neat idea, but it is also kind of like the guy who wants to rewrite the production system in a weekend.


smart contracts are still a good idea, separate from implementation concerns.

I also consider the strictness, and lack of third-party mediation a "pro", not a "con".


Patent law is not contract law.


Are they not overseen by judges and lawyers also?


Formal proofs. These are reasonable to do with modern proving systems, and contracts with formal proofs would be a reasonable output for a specialist in this area, equivalent to a lawyer for regular contracts.


There is nothing stoping you from getting involved in a much more complex scheme of contracts. You could easily set up a system where a web of trust filtered, community funded "court" creates a wallet that is used for mitigating disputes. If a judgement (done by key signing votes) goes against a user you decrement how much they are going to get after the period ends and you increment how much the claimant gets. If nobody gets into a conflict at the end of the period everybody votes to send back all the money to everyone's respective wallets.


Your word "easily" translates to "I haven't really thought hard about it and I am not an expert but it seems easy to me." That is a trap for beginners to cryptographic systems. Getting it right in all details is HARD, as has been proven time and again by failures. The theory is hard, the implementation is hard, and making it usable is hard.


If there are ever more compelling use cases for smart contracts this will create a market for smart contract validation or development.

Interactive theorem proving is already at the level that verifying something like the DAO (a few hundred lines of code!) isn't too complicated. By the time smart contracts become relevant we'll probably have all the tools in place to make this an industry instead of a research project.


Of course. But human contracts require human judgment and it is precisely the psychological fear/mistrust/puzzlement of proponents of machine contracts that leads to their political adoption of the idea. I don't think there's necessarily an objective risk/reward analysis behind preferring one over the other, just a matter of personal temperament.


>This is what concerns me about contract programming.

It is really the whole cryptographic ambition for trust less systems that is possibly problematic.

I'm trying to be open minded. I'll concede that maybe they are will be proven right with time, but maybe not.


The problem is in a trustless system, there's still trust - trust in the code. And if there's one thing I have ZERO trust in, it's software.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: