I think we all got over-excited and took this way too fast. But I do think it would be a mistake to be too rash in throwing out the entire concept because of this one mistake. Will there be mistakes like this in the future? Definitely. But it is my hope that the entire cryptocurrency community will be chastened by this experience into taking things a little more slowly in the future.
IMO those of us who invested in the DAO should lose our investment. We fucked up and we deserve the loss, and if people see that real money was lost, perhaps they will be more judicious in the future with their investment decisions. I certainly will be.
But I don't think it makes sense to let the thief get away with the money either. I know in some sense there is a philosophical problem that the 'code is the contract' and the 'contract is the law' and therefore the code is the law, for better or worse. But IMO allowing this to happen would just be counter productive. There's no benefit to letting he (or she!) take the money and run, and quite a bit of harm to the ecosystem and probably lots of people who just held some ether and didn't invest in the DAO.
I'd like this event to be seen as a learning experience. People were overzealous and they got burned. In the future, let's be more careful, but let's keep exploring the possibilities of this technology.
People are not just rational beings, neither is the community. The 51% is dead, long live the 51%.
That's what power looks like. A few people decide and many people willingly make it happen.
The miners choosing to do this or not to do this changes nothing about the fundamental security assumptions of Ethereum. Even if they choose not to fork, that doesn't mean that they couldn't choose to do so in the future for some other case. So i'm not really sure what it is that's being lost if they choose to do so now.
If they roll this back, that will show that this assumption is wrong. They are not sufficiently invested or sufficiently idealistic to preserve the system. At least half of them value expediency instead.
Technologically it changes nothing, but it totally alters the human element.
So the best way to proceed, in my view, is to honor the current version of the contract (which equals the current version of the code including the "exploit") and then change the rules/code so that the same thing cannot happen again in the future.
what they wrote was only BARELY hyperbole, barely.
A more principled response would be to simply shrug and say "contracts are hard, lets be extra careful in the future" and move on. An unscrupulous hacker would get rich, but if that's the worst that happens during Ethereum's bootstrap phase its an unequivocal win. Sooner or later the lesson will have to be learned, if anything like Ethereum becomes widely used.
Those IMO are the big reasons to soft fork, not to prevent the enrichment of the thief. IMO really, the guy deserves something for finding the flaw. If it were up to me, i'd give him some of the money - just not enough to cause problems for the network.
I think it comes down to a matter of time preference. People who want their money back now or justice for the wronged aren't acting in a way that is seemingly interested in the longterm health of Ethereum. They just want what's best for them whether money or the gratification of revenge, and they want it now. The best longterm thing for Ethereum is for the investors to eat their losses, and for the appropriate amount of risk aversion to enter the ecosystem. This will create massive, positive incentives to create ways of reliably building and vetting future contracts. IMO that is better long term for Ethereum than the short term gains of a hard or soft fork.
Isn't the entire idea of trustless systems that everyone is assumed malicious?
This raises an interesting question. Bitcoin is (IMO correctly) fairly widely considered to be a commodity by regulators. So what's DAO? In my mind, it sounds a lot like a security. This is all speculation on my part, but, if DAO is a security, then in the US, shouldn't securities law, including Reg D, apply? Securities law is, in large part, about protecting unsophisticated investors.
I know even less about German law, but, if I were slock.it, I'd be nervous.
(Securities law isn't the only thing I can imagine causing problems. What if DAO ended up being regulated under ERISA?)
Disclaimer: I am not a lawyer. I also am not giving legal or investment advice of any sort.
You haven't explained how you solve the contradiction.
Who has the most to lose if there is no hardfork? Is it those that seem to have the largest voice in the community? Is it Vitalik Buterin that begged the exchanges to stop? https://www.reddit.com/r/ethereum/comments/4oif2x/dao_attack...
Thank you for the $70 million. Let me know if you draw up any other contracts I can participate in.
Contracts that include illegal activities, such as theft, are unenforceable. If the hacked funds get released the whole of the DAO would be legally invalid.
In other words what stopped an investor from day 1 from suing the creators of the DAO in court to get their investment back? Well the fact that there was a contract in place and that contract/DAO had not been breached, meaning the investor would lose such a lawsuit. The argument from the article is suggesting even with the hack the same is true, because its part of the contract; therefore, the contract/DAO hasn't been breached. That is where the legal argument fails.
Try contracting for any other illegal activity and see how that works out enforcing it in court. "Your Honor, I have a contract right here that says I paid for the drugs but they weren't delivered." Just imagine, "Your Honor, the contract/DAO says any member can create a child DAO and steal the funds from the other investors/party to the contract...Judge they contracted to be stolen from." I am predicting right now if any of those funds get released as a result of this hack, there will be criminal charges, but it will just as likely be against the creators of the DAO as the hacker. They are not shielded from liability, civilly or criminally, because the victims agreed to be victimized in a contract.
As a lawyer I have called the DAO snake oil from the beginning, but mostly because it sold itself as something new legally...which it is not (of course I was downvoted). I suggested if you like the concept of a DAO, great, but start your own that is true decentralization as it really isn't much more than an Investment Club LLC. And more controversial I challenged the charade of the smart contract, again not as a concept, because they do have value legally and otherwise, but as what the DAO sold smart contracts as...a self enforcing contract, that is bullshit any real world example anyone can give me I'll come up with a real world way to breach it. 20 days ago I suggested the first DAO proposal should create: a) a group of lawyers/coders to review all proposed and funded contracts for approval; and b) an insurance company to insure both approved proposed and funded DAO contracts in the instance of bugs/errors. If these hacked funds don't get released and that is not the first step members of the DAO take after cleaning up the actual DAO framework, everyone deserves the next hack.
(where the Recur Door is defined as the mechanism that guy used for this hack. Also,here instead of fine print it would be replaced by a line "you fully understand this algorithm + source code" clause)
Would it be treated the same way we would treat a honest Ponzi scheme contract ? "You can get return on investment as long as someone else invests money after you. If you happen to be the last, you're out of luck". Would such a contract be legal?
I'll give real world examples that go both ways:
1. Parking garage tickets: they include tiny little print saying the garage won't be liable for lost or stolen items from your car. Generally if your car is broken into those will be enforceable and the garage won't be liable.
2. Sky diving contract: include tiny little print that says if I die as a result of the companies negligence, they won't be liable and/or I waive my right to sue. Unenforceable, you can't waive negligence. (think about a skydiving school forgetting to pack a chute, someone dying, the family suing and losing, because of a defense that the deceased waived out negligence in the contract).
Lets look at a potential negligence claim against the creators of the DAO code.
1. By creating and soliciting investment for the DAO did its creators the investors a duty? If yes go on;
2. By creating code that allowed ~$40M of investors funds to be taken, was their a breach of that duty? if yes, go on
3. Did the substandard code result in damages to the investors? if yes go on
4. Can the investors prove monetary loss? if yes, you have a good civil claim for negligence against the creators of the DAO for the damages.
When you sign, there is a notarial act, and a video of you shaking hand and saying out loud that you understand this is a Ponzi scheme and you might end up loosing all your money, there is also some drug tests performed to make sure you are not under the influence of any drug, and some psychiatric evaluation to make sure you are not disabled in any way.
[.] Another thought slightly off topic: can I sue a Las Vegas casino because I put $100k on Red but the ball ended on Black and I lost everything? They even facilitate drugging me with C2H6O!
For example, someone signing a standard residential lease wouldn't be expected to read fine print that says "after two years, rent doubles and I can kick you out and demand rent in advance". But someone signing a commercial real estate contract would be expected to read and abide just about anything, including something like that.
So I think how enforceable legal a contract that says "btw, there's a strong chance your money will wind-up with a stranger" depends on how well the investment literature really conveys that risk.
Also, I have the vague impression that the riskiest investments are reserved for high-net-worth-individuals (those with $2 million+ in non-real estate assets) because they can afford to lose more money.
For those that don't know an unconscionable contract is a term of art, and basically means an otherwise lawful contract that the court will not enforce, because it is so unfair usually as a result of an unlevel playing field between the parties entering the contract. This is very good, and a legal theory I had not considered.
>So I think how legal a contract that says "btw, there's a strong chance your money will wind-up with a stranger" depends on how well the investment literature really conveys that risk.
Say for example the party who wrote the contract wrote it in a language they knew the majority of investors did not read because they could not read the language. Further, the contract drafter induced the majority of investors based on marketing materials in different language than the contract that the investors could read, but were ultimately were inconsistent with the underlying contract.
Another general rule of contract law where a promise, agreement or term is ambiguous, the court will enforce the meaning that works against the interests of the party who drafted to contract.
I probably wouldn't have experimented with the DAO if I knew it wouldn't be ruled by its source code, like the terms clearly stated when I "invested" in it.
Fantastic legal point. For example, I once sued a car company on behalf a client based on the claims from the promotional materials which were inconsistent with the contract. Of course the car dealer defended on the four corners of the contract, but we prevailed because the court found the promotional material to be enforceable notwithstanding the contract. Now keep in mind that was a single judgment in a single case, it is not controlling precedent.
You can probably sue the creators for their claims but it won't change the situation and it just means the next DAO will be launched anonymously.
Good luck getting money back from most any scam...Its not like Bernie Madoff used a smart contract and yet about $6B of the money is never coming back.
> and it just means the next DAO will be launched anonymously.
Fool me once, right? Sure people might fall for the anonymous DAO the next time, but people still fall for the Nigerian email scams too. Still from a practical point of view, do you think after losing ~$50M about ~1/3 investments the market/people are going to be lining up to put another $150 into a new DAO, only this time they won't even be convinced by the credentials/background of the creator?
But with a smart contract it's gone.
> Fool me once, right?
No. Please never invest in a smart contract. Consider this your warning and walk away. They're not for you. Ditto everyone who doesn't plan on reading the contract.
> Still from a practical point of view, do you think after losing ~$50M about ~1/3 investments the market/people are going to be lining up to put another $150 into a new DAO
You think people aren't that dumb? Wishful thinking. Even with all the warnings in the world they'll run to "invest".
But I don't assume all future smart contracts are scams. Eventually one will do something useful, and simply enough that it can be verified.
> only this time they won't even be convinced by the credentials/background of the creator?
The background of the creator is a negative. They'll claim they're honest so that they can leave an update backdoor in the script which they'll inevitably use to steal everything. Fact of nature.
But if they're anonymous there's no way we'd participate if they left an update hook, so they wouldn't, and it'd be much less likely to be a scam.
I was referring to contracts and crimes generally to highlight the concept of contracts being per se unenforceable.
In another comment I do include theft too, but further add other potential charges: criminal misappropriation, breach of trust, fraud, conspiracy, computer crime, securities fraud, and/or wire fraud.
If you fix a lottery or something, it's pretty straightforward to work out the deception/misrepresentation and reliance involved to build a fraud case. But here, the DAO's whole purpose was, "send us currency and it will do whatever the code tells it to, and only that, subject to no other rules."
Again: that's kind of the point of the article: that the DAO was constructed in such a way to make problems like this unrecoverable.
>and then search the Internet for "model jury instructions [that-crime]", and come back with the one that would invalidate this contract?
Have a look at this Yale Law Review article: Validity of Contracts Which Violate Regulatory Statutes.
Say I raise investment under contract with all my investors, and I included a little provision no one reads that says I can appropriate all or part of the investment. Wouldn't you know it I absconded with their investment. My investors sue me and I file an affirmative defense of No Breach of Contract and introduce the Contract which expressly states I can appropriate my investors money as I see fit. That contract will not be enforced, are we in agreement?
If you and I enter and contract where I will buy a drugs and I pay you and you don't deliver, if I sue you to enforce the contract you agree the court won't make you give me the illegal gun right? But will the court make you give me back the money? That is not a yes or no but a maybe depending on the facts do you agree?
>that's kind of the point of the article: that the DAO was constructed in such a way to make problems like this unrecoverable.
That is the point... funds are unrecoverable all the time in real world in contract/criminal cases, but that does not absolve anyone of liability. Moreover, you can not contract away negligence or for criminal acts.
 Assuming they'd be clearly enough defined, where the proven mathematical statements have a meaningful and useful correspondence to the marketing statements.
There's nothing illegal, to my knowledge, about writing a contract that explicitly and provably says "If you push this button, the corporation will give you all of its money."
If the contract instead said "If you illegally provide drugs / firearms, the corporation will give you all of its money," - of course that's illegal.
To use examples where people can quickly grasp the law and not focus on the facts, which have a tendency to muddy the waters. But lets dive into the muddy waters:
>There's nothing illegal, to my knowledge, about writing a contract that explicitly and provably says "If you push this button, the corporation will give you all of its money."
Say Apple Pay updates their terms tomorrow and they include a new provision that says Apple or another Apple Pay member can take all the money from all your accounts connected to Apple Pay. Like everyone does you agree to the update without reading the terms, and next thing all your money is gone. Whether or not you know it even mighty Apple Execs would be facing criminal charges with that kind of activity.
As it relates to the DAO creators, I think the big question is if they knew or should have known the software was vulnerable to the extend investments might be lost. Factually I think they knew, as I understand one of the first DAO proposals after funding was investment for the creators themselves so they could create a security framework on top of the DAO from known attacks.
> Have a look at this Yale Law Review article: Validity of Contracts Which Violate Regulatory Statutes.
You're making a circular argument there. You're assuming the contract violates some statute and reasoning from there. But the question at hand is whether someone using the contract and following its exact terms has committed a crime of any kind, or has simply executed a transaction allowed by the system.
If someone solicits investment funds and those funds disappear without ever having been invested as a direct result of the person who solicited the funds, and drafted the contract, then yes we are all safe in assuming (but I actually know) at least one statute was violated. Very important that I again acknowledge that the DAO funds have not disappeared, and potentially may not.
Even if the funds disappear that does not mean any prosecutor anywhere is going to file charges either and even if they did, we don't know there would be a conviction, maybe there is a plea and the terms include no conviction.
The point is, you don't need an underlying conviction on the criminal side to prove a illegal contract on the civil side. In fact as we all know the standard is lower on the civil side, so it is easier to prove illegal contract on the civil side than proving the criminal case.
>But the question at hand is whether someone using the contract and following its exact terms has committed a crime of any kind, or has simply executed a transaction allowed by the system.
I really haven't addressed what the hacker(s) did or their potential liability anywhere in the thread, all times I have been addressing potential liability for the creators of the DAO. As to your question, whether or not it would be a lawful defense for the hacker(s) to say they were a party to a contract that permitted the taking of the other funds, I suppose it depends who the hacker(s) is(are) and what the crimes charged are. For example, if the hacker(s) are some or all of the creators of the DAO, the whole "contract let me do it" would not be a lawful defense, in fact such a defense would backfire and probably only prove their knowledge of the exploit when creating the DAO and intent in soliciting investment to the DAO. However, if the hacker was some lone wolf 16 year old kid (minor), in a criminal/delinquency setting I could see the defense maybe going somewhere depending on the charge, but it is still ~$40M so I don't really know.
> Say I raise investment under contract with all my investors, and I included a little provision no one reads that says I can appropriate all or part of the investment. Wouldn't you know it I absconded with their investment. My investors sue me and I file an affirmative defense of No Breach of Contract and introduce the Contract which expressly states I can appropriate my investors money as I see fit. That contract will not be enforced, are we in agreement?
Personally I don't understand the people acting like "smart contracts" exist independent from an existing judicial system (or systems) just because there's computers involved. I guess the same people excited for cryptocurrency are largely the same people who don't believe in government so the whole point is to somehow be independent of any legal jurisdiction.
clearly, A lost money and do have a case against B for negligence or various other items you list above. This is not the interesting question.
The interesting question is - were the actions of C:
- can he be sued by either A or B
Just one of the possibilities, is if C is actually the same as B. I hate to even use this example, but it is simply one of the strongest and clearest. Moreover, if the hackers were the same as the DAO creators it would only pour on the liability, it would show their knowledge that the code would let them take the investors money and intent to defraud when soliciting investors money.
Even in set of facts most likely to support the DAO let me do it Defense say a minor who bought in, found the vulnerability and exploited it as a lone wolf. Then the minor gets sued in civil court for breach of contract and invokes the old not only did the contract let him do what he did, but if it didn't the contract isn't enforceable against him anyway because he is a minor defense. At the end of the day I have a hard time believe any court would allow the minor to keep ~$40M of other investors money, even if the contract says he can, simply because I don't think there is a court that would find it unconscionable. Unconscionable contracts being a term of art for contracts the courts won't enforce, even though they are otherwise legal and valid, because it is unfair.
is there some kind of common law that would indicate what sort of contract would be deemed unfair? Because a lot of contracts seems to be drafted in favour of one party, and the expense of the other, simply because of power imbalance. Employment non-compete contracts tend to have this property. What about assymptotic licensing like those of software/service EULA (e.g., where they have a clause that says they can terminate your service for whatever reason they desire).
The controlling law for a specific contract would come from stare decisis or the precedent as set by case law.
Your gut it on point, because although employers get away with a lot, it is one of the areas courts are likely to find contracts to be unconscionable as a natural result of the unlevel playing field between the two parties.
>Employment non-compete contracts tend to have this property.
Definitely, and it leads to very specific case law. For example, case law might be specific to a profession (say a doctor) and geography (any restriction on competition outside of 20 miles is unenforceable). Keep in mind case law is jurisdiction specific, so say a 20 mile radius non-compete against a doctor in a major city might be enforceable, but in another jurisdiction say a small town where there are only two licensed doctors, the court may very well find it would be unconscionable to enforce the non-compete because it would limit the communities access to healthcare.
>What about assymptotic licensing like those of software/service EULA (e.g., where they have a clause that says they can terminate your service for whatever reason they desire).
It is difficult to try to answer legal questions in a vacuum without a specific set of facts, but as a general rule you can certainly have a contractual right to terminate the contract. Another general rule would be the courts are more likely to provide damages than any equitable relief, meaning, say my EULA didn't include the a termination provision, then I stop providing you access to my software and you sue me. If the court agrees with you, the court's ruling is far more likely to have me pay you the monetary damages you suffered before they are to order me to continue providing you the software under the contract (though there is always exceptions and some cases the court will make a party actually perform the contract).
If we sign a paper contract that includes a clause giving me permission to withdraw money, and the contract also explicitly says that only the letter of the contract should be considered and not its intent or spirit, why would this be considered theft if I decide to exercise this clause?
Lets split illegal into 2 words criminal and unenforceable. You statement can be right and it can be wrong depending on the facts. Enter most any contract with a minor, its unenforceable. How about you take my money in exchange for something, but you don't give me that something and never intended to give me that something, that is criminal fraud.
>If we sign a paper contract that includes a clause giving me permission to withdraw money, and the contract also explicitly says that only the letter of the contract should be considered and not its intent or spirit, why would this be considered theft if I decide to exercise this clause?
Generally, because as a society we don't want criminals taking advantage of vulnerable members of our society including minors, elderly or non accredited investors. Moreover, we especially don't want them to escape liability by hiding behind a contract that the victim signed. For the record I am not really addressing it as theft directly, as I don't think I ever called what may happen on the DAO theft even if the money gets released.
In what jurisdiction do you litigate? Switzerland?
Who has standing to sue? Any investor?
The SEC might go after the DAO for selling an unregistered investment vehicle to US residents. They've done that many times with offshore firms, with varying degrees of success.
What liabilities the Ethereum Foundation have for the DAO is far from clear, but they work close enough with it coordinate the vulnerability and make changes to the underlying software specifically to handle this case.
The creators of DAO does have a legal entity, Slock.it. They are incorporated in Germany. This is not the first cryptocurrency theft in the world.
It's that close a connection? That's a shame. The DAO is interesting, but the door lock business is a marginal idea. Creating the DAO just to fund the door lock business starts to look scammy.
> As a lawyer I have called the DAO snake oil from the beginning, but mostly because it sold itself as something new legally...which it is not (of course I was downvoted).
I'm very curious as to the grounds for your assertion that the DAO's terms and conditions would be considered a 'legal' contract, rather than say the equivalent of a software license - in the case of the later it is common (and legally valid) practice for the terms of the license to indemnify the creators (and in this case probably other users) from any consequences stemming from the use of said software.
There are many things you can not indemnify yourself against - so indemnification against 'any consequences' is not possible.
Apple can not update their EULA for Apple pay, and avoid being held negligent if they messed up and all their customers money was stolen from their accounts. Otherwise every single EULA would make all software companies legally untouchable - which they aren't.
This is very different, Apple are responsible not because they are providing you the software but because they are providing a service and that service involves transmission of funds and that scopes them to a completely different set of obligations. If I provide you with an open-source bitcoin-wallet under an MIT license and do not make claims of security or guarantees of any kind and you lose bitcoins due to security issues in said software - it's your own problem. That is in the former and later-case there is a clearly identifiable party which is providing the service, or in the later-case self-service.
With Ethereum it's much more of a gray-area, one could argue slock.it is only providing source-code and your choice to use it in a particular way (interacting with other users, the DAO) is done entirely at your own risk; though I'm not sure that interpretation would stand, since there definitely is a degree of centralized marketing by particular participants - and obviously non-compliance with SEC rules etc.
I think your example is convoluted. Free open source software has no contract. For a contract to be legally binding it must have consideration (exchange of goods / services / promises). This is not met.
EULAs and 'Software licences' (like MIT) are't the same thing. A EULA is a legal contract between the copyright holder and the end user, containing consideration, to which the user must agree. An open source licence such as MIT is just a declaration of permissions of use, and has no consideration.
So above it seems to me you are comparing having 'no contract' to 'a contract'.
But the DAO definitively has a contract, not a licence agreement.
Now, the DAO contract basically says 'no one can be held responsible for anything' - which in my opinion is a legal fantasy, contracts can not supersede the law. Regardless of the technological hoops in between, there are real people, with a binding contract - thus there can be tort.
I do accept when ever something new comes along and case law hasn't yet settled any technical loop holes there will always be debate, but I do think this looks pretty clean cut.
And under what circumstances can you even declare that person to actually be a thief in the sense of the law? Everybody's assumed to have studied the thing they're paying for - whose perception of what the system allows and is meant to do goes, legally?
That of the person with the best understanding of the code (would mean the thief can't be legally wrong), or of the majority (would mean that highly technical niche contracts could be completely derailed legally by "noobs" flooding the market), or case-by-case?
Setting the standard as "what the code appears to do when reviewed by average developers" would be very legally unpredictable. It would also illegalize a lot of useful and beneficial benign "hacks".
All the questions you're asking are, essentially, what would be argued on.
But my point was that none of the involved parties can just indemnify themselves against any consequences. With sums of money like that, any of those parties could well be sued, and end up in court. You can't EULA yourself out of that.
Edit: If you cannot see that this is something new then I'm not sure that we can have a productive conversation on this topic.
Just because it doesn't imply it (in all cases) doesn't exclude it as a possibility.
The intent of the DAO is clearly not for a hacker to misappropriate all the funds into their own pocket.
Perhaps you can argue that the DAO specifically allowed this to happen (thus it is not theft).
Yet at the same time we recognise this act as morally reprehensible.
If we find it morally wrong then do we not have a duty to correct it?
It's not just that it allowed this to happen. It's that the whole point of the thing -- the idea that was supposed to herald a world-changing revolution in which "dumb" contracts and their associated baggage of lawyers, courts and governments would become permanently obsolete -- was that it was presented explicitly as saying "if a human interpretation of the human-language description of the contract disagrees with the executed instructions of the code implementing the contract, the code wins, period". Along with a caveat, of course, about how you better be damn sure about your code, because if you screw it up and lose money, it's your fault for writing bad code and you deserve to lose your money.
So now they're trying to walk that back and say that maybe they should have a mechanism for dealing with this contract that had a bug that lost them a bunch of money. Which undermines the entire selling point of the system.
For example, imagine a world where I solicit a bunch of investors money under contract. In the contract I included a provision, no one read, that says any of the member can simply take all or part of the groups investment funds. Then that 1 member who actually read the contract appropriates ~$40M of my investors' money. Sound similar enough? Well there is nothing magical about the DAO or the non-DAO contract that would protect me or the member who appropriated the money from liability, civilly and/or criminally.
What are the potential crimes that could be charged? theft, criminal misappropriation, breach of trust, fraud, conspiracy, computer crime, securities fraud, and/or wire fraud. Now I am not saying all these would be charged and if so found guilty on all counts, but as a defense attorney they roll off my tongue.
>Normally a corporation is registered in one or many countries, but how can it be registered in none?
Not exactly without precedent. Example 1: I conduct business individually or as a group without having created a corporation, that is a sole proprietorship and I/the group would be personally liable for the actions of the unregistered business. Example 2: I am lawfully registered as a Delaware C-corp but I am physically located in another State conducting business (without having properly qualified my DE C-Corp to do business in said jurisdiction), I will not receive the corporate protections for the activities I conduct in said State. Example 3: I have a lawful corporation, but I forget to file my annual report and said corp is administratively dissolved by the State, again I would loss corporate protections and be individually liable for the business activities.
I mean, if the "hacker" wins, then it shows how impractically dangerous "code as contract" can be - you better be damn sure it's correct.
And if the "hacker" loses, it invalidates code as contract completely. The DAO claimed the code, and only the code matters. But what the DAO claims doesn't mean shit if courts say that is not true. Your whole idea is now just bullshit.
I cannot think of many code projects that have a higher value-per-line-of-code than this contract.
Sadly, it appears that not only was there not the needed QA but the leaders of this project were alerted to the exact problem in code 5 days ago and they responded by declaring that there was no risk.
The actual problem + the response makes this feel like amateur hour.
Now everyone involved understands why things that exist in 'old finance' like contracts and IPOs are scrutinized by large, expensive auditors.
Well, if the fork plan goes through I'd say you're wrong because it could clearly be rolled back when there was a problem. You cannot easily do that with a space shuttle.
I don't think it does. You've replaced expensive legal fees with an automatically executed contract that costs you nothing after initial setup. As long as most people end up satisfied with their outcomes, then there's still great value in smart contracts for this reason alone, even if some unhappy customers still end up in court.
The world is very, very complex.
That is why the law is very, very complex. It covers everything humans do, have done, or will do. Alone, together, in small groups or large groups. As private individuals or public bodies. With real objects or imaginary objects. In their homes, on the street, in public buildings, in private parks. On the ground, under the ground, on the water, under the water, in the air, in orbit, out to the limits of human space.
Every day people come to the courts with potentially totally novel combinations of people and events, and the courts guarantee they will make a decision.
The courts have been doing this for nearly a thousand years and are still chugging along solving new problems. This should indicate that this is not a permanently solvable problem. The law is an adaptive, dynamic system.
All of this is why, as a software engineer who once studied (and mercifully quit) law, I am sometimes bemused by the idea that bodies of law can be ignored or swept away by code.
The law doesn't see it that way and in this game, the law gets the final move.
See for example this "smug" post that I was (correctly) critiqued for 868 days ago: https://news.ycombinator.com/item?id=7155644
Note the comment here re: "this guy does not understand how the world actually works": https://news.ycombinator.com/item?id=7155872
With the updated forced learning curve on the legal system actually works over the last two years I've learn that a lot o what I previously viewed as cruft in the legal system is actually the complex adjudication of edge cases similar to what we see in well architected and executed software tests.
Missed div by zero can bring your whole system down. Forgetting the right clause in a contract can in a multi-million dollar deal as well.
The courts have been doing this for over five thousand years! Since the beginning of recorded human history.
And they have been doing it using basically the same legal ideas we use today - only the details on what the laws are differ.
(Did you have a particular event in mind to say "nearly a thousand years"?)
I'd guess because it's the approximate age of the recorded English common law, which is the main basis of the American legal tradition.
(not that that is the first court or legal system in human history)
I think this is the key point that a lot of people (at least those with an engineering or similar background) overlook - the law isn't a fixed, prescriptive set of rules that are rigidly enforced. It's a complex, evolving system that is constantly evaluating situations, re-evaluating old ones, and considering multiple 'soft' factors that are near impossible to explicitly define. Designing a fixed set of rules to cover the same would quickly become a huge pile of edge-cases (arguably what caselaw already is), and you could never realistically hope to cover every situation.
Few examples of why I think such an approach is misguided (from English law):
1. R v R  UKHL 12 - Until this case, there was the idea at common law that there is a martial exception to rape - a wife has essentially pre-consented to intercourse, and therefore cannot be raped by her husband. The House of Lords recognised that such an exception was no longer acceptable, and were able to overrule it without being bound by a fixed rule. A more rigid legal system could have produced a worse outcome here by upholding the prior exception.
2. House of Lords Practice Statement  3 All ER 77 - Essentially a recognition of the above situation. The House of Lords declared that it, as a court of last resort, would no longer be bound by precedent if departing from it was in the interests of justice - "Their Lordships nevertheless recognise that too rigid adherence to precedent may lead to injustice in a particular case and also unduly restrict the proper development of the law."
3. Ruxley v Forsyth  UKHL 8 - Ruxley was contracted to build a pool of a certain depth, but actually built it one foot shallower. If you take a rigid approach to the law, you likely end in one of two scenarios: there has been a breach of contract, therefore damages must be awarded OR no damages have been suffered (e.g. change to house price, functionality of the pool), therefore no award is made.
The Court in this case recognised that awarding the full cost of rebuilding would be unreasonable, and that there was no direct financial effect (e.g. change of house value) that would allow the award of damages. The Court however also recognised that the value provided by the contract may be non-monetary, and so made a partial award for "loss of amenity".
It is cases like these that make me think that designing a fixed set of rules to be rigidly applied will result in worse decisions being made. Certainly, there are some advantages to such a system (as recognised in the Practice Statement, it would provide a "degree of certainty upon which individuals can rely in the conduct of their affairs, as well as a basis for orderly development of legal rules"), but the individual nuances of cases are such that often they cannot be adequately considered until the event has taken place.
> I am sometimes bemused by the idea that bodies of law can be ignored or swept away by code.
I don't think it is a completely flawed idea though. I suspect a majority of cases currently handled by the lower courts COULD be handled by such a system, as many cases are fairly run-of-the-mill applications of established rules. I believe you would need to retain the upper courts of appeal though, for the reasons I outlined above. This of course brings in some wider considerations though, such of the costs related with such an appeal and ensuring access to justice for even the poorest members of society.
 Such a thing would of course be possible, but I doubt it would produce more fair/just decisions than the current system. More predictable (which is an important element of just decision making in its own right), but less able to adapt to new/unexpected situations.
 e.g. fairness, justness, broader social situations, good/bad faith
 "[W]here the common law rule no longer even remotely represents what is the true position of a wife in present day society, the duty of the court is to take steps to alter the rule [... I]t is the removal of a common law fiction which has become anachronistic and offensive"
 Of course, I expect that all fixed set of laws would be subject to change (e.g. by Parliament), but they do not have the ability to consider each event on a case-by-case basis and and interpret the law on the fly.
 "Blockchain Company's Smart Contracts Were Dumb" http://www.bloomberg.com/view/articles/2016-06-17/blockchain...
However, what if I actually read the contract and only became "a customer" because of the content of the contract?
It seems weird if it would be my responsibility as a customer to verify that they didn't advertise the content of the contract is misleading ways elsewhere.
Am I liable for taking too much food?
"You can't really base the financial system of the future on computers rather than humans, on trusting to immutable code no matter what happens. Financial systems are supposed to work for humans. If the code rips off the humans, something has gone wrong."
Isn't that what HFT is doing all the time ;)?
"eviscerated" seems a bit too strong, when two non-experts are arguing on the internet regarding any topic.
> [Levine] has worked as an investment banker at Goldman Sachs and a mergers and acquisitions lawyer at Wachtell, Lipton, Rosen & Katz. He spent a year clerking for the U.S. Court of Appeals for the Third Circuit and taught high school Latin. Levine has a bachelor's degree in classics from Harvard University and a law degree from Yale Law School. He lives in New York.
If you want to understand finance and law from the perspective of an expert in both who also takes an interest in tech, I would highly recommend going back and reading his articles. He's a very prolific writer on Bloomberg View and has previously written several articles on Bitcoin, Ethereum, the blockchain, and related topics[2,3,4].
That would mean that real money is still at stake.
Regardless, I'm sure most people have no trouble understanding the practical difference between a video game and what The DAO advertises.
Of course you can't prevent people from finding a way to gamble real money for in-game currency. But to say "real money is still at stake" is like saying that if people gambled their kidney on a video game, "real organs are at stake". That's missing the forest for one very pedantic tree.
Contracts in something as flexible as Ethereum strikes me as the ultimate in fragility. There's a great use case for anything that looks like a smallish FSM - formal methods will yield something very usable and provably correct. Being able to do that on a system with a state space the size of Ethereum + The DAO - yea, we're a ways away from that one.
Why does it even matter what's on the DAO's website? They don't control the DAO, and you don't need to have gone through the DAO website to have invested in the original offering or in the spot market afterwards. What legal force would their website have anyway?
Now that would be interesting. I could see a top legal team taking it simply for the sake of an opportunity to set legal precedent.
"Your employer tells you to break into an opponent's office and steal something. You do that, jump out of the window and break a leg. Is your workplace insurance legally obliged to cover the medical cost?"
In regular law there's actually a way to say "that's not what I meant and you knew that's not what I meant". Prove it and the law is with you.
Unjust enrichment explicitly applies only to the situation where no actual contract exists.
Obviously, i wouldn't offer a contract that lets someone take an unlimited amount of money and only deduct the amount of the first transaction, and the withdrawer clearly knew this. Not true?
First, it would not be void ab initio.
Past that, your issue is that the express terms of the contract appear to allow that, so you will lose regardless of whether that was a good idea for you to do :P
You could argue breach of good faith, etc, but not unjust enrichment.
Like restitution, unjust enrichment is a theory of implied contracts.
You can plead it and breach of express contract at the same time, but you can only recover for one, and you will not recover for unjust enrichment if the court finds an express contract.
You've posted quite a few uncivil comments to HN, unfortunately. Please don't do that anymore.