$ helpeth verifySig 0xaf9e302a664122389d17ee0fa4394d0c24c33236143c1f26faed97ebbd017d0e 0x5f91152a2382b4acfdbfe8ad3c6c8cde45f73f6147d39b072c81637fe81006061603908f692dc15a1b6ead217785cf5e07fb496708d129645f3370a28922136a32
Message hash (keccak): 0xaf9e302a664122389d17ee0fa4394d0c24c33236143c1f26faed97ebbd017d0e
throw new Error('Invalid signature v value')
And according to this  (based on the signatures) the open letter from the attacker is fake.
That's why it's funny to see Sealand, Hutt River Province, Liberland and other nation-hacking experiments say things like "The Law says this is our nation!". The law is an illusion that exists only in the shade of power, specifically power to provide enforcement. That illusion just doesn't work on the world stage. Any sufficiently powerful actual nation could come and take your island and no other nation would bat an eye. The only reason they don't is because it usually doesn't matter enough to even be worth the bad press.
Ultimately, The illusion of law in Ethereum is implemented on top of the power of the miners involved. The miners can and possibly will eradicate The Attacker's carefully grifted money if it suits their interests. Power trumps law.
This open letter is being written for two reasons: firstly, the power of the miners can be swayed by appealing to their ideals. Secondly, because this whole virtual legal playpen is still subject to real-world laws and, thus, state power.
It's fascinating to see how quickly this smart contract experiment has turned into a struggle between these multiple levels of political power, with really nothing at all to do with the letter of the law as laid out in the contract. Well worth the price of admission, in my opinion.
That definition should go on university books, seriously. A lot of what we talk about when we discuss "international law" is a contorted way of making this or that nation prominence as morally justified.
> and no other nation would bat an eye
... however, this is a bit too cynical. The UK definitely did "bat an eye" when Hitler seized Gdańsk/Danzig. Russia is currently under sanctions after its Crimea annexation. Just because we don't constantly respond to crisis with full military force, it doesn't mean that we don't care.
I personally don't see the equivalence between this situation and international law, because this can really be resolved by a higher power (the State), if necessary by suppressing ethereum altogether. In international relations, there is simply no higher power.
I think the parallel isn't in the way that the State might swoop in and do State things, rather that until or unless that happens, Ethereum exists in a similar contradictory place where in principle it's a system of laws but in practice the nation-state miners will decide what happens.
Aye. And who's going to sanction the US for Iraq and Afghanistan? Russia?
The fact that sanctions are imposed one-sidedly, only to the designated adversaries of the US is a testament to the fact that "international law" is just the will of whoever can enforce it (currently the US, duh).
It misses the point that the "contract" is also code, and contained a legitimate bug. Exploitation of that bug in most places would be a crime.
If I figure out that an ATM spits out hundred dollar bills every time I type in a certain pin, that's a crime. I don't get to make the claim that I was rightfully using the ATM.
The quote that "The DAO’s code controls and sets forth all terms of The DAO Creation" is a disclaimer that is meant to protect the DAO from those who would seek to imply some sort of guarantee or warranty from the organization. In other words if the attacker makes off with the funds, and the DAO decides to keep the code as is, then as an investor I have no recourse against the DAO.
Ultimately the letter misses the main point. The DAO token holders are free to amend the contract code as they see fit thru consensus. The disclaimer never states the contract can't change. And even if it did, the idea that their would be some legal recourse for the attacker, should the community decide to fork, is hilarious.
So the letter comes across to me as something an immature troller would write. I'd be suprised if most sophisticated DAO token holders took it seriously.
In this case, which has an enourmas number of parties to the contract, 99.9% agree to amend the contract.
I don't thinks much legal precedent for a contract with thousands of parties, but it also means that there's no simple legal "source of truth" to the contract.
In fact, before the incident, Ethereum's rules were even stricter as in that there was no way at all to amend a contract. Which is why the current strategy against the attack is to modify Ethereum itself and hard code the attackers wallet into the platform code. The ones who are to "vote" on that proposal (because they are the only ones with the power to implement it) are the miners, not the DAO holders.
I think this would be comparable with making a contract with a bunch of MPs - and when they find that the contract can be exploited, they lobby to amend contract law itself and add a clause that deals specifically with your contract.
You could possibly claim that the contract requires 100% of all parties involved to amend, but I don't think a contract with such a larger number of parties has ever been dealt with by any legal system.
Add to that, that the attacker almost certainly committed computer fraud, and the attacker seems to have little ground to stand on. Contracts (or loopholes in them) don't give you the right to break other laws.
You have invested in an experimental 'organization' that is defined by the contract that is its code. The code supersedes any other interpretation of the contract. You have agreed to this. Now something didn't go the way you wanted it to, yet fully in line with the code, and you want to fork the entire currency to steal this 'attacker's' property.
Good luck with your fork, it will mark the official end of ethereum.
Greed trumps contracts.
But I think it loses some power when the currency is still called "ethereum", and administered by some of the same individuals who created the DAO.
Who knows what a court would think
Just like it was unethical for the banks to get bailed out from bad, risky mortgage-backed securities, it's unethical for the DAO to get bailed out for writing bad, risky code.
The people who made those MBS trades should have gone to jail, and they didn't. That's where the injustice stems from.
Sorry, I'm jaded but when I see people say stuff like that it just makes me so resigned to the fact this is not the place I grew up in, in the 80's.
When the stakes are real and consequences real, more money and smart people will be attracted to the platform, and over time smart contracts will become more robust. Without real consequences, what is the incentive to participate if the rules can change when they don’t always go in your favor?
Strict construction might be the appropriate
approach if we lived in a society where language
was so formal, standardized, and known that every
contracting party would use precisely the same
words to describe an agreement.
The deal stipulated that Spyglass would receive a base quarterly fee for the Mosaic license plus a royalty from Microsoft's Internet Explorer revenue.
If IE revenue is $0, then royalties are $0, too.
Not nice, but perfectly legal.
> Without real consequences, what is the incentive to participate if the rules can change when they don’t always go in your favor?
That's the root problem here. The law works because people believe that it works. Once people lose that belief, the typical response is violent suppression, or violent revolution.
Yes. This should be the very core of the argument, with a focus on the words "conseqeunces" and "incentive".
However, the rest of us are also perfectly free to adopt a fork if we wish.
I get why everybody is upset, but this was pretty much bound to happen. Security of this kind is an all-or-nothing item, you have to get it 100% right or it might just as well not happen at all. So all this backpedaling and fixing does absolutely nothing in my view to strengthen the concept.
The only way forward would be to declare this version a total loss and to do a reboot with a better core and then to see how long that one will stand up.
Rinse and repeat until one really stands (by then confidence will likely be quite low) and accept that it could still go down at any point in the future.
A bit like the Monty Python sketch about the castle built on swampland.
Anything less will not do, either the contract is all there is or it is pointless.
Philosophically I wonder about this "the exact code defines the semantics of the DAO" clause because, well, nobody's suggesting to change the code; the fork proposals would just change how the code is interpreted.
Kind of like "this exact Java code defines the terms of the contract" but then a new version of Java makes that code behave differently...
So the clause depends not only on the Solidity code but also on the Ethereum virtual machine's interpretation of that code, and the question now is whether that interpretation is constant or mutable.
And, like, what's even the legal status of the https://daohub.org/explainer.html document? It has a list of things to which anyone who interacts with "The DAO" supposedly agrees, which seems like a typical groundless EULA and anyone who "invested" could just say "uh, I didn't agree to any of that stuff".
I'm not really making an argument, I just find it bewildering to even imagine how any of this stuff would be interpreted by lawyers.
Agreed, and that's essentially what we're seeing here, some kind of rough equivalent between lawywers hacking human language and programmers hacking code. A 'smart' lawyer is equivalent to a hacker, finding a loophole in the law to enforce some novel interpretation of the letter rather than the intent of the law.
Trying to do an end-run around a whole bunch of established systems all to end up with re-inventing the exact problems of those systems that you were trying to get away from in the first place, it's kind of funny.
I beg to differ. If those events come to pass, the DAO will be far from dead!
On which side of such a lawsuit you are is not important, the fact that the DAO can not be trusted to be complete and that there is a possibility that contracts once executed can be rolled back makes it un-viable in this incarnation.
Personally I think it was oversold, this lesson could have been learned a lot cheaper but that's easy to say after the fact. As bug bounties come this was a pretty good one, and I'd be highly surprised if it was the only flaw in the present implementation.
The attacker tried to exploit a flaw in TheDAO's code to steal its ether, not because it was designed to allow that or because that was the intent of its designers, but because he could.
Well, the Ethereum community can also do something that was neither intended nor planned for. You say that doing so would be a breach of contract. I say: Well, go ahead and sue me.
> Well, the Ethereum community can also do something that was neither intended nor planned for.
Of course they can. And that will make the whole concept moot.
> You say that doing so would be a breach of contract. I say: Well, go ahead and sue me.
No-one will. But then also: no-one will ever trust the concept. It either works or it does not, you can't say it works and if it doesn't we'll fork. That's simply institutionalizing unreliability.
The attacker has - very elegantly - pointed out a major flaw in the whole thing in a way that not much else could have: in the end we all have to either trust some higher power to interpret the context in which a contract was drawn up or we will have to live by the letter of the contracts. You can't have it both ways.
I think they will. In time, one of us will be proven right.
"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."
So yes, I'd interpret that as forks being 'right out'. It's either 'all terms' or it isn't.
As far as I see, that means there's no guarantee that Ether will be accepted by other parties, and no obligations on Ethereum miners, a de facto counterparty to the contract, not to agree to modify their own code. Of course, third parties [some of them with conflicts of interest] forking Ethereum is against the spirit of the "contract", but so was exploiting a recursion bug.
Which just goes to show that you still need to trust those with voting rights not to collude against you in a supposedly trustless system.
This is the primer to the how it is supposed to work: https://blog.slock.it/a-primer-to-the-decentralized-autonomo...
Here is how it was attacked: http://vessenes.com/deconstructing-thedao-attack-a-brief-cod...
Also, strictly speaking it's not all the same people who might be bound by the contract as those who would do the forking.
DAO -> DOA either way.
That's what makes this attack so elegant, it strikes at the heart of the problem rather than 'just' take some money.
An even worse attack would have been to do this slowly over a longer period of time, which would make it even harder to roll back (but would have increased the chance of discovery before the damage was this large).
That must have been a tough decision on the part of the attacker.
To me, it doesn't follow that forking Ethereum to change it's behaviour would constitute "seizure of ... ether". There's no law to stop the Ethereum Foundation from changing their software protocol in arbitrary ways. It's theirs, they can do what they want.
There's money involved, but in that case it's similar to the scenario if Supercell decided to remove IAP from Clash of Clans and users couldn't use their gems.
tortious interference with a contract.
The real "hacker" made millions shorting ETH before the attack.
* Outcome 1: ETH is forked -> ETH value goes to 0, the shorted currency is pure profit minus interest
* Outcome 2: ETH is not forked -> Hacker gets $50 million
These are only the technical outcomes but the only social outcome I can see is a lot of suing going on. My suspicion is that it is unlikely that anyone will succeed in a legal challenge, but I'm not a lawyer.
Courts enforce contracts that contain unfavorable terms all the time. And malciousness is not a part of contract law. It's true that contracts can be set-aside (though not always) when they have a criminal basis, but it's not at all clear that this is the case here.
There was an unequivocal and unilateral offer made to the world in the text - that will be hard to read down as anything other than an intention to contract.
You can't say on the one hand that the code that lives on the blockchain is the absolute source of truth and then claim when someone uses that code contained in that contract to get rewarded for doing due-diligence that it was wrong. The DAOs hubris is what got the investors into this mess. I was for the forks until I read it. Game Over for the DAO.
In fact, the attacker has already won as he could also attack the other fallacy still standing - that decentralization somehow leads to a less corrupt system. Don't believe me? The attacker should simply be less greedy and offer 9 million dollars USD to each of the 4 largest mining pools to NOT observe the fork. He still walks with about 4 million.
dwarfpool 9.7% 1882 30.7 1.1 TH/s
f2pool 12.8% 904 14.7 557.0 GH/s
ethermine 12.4% 701 11.4 431.1 GH/s
ethpool 12.5% 511 8.3 313.6 GH/s
This would give him the majority and incentivize the miners to not go along with the will of the DAO creators. And consensus still wins. Bought and paid for with money gained from investors who didn't understand or do due diligence before dumping money into a new untested type of organization. Maybe proof of stake will fix this mess. The attacker has already won by showing the hubris and lack of research on the part of investors and DAO creators. The DAO creators can't have it both ways.
What the attacker claims seems reasonable.
So a hard fork is in essence the community saying that they do not accept that there is any value for them beyond a certain point. Nobody breaks any laws. The "attacker" can retain what they gained. Nothing changes. The community simply moves on to another island - it is as simple as that.
I am not a lawyer but I cannot see how someone can sue you for not wanting to do business with them purely from value perspective. Perhaps this is a bit of an extreme example but it is also as if I start suing everyone because they do not accept doing business with me while I pay them with seashells (once perhaps considered a valid tender).
of course, he's a thief and should not get the money, but maybe the DAO was flying a bit too high too quickly.
Is that what just happened?
There is a logistical asymmetry. DAO had to allocate resources between engineering the software and selling the idea to investors.
There is also an economic asymmetry. DAO can only use a small portion of the total fund to cover the expenses related to code quality. Funds for future projects have to be retained. Returns on investment have to be provided. Conversely, the attacker can potentially cover their expenses with all of the DAO funds. For the DAO, $1,000,000 of defense is a significant portion of operating expenses and has low marginal return. For the attacker, $1,000,000 is an investment in potential 70x return.
That's enough to attract sophisticated actors even up into the state level. But even ordinary fintech could pull it off.
But the idea that any miner choosing a fork which blacklists this recursive split exploit is liable for damages to the hacker, that's just laughable. Can you imagine a universe where miners are legally bound to continue investing their hashrate in a particular fork?
The entire system is predicated on miners independently choosing whichever fork they want to support. The attacker is welcome to mine as much as they want on their preferred fork, just as any miner is free to do the same.
In any case, the market will decide how much the Eth on either fork should be worth. You can argue which fork you would value more, or which universe you would rather live in, but what's neat is ultimately the miners and the market will decide.
Whatever direction the Eth ultimately goes, one thing we can be sure of is that blacklisting is always possible to the extent that miners are willing or able to be compelled into implementing them. A campaign against blacklisting this particular address seems to me to be misplaced, because other than enriching the hacker it accomplishes nothing. Miners upgrade their code to express their preferences all the time. Miners can run "official releases" or variations on the same at any time. I think arguing that loading or not loading a particular commit proves anything about the future nature of Etherium is pretty speculative. You can blacklist an address today and not blacklist tomorrow. You can not blacklist today and blacklist tomorrow.
My own opinion is that Eth is very much still in Beta (or Alpha) and the community is still in Kindergarden learning how to write secure contracts in Solidity. We should expect these contracts to fail like this more often than not. If the miners vote for a "redo" on this particular bug in this particular contract I think it doesn't matter much either way. The reality is that Eth has a very long road before it can be safely used for its intended purpose, and that realization (whether it should have been obvious or not) will have a larger economic impact than this particular hack being rolled back or not. It's not like this is the only bug in "The DAO" code.
What makes it weird is that they can't just buy back the shares, because that wasn't in the contract. They have to convince the body controlling the currency, which backs the issued shares, to essentially invalidate and reprint a pallet of virtual cash.
Although the DAO shareholders don't necessarily have to participate in the fork for it to succeed, publicly advocating a fork, before the fork, in order to nullify a contract seems like it could be considered a breach of contract.
Next thing the IRS will go after him for the corresponding taxes on millions of dollars of crypto currency
I have no idea how you get actual money out of it, but if he does get it, that's a lot of money for lawyers...