This is, I think, to its core the fundamental problem with any kind of rigid language in contracts. It's nice to see an acknowledgement of its existence, but disappointing to see no acknowledgement of its severity. We see this all the time, not just in code, but in law and policy as well: an overly-prescriptive law can be just as problematic as an overly-vague one. And imperatively written smart contracts are about as prescriptive as you can get.
This is of course in addition to another critical shortcoming for smart contracts: they are capable only of interacting with informational assets (of which "money" is a subset). You can't possibly create a smart contract to purchase a house, because at the end of the day the person that physically occupies the house is in the position of power. Any smart contract enforcement mechanism would necessarily rely upon some outside system, which defeats the whole purpose of the thing in the first place.
I have high hopes for cryptocurrencies, in no small part because they inherently deal with only information (again, money is a subset thereof). But I'll be honest: I remain extremely skeptical that smart contracts as we currently understand them will ever see general adoption. It strikes me as an emotionally understandable, but rationally ill-advised, radical departure from hundreds of years of political philosophy and sociology... not in a way that inspires the term "disruption", but rather in a way that evokes "out of the frying pan, and into a boiling pot of lava". I'm all for "a better contracts system", but given that a contract (even one with a non-human entity) is by its very definition a social instrument, I just fail to see a reasonable way forward for what is essentially contractual bytecode.
If a judge accepts that argument, then contract law would not apply to smart contracts, and the usual considerations of intent in contract law would not be relevant. Of course the intent underlying the code that implements the smart contract would remain relevant, but unless the "contracting" parties agreed on meta-provisions for arbitrating disagreements about the intent of the code (legal or otherwise), it seems reasonable to accept the default interpretation supported by many members of Ethereum's community: what the code says goes.
In short, legal arguments may not be dispositive, because smart contracts may not be legal contracts. In that case, determining the intent behind the code may be a morass best avoided as many assumed it would be, by ignoring it and letting the code decide.
(Of course, the ideal form of arbitrating meta-provision is code compiled against a spec enforced by a tool-chain that includes formal verification—both because it is self-enforcing and because it bridges the gap between intent and what the code actually does. But that seems a long way off.)
> You can't possibly create a smart contract to purchase a house, because at the end of the day the person that physically occupies the house is in the position of power.
It's likely that if something like this ever succeeded, there'd be many parties that would provide bridges between real world assets (dollars, a house, entry to an electronic lock) + real world contracts that might bridge to crypto contracts (so a trustee may hold a house under US law for a crypto title owned by others - similar to how a custodial bank holds financial assets on your behalf). You're right that the enforcement mechanism might be decoupled, but that doesn't make it worthless, as the trustee could still use the enforcement mechanism on the real world side. On the cryptocontract side, parts could be enforced like payments.
So why might crypto contracts be interesting in this case:
- There are too many parties involved and coordination costs are high (crypto contracts that millions of people collectively negotiate together)
- The adherents are international, and may prefer a standardized form of law accessible cheaply and easily to all
There are clearly an infinite number of risks - but this is just an example of how it might still be beneficial.
One other point. Everyone in this recent DAO hack discusses cryptocontracts as set in stone - and the be all, end all once published. Still, you could always inject in a party that adjudicates, but only in extreme scenarios (technically, they might have root access when a few parties with conflicting incentives agreed).
You might ask, doesn't this defeat the whole purpose of crypto contracts if third parties are involved - but there still may be value if the third party role is substantially diminished, or if previous forms of negotiation that never happened due to coordination cost now occur.
(the canonical Bitcoin example is escrow, where the two parties can verifiably escrow money which in the real world always required a third party actively involved, and a third party in the cryptocurrency world steps in only if there are issues that the two parties can't resolve and cannot take the money itself - 2 of 3 multisig).
I think this is undervalued, and probably going to become even more important in the future. Largely because it's something that the current legal framework simply doesn't provide.
We have tenuous legal agreements between nation-states (largely of the "we choose to obey now because it's in our best interest" variety). And we have legal systems that apply in a single country. But we really don't have an ironclad anything in the ether (ha!) between those.
So, picking the best jurisdiction for something like this plus getting all parties to agree to settle disputes according to its laws would be a positive step for such organizations. Knocks out a whole category of risk. These decentralized schemes often pretend they won't need lawyers but they exist in real world for good reasons. Best to know what they can or can't do in at least all the common, criminal situations.
Absolutely. This drastically limits the scope of smart contracts. You can do all kinds of interesting stuff with the contracts and digital money, like ponzi schemes, simple gambling games, and so on, but you can't link them with the real world without relying on some third party trust. And once you require trust, then you might as well implement the whole thing in the real world.
Incidentally, this is also the killer problem with Slock.it's (the DAO creators) other project, their 'digital locks', physical padlocks that would open or close based upon smart contracts. They were fundamentally flawed because it's impossible to prove that a physical lock is tied to the blockchain. There's no proof that it will honour a smart contract, so the whole system again relies on third party trust.
Smart hardware locks sounds interesting. I'll have to read up on what they tried -- it sounds like a technically interesting problem.
If you're requiring a third party law firm to ensure offline parts of a smart contract are enforced and mediate disputes, you might as well write the contract in something the law firm actually recognises as a contract.
A simple example why is that 10 MM parties across the world want to coordinate together for a custom contract - this might be challenging depending solely on the current system (coordination cost, different jurisdictions), but there may be benefits to having elements of both systems involved.
Again, this is all speculation - and only time will tell, but I also think it's a debate to be had, rather than suggesting that such a system is worthless if it depends on any real world legal forms.
I can imagine a future where blockchain-based logic is used to drive robots, bridging the gap with the real world. To me, blockchains seem like a proto-DNA set to evolve as a base for AI; perhaps we are at ground zero for the primordial soup of future digital lifeforms.
I claimed that there are many generations needed for programs to evolve, which POW limits because the generation of new contracts is not cheap.
Interesting change of attitude! I was just watching a talk from a couple of years ago where Vitalik says "there are a substantial number of applications where you can actually say yes 'I am 99.9 percent certain this is bug free'". Amazing how much a few years of industry practice can humble a young software engineer.
assuming the entirety of centuries of civilization has no
clue what they were doing
The interesting thing is that about 100 years ago some mathematicians believed something similar about math itself. They believed that since we have formal procedures to reason about math, eventually we'd be able to understand (i.e. prove) everything we want to know. That hope was finally crushed by the discovery of simple, finite, small mathematical objects, that while subject to mathematical reasoning, are able to forever elude complete understanding and proof. Those objects inhabit a very large, unbridgeable gap between our ability to reason and our ability to fully understand (and prove). Those objects, of course, are what today we call computer programs.
If there's anything that proves beyond any doubt that even systems that operate according to a small set of rules, and subject to mathematical reasoning and manipulation, are still able to defy complete understanding -- even in theory, let alone in practice -- it is computer science.
Yet, even though computer science is the very discipline that proved that complexity that can arise even in the smallest of systems is essential and cannot ever be tamed, it is computer scientists and software developers who often attempt to challenge the very foundation of their own discipline.
It's hard enough to prove that a computer program will
actually *do* something, forget about proving what the
program *will not* do.
So the general intractability of computation is essential and far from limited to Turing completeness. If you find this subject interesting, I'll be giving a talk about it next month (it will be recorded).
Smart contracts are a very good thing, but they won't become perfectly safe any time soon (if ever), so the community should recognize that civil and criminal law are a safety net, likely to help smart contract get wider use, because of they create increased trust.
I am not completely sure if it went to court and it was litigated fully it would be found that the theDAO smart contracts that were buggy could be rolled back to what was "intended" as there was language that specifically denied that form of reasoning. theDAO clearly fucked up but that doesn't invalidate a contract. The intent in the contract was actually clearly declared, the smart contract was binding in its form. The smart contract's intent was its code. It's code was buggy. Thus one will have to litigate in court whether intent can inferred from buggy code and whether a software bug can be rules as outside of intent. Rolling back transactions like that are really exceptional.
I think it is quite interesting. A lot of people in the stock market have lost money because of software bugs, although everyone didn't agree beforehand that that software was the intent. I think it could go either way with theDAO's software contract if it was litigated.
That said you could possibly sue the implementers of the smart contract for negligence to try to recover the loss, or those that advertized theDAO as a viable investment vehicle for false advertizing or misleading one about safety, both of those are much more straight forward legal avenues.
The recent problems were very technical and specific as well as being solvable from a number of approaches.
I have no idea WTF is going on here. I've tried to search around for a clue but the more I read the more confusing it gets.
At first it seemed that Ethereum was a kind of cryptocurrency like bitcoin (something that people could "mine" and exchange), then something about "contracts" that don't require trust, then something about it being effectively "a computer" that never stops, an investment system investing in something no one ever actually names, some story about a hack that drains ether out of the system.
And now this story which has words like... "Governmental", "Rock-paper-scissors", "Casino", fees "stolen" because of constructor bug, "ponzi".
Even forgetting all the confusing jargon, I can't come up with a mental model that makes any sense at all. Is this just an elaborate puzzle game for geniuses? Or are people making and losing real money with this? By "money" I mean something that can be converted into actual US dollars right now and stored in a bank.
- Ethereum is a contracting language combined with a crypto currency; to run the contracting language requires miners to not only determine the solution to a puzzle (as in Bitcoin), but also to run code written by contract writers in a virtual machine; the blockchain stores the results of these computations
There's a lot written on the DAO (just search HN), but a quick summary:
- A DAO is an autonomous organization that is self governing, with its by laws written into code - and often the potential to fork off if you disagreed with the majority decisions
- "The DAO" which caused the recent blow up was the first public iteration of this and was an investment fund meant to encourage apps on the blockchain, by letting others fund it and then vote on proposals to receive money
- "The DAO"had substantial flaws in how it was written, tested, and released
- This was very successful by funding metrics, but that is based on a highly speculative currency that had appreciated 30-40X in a few months (otherwise, it might have just been a few million dollar experiment)
- The flaws were pretty egregious (e.g., naming two functions essentially the same - and calling the wrong one, not putting in place proper mutexes) - and many on HN who worked on any mission critical code (e.g., finance, embedded systems) would be surprised at how quickly it was released without testing, community discussion, or a thoughtful rollout plan
- Yes, people are losing money in two ways 1) in "The DAO" itself, if the funds can't be recovered fully, 2) due to the price of Ethereum to Dollars/Euros which people own and trade (which has fallen 50% since "The DAO" issues, but that is still 10-15X up since late last year)
 Technically, Bitcoin miners also interpret contract code, but the language is more complex and limited - with the most popular Bitcoin contract to simply lock and unlock bitcoins
http://ethdocs.org/en/latest/ may be helpful.
If you want the protection of a big brother, why not invest in the regular stock market? Lots of neophytes trying to get rich quick are now crying for help after realizing they made a mistake. It's really touching.
Ethereum is not trustable if there is rollback when a contract didn't operate as intended. Can you imagine the stock market operating this way?
BTW has bitcoin ever had a rollback in its existence?
The huuuge problem I see here is that it is the Ethereum Foundation, and Vitalik Buterin himself, who are proposing the fork as a remedy. They should simply say "well duh, fire burns."
In real contract law, there are three elements of a contract.
1. a meeting of the minds: the parties must agree on what is being exchanged
2. an actual exchange, in both directions, it's called "consideration"
3. at least one of the parties must behave as if they are relying on the contract, a party must "make a move" and begin to deliver on the contract.
There may be all sorts of guarantees written into contracts to enhance the security of the either of the two sides. So, these mathematical smart contracts are completely OK under contract law; however, the smart contracts and the surrounding activity must still meet the requirements of a contract.
It is not "a meeting of the minds" for one side to drain the other side of their total balances, and it violates "consideration" as well since nothing is being exchanged for the extra money. So there is ample reason to claim that these were not valid contracts and should be rolled back.
Cuz that's how contracts work, it's the only way they work.
I disagree. From the Explanation of Terms and Disclaimer on the DAOhub site:
"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."
The Code is Law. All parties knew, and accepted this before 'investing'. The contract performed exactly as designed.
Excellent! and I disagree with you, so we disagree. Where does that leave us? Simply as two proponents of free speech... unless... unless we have a smart contract between us, one under which you just drained my Ethereum account of ether. Beyond being a proponent of free speech, that gives me "standing" to become a "litigant", a "plaintiff" against you as "defendant". You would get to tell your side to the judge, just like me.
Here are some exaggerated hypothetical examples where you will agree with me; then hopefully you can see how a judge would look at the present situation with the DAO:
If, buried in TheCodeThatIsLaw that AllPartiesKnewAndAccepted, there is encoded an agreement to deliver narcotics to children, or sell children into slavery, or to provide funding to a terror training cell for children, then it wouldn't matter what TheCodeThatIsLaw says, a court would declare it invalid, NotAContract, NotBinding. Even if we encoded it in language that says "this is the funding part, being non-specific about the activities". That's simply how it works. Period. And you can't write a binding contract to give money away, there's no consideration.
TheCodeThatPurportsToBeLaw must meet standards of its own in order to provide additional binding law, the standards I outlined above, a meeting of the minds, consideration, and reliance. So when it comes to challenging the results of TheCodeThatPurportsToBeLaw, courts will look inside, and they will look for AMeetingOfTheMinds, and they will look at what actually happened, how people behaved, and the court will decide if TheCodeThatPurportsToBeLaw fulfills the requirements that all contracts must fulfill in order to be binding.
My point is not that these contracts are invalid; my point is that these contracts are not free from interpretation by courts, and they are not free from meeting the standards of contracts as seen and interpreted by the courts, and not as seen by one party to the agreement who got what they wanted.
And, by the way, contracts can't contain ponzis. No matter how many signatures, lawyers, notaries, and PhDs in economics are involved in forging the agreement, TheCodeThatIsLaw is not the law if the code contains a ponzi. That's how the law works. I'm talking about US law (we are talking .com here) but other countries of laws use similar methods of determination.
> The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code.
That document is the single link that connects the Ethereum toy world with the world of real, legally enforceable contracts. If any court actually takes that clause seriously and treats the DAO code as legally binding terms of service, I think that could have two consequences:
1) Intent: The terms written on the website don't say anything about crowdfunding, voting processes or the supposed purpose of the DAO. They do however say very clearly "the code is the law" and even point out that this will cause risks for the investors, should the code contain bugs.
That writing IMO makes the current argument that the attacker violated the "intent" of the contract very hard to argue.
2) Contract amendmends: As far as I know (as a layman), legal contracts may only changed of all affected parties agree to the change. Therefore, if the DAO code should be treated as a legal contract, you could interpret the soft fork as an amendment - even though not all of the DAO token holders were asked for agreement. In the most extreme case, the attacker could sue and demand that his "theft" is cashed out, even if the soft/hard fork proposal is accepted.
DAO token holders can express their agreement or disagreement by choosing which fork they want to attach to.
Wouldn't a more secure implementation have allowed members to buy in for a nominal fee and keep their investment funds outside of the DAO until they voted/participated in a specific contract/investment opportunity?
An alternate way is having each investment opportunity publicize it, but that is a marketing challenge for each project, and may not raise the requisite amount (there may also be greater legal risks to soliciting capital from retail investors directly).
There are a lot of issues with the DAO (long before the hack), so I don't mean that as a justification for launching the current DAO, but rather a potential reasoning for that one aspect. (the bigger question is why didn't they do many proof of concepts + then restrict the amount of money collected with the first production version).
Think about how everybody felt taking part in "the biggest crowdfund ever". Think how the VCs felt, investing in the future.
Now think how the VCs feel when some peers maybe take a swipe at them: "so you invested in that DAO thing?". This (and money at stake) will create powerful forces towards a resolution. This can already be seen in the smart PR campaign to rollback the hack by forking.
Why not restrict the entire language instead of trying to verify that a program fits into a safe subset? What practical uses are there for general recursion and unbounded gas usage in the context of smart contracts (not to mention multiple inheritance, inline bytecode assembly, and the many other complex features of Solidity)?
1. It's very hard to create a language that is both restrictive yet useful enough, without it being just as hard to verify (e.g. total-functional languages are not nearly restrictive enough to make some global properties easily provable; the only languages that make this somewhat feasible are finite state machines, and their expressiveness is questionable).
2. Even if that were somehow possible, it wouldn't solve the real problem, which is defining the right safety properties. However you verify safety, the hard problem remains what safety means.
2. Safety properties that fall back on current law could be added in case of dispute.
This scenario would still have great value as a smart contract.
2. Absolutely, but I think the whole motivation behind projects like Ethereum is to replace the law with algorithms. I think that any computer scientist with a basic understanding of complexity would see why this is impossible, but the idea persists. Eventually, someone who's less ideologically pure would find a way to reconcile the utility of cryptocurrencies with the necessity for human law.
People still play roulette or blackjack, even though they know they're guaranteed to lose in a long run / on average.
Specific vulnerabilities aside, I think any reader should stop trusting the judgment or effectiveness of Ethereum-backed projects at this point. Probably better doing the DAO as a well-managee, centralized non-profit to test crowd-funding scheme while Ethereum continues baby steps toward a distributed scheme that works.
I'm rigorously trying to assess whether my complete inability to find any there there in blockchain-based applications (Bitcoin, Smart Contracts) is a bug on my part or feature.
I'm leaning strongly to feature.
Don't forget about contributions to the aesthetic as well. Some of the things that are occurring with these technologies will be literally mind blowing.
Why is 'human arbitration as a last resort' not on this list?