There is another interesting point here, which I think applies to Bitcoin too - if the blockchain/smart contract is the distributed source of truth and lets you deal with untrusted third parties without a middleman, it shouldn't require external arbitration.
If you need external arbitration in the event of problems, which requires verifying identity, intent, etc, why not have a central system with strong identities and regulatory bodies in the first place and forget the distributed system (which is slower and another point of failure), since the centralised system is what you fall back to anyway when the distributed trust fails.
The interesting thing with the DAO though, was the explicit INTENT of the contract, was for it to be entirely governed by the code.
As in, the announcement website, and all the marketing for the DAO included a whole lot of lines like "None of the information here is binding. The only thing that it binding is the code. The contract is the code".
So, it is arguable, that allowing people to exploit "bugs" in the code was actually intended.
Of course, they didn't think there were going to be any bugs, but I bet that if you asked the DAO people ahead of time, before the bugs were found, something like "Hey, if I find a bug and exploit it, is that within the contract?", then i bet that the DAO people would have said yes.
People using smart contracts when that's not what they really want are going to cause damage to the ecosystem that will take years to undo.
Since smart contracts are software, and all software has bugs, and to a first approximation nobody is interested in having a significant amount of their money, time, or goods erased by a software bug, of what use are these things other than as a curiosity?
I personally would much rather use smart contracts for making deals with employers, the overlords of the marketplaces, foreign clients, etc. Maybe it's just because I'm a programmer, but I would rather fail because of my own bug, than get screwed over and Nelson-laughed at by a bunch of powerful people. I can improve my contract-coding methodology, but I can't do much about other people's shadiness.
The odds that you can improve your contract-coding methodology to such a degree that you write no bugs is most likely nil. You haven't been able to do that in your non-contract code, and the stakes there are much lower.
Besides, how many mistakes will you be able to afford to learn from while avoiding complete financial ruin?
Edit: you've also got the threat model wrong. With a traditional contract, your only concern is the other party (your employer, say). With a "smart" contract, you also have to worry about any 3rd party who can wander by, notice a bug in your contract, and use it to avail themselves to your income.
You've got all the same second-party worries (my employer will use their resources to find a way to screw me) plus a whole new 3rd party attack surface.
As a programmer, imagine the complexity of the smart contract required to make this sort of transaction work when things go smoothly (including getting information about what has happened in the physical world.) Now imagine proofing it against this scam. Now imagine proofing it against scams in general, including ones you have not thought of yet...
Either you are going to spend a lot of time verifying the contracts you participate in, or you are going to take someone's word for it that it is OK.
a) Does something useful...
b) ...in a way that's somehow significantly preferable to "dumb" alternatives;
c) gets adequately battle-tested in the real world;
d) can be reused ad infinitum, maybe with trivial variations
It seems to me that it's not out of the question that that will happen, but it's also by no means certain. It seems to me that once you get far beyond simple remittances it becomes extremely difficult to reliably codify intent.
I'm not convinced powerful languages will ever be suitable for this - the language used for contracts should be less flexible and powerful than human languages, not more - we attempt this with legalese and conventions associated with contracts already (they don't really use english say but a limited subset of it), why not take it a step further and define specific and incredibly limited axioms which can be connected to form immutable contracts with limited ambiguity and no room for error.
Smart contracts assume that incredibly difficult problem is already solved and then start attaching money directly to the contract (why!), that in my view is far too optimistic about the state of software and the capability of humans to manage it.
In fact the DAO fork brings up another problem which applies to Bitcoin too - the developers (and miners if a POW coin) are de facto arbiters of the fate of millions, and if this sort of system were to gain widespread use, would have enormous power, in fact they already do even if you think the coins are overvalued. They decide if a fork is justified, a change will be adopted, or a tweak to algorithms to discourage certain behaviour. They become in some ways a parallel system of government/law without accountability. For all the pretence that people can just fork the project or choose another client, we've seen how hard that is to pull off, and how much influence is retained by the central developers of such a project with the recent Bitcoin Cash fracas.
A contract is an explicit set of rules as to what the involved parties are supposed to do in every relevant situation that could arise. The problem is that in the real world it is very often simply impossible to anticipate every possible relevant situation. That is because the real world is so complicated, and we lack much of the needed information about what might happen in the future.
The consequence is that in business, unanticipated situations arise all the time where the signed contract either calls for something that would lead at least one party to suffer, or it is not at all clear what should be done.
%99 of the time, the involved parties simply decide informally what to do. 1% of the time one side sues, and in most of these cases the lawyers settle before trial. And if it goes to trial, the judge decides on things like intent and fairness that can't be clearly specified in a contract.
It is just not possible for smart contract coders to solve this problem that experienced business people can't. And let me add that this is similar to the problem with bugs. A bug arises when commands and/or data are encountered by the program that the coder had not anticipated, and so the program does something other than what is intended. It is the same basic problem of not being able to anticipate all possible situations, and so this is why all programs have bugs.
>There are thousands of standardized contracts that are signed by thousands of people and only a small percentage of them end up in conflict.
That's because, as I explain, when something happens the contract did not anticipate, the involved parties almost always work things out informally
For simple things done in large numbers, smart contracts might makes sense. Except if many people are using the same contract, it is more attractive to hackers to try to find a bug.
But how many contracts are there where nothing can be disputed? That seems to me to be the case where a smart contract could be useful. If you're relying on the parties to be honest and compliant then you've gained nothing by having a smart contract, afaics. All you've done is introduced some extra mess into the existing tangle of legal and informal incentives and disincentives.
I'm open to suggestions but I'm not sure many such use cases exist. To the extent they do (eg. provably fair casinos), I'm not sure they provide anything compelling over existing dumb alternatives.
Let's put everything in a legal perspective using the DAO as the example...was what occurred there a "hack" or just a proper function of the contract which all parties agreed?
let's assume, all things being equal, the DAO smart contract wasn't a smart contract on the block chain but a regular contract, which included a provision allowing any single party to unilaterally take all the investment funds of the other parties to the contract...is that enforceable? No.
In fact with the SEC report on the DAO, we know the contract was likely an illegal offering of a security. Therefore, the entire contract is void and unenforceable and every party is entitled to their investment back, nothing changes because it was a smart contract on a block chain rather than a written contract.
both. Lawyers are just hackers of the legal system. the runtime environment is the courtroom. The contract is the code. loopholes and technicalities are another name for bugs.
If none, check out some of the foundation legal principles of contract law, including, but not limited to: offer, acceptance, bargained for exchange, mutual assent, consideration, "four-corners", contractual intent, illusory promises, statute of frauds, UCC (uniform commercial code), illegal per se.
The contract isn't the "code", the contract is the contract and if anything the law is the "code" (in fact in many states and federally laws are called code), just because layman and tech people don't understand the law/code, doesn't mean its full of loopholes, technicalities and bugs...though as a layman watching the disaster that is smart contracts executing in ways people did not understand and authors marketed in plain language, I would says smart contracts are full of bugs.
In reality, a lawyer trying to "hack" a contract with some technicality will run afoul of a judge telling them to sit down and shut up. Judges exist to discern the intent behind the contract and thereby fix "bugs" in the contract that would otherwise lead to absurd, unintended outcomes.
"Loopholes" matter a hell of a lot less in real life than in episodes of Law & Order or whatever you've been watching.
Or if you are a company trying to avoid paying taxes.
I also think the author misrepresents that the only purpose of the blockchain is to eliminate the central governing body. There are many other value propositions and uses for the technology. Here's just a few:
- Eliminates financial overhead and operational complexity for banking.
- Personal information control. Like profiles or identity data.
- Distributed network to sell things with trust
- Access to public records
- The author shoots down the value of ICO's. But the blockchain can offer a significantly cheaper alternative to clearing costs for equites.
And there so much other potential...
If an ATM spits out too much money and that violates the terms of service you signed with the bank (or the ATM provider) the bank has a way to recover the funds since they can rely on the legal system to enforce the terms.
The blockchain exists to enforce the validity of state changes (transactions). There is no other value outside of that.
Thus, if you are reliant on the legal system to enforce blockchain contracts there is no reason to have a contract on the blockchain since the only real benefit is decentralized consensus. You are better off just rolling a few EC2 instances and writing an old fashioned contract.
This is misleading. "Owning" cryptocurrency comes down yo controlling the private key. Cryptos exist solely as information. The bank analogy is a poor one because it implies that there is a single physical collection of value, which is fundamentally opposed to the premise of a distributed ledger. I'm not sure that the author really grasps the function and utility of Cryptos based on this mischaracterization. I didnt read any further.
Moreover fiat (which banks hold) isn't backed by a central physical store of value so the argument holds up.
IMHO, we are venturing to the domain of lawyers; most people are not just going to be saying computer code == what-we-agreed-here because most people are just normal people and they couldn't care about computer code. And let's face it, cryptos are already full of normal people, it's not for the early nerds anymore.
However, always keep in mind that cryptos are not regulated, they are not always too compatible with current regulation regarding normal money and they are extremely valuable when considering the fact that they are not regulated.
The court will intervene and that will be the end of the idea that the code is the final authority.
The law often sees itself as onnipotent, but it stands no chance against cryptography and unnamed contract authors.
That is one thing that both skeptics and the most zealous of smart-contract proponents agree on.
Many of Ethereum's key players thought that was what they wanted until they found themselves in a contract containing a 'clause' they had not anticipated.
Not sure that's as clear as the article suggests (at least to the extent you are dealing with entities within the reach of U.S. law (which is a whole lot!)).
See my thoughts on this here: https://news.ycombinator.com/item?id=14820950
Both are exploitation of unintended behavior.
In the OpenBazaar community we call them Dumb Contracts. https://medium.com/@therealopenbazaar/the-case-for-dumb-cont...
They recoop half the money and the "contract executor" can step above ground with no worries.
It's not something that can be meaningfully waived (and it's not something Etherium could enforce, anyways).
It just seems so silly -- no system is perfectly secure; any developer can attest to this. There is always going to be a way skirt around the smart contract owner's intent, especially as the apps being run on the blockchain grow in complexity. To not blatantly call this malicious activity just doesn't sit well with me.
Now is it ethical to exploit a bug in a contract? In almost all cases the answer is no, however that is besides the point as smart contracts are devoid of any ethics or intent.
The whole problem with smart contracts is the mindset behind the community. Tech circles far to often follow the mantra "move fast and break things" and this is the issue. If smart contracts were treated like real contracts, then this issue would be largely avoided. Who do you blame for writing a shitty contract? The lawyer. The same should apply for smart contracts. Smart Contracts should be written or at least reviewed by "lawyers" specializing in smart contracts. They should be trained to be able to write contracts that are bulletproof. If the smart contract is defective, they should be responsible just like with normal contract lawyers. If there is a flaw in a contract, there should be a migration strategy for addressing it.
Smart Contracts are a developing technology and an extremely powerful one at that and as such they should be used with extreme caution but that does not mean they are a bad idea. The whole problem is that they are being used haphazardly and often for purposes which are far better served by a more benign and low risk solution.