But that's almost definitely true, and every bank in the world loses millions of whatever currency they hold every year to fraud.
The primary difference is that banks are encouraged to cooperate to recover these. In the blockchain world, it's incredibly difficult to recover losses and people suggest "no-takesies-backsies" is an ethical method of doing business while wracked by fraud.
Bugs in financial software can typically be unwound by the parties involved, or by courts, or both. This is less true for a scheme designed to be irreversible in itself.
Traditional finance isn't any easier to unwind than bitcoin. If I give you $5 I can't magically "erase" that transaction. The $5 bill doesn't materialise back in my pocket. Instead, I get the police to force you to give the money back. As an accountant, if you erase a transaction (even if it was a mistake), you can go to jail. What you do it make a balancing transaction to correct the mistake. Nothing is stopping you from doing the same thing with bitcoin. Making it so you can't erase or hide the previous transaction just enforces rules that already exist -- and it a great feature.
The main difference is that it is infeasible to hold large amounts of cash, and so we usually allow a third party to hold on to our money. That third party will usually hand over your money if requested by the government (some overseas banks are notable exceptions!!). With bitcoin I can hold on to it myself and not have to worry about the actions of a third party. Secondly, even if you horde cash, it's hard to secure it. It's basically impossible to make it so that only you can access it. With Bitcoin, it is easy to secure a large amount of value and ensure that only you can access it. Bizarrely, a large number of people totally ignore this advantage...
This is the entire point of bitcoin. With the hype, fraud and what not, people often assume that bitcoin must have been developed as a scam. But I really do believe that the purpose was to allow people to have access to money and not have to rely on a third party who probably doesn't have your best interests at heart. It's not really surprising that criminals will be interested in this kind of system. They are the ones with the highest need. The government can't freeze your account.
The interesting question is: do we need that kind of security? Do we trust the banks and government to act appropriately with our money?
The difference is that if there is an error, I can unwind the error with the counterparty's cooperation or without it.
A bit harder to do that when someone deprives me of bitcoin by theft or fraud.
I am familiar with compensating transactions. Ledgers are a necessary mechanism, but they are not a sufficient mechanism to safeguard against theft, fraud and error. These systems work because of multiple overlapping defences and they still fail.
I find that I tense up at the strong strain of technoutopianism that runs through bitcoin and cryptocurrency circles.
You're asking the rest of us to bet everything on block. I don't trust anyone to not make a mistake and I don't believe in single lines of defence, no matter how computationally intractable they are on paper.
> Traditional finance isn't any easier to unwind than bitcoin.
This is one of those cases where the theory and practice don't match. The are two cases: the destination account exists or doesn't. If it doesn't, your bank returns your money minus some handling fees. Your Bitcoin in the same situation is gone to an unused wallet which nobody can access.
If the account is valid: With Bitcoin it's on you to track down who owns your funds now and figure out how to recover it. In case of a bank though you raise an issue with them and start the process - either internal or across banks. It allows the person receiving the money to approve a quick reveal, or allows you to start legal action to recover your funds.
At some high, abstract level, these are similar. But in practice, banks make it pretty easy to recover your funds in case of simple mistakes.
> With Bitcoin, it is easy to secure a large amount of value and ensure that only you can access it. Bizarrely, a large number of people totally ignore this advantage...
We had examples of a number of entities, which tried to apply the best practices and were aware of the risks, completely failing at the task. Multiple exchanges, smart contract operators, and other companies failed to protect their coins. The real world shows us that this is not that easy given clever adversaries.
How do you secure large amounts of Bitcoin? Keeping it all in a hardware wallet is a lot like keeping all your money in a safe in your closet, and keeping it on your computer or in an exchange is even worse.
The big difference is that you'll probably lose everything you stole and also go to prison if you exploit a bug in a regular financial service. You probably won't be able to make legitimate users of that service lose all their money.
The important question is if you think it's possible to create impervious functions of ~100 lines of code. I tend to think that with modern formal verification systems this is a feasible goal. Otherwise you have to stick with closed-source security-through-obscurity and rely on legal reversal. This seems pretty weak to me, though - ex, if a stock exchange was hacked, sure you could reverse it legally, but the market disruption would take years to recover. Regardless of the specific nature of crypto, I think formally verifiable open systems are both achievable and a worthwhile goal.
I am not sure what your position here is: that you can do whatever you want, or at least a lot of useful things, in ~100 lines of code? That if your software is broken down into functions no bigger that ~100 lines of code, and they have each been individually verified, then their composition has also been verified? Or something else?
There is also the matter of verifying the platform itself.
Thank you for bringing this to my attention. If I am following along correctly, it does not so much verify the deployed EVM as it provides a formal and executable semantics for an EVM that satisfies the test suite, and the authors demonstrate its use in finding some real-world problems, which is exactly the sort of thing that we want:
"These properties make KEVM an ideal formal reference implementation against which other implementations can be evaluated. We proceed to argue for a semantics-first formal verification approach for EVM contracts, and demonstrate its practicality by using KEVM to verify practically important properties over the arithmetic operation of an example smart contract and the correct operation of a token transfer function in a second contract."
From the paper, it seems that the latter example could have found a bug that caused problems in a deployed Ethereum contract.
Regarding your last point, the platform itself can be fixed if it has any malfunctions. The issue is only with an application built on top of the platform malfunctioning while the platform operates exactly as it's supposed to.
In that case there is no redress as the platform is for all intents and purposes immutable when it's working correctly.
What I meant is that an error in the platform is not catastrophic, because in those cases, the blockchain can be paused, fixed, and if need be, rolled back.
In other words, errors that occur due to malfunctions in the platform are reversible. Errors in applications built on top of it are not.
Or the implicit third party of the state, more specifically the legislative and judicial branches.
I think the bottom line is that contract law is an AI-hard problem-- meaning it takes a "real intelligence" to negotiate and enforce contracts. Simple logical rule sets implemented in code are too dumb.
Agreed — I find it really odd how many people are willing to assume that another complex field must be easy just because they've never thought about it in depth.
What does that actually mean in practice? Any successful piece of code is a million dollar bug bounty. A Windows remote execution can sell for millions and do damage in the billions.
Is it easy to exploit smart contracts? Is it fundamentally impossible to make them secure? Maybe we lack the proper tools, maybe current architectures need to be improved.
It's different from Windows bug because Windows bugs can be easily patched.
When we come to blockchain world, we run into a dilemma:
1. Hard-forking means it's no longer truly "immutable"
2. Not Hard-forking means we're fucked.
The first point is important even if you're not an immutability nerd, and most people don't realize the significance of a truly ownerless ledger because most people haven't thought really deep into how the society and economy works.
In my opinion the difference between a truly ownerless ledger and another one that has made 0.1% tradeoff is as different as the difference between selling something for 1 cent and giving it away for free.
I think blockchains like Ethereum that want to become general purpose will have tendency to move towards being more centralized. Not saying that's bad, it's a tradeoff, but nobody knows what the end result would be. It could end up becoming like the Web, where the protocol itself is supposed to be decentralized but every user facing stuff is completely centralized.
