To program one you need to think about all the edge cases. The programmers here likely did want >0 here. The possibility that the thing feeding price data return zero incorrectly was higher than the price legitimately being zero in their minds.
There is no court or lawyer who can interpret the spirit of the contract.
That's obviously the point, though. You are trading one set of risks for a completely different set of risks that might suit your use case much better; your counterparty being able to contest a contract in court could very well be a "bad" thing for you.
But that's exactly the point.
People are not able to interpret "smart" contracts. For normal contracts most people can understand the contract and if there is a dispute you have laws and courts who can interpret in every case.
In case of "smart" contracts even the contract developers more often than not seem to not be able to understand all consequences.
So if we are trading one set of risks for another it kinda seems to me to be a a really shitty tradeoff.
Things are better on consumer law because it assumes from the start that people are stupid and have no idea what they are doing. But other kinds of contracts have quite large security risks.
In the case of a smart contract, it can even happen that both parties agree in how things should take place when there's a problem! But bad code doesn't work that way, and you can find yourself in a null state of indeterminacy without a built in layer to resolve that.
The entire evolution of legal jargon can be viewed as an attempt to provide a linguistic framework whereby ambiguity is minimized and edge cases are anticipated. But human interactions are chaotic and all outcomes or scenarios can never be predicted, hence the need for a layer of human judgement.
That layer is imperfect, sometimes wrong, sometimes biased, but still necessary. I don't see how smart contracts can work without that sort of layer, but with a human judgment layer then they're not really smart contracts in the way people want such contracts to function.
Trusting any smart contract of sufficient complexity is like trusting that a code base has absolutely zero bugs and zero unanticipated edge cases. I just don't see that as realistic.
If a programmer at a bank or exchanged should have coded ">=" then I want 1) for them to easily be able to act on their intentions instead of their mistake or 2) the ability to bring in a 3rd party to interpret and resolve the situation if #1 doesn't work out.
You can do this to some extent using formal verification. Most code doesn't get formally verified because it's kind of a pain to do, and you can usually fix bugs later, but smart contracts are the perfect candidate for it since they are (1) mission critical, (2) naturally limited in size and scope, and (3) cannot be fixed after the fact. You can write perfect code if you have the right tools and do it carefully.
Smart contracts don't have a mechanism if this sort. If you have an issue with them as in this case with IRON, your best hope is that IRON will find a way to handle it that satisfies everyone (which may be hard) or that the normal legal system is able to resolve it.
Both of those kind of negate the purpose many people want smart contracts to have in being free of sovereign legal systems and, once implemented, automated without the need for human judgement that may be biased or bad etc, so no longer able to be trustless. At best they simply automate portions of a contract, which is still a very good thing, but not really what enthusiasts are hoping for.
Obviously you are not a programmer.
>Because the TITAN price falls to 0 which we have unthought of, the contract will revert the redemption transaction.
And you are DJB.
Laws still apply to things handled with smart contracts. You can't say "well sure the escrow contact did the wrong thing but it's code so you can't come after me for your money back".
The problem is that lots of smart contract enthusiasts embrace them for the same reason they embrace crypto currency: they see it as a way to avoid government institutions that they do not want to have to work with or trust. In fact they want the entire contract to be trustless: agree to the terms, implement them in code, and and since the rest is automated you don't have to trust that the other party won't follow through.
I don't see how that can actually work in an automated fashion. Whether it's traditional government or some other legal system or analog, you need a resolution layer above contract layer, but at that point you've lost a lot if what enthusiasts want in smart contracts.
Your phone's alarm is also not a critical transaction worth a person's life savings or the wealth of a country or a transaction involving life-critical supplies etc. The bar is a bit higher here, and even the most reliable systems ever designed have the ability to insert human judgement when the rare issue happens. Smart contracts are supposed to be appealing because they avoid the need for biased/imperfect judgement in favor of something "trustless", or at least that's the vision many see for them.
Contracts can also have hundreds or thousands of clauses, making "sufficient reliability" a much higher bar than an alarm clock. Especially because many of those clauses entail human concepts that would be extremely difficult to translate into code: What is the algorithm for determining "force majeur"? That's a pretty basic clause that appears in many contracts, but I don't know where you'd even begin to get a computer to understand & properly identify such events.
I don't see a pathway to sufficient reliability in smart contracts anywhere on the horizon, save for very simple cases. Even then, here we have IRON, which should have been relatively simple as these things go, but failed because the simple case of "Titan has no value" was not considered.
If the former system were to be irretrievably corrupt, teetering on the edge of collapse, and the proposed replacement were capable of replacing it then it would be worthwhile.
The existing international financial system is corrupt, the judiciary in most of our world is complicit, but it is not on the edge of collapse (look how brilliantly it sailed through the 2008 crises. It used its political power to get the middle classes to bail out the super rich). The proposed replacement (cryptro currencies) has no support from cryptographers (I am not one) nor finance geeks (that I have been). It is even worse that that which it proposes to replace.
Additionally in most of the Western World we have the democratic institutions that can be put to use to fix the system. Economists are slowly coming around to recognising the catastrophic mess that the current system is, how it is sapping our vitality as a community, enriching the few (hi Unicorn founders - fly to Mars please) and impoverishing the middle classes.
We can fix this. But we have to give up on single fixes (like crypto). This requires modern system thinking....
I am a PhD student in cryptography, and judging by the papers I've read there is plenty of support from cryptographers, many of whom are directly involved in research and development. Silvio Micali is practically a founder of modern cryptography (and Turing Award winner), and he co-created the blockchain Algorand. There is also plenty of opposition, as the subject elicits strong opinions, but the assertion that cryptocurrency has no support from cryptographers is just false.
Hyperbole on my part, oops. Sorry about that.
I am not a cryptographer, but I do pay attention to cryptographers. Well, some cryptographers.
So thanks to your helpful comment I looked up Silvio Micali. He has rather faint endorsement, but endorsement it is.
I do not think there is a solution in this space that works economically or financially.
What we need is a unit of exchange that: holds its value reliably, allows a lot of transactions, has low over head, allows anonymous transactions.
A central bank could build a system that does the first four, but they have no incentive to do the last.
Aside from the vocal minority of BTC maxis that jerk off to the idea of making a crypto-revolution, no serious developer in crypto wants it to replace the existing systems and institutions. We "only" want to create an alternative for the times and places where the current institutions are insufficient or dysfunctional.
And as a member of the middle class, I personally think it's a feature that cryptocurrency can't be inflated to bail out the rich. If banks knew that they weren't going to get bailed out, they wouldn't have taken as many risks and we would have avoided the whole crisis in the first place.
The concern might be more on the policy and regulatory side of the world.
Lots of chains have holding entities or foundations (nominally for governance, really to justify their premine or "reserves") and seem rather vulnerable, especially if they pay the core developers.
The CEO of that entity won't take your calls but they are absolutely exposed to the whims of the legal system in their founding jurisdiction.
Vitalik did not pass any legally binding decree to get people to comply, and the worst thing that happened to people who disagreed with the change? They got left to play with the other chain.
For this one you need programmers and computers.
On both cases, if you go in blind or wing it you might get burned.
I'm not convinced that programmers and computers can bootstrap to that level of experience very quickly. I think a decade ago I was more optimistic on that possibility, but a decade of repeating history has made me a bit more pessimistic on that ability and cynical about the motives of most people involved.
Evading the law (whether the court or a regulatory body such as the SEC [civil] or DOJ [criminal]) is typically a "bad thing" for the person or people intending to or successfully doing so.
https://www.sec.gov/spotlight/cybersecurity-enforcement-acti... (SEC Cyber Enforcement Actions, control-f "blockchain" | "crypto")
https://www.ropesgray.com/en/newsroom/alerts/2021/March/The-... (The CFTC Signals New Era in Enforcement of Cryptocurrency Trading with Action Against Antivirus Software Pioneer John McAfee)
https://www.jdsupra.com/legalnews/doj-activity-on-cryptocurr... (DOJ Activity on Cryptocurrency: A Six-Month Review)
https://www.reuters.com/world/us/us-court-authorizes-irs-see... (U.S. court authorizes IRS to seek identities of taxpayers who have used cryptocurrency)
> Is A Smart Contract Always A Legal Contract?
> No. Because a smart contract is computer code, a smart contract may represent all, part, or none of a valid
legal contract under U.S. law. Smart contracts function – in whole or in part – to give effect to legal
contracts. Thus, smart contracts are the programmatic means by which some or all of the terms of the legal
contract are performed. It is the underlying contractual terms that are given legal effect.
That legal contract and the contractual terms is what is evaluated and governed by the legal system. Smart contracts are fancy business logic snake oil salespeople are attempting to sell as the law of the land.
When I get my car fixed at the mechanic, I am paying for the service but at no time do I transfer ownership to him. One procure we could follow is for him to do the repair, give me my car back, ask for payment, and then pursue me in court if I refuse to pay. But instead, the procedure is that he just keeps the car in his garage until I pay. (If I want to call the police to get my car back, I can, but now I have to explain to them why I'm not paying, and enforcement is much easier.) This forces me to respect the agreement we made - repairs in exchange for money - in a more robust way than any contract ever could.
In other words: things you might call "evading the law" in fact can be useful and then shape the law. If we were to adopt a principle like "anything that looks like it's trying to evade the law must be dismantled", we'd be worse off.
At the time Jefferson promoted the law, a lien-like privilege already existed in civil law countries like France, the Dutch Republic and Spain, with some laws even tracing their roots to the Roman Empire. And since control of Louisiana had passed between the French and Spaniards, and had largely adopted the French Napoleonic Code, there was a similar privilege concept in that territory."
Like, do you think there was a long-standing issue with people not paying their bills because the liens weren't enshrined in law, and a bunch of clever legislators got the brilliant idea to introduce it? No! It's been happening since before laws were written down, and the formal laws were crafted to fit this existing custom.
Except when they don't, which is... most of the time?
It's true (and I would hope obvious) that a smart contract doesn't play like a legal contract, but aren't the vast majority of them intentionally doing things that are orthogonal to contract law?
Or irrelevant to it? You can buy Beeples all day but you still don't own a copyright, and this doesn't seem to be a problem for anyone.
However, if you let all parties review the smart contract (the source is on the chain, you can check it) and agree with it's workings and sign a 'human' contract saying you do agree and then it goes wrong, I think it should be an out. We do not have proper ways to sue for misbehaving software (it happens all the time but MSFT is climbing higher and higher): this is easier to verify but we are adults here: if you agree to put money in smart contracts, you should have verified the code. And if you think the code is flawed, do not put money: otherwise do not complain afterwards. It is not that hard.
That's not how it works. Courts generally operate by ambiguous standard of what reasonable people and reasonable experts can actually do given the state of technology.
No reasonable software engineer can tell you that a piece of code is flawless. I don't think courts will agree on a system that has been shown through evidence to be highly flawed.
There are already (many) cases like this, but if I write some software and put it in github, someone else deploys it and people die; that is simply not my fault: it is the deploying person. In normal situations, this is easy to find the defendant here: but on the chain, you won't be able to: anyone can deploy anything and you won't know who it was. So unless you to end open source software, you have no case against anyone.
It's not reasonable to expect software users (even other developer users) to understand or audit code in order to be able to use software -- for anything.
They are open source by definition and no one knows, by definition, who deployed them. It is a very different case.
The fact that other people could audit the software does not absolve the original authors of the fact that they didn't.
If you put on github
And I deploy this in a production environment that kills people with heart rate over 0, do you have any responsibility? No of course not. I do. You have none.
In short: if you put money into something as smart contracts, the only thing you have, and that is literally the intention of the pundits, is that you check the contracts and trust or not trust them. I do not know how this crosses over to other software that has different properties in this thread. That is not relevant. There is no one to sue or say they did a bad job here: you will not know. That is baked in.
As I mentioned earlier in this thread, there is no such thing as bug-free software (even for devices that kill people, as you point out), because bug-free software is categorically impossible within comp sci.
Knowing this comes with great responsibility, even more so when dealing with life... or finances. The developers of this software, as is the case with Solidity and smart contracts in general, have foregone this responsibility.
Another egregious failing of all crypto schemes which I'm compelled to point out is that they fail to use any of their enormous profits to actually fix bugs.
When I was mainframe developer at IBM, the company spent millions of dollars (taken from clients, of course) to find and fix bugs. They paid people good money, including yours truly, for that work.
Today's crypto companies have no such ethics. They (Mr. Buterin, I'm looking at you) have no compunctions after profiting windfalls from their software inventions to actually invest in debugging or fix distribution (or even real error reporting) for the customers. Likewise, they ignore all the UI aspects (and problems) that their inventions have birthed.
This is not responsible software development. It leads to problems like IRON and others in the crypto space. As I said, it is the exact opposite of how, historically, important enterprise software development is done.
It's only for selfish reasons (= money hoarding) that crypto projects don't hire the best auditors and coders in the world to fix their code. They can certainly afford them.
I vehemently disagree that just writing code makes your responsible for it's use. We are so bad at writing good code that all programmers would be living on the streets or in jail. And that is not malice, just how little we understand or underestimate complexity. Which becomes apparent if you indeed try to create some formal proof and give up after 30 pages.
I also believe your last statement does not recognize the vast issue there is with the smart contract world: I am more of the school of Erlang/OTP: just let it crash these days. If you cannot correct a state, we cannot write software for it. No matter the proofs and auditing. If we cannot correct an erroneous state, we are not capable of writing software in that system. And that is smart contracts. Not space craft where we often can upload a patch and steer the other way, not cars where we detect a deviation and correct it. Smart contracts are: if it's done it is irreversible and there are no programmers, provers or auditors who can predict or prevent that. Rollback must exist or this all will go to shit. Which is what will happen.
Edit: I actually do not believe cryptocurrencies have a chance unless there is rollback (something like refunds without merchant consent). I just cannot see what rollback means in this context: I read papers with scifi type of stories how this would work but it does not mesh with cryptocurrency obviously otherwise.
Likewise, humans make mistakes in transactions and if they can't be undone... problems.
EDIT: I should clarify that I don't believe software authors are responsible for use, but rather for bugs.
But that is saying everything is shit. I do not disagree but I do live in this world.
> EDIT: I should clarify that I don't believe software authors are responsible for use, but rather for bugs
I got that but what would it look like? In practice? As that seems impossible to me.
In practice, software companies take responsibility for bugs in three ways today, based on their business model.
Old line companies like IBM paid millions of dollars for people and tools to find and fix bugs and to distribute the fixes to customers. IBM did not wait for you to tell them you had a bug. Their system could tell you if you had a bug that someone else reported. And IBM would ship you a custom tape which fixed that bug and didn't break the rest of your software. Let's call that The Gold Standard. With money, it's certainly possible.
Option 2 is a company like Red Hat. Unironically, IBM bought Red Hat. The reason that, while open source gives you the option to look at the code, most companies don't really want to do that. In other words, Ford could make a lot more money focusing on making cars than they can by hiring people to find and fix bugs in (free) Linux software. Voila! Red Hat offers bug fixing and finding (and a plethora of other things enterprise customers don't want to setup) for a hefty subscription fee. Red Hat has many service offerings in the $10,000/month+ range. Once again, if you pay people, you can find and fix bugs.
Finally, option 3 is a company like Google. They don't really care if anyone else can get open source software to work. But... and this is a big but... they need it to work for themselves. Having built a very lucrative empire on open source (Android, for example), Google cannot afford to wait for "the community" to find and fix bugs. They must pay people and they must pay them well. And, this they do. So while the free open source isn't directly monetized by Google, it's worth their while to pay to keep it up to date and correct. Other companies like Netflix do the same thing.
So there are three ways you can do it today.
What irks me about projects like Ethereum is that, having all these real world models out there, its founder doesn't seem interested in finding or fixing bugs at all. He is relying on "the community" (we know that doesn't work, see #3) and not spending any of his own money on debugging or fixes. In all the real cases where you want fixes to happen (and you want CI/CD to get them to customers), "you", being the publisher or heavy user of such software, must pay.
That's what I mean about responsibility. It's where the buck stops.
But we agree and I will reiterate: without rollback, current human coders cannot write reliable software. So in it's current state, smart contracts are a utopia and no one should trust them, with or without code audit. But if you still want to play a lottery of humanity vs complexity, read the code, think hard and put or not put your money. If you put your money, do not whine after you lost it. You might as well shout at your toilet for the same endresult.
Obviously this doesn't allow you get around laws such as warranties but I don't see why it can't be used if everyone agrees to it.
If you sign a contract to abide by a smart contract that was designed in bad faith or misrepresented I fail to see how that's any different.
Even valid contracts are bound by the law. E.G. you can't sell yourself into slavery. Similarly, a smart contract can be a tool to execute the terms of a legal contract, but if it behaves in a way that would be illegal under a traditional contract I doubt any court in the US or Europe is going to recognize that as legal.
I admit enforcement is another issue entirely though.
Fraud, for example, isn't legal even if you have a cleverly crafted contract that uses wording tricks to technically be true.
I would expect a court to take a dim view of a smart contract that has an obfuscated, non-obvious mechanism for someone to siphon off all the money in an undisclosed fashion. "Code is law", but so's "you can't defraud people".
You are begging the question by presupposing that for every smart contract there could be a possible legal contract that can bind the people who sign it to the results of the smart contract.
If a smart contract is illegal, then any written contract that binds people to the results of that contract would be similarly illegal.
For one, as a general concept the parties to the contract need to actually understand the terms and courts will somewhat regularly throw a contract out if they think there were implications that were not apparent to one of the parties. Smart contracts seem like absolute minefields for this kind of problem.
If your mechanic installs the tires in the passenger cabin, no one cares about the mechanics' lien. Depending on the judge they might not even care about the fine print on the back of the invoice, because installing tires in the passenger compartment is that dumb.
Fraudulent or not, though, you have a pretty heavy layer of protection as the money has already been transferred, and that money is not easy (close to impossible) to freeze.
Any reversal that happens will be necessarily by a threat outside the blockchain, as the governing body can't actually reverse the transaction. It's a second transaction.
On a blockchain, this is absolutely false. The nodes interpret smart contracts. The "legal system" needs to be applied by some kind of oracle or by force to a node operator.
Smart contracts are authoritative in their native environment.
Yes, this is usually how it's done. Business logic is not a legal authority.
"Legal authority" isn't a well-defined object in the evaluation of smart contracts. It is certainly not an authority in the sense that the EVM (or, for other blockchains, corresponding VM) code is.
Is this really a surprise? Nodes don't evaluate common law, they evaluate smart contracts.
That's one of the reasons for enthusiasm for blockchain tech. Not everyone believes in the legitimacy of the state, let alone that the legal system is somehow the proper authority for evaluation of disambigous source code.
This is something that I haven't been able to figure out about blockchain enthusiasts. Assuming the blockchain is wildly successful, it poses an inherent threat to the ability of the modern state to collect taxes. Why do blockchain enthusiasts, who already don't think the state is legitimate, not take the logical next step. A potentially existential threat illegitimate parties that have large militaries will end well for the blockchain how? To put it more glibly, how many divisions has bitcoin?
I like to see cryptocurrency and crypto-assets as a pseudo force of nature. It's not really possible for governments to stop them and they pretty fundamentally change the game for most governments. I personally believe the result of this will be a shift to geoist taxes where taxes are paid on properties or paid by corporations.
The cat is out of the bag and unless governments want to start seriously pushing into authoritarian territory there's very little they can do to stop it. Could China kill cryptocurrencies within their borders? Probably. Now could the US or countries within the EU? Probably not. Particularly in the US I can't see this ever happening. It's too close to infringements upon the first amendment that I can't see any meaningful legislation or regulations sticking.
The emergence of the internet is an incredible happening for humanity, and the gamble that the relic of the state will somehow cork it is probably not a wise one.
Nobody wants war - even the war profiteers don't want it in their hearts. Nobody wants violence or insecurity. At the end of the day, we're all here together on this little blue ball and we have to share power with each other and with nature.
To the extent that the internet is a phenomenon of nature - which I think it's a very reasonable view - it's hardly a "weird trick".
In the case if IRON, the 0.75 in actual money exists somewhere, a bank presumably. Wherever that is, the jurisdiction might be friendly for IRON, or not, but there is in a very real sense no pure native environment for smart contracts. At a minimum, the parties involved will always exist in a physical legal sovereign jurisdiction that regards it's own authority as higher than the smart contract and has some ability-- perhaps limited, perhaps extensive-- to enforce that authority.
> but generally when a person is trying to evade some legal authority, it's probably not for reasons good for society
Reminds me of the "nothing to hide" argument, that only someone trying to commit a crime would need or want protection from the legal system. History paints a different picture.
In the case of smart contracts, where both parties (if I understand it right?) agree that the code defines the contract itself, it seems like saying "... but I made a mistake" (or it has an error) would be very hard to prove. It would be like if you had written in a 3 year no-questions-asked return period into a car contract, rather than a 3 day one, and then tried to litigate when someone actually used that.
This is not really generalizable. Arbitration clauses for example waive one method of recourse in favor of another method of recourse, both already accepted by the courts. I expect you couldn't replace that with trial by combat and expect it to hold in court, but you might be able to argue that a different resolution process with historical precedent would hold - at least you could test it in court.
Important to note that the courts already recognize and/or have precedence for this, and also there are limits to what you can shift here. Finally if the resolution process is not acceptable to one party there are ways to bump it back to the courts.
None of this applies to "smart contracts", which aren't contracts in the legals sense anyway. There is no (yet?) agreement by the courts that this is a valid resolution method, and any issues of contractual law brought before a civil court will be resolved by legal principles, not source code. I suspect that the best you could hope for in the current setting is that the source code + associated communications speaks to intent.
There's no reason to believe that it is impossible that US courts and/or legislation would at some point give some legal status to a smart contract beyond above, but that's not the case today as far I know.
Or something like that. I doubt that's how it will go down here, but it will take a human judgement call or agreement-- not a coded contract-- to resolve this.
> but I made a mistake" (or it has an error) would be very hard to prove
I don't think it would be that hard to prove that the implementation of a smart contract doesn't match the clear intent. The bigger issue isn't the disputability of the contract, but the difficulty of identifing who you would take to court.
The parties might "agree", but who cares? If they are in the US, for example, and the two parties have a smart contract that breaks US contract law, one of the parties can file a lawsuit and attempt to get their money back. You can't go to the judge and say "sorry, the code is the legal authority here".
1. A normal contract (legal or illegal) that requires outside enforcement in the first place to force parties to comply.
2. A smart contract (legal or illegal) that executes itself without outside enforcement and can be overturned later (not literally overturned, but a subsequent transaction can be forced) by meatspace mechanisms
On (2), sure we can find ways to have the execution fail. In fact, anything where there is not fully escrowed payment/collateral/etc. can fail to execute properly if the other side does have not what it needs to deliver/or does not make it available on chain.
Of course, people are very careful prior to entering those contracts, because they know how big of a headache it will be if enforcement is needed!
> In fact, anything where there is not fully escrowed payment/collateral/etc. can fail to execute properly if the other side does have not what it needs to deliver/or does not make it available on chain.
Well, sure, if you write a contract that makes it possible for one side not to pay up, then that might happen. Having software run escrow is basically the whole point..
If you want smart contracts to be only applicable to very narrow sets of problems so be it, but otherwise you need to be able to allow, for example, unsecured lending and highly uncertain payoffs at T0 (staying in the finance domain)
Ok..sure, but I think it's sort of pedantic to bring up a class of contract that, obviously, nobody in this thread is talking about. It's a bad example anyway; even if you are being pretty careful it's simply not a risky transaction and therefor out of scope for complicated enforcement mechanisms like smart contracts.
I don't think smart contracts are very well suited to unsecured lending, at least not with available software. There would be no incentive to pay it back without some mechanism to force collections. Collateralized loans, however, is a great use case that exists already.
This is early stage tech, the scope is pretty small. I don't think anybody is arguing the contrary.
Oh wow. If only this were true. If only they were so diligent in punishing other kinds of things.
Here's something I read recently, from the aftermath of the Libor scandal: https://www.sec.gov/news/statement/stein-waivers-granted-dis... . Really highlights how crazy this whole thing is and how there are really two qualitatively different classes with two different sets of rules in our society.
All the different ways people evade authorities is a large topic. But, you're right, friends in high places help.
There's severe punishment for crimes committed by regular people, and no punishment for crimes committed by wealthy people, even if all things considered the latter manage to harm millions of people with their actions.
Where? As far as I saw there was one bank that thought it was obeying a discreet request from the government, and a bunch of banks where traders said usual trader nonsense (which is "malicious" in a sense, but it's very much part of the norms and culture of trading and the expected functioning of a market, just like a good lawyer should make their case as strongly as possible regardless of their personal beliefs about what happened).
> even if all things considered the latter manage to harm millions of people with their actions.
Who was harmed? If there was any effect of Libor fixing, it was likely that people paid slightly lower interest rates on their mortgages.
There is no trade of risks. The judicial system is still going to assert their authority over contracts. Your counterparty will still be able to contest a contract in court. The guys with guns the court sends out to enforce their verdict are not going to be impressed with "code is the contract" and "blockchain". They will lead you to a (jail cell) block in chains (handcuffs) if you try to defy the court order.
Instead you are trading specification of contracts in a legal language where there has been centuries of experience in writing and interpreting those contracts, for specifying the contract in a new language that is still evolving and where there is not a whole lot of legal precedent on how to interpret them and how to resolve bugs.
These "smart contracts" are not decreasing your risk, but rather increasing it.
(We've seen disastrous bugs overturned by community-consensus hard fork but not to my knowledge by court order). Not yet, but it seems inevitable.
I would very much like to see regulators purposely engage in these activities, and then directly pursue those within their reach. There's no reason to wait for more citizen victims when the model is proven and the government has the resources to set the stage to demonstrate the failure scenario. This is simply a more elaborate sting versus putting a car on the street to be boosted.
This is the true reason they needed to special case <=0.
Clearly the programmers didn't fully think though what would would happen if TITAN reached and got stuck at zero value.
So it is, in fact, a dumb contract. Humans want contracts that make them whole at the end of the day, that's the point of the contract: jurisdiction over the human realm.
Imagine for example if a mortgage contract contained some bizarre inscrutable loophole that as-written would give the first 3rd party to notice it total control over over the house.
This would of course be laughed out of court because that part of the contract wouldn't be enforcable under contract law.
"Code is law" is more accurately written as "code is not law at all".
That's a really good point. They are arguably neither "smart" nor "contracts". Maybe a better term is "automated blockchain agents" or something similar?
Sorry; decentralized autonomous finance is here to stay. There will be less disasters as we go along, but they will be much bigger.
As with vending machines, they have their use cases, but they aren't lawyer "smart" and they certainly aren't legal contracts. I'm not sure how much trouble a better name would have saved everyone, but it might have done a better job of setting expectations.
But a lot of it's good, and more good things will come out over time. It's currently the equivalent of like 1998 in the smart contract space right now.
It's code which does stuff and if you want to be on the safer side of it, you allow time and liquidity to test them out.
If you want to assume risks and possibly higher rewards you get in early (ape, in crypto speech).
It's pretty simple.
What makes it complicated is that they are called smart contracts.
Also, it's worth noting that this contract wasn't audited, a baseline practice in the industry. Most larger contracts go through multiple waves of audits, while this was apparently released with exactly 0 (so hard for me to be shocked when there are issues).
> A code audit likely would have caught this (this type of bug is so common in software development, I’ve probably made it hundreds of times myself), but of course this smart contract was not audited. Only its sister-contract on the Binance Smart Chain, written in a different language, was.
> quite trustworthy
As someone being used to write fixes to code that is 20 or even 30 years old, I had to chuckle.
The alternative is our current, arcane legal system - only interpretable by lawyers who charge $600/hr.
Law is law, code is code. They're two very different things. Code can't prevent someone from using violence to force you to overturn a smart contract's decision. The law can because it's enforced by the state. You could certainly choose to build a system of law that uses code, but code by itself cannot substitute for law.
> only interpretable by lawyers who charge $600/hr.
What do you think the going hourly rate would be for software engineers capable of writing bug-free smart contracts? If adoption takes off I'd bet that it will look a lot like the hourly rate of a good lawyer, or even exceed a lawyer's hourly rate given the impossibility of an appeal if the smart contract is poorly coded.
Also lawyers don't interpret contracts. They draft them and advocate on behalf of their clients in disputes. Judges interpret contracts, and are available as a public service paid for by taxes.
The point where the two realms intersect is challenging but needs to be handled appropriately. It would be great if some of the terms of legally binding contracts could be delegated to automated systems. And when two parties do not actually share a common legal system, then code-based contracts can facilitate transactions that would otherwise probably never happen.
You can hit the developers and the computer has much has you want but no amount of violence will fix the "_share_price > 0".
except for the DAO fork of course, when commit rights were law.
It's not an argument that's going to convert many people, but at least it's honest.
Many of those same people could make and were making money through other forms of cybercrime for years. Even without cryptocurrencies, new technology will always keep coming out that'll facilitate and potentiate more cybercrime.
To me, the answer there is and has to be geopolitical. Whatever crime they're committing, if it's against a foreign national, they have zero fear of repercussions, and that lack of fear is totally rational because there's basically no chance they'll ever face repercussions even if their real name and address is plastered in a million places. If they knew they could be extradited, or at least sentenced to serious prison time in their own country, and that there was a significant chance of it happening if they were to be identified, then I'm convinced most of them would behave differently.
The lawyer problem is even worse than not being able to interpret the contract. The code isn't even a contract, legally. When conflicts arise from these deals, courts will settle them the way they always have. They won't read code and then decide that "code is law." That's something programmers made up that will also never be true.
In comp sci, the halting problem says we can never guarantee that, given some input, a program won't halt. "Halt" is another way of saying "stop without doing the intended thing," which is what we call a bug.
One of the ways this translates to everyday debugging is that humans cannot ever know the range of all possible inputs or conditions to a program. We don't have that ability any more than we can give someone a list of all the words that can be made with the letters A-Z.
If we cannot write down what all the possible inputs might be, we cannot be sure that one of them doesn't cause halting!
By the same token, as useful as they are, no set of regression tests can prevent all bugs for the same reason: it simply isn't possible to come up with a set of regression tests that is in any real sense "complete" (ie: ensures no halting).
The halting problem was proved mathematically by Alan Turing and applies to all Turing computers, so we know it applies to smart contracts. In fact, the inability of the developers to conceive of one possible input (a zero value from the oracle) is what led to halting in the case of IRON.
To make the problem worse, even knowing that halting (aka bugs) was a possible outcome (a likely outcome, even), not only did the company apparently not seek any outside code audit, they locked down the contract (because it's "law," lol) so that the code can't be fixed even though it's now known to be broken.
So there's the stupidest kind of programming ever. Smart contract is a name in the same vein as the Ministry of Peace in Orwell's 1984. It is anything but smart. It is known to have bugs (halting problem) and they cannot be fixed (locked down "by law," rotflmao).
This is particularly the case with ownership of money. If you've put money in a bank, and the bank says "sorry, due to a programming error you can't get your money back," that's on the bank. They are legally required to try and get you your money back.
Similarly, legal contracts (as opposed to defi smart contracts) must contain certain elements to make them legally enforceable. These include such elements as capacity (the capacity of the signer to enter into a contract, which can take into account whether they can fully-understand the contract) and adequate consideration (whether the contract is blatantly unfair to one party). So a contract that seems reasonable but might have some complex edge-case that requires extreme fine-grain parsing or auditing to see how you might end up with no money may not be legally-enforceable at all.
In the defi world, it seems like you're entering into a contract that's written in code, but there's no requirement to be able to actually parse and have the capacity to understand all the code that is written in the contract (or omitted, in the case of edge-cases the programers didn't think about). This seems like it wouldn't fly in any legal contract.
Much later I learned all you had to do was copy and paste a Solidity program and then promote it.
Guess I dodged an ethical bullet in my ignorance, but still...
Pyramid Schemes have the originators (the "top" of the pyramid) win lots of money, while the base (the "bottom" of the pyramid, where most people are) losers. And the top barely did any work to get there: they just took the money from people below them.
The general rule is that if the majority of money does not come from selling to retail customers (either directly or downstream), but rather from recruiting new members, then it's a pyramid scheme.
See: Herbalife and Ackman vs. Icahn.
Or AFLAC. (I'm not saying they are an MLM, but I've been personally approached for a "job" that seemed to be sales with no qualifications needed and I wondered)
There's more detailed information on a different page including the following quote which I think supports the general rule I listed in my original comment:
> ...[Amway's] sales plan was not an illegal pyramid scheme. Amway differed in several ways from pyramid schemes that the Commission had challenged. It did not charge an up-front "head hunting" or large investment fee from new recruits, nor did it promote "inventory loading" by requiring distributors to buy large volumes of nonreturnable inventory. Instead, Amway only required distributors to buy a relatively inexpensive sales kit. Moreover, Amway had three different policies to encourage distributors to actually sell the company's soaps, cleaners, and household products to real end users. First, Amway required distributors to buy back any unused and marketable products from their recruits upon request. Second, Amway required each distributor to sell at wholesale or retail at least 70 percent of its purchased inventory each month -- a policy known as the 70% rule. Finally, Amway required each sponsoring distributor to make at least one retail sale to each of 10 different customers each month, known as the 10 customer rule.
Lastly, just because people disagree about the nuances of the rule, does not mean the rule doesn't exist. I feel very comfortable with my original statement, and those in favor of e.g. Herbalife would vigorously argue that meet my definition of MLM, while those who think its a scam would argue that they don't meet it.
Bill Ackman declared: 'Herbalife has actually been shut down by the FTC, they just haven't realized it yet'
But Herbalife management, and Carl Icahn, said that the FTC had determined it was not a pyramid scheme despite the $200M fine.
The chair of the FTC denied that they determined it was not a pyramid scheme - but at the same time, they carefully didn't say it was.
I'm just saying you can't really treat the FTC as the ultimate authority, because even they don't know.
Aunt Meg, is that you? I told you to stop it with the essential oils already.
* (A lease in your name on Lexus that they will cover the payments on so long as you keep consistently bring in a statistically unlikely amount of product every month for the entire 72 months you were signed up for)
On a forum I used many years ago a regular was forever pushing an MLM and I investigated how it worked, just to try to understand how screwed he was rather than out of any misunderstanding that MLMs are a good idea.
It was one of those health juice MLMs, and what I realised was very clever was that the business structure was set up so as to on the one hand make it less obviously an MLM, and then on the other hand ensure the scammers were insulated from the scam.
There's a pretty ordinary over-complicated compensation package, with tiers of distributors getting a percentage from those beneath them in a structure that sure looks like a pyramid - and imaginary "consumers" who buy at the supposed retail prices at the bottom of the pyramid. But the juice itself is bought exclusively from a separate company at an inflated price.
If the government shuts down the MLM company, few there were getting rich, it's just a handful of people out of an office somewhere. The big money flows into the juice manufacturer selling this awful tasting muck - and they can claim they know nothing about any pyramid scheme. Selling cheap juice for lots of money isn't a crime it's just capitalism.
Aside from the amusing programming error, the main problem with much of the "smart contract" activity today is that doing anything remotely interesting requires an oracle. An oracle is basically a server that reports the outcome of an event. And servers can be attacked in ways that systems like Ethereum can't.
So a lot of the hype around Ethereum and its "smart contracts" is really people just misunderstanding the security model. The weakest link is a server in a dorm room or data center reporting a number.
Here the oracle is doing the right thing. But it could easily go the other way.
This has been the problem with smart contracts since day one. It is that simple.
Thank you! I've tried to put it into words before but I think this is as close to perfection as one can get while describing why smart contracts are not what people believe them to be.
This has been seen in practice, for example in the Fulcrum hack:
While Chainlink has its own host of issues and risks, there are still valid reasons why companies are paying them and their node operators good money to feed price contracts for ERC-20 token pairs.
It doesn't have to be an API. Side channel attacks can provide unintentional oracles. For example, if you have a password checking function that takes longer to return a false result for "close" inputs, then it leaks information that can be used to crack passwords (simple O(n) string comparison would be an example)
My uneducated inference is that an oracle is a data source and you can hook into it from the smart contract. The oracle seems to live off-chain and live on a traditional server/DB.
Please correct me if the above is way off!
Decentralization is a spectrum. But I would argue this approach is far more secure than naive oracle implementations.
Not all applications need oracles. It depends on whether your smart contract needs information about the world outside of the blockchain.
However, I can think of an exception. Augur is a prediction market that doesn't use a trusted source to resolve bets. It doesn't get a lot of use these days, and probably won't before scaling resolves gas prices, but the bets that have been live on the system have resolved correctly.
On further inspection, it seems like they'd just need to get the price up to the 6th digit. I'm not sure it's feasible though.
How on earth does something like this happen?
"[EDIT: I’ve since learned that the developer(s?) behind this are already the laughing stock of the DeFi community, having wrecked each of their 3 previous projects (now 4) — though this might be their biggest hit yet]"
Screwing up the maximum supply seems like an enormous blunder while I kinda understand the assumption that “price > 0” if they’re supposed to be backed by 75% usdc.
It doesn't need to be. It's basically a bug in the code. They didn't consider TITAN price being 0 to be possible, so they didn't write their code in a way to handle it correctly.
A random guess for why they had the price > 0 check. They might have had code like this:
// Returns (usdc_to_withdraw, titan_to_withdraw)
usdc_price = 1 // guaranteed: USDC price in USD (aka USD/USDC)
titan_price = GetTitanPrice() // TITAN price in USD (aka USD/TITAN)
iron_price = GetIronPrice() // IRON price in USD (aka USD/IRON)
usdc_to_withdraw = iron_to_withdraw * iron_price * 0.75 / usdc_price
assert titan_price > 0
titan_to_withdraw = iron_to_withdraw * iron_price * 0.25 / titan_price
return (usdc_to_withdraw, titan_to_withdraw)
If you want to handle the ability to withdraw USDC even if the TITAN price is 0, you have to make the code more complicated. Likely not just this function, but the system as a whole, because it'll mess up all the accounting.
This is exactly what crypto-enthusiasts claim is going to happen to the US Dollar and I've never heard mention of crypto taking pity on fiat by offering to give them crypto when the bottom finally falls out of fiat.
So why should anyone else be responsible for people who took a calculated risk that blew up in their face?
Yes, this sucks for them. But this shit happens. Don't throw good money after bad.
There are a lot of people with USDC locked up in the contract and they might be willing to pay a share of it to unlock it.
A calculated risk is that you put money into something which may end up losing all of its value; not that your collateral becomes locked in a safe with an accidentally lost key. They had a reasonable expectation that even if the value was totally lost, they wouldn't have their collateral locked forever. Their investment, yes, but not their collateral.
Sure, one always has to account for extreme scenarios when doing anything, like the risk of a critical flaw in the code. But to give another extreme gambling scenario:
Let's say you put your car up as collateral for a huge gambling bet. You of course take a calculated risk that if you lose the bet, you lose your car. Then let's say you back out of the bet after putting up the collateral, or you even win the bet, but there was a mixup at the casino and they thought you lost the bet and they took your car without you realizing it and it's on another continent now.
In both scenarios, you hope that you can at least get some kind of compensation from the people you entrusted the collateral to, since it was just a complete fuckup on their part. You know you're not guaranteed to get anything, but I think it's reasonable to try to ask for compensation. If you just took a bet and the value plummeted, then you know it's tough luck for you and just a standard high-risk high-reward scenario that you ended up on the losing side of, but this is something else.
(At least if I'm understanding this properly and the collateral really was purely collateral. Seems to be a bit complicated because they were attempting to make a... stablecoin... pegged to an intentionally volatile asset, somehow.)
>This is exactly what crypto-enthusiasts claim is going to happen to the US Dollar
It's mostly just Bitcoin maximalists who think that, and they're a small subset of people who own Bitcoin. This is Binance Smart Chain (basically a copy of Ethereum), and I'm sure some BSC/Ethereum users believe something similar, but it's a much smaller percentage than even Bitcoin's small percentage.
Also, I don't think they think every dollar is secretly embedded with nanobots that'll encase the bill in titanium after someone at the Fed trips and falls on a big red button, which is what would be analogous to this. I think they think the dollar will lose most or all of its value due to hyperinflation. I think that's a completely unfounded belief based on an unfounded philosophy, but it's a different and entirely unrelated thing.
They literally handed their money to a computer program that works outside of human control and cannot be interfered with... which means if something goes wrong no one can intervene and sort it out. This is a risk they took willingly. It's not the first time a computer program malfunctions, and won't be the last.
That's true in general, but in this rare case anyone's USDC can actually theoretically be recovered in full if the price ever manages to get just barely above 0 for a period of time and they pull it out during such a period.
If nothing can be done, you have to just take the loss. But here something can actually be done, and it's not like it's infeasible. Just hard.
If it's possible, what would make it difficult? Or what would make it impossible?
I kind of thought that there isn't normally any requirement for any particular volume of trading to set a price.
Similarly the expectation for anyone trading crypto surely has to be that it’s a risky volatile asset class where you can lose all your money in a variety of exciting new ways, and if you are parking some of that money in dollar stablecoins some of that expectation ought to carry over. If you want to put your money somewhere safe, there are banks and money-market funds and Credit Suisse supply-chain funds, and if any of them go bust then that is a potential financial-stability problem. If you want to put your money somewhere safe for crypto, there are stablecoins, and if any of them go bust then that is a brief distraction from the crypto exchanges losing their customers’ money in other ways."
Reasons why this might NOT work:
1. The oracle "broadcasts" the price to the network, which other services may rely on. Broadcasting a false price could hurt those services, and the oracle would lose credibility.
2. The oracle's price is somehow tied into other blockchain mechanics (i.e. it can only report a price that the network consensus agrees is true)
I'm not sure how #2 could be true, since the purpose of an oracle is to provide information that the blockchain can't determine on its own.
EDIT: More info on the price oracle in use here: https://docs.iron.finance/mechanism/pricing-oracle
Still not sure the exact mechanism, but #1 seems to be the concern. Chainlink can't readily tamper with the price feed that may be in use by others.
edit: Nevermind, I misread. It's -0.0961, apparently.
I don’t know what the Oracle is using but it would be amusing if something else means the price is “stuck” at zero once it hits zero.
Isn’t that just a Ponzi scheme?
In a ponzi scheme, the perpetrators will not willingly directly reveal that it's a ponzi scheme.
In cryptocurrency, the perpetrators are honest and transparent about it being a ponzi scheme, but surround it in so much techno-babble that they make it sound like a ponzi schme is what you WANT.
There were ponzis some years back like OneCoin and BitConnect.
If you just have a large amount of a worthless asset and you convince other people to buy it on the market to pump the price up (mainly via social media and “influencers” these days) and then you dump it at the top then you have a…
I think this isn't quite right in all cases. I think some people know it's a Ponzi scheme and genuinely do want a Ponzi scheme. They just want to get in and out quickly. It's gambling. Sometimes you're a victim and you lose money, and sometimes it works out and you make money.
> If the price of IRON goes down from $1 (good) to $0.95 (bad), you just issue some TITAN (worth $65) to buy some IRON until it’s worth $1 again. And if IRON keeps going down, you just issue some more TITAN (worth $60) and buy more. And if IRON keeps going down … [you can fill in some more iterations here] … you just keep issuing TITAN (worth $0.000000035) and at that point you’re not accomplishing much. If you could sell 286 trillion TITAN at $0.000000035 each you’d raise $10 million. That’s probably hard. There are 285 million IRON (formerly worth $1) outstanding.
So probably not a Ponzi scheme but also not a scheme that was created by someone who can think two steps ahead.
What you're describing is what they tried (and failed) to avoid. How can you make it to the "I’m wondering if this can last mathematically?" part of this article and still think there's a mastermind behind all of this?
The main innovation is that there's no one to sue. The founders can just print themselves a bunch of coins and remain basically anonymous.
They also bypass regulation, because its on the web?
Regulators are asleep at the wheel. This entire category of 'technology' should have been snuffed out years ago for the good of us all. Now, look around us as GPUs and other chips are out of stock, cities face blackouts due to coin mining, and the major use of these coins is to fuel ransomware attacks that take down critical infrastructure.
All entirely pointless - or even outright negative - activity.
This is more like if you bought a lot of dollar bills that were 75% backed by gold and %25 backed by Dogecoin. They are comparable in that both keep working as long as no one tries to cash out, and money keeps coming in.
So...a Ponzi scheme?
They are comparable in one way however.
I think a lot of people saw The Wizard of Lies and "Ponzi scheme" is the only financial scheme they're familiar with, so it gets thrown around a LOT.
But yeah let's keep arguing over semantic definitions.
This whole thread looks like someone saying "No, a boat is not a car" and the other going "but it does have an engine, right? It's a car. Let's not argue semantics"
Usually the go-to lazy catchphrase is "we're just arguing semantics!" but "semantic definitions" is new.
These coins are ponzi-like in that only the earliest of adopters have any chance and only if they know enough to get currency out without hitting an inflection point that brings down the whole thing. But that’s where the similarity ends - the mechanism is different, they don’t operate like a Bernie Madoff and they’re honest about the whole process.
This is something else and while it’s Ponzi-like, it’s a different beast. I don’t think there’s anything particularly wrong with expanding the definition of Ponzi scheme for now, just so we have something to educate some irrationally exuberant retail investors…
To program one you need to think about all the edge cases. The programmers here likely did want >0 here. The possibility that the thing feeding price data return zero incorrectly was higher than the price legitimately being zero in their minds.
There is no court or lawyer who can interpret the spirit of the contract.