Experience keeps a dear school…
By Daniel M. Ryan
The fallout from The DAO's implosion has continued its unpredictable scattering since last week's update: a hidden vulnerability in the mechanism to soft-fork Ethereum was found by the same fellow who found the exploited vulnerability in The DAO's smart-contract code. Once this news flew around the Ethereum world at the speed of Internet, the previously-popular soft fork to freeze the stolen funds was scrambled away from at the speed of "Oh ----!"
With the soft fork now a risky bet because of that attack vector, there's more and more pressure for a hard fork to alter the blockchain ledger so as to reverse the theft – and, to give The DAO a decent burial. The bulk of Ethereum's heavyweight techies, including the fellow who found the denial-of-service vulnerability, have been repeatedly lobbying for the hard fork.
Interestingly, and portentously, one Ethereum heavyweight made the argument for a hard fork in two Medium posts that contain a too-big-to-fail argument in all but name. In Part 1, he argues that The DAO has a huge resource in the community it's gathered; many of them are optimistic naïfs. He argues that their naiveté should not be punished by letting the hacker keep his ill-gotten Ethereum. This community, he argues from a marketing standpoint, will be a great asset to Ethereum if they're saved but a huge liability if they're let down. He doubles down with big-to-fail when he says that the hacker's hoard – if not recovered – will make him a major and permanent threat to the entire Ethereum ecosystem. In Part 2, he reinforces the point by saying that an unremedied blockchain will mark Ethereum as too risky – too perilous – for startups and other fintech innovators to use. Leaving Ethereum's blockhain unaltered will ruin Ethereum and all its hopes.
The parallels to the standard defense of too-big-to-fail are pretty durned obvious, especially to political junkies like you and my humble self. It's all there, including the old-hat rhetorical trick of casting one's opponents as religious dogmatists. The same trick is used in a bullet-point exhortation from another Ethereum heavyweight, Jack du Rose.
I can imagine a financial regulator chuckling as he reads them and saying: "Welcome to the party, pal!"
But in the real world, the fallout from the collapse is saddening. Not only did it put Slock.it's smart-lock project on hold, but it also flattened an ostensibly minor project that had the potential to transform the smart-contract ecosystem from a jurisdictionless jungle to a genuine virtual jurisdiction. It's the brainchild of Pamela D. Morgan, and it's called the DAMN Project.
DAMN, This Is Complicated
Back in a bygone age when too-big to-fail was associated with Paul Volcker, there was an old programmers' rule of thumb that said: "Easy to use means hard to program." It bit hardest on the programmers that were developing then-new graphical user interfaces. As with programming in general, a lot of bugs and kludges came with the users using the program in a way that the developers didn't anticipate.
The vision of cryptocurrency sees a world where it's feasible to conduct trust-free transactions through automating Trust-and-Safety departments. It's surprisingly hard to implement. Something as simple as exchanging one cryptocurrency for another is fraught with complex and subtle bugs. These permit unexpected behaviour that amount to a bait-and-switch, passing on a counterfeit bill or a fraudulent good that'll be found out later, or grabbing the payment out of the cash register before it closes. There's only one solution that I know of in the cryptocurrency world. It's powered by an engine called Automated Transactions, a pioneer smart-contract suite developed by Ian Knowles of CIYAM, which enables exchanges between two minor cryptocurrenies. Right now, you can conduct a "cross-chain transaction" between BURST and Qora but that's pretty much all.
The above cross-chain engine, as hard as it was to develop, only deals with the <i>simplest</i> type of cryptocurrency transaction. There are a lot more pitfalls when it comes to exchanging a digital currency for another type of good or for regular money. Even now, PayPal is notorious for allowing a malicious buyer to scoff a refund for the cryptocurrency he bought after receiving it in full. Since cryptocurrency is irreversible by design, it's easy to see how a malicious purveyor of goods – or a malicious buyer through PayPal - could use irreversibility to scam a buyer.
The standard remedy in the cryptocurrency world is human escrow, made possible by a multi-signature wallet. In an escrowed transaction, the cryptocurrency is deposited into a specially-created escrow wallet that has three private keys associated with it. Two out of three of the keys are needed to sign off on a withdrawal from this account, making it a two-out-of-three multi-signature wallet. One of these keys is sent to the buyer, one to the seller, and the third to an escrow agent who's selected by both buyer and seller to oversee the transaction.
The buyer starts things off by sending the purchase price to the escrow wallet, after which the seller swings into action. If nothing goes wrong, the buyer and seller both agree to send the funds to the seller's wallet. If there's a dispute, the seller contacts the escrower agent. If the agent decides that the seller fulfilled his part of the bargain, he signs off on the send with the seller and the latter gets paid. If he sides with the buyer, the funds either stay frozen in the escrow wallet until the seller comes through or they get refunded to the buyer.
This procedure is long-embedded in the cryptocurency economy, most notably for over-the-counter sales of alternative cryptocurrencies and as an optional feature of cryptocurrency pre-sales. Pre-sales done through the altcoin exchange Bittrex are automatically escrowed.
Under normal circumstances, this system works well. Some Bitcointalk vets have made a name for themselves as trustworthy escrowers. But a skeptical person can easily see the pitfalls. What if an escrower colludes with one side at the expense of the other? This collusion should arguably be a career-killer for the escrower, but a glib escrower who picks his spots by colluding against an unpopular or voiceless transactor could get away with it from time to time. More subtly, what if an escrower has a tendency to side with one side at the expense of the other? Ebay's Trust And Safety department is notorious amongst many disgruntled sellers (start with the second complaint) for favouring buyers. And yet, eBay hasn't been hurt at all. Arguably, it's benefitted from tilting the playing field the buyers' way. Its legion of trusting buyers means that a seller will find it more difficult to sell her wares elsewhere. So, otherwise-disgruntled sellers have to put up with the tilt for access to eBay's huge marketplace. This oft-noted tilt does show that strict disinterest is not necessarily the career-maximizing stand for an escrower.
With these flaws in mind, an under-the-radar altcoin named Bitbay has a built-in feature called double-deposit escrow. To transact with Bitbay, both the seller and the buyer must deposit some of its cryptocurrency into a two-out-of-two multi-signature account. It only releases the deposits back to the depositors when both parties agree that the sale went through properly. Both of them have to agree within a specified period of time, or both will forfeit their deposits. Thus, both parties have a clear incentive to make things right with each other directly.
It's an innovatively clever way to secure transactions, as it does not need a possibly corruptible escrower. Granted that it's an extra hassle for the buyer, particularly a buyer who rather likes eBay's Trust and Safety tilt, but it does have use cases in the here and now. One Bitbayer uses it to place peer-to-peer bets on the direction of the euro. With this example, it's easy to foresee Bitbay powering a corruptionless over-the-counter alternative to binary options. But from an uber-geek perspective, Bitbay's system is not ideal because it's not automatic. Conceivably, a vandal-type of bad guy could sabotage a transaction he's involved in and see his own loss as the price of inflicting pain – like a bar-bully type who accepts getting hurt, bloodied or even injured as the price for landing a series of haymakers on the face of someone he hates. Double-deposit escrow, as clever as it is, will not deter this type of character.
Smart Contracts And Smart Law
One of the lullers with respect to The DAO was the assumption that on-chain smart contracts are less complicated than ordinary transactions. For transactions use, a smart contract is a chuck of code that sends out Ethereum ethers if certain conditions specified in the code are met. Because Ethereum miners have to validate the code before adding it to the blockchain, and because each miner has to independently run the code when the smart contract operates, the decentralized nature of the system ensures redundant auditing of the code's execution. This auditing should make, say, a simple contract like a tontine both trustworthy and straightforward. A tontine is an annuity plan combined with a reverse-life-insurance wrinkle. When it starts, subscribers deposit an equal amount into the tontine's account. Each subscriber receives an equal share of an annuity payment until (s)he dies. As more subscribers die, assuming the total annuity payment is fixed, the larger each survivor's share becomes until the final survivor gets the entire payout ration. Once the last subscriber passes away, the tontine is wound down and the remaining funds are sent to a designated heir or set of heirs.
This should be straightforward to program, right? On a fixed day every year, each depositor into the tontine contract has (say) a week to acknowledge that (s)he's still around. At the end of the week, the contract divides the annual payment between all the subscribers who sent in an acknowledgment message. Any one that doesn't is missing and presumed dead for the basis of the contract. Since each mining node makes sure the contract runs as programmed, there should be no problems.
Straightforward, right? Not quite. Since this kind of smart contract really takes its cue from an acknowledgment message from an active account, there's a very easy way to get around its terms: just leave the details of your Ethereum wallet and its password in your will. The smart contract, seeing your heir(s) still sending the acknowledgments, will assume that you're still alive and thus break the terms of the agreement by sending a share to "you."
The above example makes it clear that the financial-contract field is full of outside pitfalls too. This consideration inspired Ms. Morgan to team up with Andreas Antonopoulos to craft the DAMN Project proposal. Had The DAO not been derailed and had it been accepted, The DAO would have funded a team effort to come up with smart contract code snippets that implement basic commercial-law principles. Interestingly enough: that same too-big-to-fail proponent, Hibryda, wrote an incisive Medium post that mentions a similar initiative at the level of hard code. The post, which discusses the failings of Ethereum's smart-contract language Solidity, also discusses an adaptation of Coq – a stable language used to prove mathematical theorems – for use as a smart-contract generator. Instead of starting with axioms and generating theorems, this hypothetical language would start with generally-accepted principles of commercial law. It would generate smart-contract code that executes a contract whose operation can be scrutinized with analytical techniques instead of trial-and-error. If implemented, this "commercial-law prover" would be a huge advance.
"…But Fools Will Learn In No Other."
In retrospect, the new-frontier idealism embodied in The DAO did contain a fair bit of foolhardiness. That's certainly the consensus of these Bitcoin heavyweights, who almost unanimously think that an investor-saving hard fork is a bad idea. Just let The DAO investors suffer their losses, let The DAO be Ethereum's answer to the Mt. Gox implosion, and move onwards sadder but wised-up.
The trouble with this straightforward argument, though, is that The DAO's failings have been calling Ethereum itself into question. The DAO was not an exchange; it was a creature of Ethereum's own blockchain and created by Ethereum's own programming language. As such, it's far more intimately tied up with Ethereum than Mt. Gox was to Bitcoin.
Moreover, Ethereum being wounded will call into question the whole notion of Turing-complete smart contracts. It's a well-known fact in the Bitcoin world that Satoshi Nakamoto deliberately hobbled Bitcoin's scripting language so as to make it not Turing-complete. He was worried about infinite loops, which the Ethereum developers took account of by requiring small payments of ether to run each computational step in a smart contract. But the wounding of Ethereum is going to prompt some Bitcoiners to invoke the "wisdom of Satoshi" to say that Turing completeness in a cryptocurrency is just plain dumb.
Ethereum's facing a baby-and-the-bathwater dilemma. Should its community hew to the no-rollback principle that's mainstream in the cryptocurrency world, even though doing so would impugn a quantum leap forward to an age where financial and even legal matters are administered by incorruptible code? Or should they alter the blockchain ledger to save The DAO's token holders and proceed to build a less buggy ecosystem with the sadder-but-wiser experience that can only be learned the hard way, even though doing so opens up the possibility of a too-big-to-fail slippery slope? Are they visionaries who stumbled, or are they fools whose hubris induced them to defy the greater wisdom of Satoshi Nakamoto?
Given the pressure that Ethereum's bigwigs are exerting for the hard fork, it looks like the grand project to digitize finance and even commercial law will proceed forward after a necessary regroup and reconnoiter. Undoubtedly, The DAO disaster will be noted by future historians as the crucible that impelled Ethereum to "grow up." Smart-contract law will eventually be developed, and something like the DAMN Projectwill see the light of day. Ethereum likely will emerge as the mainstream-friendly cryptocurrency, even if the price of doing so will be allowing an emergency measure which – like the bailout of the Continental Illinois Bank ‘way ‘way back in 1984– sets a precedent that's harmless until it isn't.
Daniel M. Ryan, as Nxtblg, is shepherding the independently-run Open Audi Initiative Prediction Market Shadowing Project. He has stubbornly assumed all the responsibility and blame for the workings and outcome of the project.