An unknown individual absconded with $60 million dollars worth of Ethereum from the DAO last week. Early reports treated the disappearance of these funds as theft, but the truth may be far more interesting. In the days that have followed, it has become clear that the money was gained as a result of a flaw in the smart contract that controlled the DAO. Though unmoderated access to funds was an unintentional quirk in the code, the “thief” may not have done anything wrong. They were merely participating within the guidelines established by the individuals who coded the DAO. Nothing was hacked, nothing was broken; the Smart Contract itself executed flawlessly. The problem was not in the code, but in the human component.
There has never been a successful attack on Bitcoin that was not the result of a faulty human element. Given mans susceptibility to errors, is it fair to refer to Blockchain technology as trustless?
What is “Trust”?
In our community, trust generally refers to a reliance on the intentions of an unknown party, in order to complete a transaction. Proof-of-Work allows us to send and receive transactions, confirmed by third parties, without any risk of theft or falsehood. It allows a transaction to be confirmed, but not accessed by the intermediary. In Smart Contracts, it means that you don’t have to rely on a persons intent to follow through with the circumstances of an agreement. Once certain parameters are met, a smart contract is meant to self execute a predetermined set of results, without intermediary action.
What went wrong?
In past years, hacks at exchanges were the result of either poor coding, poor security, or both. The DAO is no different, having been toppled due to oversights by everyone involved. It was the fault of the developers, for trusting $250 million dollars worth of Ethereum to a platform that had never been tested. It was the fault participants for blindly contributing to a platform that they hadn’t taken the time to understand. The one place blame for this tragic outcome should not be held is with the technology itself.
What happens now?
The system worked as designed, based on the parameters set forth in the code, yet the outcome is regarded as substandard. Acting to take back Ethereum from the “thief” may amount to unlawful seizure, if it is determined that the Ether was obtained legitimately. Both a soft fork and a hard fork have been proposed, in an attempt to make DAO contributors whole once more. The soft fork would freeze the Ether, making it unspendable, while the hard fork would roll back the entire network, effectively reversing the split. Many have argued that such an event would irrevocably damage Ethereum, and all smart contract platforms. Some believe the loss should be accepted, and treated as a potent learning tool as we move towards building stronger platforms in the future.
No matter the project, there will be flaws and unforeseen consequences to reconcile with, as long as humans are involved. While the Blockchain may not require our trust to execute an agreement between parties, we must remain diligent in our examination of what is written in the agreements themselves – as with any contract.