Could Attacker Use "Clean Hands" on Dao Codes Based on Ethereum Platform?
The world of cryptocurrencies has just opened a Pandora's box through the recent incident where an attacker was able to remove funds to a Child DAO. The story progresses rapidly due to the use of smart policies contracts in real life.
The world of cryptocurrencies has just opened the Pandora's box through the recent incident where an attacker was able to remove funds to a Child DAO. The story progresses rapidly due to the use of smart policies contracts in real life.
A live interview between Andreas M. Antonopoulos and two well-known lawyers, Brian Klein and Pamela Morgan, as well as Taylor Gerring, a Blockchain Consulting Expert for Ethereum, discussed this revelation.
On Twitter, the hashtag #ltbdao saw many asking questions about the situation that arose following the publishing of a letter from the attacker to the Ethereum and Dao community.
In it, the attacker claims that he has done everything “by the book” and has also given free Bitcoins to simple miners of Ethereum. He refutes the accusations brought by the community, purporting himself to be some kind of Robin Hood-esque figure.
Antonopoulos asked about the intersection of law and the DAO in the wake of the DAMN proposal. Morgan, as a founder and expert in the field of justice, has said that all this is a great experiment, for everyone, developers, lawyers and even went on to say that what happened is a good thing for the future of DAO and other similar platforms.
All the discussion cannot be considered as legal advice for now or for the future.
The contract is the code, where does that lead us?
Morgan said that since there is a contract, then we have a law called “equitable remedies”, which are implemented in Common Law. In this way, a judge could also take into consideration other parameters. Andreas also explained the contract, how the code was written, what it's purpose was, and what we see as a result of its execution. That's the Dao exploitation.
Morgan said that in legal terms, the DAO is a “general partnership”, and the jurisdiction lays on the state that the “general partnership” has occurred. This could bring another argument from a DAO holder: what if the contract could not be applied in another state?
“General partners” have full liability between them, but should also have loyalty. The DAO holders should also have a choice of law and a choice of venue, in order to apply Terms and Conditions.
Taylor Gerring, a blockchain expert for Ethereum, has expressed his worries about the amount of money the DAO raised so quickly.
The letter that the attacker sent was also discussed by Morgan and Gerring. Both believe the letter shows that the attacker is a legally “savvy” person.
Brian Klein said that the decisions should be based on common logic by the legal community, since it involves them.
A lot of proposals in the Ethereum and DAO community have alread created their own solutions, from hard forks, soft forks, and even a blacklist of the attacker. The obvious outcome is that a lot people have lost a lot of money and this situation should be taken seriously for the future of smart contracts.
Who should supervise the codes of contracts?
Another discussion has arisen on the topic of who should have the responsibility of supervising the codes of contracts and take reprecaution of them. View the full discussion here.
Christopher Franko, a Blockchain expert and Lead Developer at Expanse, was asked to share his opinion on this situation.
He says that the code did allow for this behaviour to happen, according to the DAO’s own legal contract. There is no such thing as theft, meaning intent is irrelevant and the only thing that matters were the smart contracts themselves.
"Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of the DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of the DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, the DAO’s code controls and sets forth all terms of The DAO Creation."
According to Franko, even the method the attacker used is considered a feature of solidity. What the attacker pulled off is exactly what Slock.it was planning to do, it’s just the attacker used the split method to achieve the goal faster.
What he finds more interesting than the attack was the discussion that popped up afterwards and the steps the Ethereum devs have decided to take. The lead GETH developer, Jeffrey Wilcke, has submitted a pull request that will essentially implement blacklisting into GETH.
“I find this incredibly troublesome and it sets an insanely dangerous precedent. Today we are bailing out friends who made a bad decision to participate in a poorly written contract, tomorrow every oppressive state in the world will be wanting their list of transactions and contracts blacklisted. Either we accept turing-complete contracts with their consequences, or we admit the Ethereum platform is a failed experiment and the concept of purely mathematical smart contracts is simply a fantasy that cannot work in the real world without the support of the current legal system. The later would be a real shame. I personally don't support compromising any network with a hardfork to recover my friends lost value. It's irresponsible and dangerous.”
Rayan Goutay, a regulatory consultant in crypto law and Blockchain strategy, and FinTech and RegTech says:
“I don't think the hacker who exploited this loophole will be protected by the Law. I believe the court will see the DAO as a general partnership between DAO token holders. In this case only a DAO token holder could do the exploit and as a member of the partnership every token holder have duties such as working in good faith, fair dealing etc. so the hacker is breaching the main rule of partnership where you cannot act adversely against it.”