A vulnerability of a smart contract in one private DAO fund firstly to the leak of cryptocurrency worth tens of millions of dollars (billions as of today) and then to the hard fork of the second-largest blockchain network Ethereum. You can find tons of articles investigating those events, including a wiki page. Even though the purpose here is conclusions, let us refresh in memory what happened five years ago.
The DAO was a startup that ran an investment fund in Ether (ETH) and operated as a smart contract on Ethereum. The DAO is a proper name that founders decided to take as a reference to a general concept of a decentralized autonomous organization, or DAO. The fund claimed from the very beginning that they operate under the terms and conditions of their smart contract that was nothing more than a code of a program deployed on the blockchain. Their website contained no legal terms and conditions, but a notice proclaiming the supremacy of the machine code over any human-readable text to explain this code.
Though, The DAO became infamous due to a vulnerability in their program that allowed an unknown user to drain one-third of their funds. The loss of 3.6 million Ether valued at the time at around $60 million, or around $7.3 billion as of today. In view of negative implications and high public pressure (the fund had more than ten thousand investors) faced by Ethereum, the network leaders decided to introduce a retroactive hard fork of their blockchain.
In the result of the fork, the funds in The DAO were moved to a recovery address, as if the leakage had never happened. Thus, the fund's users could claim their investments back. There were objectors of the hard fork, and so those who objected continued to use the original Ethereum blockchain, calling it Ethereum Classic (ETC). It operates till these days utilizing the genuine chain of blocks where the Unknown owns the drained funds.
One of the major debates was around the question: Was it a theft at all? The United States Securities and Exchange Commission (SEC) investigated the case and published their report. Even though they did not put it as the main question, their report contained the words “steal” and “attacker” as if it was qualified by default. To this day, there has been no criminal investigation, or at least the authorities failed to address it properly.
Interestingly enough, right after this conduct, the Unknown (let us call them more neutral, not the “attacker”) published an anonymous letter stating that they did not believe it was a wrongdoing or any kind of violating either of law or terms, referencing that infamous statement on The DAO’s site of the prevalence of smart contract. Many commentators in fact supported the conclusion that the Unknown did nothing wrong, as they exploited the legitimate feature of the code, which objectively existed and was even known to the developers as some investigations further showed.
Regardless of who did that, the case still has a lot of unanswered questions that are much broader than it may seem, and much harder, if not speculative. These questions must be addressed by philosophers, governments and blockchain communities in order to move forward.
The case has shown the world how smart contracts might be vulnerable, which makes the whole concept of “Code is Law” questionable (American legal scholar Larry Lessig came up with this concept much earlier than the invention of blockchain). It also showed how retroactivity in blockchain can occur when the majority supports it, despite the broadly referenced feature of blockchain, to remain immutable.
What is the point of it, if alternative forks in history are possible? Do all the merits of technology multiply by zero? What if this is not a flaw but an advantage that we should learn how to work properly? Let us go even further, what if we encountered a new phenomenon in law and governance? Should parallels be drawn to find answers?
- Parallel from governance and law. Statute laws adopted in a democratic way (e.g., by elected legislators) reflect the consensus of the majority. Normally, the minority must obey. They cannot violate the law. If code is law, and the blockchain is a “statute” where this law is written and executed in the form of a smart contract, then what is a hard fork? Is it disobedience? Unlikely. Blockchain retroactivity and hard forks are always a possible option. The hard fork is a legitimate way (from the perspective of the code) for the minority to protect their interest and split away from the majority if the ledger is altered or other unwanted changes occur. Hard forks and retroactivity are not breaches or malicious acts — they are normal in this technology.
- Parallel from business. Ethereum itself can be thought of as a kind of business, i.e., miners create and validate blocks and get revenue. If so, how is it possible that the business falls apart? A department cannot become separate from the company just by the will of such a department. However, this can happen based on the decision of the shareholders or the authorities (for example, a court). Normally in companies, functions of governance and production are distinguished, e.g., shareholders and a factory. Thus, who are miners: the authorities or the producers?
- Parallel from criminal law and justice. There are opposite opinions on whether the Unknown committed a crime or legitimately exploited an undeclared possibility of the code. The DAO has never introduced terms and conditions in human, spoken language and declared that the smart contract defines the terms. Thus, there is no official contract in a traditional sense, so we can define a breach. Any human words to describe that code would be someone’s interpretation. Those who do not think that it was a crime emphasize that “nobody put a notice of trespass.” The poor design of the smart contract could not protect the fund. Users were free to act at their discretion, while there were no legal prohibitions. People are not punished for drinking from a creek if there is no sign of private property. Hence, contractual and private laws did not protect it. Interestingly, the SEC used the words “attacker” and “steal” in their report, but no criminal investigation was found through further government reports.
- Parallel from a mob law. If it was a crime, then what was the hard fork? Was it a mob law? Stealing “back” is not a legitimate way of justice and return of property. In a civilized society, it is classified as a crime as well. There are police, prosecutors, courts and marshals set up for exactly that. Was it a phenomenon of new blockchain justice, based on a specific form of digital democracy?
- Parallel from anarchy. If it was neither a crime nor an act of justice, then what? Maybe it was a pure form of market competition, where no authorities and state power exist. Then, there is a word that describes this and that is anarchy, which can be defined as “the state of a society being freely constituted without authorities or a governing body,” or in this case, cryptoanarchy.
All these questions are yet to be further explored. Doing so will ensure the development of a better public policy towards blockchain technology and a better strategy for future DAOs.
This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.