January 31, 2019
The Hard Fork in DAO Road
Last Sunday, 60 Minutes told of Jerry and Marge Selbee, who made millions beating the lottery. https://www.cbsnews.com/news/jerry-and-marge-selbee-how-a-retired-couple-won-millions-using-a-lottery-loophole-60-minutes/. The retired couple from a small town in Michigan discovered that when no one wins the jackpot of a "rolldown" lottery, lower placed winners in later games stood to make 60% to 80% on their money if they played often enough. So, the Selbees invested and reinvested in lottery tickets, tens of millions of dollars' worth, first in Michigan and then in Massachusetts. Over 9 years, they made over $8 million in profits. It was all legal. They didn't cheat the game, and no one suggested they should return their winnings.
That's a far cry from what happened to the person known only by his Marvel Comics villain's name, "The Attacker." He gamed a smart contract and exposed a problem with the blockchain world. But not the one you might think.
Smart contracts sound like science fiction, but I know of only one literary example. In Mark Helprin's 1983 novel Winter's Tale, a vacuously pompous New York City billionaire (reminiscent of a real one, who was famous then and regrettably still is) agrees to pay a million dollars to ask a super-computer one question. Unhappy with the answer ("I don't know"), he stiffs the computer. "Just try collecting your bill!" he shouts to it. At that,
The computer summoned the registration numbers of every single financial instrument in [his] substantial portfolio, and before he was out the door a legal brief had been filed and answered, a judgment rendered, his accounts attached, the appropriate fees and penalties confiscated, and news of the case flashed to every newspaper in the country.
That's an idealized smart contract. Over a decade later in the mid-1990s, software engineer Nick Szabo first articulated how to write a real smart contract. https://ojphi.org/ojs/index.php/fm/article/view/548. Another decade after that, in 2009, Satoshi Nakamoto invented the blockchain. In 2015, Ethereum launched a blockchain designed to implement smart contracts, which was the last piece needed to create a distributed autonomous organization, a DAO.
A DAO is a virtual organization that, once set up, is governed entirely by smart contracts. The smart contracts of a DAO execute transactions on a blockchain according to their code, to fund projects, collect revenues, pay expenses, and distribute profits, all without centralized controls.
Centralized control is the bogey-man of the blockchain world. In theory, blockchains do away with centralized authorities. In theory, no central authority can alter transactions recorded in a blockchain. As a result, DAO smart contracts recorded on and executed through the Ethereum blockchain should not be hackable. In theory.
In May 2016, Slock.it, a blockchain developer in Germany, set up a DAO fancifully called "The DAO" and tested that theory with all the hubris of sailing the Titanic through an ice field. The DAO raised about $150 million selling DAO tokens in exchange for Ethereum's cryptocurrency, ether. But then The Attacker diverted a third of The DAO's ether to his own account. The DAO code was in no way compromised. The Attacker followed it to the letter. As did the Selbees, The Attacker simply found a way to profit that others had overlooked.
But Slock.it's and Ethereum's human masters didn't like it, because it wasn't what they intended. So they engineered a complicated countermove that became known as "The Hard Fork." They recoded the Ethereum blockchain to forcibly split it in two, retroactively from a time just before The Attacker's move. Like in every time-travel movie you ever saw, in the new Ethereum, the Attacker was prevented from acting, so all of The DAO's ether remained intact to be returned to its token holders. And also like in every time travel movie, this created two alternative Ethereum universes. In the legacy blockchain, now called Ethereum Classic, The Attacker still owns his ether, but can't access it. In the new Ethereum, where The DAO and its token holders now reside, The Attacker never got his ether in the first place. See https://coincentral.com/ethereum-classic-vs-ethereum/.
To the DAO and the Ethereum community,
I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether . . . .
I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms . . . .:
"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain . . . . Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO's code . . . . The DAO's code controls and sets forth all terms of The DAO Creation."
A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract.
. . .
Yours truly,
"The Attacker"
In other words, the code is the code. If you're serious about blockchain autonomy, you can't undo a transaction on the blockchain that you don't like. A minority of Ethereum users agree. They won't recognize The Hard Fork and will only use Ethereum Classic. According to them, what happened, happened, and people should just have to live with the consequences. https://ethereumclassic.github.io/.
And really, it's hard to see how The Attacker did anything more nefarious than the Selbees with their millions of lottery tickets. The Selbees discovered a profitable feature of the lottery and were lionized on 60 Minutes. The Attacker discovered a profitable feature of The DAO code but was vilified as a thief. Why the difference? And what impelled the powers that be at Slock.it and Ethereum to so blatantly violate the prime directive of blockchain immutability in order to undo The Attacker's work? Well, we can be pretty sure the answer to that. Slock.it and Ethereum were responsible both for creating and for not clearly disclosing the bug in The DAO code that The Attacker exploited. They faced potential liability to The DAO's token holders of about $50 million. By imposing The Hard Fork, they protected themselves as much as or more than any DAO token holder.
In its famous 21(a) Report on The DOA, the SEC did not discuss Slock.it's and Ethereum's self-interest in imposing The Hard Fork. The SEC stuck to the more pedantic question whether The DOA's tokens were "securities." https://www.sec.gov/litigation/investreport/34-81207.pdf. Yes, that's an important first question to ask. But it's also too easy to answer. The harder, subtler, and perhaps ultimate regulatory issue silently lurking in the saga of The DAO, The Attacker, and The Hard Fork is this: If Ethereum's management could modify its blockchain in response to The Attacker, they can modify it in response to anything else they feel threatens them. Who governs their use of that power?
The DAO suggests the Dao (often spelled "Tao"). The Dao is rendered in English as "the Way," as in the Way of the World, the Way of Life -- the Force, if you wish. From it stems Chinese Daoism. The Dao de Jing, its seminal text, teaches, "When the Master governs, the people are hardly aware that he exists. . . . When his work is done, the people say, 'Amazing: we did it, all by ourselves!'"
Blockchain mandarins often ignore the shadow Masters when they describe smart contracts and blockchains as working all by themselves. The creators of our autonomously executing smart contracts have moved on, they say, and cannot cancel even half a line of the code they have writ. Maybe. But if that were really true, The Attacker could still use his ether. In the fury of The Hard Fork, we can see the Masters' hands. The Hard Fork confirms that where there's a will, there's a way, even in the blockchain world. The blockchain Masters have power, and we know that those with power tend to benefit themselves at the expense of those without. That's the point of regulating anything, cryptosecurities very much included.
Aegis
J. FrumentoStern Tannenbaum &
BellCo-Head,
Financial Markets Practice
380 Lexington
Avenue
New
York, NY 10168
212-792-8979
Aegis Frumento is a partner of Stern Tannenbaum
& Bell, and co-heads the firm's Financial Markets Practice. Mr.
Frumento represents persons and businesses in all aspects of commercial,
corporate and securities matters and dispute resolution (including trials and
arbitrations); SEC and FINRA regulated firms and persons on regulatory
compliance issues and in SEC and FINRA enforcement investigations and
proceedings; and senior executives of public corporations personal securities
law and corporate governance matters. Mr. Frumento also
represents clients in forming and registering broker-dealers and registered
investment advisers, in developing compliance policies, procedures and
controls, and in adopting proper disclosure documents. Those now include
industry professionals looking to adapt blockchain technologies to finance and
financial market enterprises.
Prior to joining the firm, Mr.
Frumento was a managing director of Citigroup and Morgan Stanley, a partner and
the head of the financial markets group of Duane Morris LLP, and the managing
partner of Singer Frumento LLP.
He graduated from Harvard College in
1976 and New York University School of Law in 1979. Mr. Frumento is a frequent
author and speaker on securities law issues, and is often quoted in the media
on current securities law
developments.
NOTE:
The views expressed in this Guest Blog are those of the author and do not
necessarily reflect those of BrokeAndBroker.com Blog.