A vulnerability of a smart contract in one private DAO fund firstly to the leak of cryptocurrency worth tens of millions of dollars (billions as of today) and then to the hard fork of the second-largest blockchain network Ethereum. You can find tons of articles investigating those events, including a wiki page. Even though the purpose here is conclusions, let us refresh in memory what happened five years ago.
The DAO was a startup that ran an investment fund in Ether (ETH) and operated as a smart contract on Ethereum. The DAO is a proper name that founders decided to take as a reference to a general concept of a decentralized autonomous organization, or DAO. The fund claimed from the very beginning that they operate under the terms and conditions of their smart contract that was nothing more than a code of a program deployed on the blockchain. Their website contained no legal terms and conditions, but a notice proclaiming the supremacy of the machine code over any human-readable text to explain this code.
Though, The DAO became infamous due to a vulnerability in their program that allowed an unknown user to drain one-third of their funds. The loss of 3.6 million Ether valued at the time at around $60 million, or around $7.3 billion as of today. In view of negative implications and high public pressure (the fund had more than ten thousand investors) faced by Ethereum, the network leaders decided to introduce a retroactive hard fork of their blockchain.
In the result of the fork, the funds in The DAO were moved to a recovery address, as if the leakage had never happened. Thus, the fund’s users could claim their investments back. There were objectors of the hard fork, and so those who objected continued to use the original Ethereum blockchain, calling it Ethereum Classic (ETC). It operates till these days utilizing the genuine chain of blocks where the Unknown owns the drained funds.
One of the major debates was around the question: Was it a theft at all? The United States Securities and Exchange Commission (SEC) investigated the case and published their report. Even though they did not put it as the main question, their report contained the words “steal” and “attacker” as if it was qualified by default. To this day, there has been no criminal investigation, or at least the authorities failed to address it properly.
Interestingly enough, right after this conduct, the Unknown (let us call them more neutral, not the “attacker”) published an anonymous letter stating that they did not believe it was a wrongdoing or any kind of violating either of law or terms, referencing that infamous statement on The DAO’s site of the prevalence of smart contract. Many commentators in fact supported the conclusion that the Unknown did nothing wrong, as they exploited the legitimate feature of the code, which objectively existed and was even known to the developers as some investigations further showed.
Regardless of who did that, the case still has a lot of unanswered questions that are much broader than it may seem, and much harder, if not speculative. These questions must be addressed by philosophers, governments and blockchain communities in order to move forward.
The case has shown the world how smart contracts might be vulnerable, which makes the whole concept of “Code is Law” questionable (American legal scholar Larry Lessig came up with this concept much earlier than the invention of blockchain). It also showed how retroactivity in blockchain can occur when the majority supports it, despite the broadly referenced feature of blockchain, to remain immutable.
What is the point of it, if alternative forks in history are possible? Do all the merits of technology multiply by zero? What if this is not a flaw but an advantage that we should learn how to work properly? Let us go even further, what if we encountered a new phenomenon in law and governance? Should parallels be drawn to find answers?
- Parallel from…