DAOs, Hacks and the Law

“The DAO” is in the midst of an epic hack due to an exploit on the originating smart contracts. Unfortunately it may seem that their own choice of legal infrastructures may force them to honor the exploit instead of the intent.

Smart contracts meet the law

While the specifics vary from land to land, the law has a broad set of parameters that are uniform. They govern the agreements made between humans and the rules which bind them.

Curiously, the DAO, in order to show it’s adherence to a certain form of “smart” contract stated that it would be fully and exclusively bound by these blockchain smart contracts.

As lehmakook points out on Reddit, this is explicitly stated in the legalese on the DAO’s own website:

The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation.

By any usual interpretation (including those commonly used by Slock.it’s team in the past hours) the hacker has stolen money from other users and violated the intent of the DAO.

However, according to the DAO’s own legal contract, there is no such thing as theft and the intent is completely unimportant — the only important and relevant thing are the smart contracts themselves. Consequently, there is no real legal difference between a feature and an exploit. It is all a matter of perspective.

For example, one interpretation is that this unusual recursive splitting function is itself a feature and that a user simply used this feature to take funds into a sub-DAO. In some ways this is no different from what Slock.it attempted to do via its own proposal, except that instead of running it through the voting system it ran it through a splitting smart contract.

From the standpoint of the submitters of the original capital, this may seem an egregious departure from the marketing pitch. But from the standpoint of the DAO, there simply is no difference between the two. And the legal contracts seem to point to the DAO as the canonical version.

What happens then if there is a soft fork (as Vitalik has suggested) or a hard fork and rollback (as Stephan has suggested) ? In both cases they seem to be violating the law, since the only explicit intent contained in the previous iteration is to honor the smart contracts themselves as they exist.


There are many ways to iterate, and it is not always clear that the fastest way to the objective is the one that will produce the best results. However, the DAO world is an interesting one, in that, in a fully distributed system, anyone can do anything.

Who could have forced the DAO to iterate more slowly? And who will correct its mistake? If indeed, there is anything that even can be called a mistake given the context?

In time, it may be the courts that decide these things. I do not know quite how a court would decide, but it is quite possible that in the eyes of the court, the hacker is himself simply a legitimate operator operating in the bounds of the smart contract and it is those who are attempting to change the smart contract post facto that are violating the law.

Indeed, it could even be the case that the “hacker” in this case could sue Slock.it for damages and the return of funds if the smart contracts were altered to “protect investors,” or whatever else our new regulatory system is attempting to do.

“Too big to fail” seems to be a reoccurring wherever open markets and crowd dynamics intersect. Is it any surprise we see it again with the DAO? Will the distributed dream die along with the first widely adopted Decentralized Autonomous Organization?

Or will it arise again, smarter and stronger? At the very least, it must be smarter than the smart contract itself.