Five Lessons from the DAO Debacle
After my post last week on Microsoft’s Project Bletchley, a number of people who downloaded the smart contracts white paper I made available asked me what I think of the DAO brouhaha and what it implies for DAOs specifically and smart contracts in general. DAO stands for Decentralized Autonomous Organization and is defined by wikipedia as
“an organization that is run through rules encoded as computer programs called smart contracts. A DAO’s financial transaction record and program rules are maintained on a blockchain.”
However, and somewhat confusingly, the DAO people were asking me about was not the general concept of a DAO, but a specific DAO set up as a quasi-venture capital effort to fund worthy startups.
The DAO was founded as an exercise in idealism; people could fund the organization and then democratically choose which projects it would invest in. Depending upon how the funded projects did, the contributors would receive returns. All of this was spelled out in the DAO “smart” contract, which was comprised of computer code written in a language called Solidity and executed on the Ethereum blockchain.
The point of DAOs generally, and the DAO specifically, is to operate autonomously, according to the governing contract, with no human intervention required; in fact, theoretically, no human intervention is allowed. As one of the DAO’s originators put it when queried about the DAO’s legal status, “Customer protection on blockchain is insured via smart contracts, not legal systems. Code is law.” Independent, autonomous, and untouched by the law. So goes the theory.
In the real world, in case you missed what happened with the DAO, shortly after it was launched, someone (still unknown) took advantage of an unanticipated aspect of the DAO contract to redirect a large amount of money ($60 million of the total $150 million) to his (or her) address. One condition of the DAO is that disbursement of funds does not happen immediately, but occurs after a waiting period, which provided an opportunity to respond to this unplanned event. Needless to say, this redirection of funds was not at all what was intended to happen — but it did.
Naturally, there was a great deal of consternation about what should be done. At the time of this writing, it appears the response will be a “hard fork” in the underlying Ethereum code to return all monies to the original contributors. This certainly prevents the instigator of the “hack” from profiting, but is it the right thing to do?
In this extremely thoughtful piece, Greg McMullen took the position that changing the underlying execution environment to fix the problems of one smart contract was over-reaction — and setting a dangerous precedent.
In another thoughtful piece, Ira Miller considered the situation and came to the opposite conclusion — that smart contracts are in their infancy and room should be made for human intervention via arbitration as is necessary.
On TechDirt, Zach Graves weighed in, noting that there is plenty of blame to go around about this unexpected outcome, but closing with a plea that regulators not look to this one event as a blanket indictment of all smart contracts or even decentralized autonomous organizations themselves.
But what should we take away from this event with regard to smart contracts, DAOs and their future? Here are five lessons from the DAO debacle:
Lesson One: This was a debacle
When one creates an investment vehicle and someone accesses it and drains 40% of its funds, it’s a debacle. The fact that a solution has been found does not negate the problem it addresses. Someone discovered a vulnerability in the DAO’s underlying contract and exploited it to his or her advantage.
As the differing perspectives outlined above (and many others) illustrate, every response to hack evinces drawbacks. For what it’s worth, I believe that what appears to be the chosen response is the most palatable in the circumstances. As put in the movie Argo, this idea is the best bad idea of all the bad ideas. The alternative of doing nothing is unacceptable, and would almost certainly draw legal and regulatory intervention (which, it must be noted, may still occur — even, as some people have stated, on the part of the hacker who could maintain that his or her actions were entirely consistent with the DOA’s contract and therefore should allow taking the $60 million).
It’s extremely unfortunate that the first high-profile DAO should end so ignominiously, but the fact that it is the first means it’s critical that the problem be addressed. Otherwise, the result could be the permanent tainting of the concept of a DAO — or even of smart contracts as a class.
Lesson Two: This was an entirely foreseeable debacle
The only thing surprising about this hack is that anyone was surprised. Attacks against the DAO were entirely predictable, and one or more successful attacks were highly probable, for the following reasons:
- The DAO controlled large amounts of money. To paraphrase Milton Friedman, large amounts of money always and everywhere motivate criminals to attempt to access them by bypassing their governing rules. It was a given that many criminals would try and figure out how to steal money from the DAO.
- The DAO’s unique character — an anonymous blockchain-based investment vehicle — was bound to attract highly technical individuals to examine the code and develop methods to attack it. In effect, the DAO was an irresistible technical puzzle to be pored over and analyzed. It’s one short step from finding a vulnerability to exploiting it.
- The DAO’s contract — and sophisticated smart contracts in general — are complex software programs. Anyone who has been involved in large software initiatives — and I’ve spent my entire career in the field — know that complex software applications always have bugs in them, that even what in retrospect are blindingly obvious major bugs are often overlooked by everyone who looks at the code, and the bugs are always more egregious and dangerous early in an application’s life. For the initial DAO to be so ambitious, it was a given that there would be significant vulnerabilities early on.
So, no one should be surprised at this turn of events, which leads to the next point.
Lesson Three: The right path forward is to start with small, well-understood, and constrained agreements
In engineering, the typical path of innovation is incremental improvement on an existing technology base. If one thinks about it, this makes sense. Rather than trying to create an entirely new operational infrastructure in which to deliver innovation, engineering initiatives take most of the environment as given and improve one or more elements. In terms of the total environmental change, no more than one or two percent is modified via the initiative — but that initiative can have enormous effect, and lead to further innovation as the initial engineering initiative plays out. In Silicon Valley, this approach is captured in the well-known aphorism: “Don’t try and boil the ocean.”
As an example, consider Tesla. While the delivery of an electric vehicle was, by itself, a significant change, Tesla did not attempt to modify the entire personal vehicle reality. It relied on existing roads, existing human driving skills, existing auto manufacturing techniques, and existing road laws. It was able to restrict its changes to vehicle drivetrain and fuel refilling — and even that was a huge undertaking. By contrast, self-flown flying cars have been a staple of technology magazine for over fifty years and have never come to fruition, because they require the simultaneous delivery of too many disparate elements — vehicles, governing law, human skills, and infrastructure.
Smart contracts are a very new phenomena, and it makes sense to restrict as many elements of them while the domain is explored. This would argue for taking well-established legal processes with well-understood and -governed practices and convert them to smart contracts. This is the path that Microsoft’s Project Bletchley is taking. Many current large financial institutions are exploring how existing financial practices can be replicated in smart contracts, with an eye toward streamlining them and removing cost and opaqueness.
This approach may not sound exciting, but it builds a foundation for future, more transformative efforts. Once the basics are in place, smart contract adoption and complexity will accelerate. One can count on it — the technology is too promising and there are too many well-funded and motivated participants eager to extend the promise of smart contracts to many other domains.
Want to better understand smart contracts? Download the “Smart Contracts: Four Benefits and Three Challenges” white paper.
Lesson Four: DAOs and smart contracts need some kind of oversight and intervention
As I noted at the beginning of this piece, much of the enthusiasm for this DAO, and DAOs in general is based on idealism. It’s no secret that our current financial system is unfair and seems to many a rigged game designed to enrich insiders and the well-connected. One of the great drivers of bitcoin and blockchain from the beginning was to provide a level playing field for participants and to motivate participants to deliver a “fair” financial system. This idealism drove the creators of the DAO to assert that it stood alone and outside the existing legal system, and governed itself; to repeat the earlier-quoted item from Techdirt: “Customer protection on blockchain is insured via smart contracts, not legal systems. Code is law.” Zach Graves goes on to state that he doesn’t believe that position is tenable.
Nor do I, for two reasons. First, as Graves notes, asserting that something is not bound by existing financial regulations is not the same as it not being bound by those regulations. These regulations have been put into place over many decades to deal with information asymmetry: a financial promoter, who knows much more than a buyer, taking advantage of the buyer’s knowledge deficiency to unfairly make money. Moreover, these laws have been written to provide flexibility in application, since financial promoters are so ingenious in exploiting practices that are not explicitly prohibited. And, in any case, all it takes is one ambitious prosecutor or district attorney who sees a financial mess as a way to build a career to bring the heavy hand of the law down on a financial promoter.
The second reason is more important. It’s early days for smart contracts and the industry is still learning about them. As they are built out and explored, it’s absolutely certain that unexpected behavior and outcomes will occur. It’s critical that there be some way to address these kind of events; otherwise, extremely bad outcomes that cannot be avoided will be inevitable byproducts of autonomous smart contracts.
And I’m not sure we would want or accept that world. When the first DAO lays someone off to improve the financial performance of the organization, you can bet there’s going to be a clamor for intervention. As a simple example, look at the turmoil associated with proprietary prison sentencing algorithms.
The current system of financial oversight is far from perfect. But I don’t think the right alternative is a fatalistic surrender to the dictates of a smart contract.
Lesson Five: This should not dissuade smart contract and even DAO exploration
One possible — and extremely unfortunate — outcome of this DAO would be a general dismissal of the potential for smart contracts and even DAOs themselves. We are in the midst of a huge and increasing expansion of technology in our economy and everyday lives. Each of us throughout the developed world, and increasingly within the developing world as well, experiences better and healthier lives due to technology. However, one of the most frustrating and restrictive holdouts within this trend is the financial services industry.
From the challenges of the underbanked to the irritations of what I call the overbanked ($30 per month for a checking account, charged just because, well, the bank can get away with it?) to the inefficiencies of daily transactions (why does every home refinance require a fresh title insurance and result in a huge mound of paper to be signed?), it’s clear that there is huge room for improvement and innovation in the sector.
I’ve been tracking and researching the current governmental policy initiatives going on around the world with respect to bitcoin and blockchain(s), and have been, overall, very impressed. It would be easy for these institutions to disdain any change to the existing system, but instead they seem to be actively supporting the role of new technologies in the financial services arena — even within core governmental responsibilities like currency and financial instruments.
To this point they do not seem to be viewing the DAO as anything to change that stance; of course, let’s face it, $160 million in their scheme of things doesn’t even qualify as rounding error! One hopes that they will not veer from this as the saga plays out, and that they remain positively disposed toward distributed ledger and cryptocurrency technologies.
Likewise, one hopes that the larger financial services industry does not let the DAO dissuade it from continuing exploration of these technologies, either. There is too much potential in the area to throw the baby out with the bathwater.
In conclusion, I hope that a year from now the DAO will be seen as a very unfortunate occurrence that served as a relatively inexpensive wake-up call as to how to proceed in the field of smart contracts. Any other outcome would be extremely unfortunate, as the potential in the area is almost unlimited.
Download the “Smart Contracts: The Benefits and Challenges of Blockchain Agreements” white paper.
