Monday, 1 August 2016

Smart contracts and dumb principles: a primer on ethereum, the DAO hack, and the hard fork

When Satoshi Nakamoto conceptualized the blockchain in his bitcoin whitepaper back in 2008, the emphasis on its inherent immutability was patently obvious. "The network timestamps transactions", the abstract ran, "by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed ..."

Of course, he wasn't using the term blockchain yet ... but it would pick up soon.

Eight years hence, the blockchain has become more than just a buzzword in a select set of silos around the world. Computer scientists and math nerds are excited about the technology for what it is. Finance folks are peering in its direction, their noses quivering in anticipation of what this strange entity could mean to them. Law practitioners are, unsurprisingly enough, trying very hard to make it all about them. Government officials are still (mostly) scratching their heads and trying to figure out whether they can make easy money out of it. And if not, how to diss on it.

Some people have heaped enormous praise on the blockchain, calling it the next big thing, in terms of the magnitude of disruption it will cause on society. Others have been more cautious, calling it an un-sexy, un-glamourous, but important milestone in the history of accounting - much like double entry bookkeeping. Yet others have dismissed it as a fad, as a huge bubble that will one day burst. But whether they appreciate it or not, people on both sides have generally acknowledged a few things about the blockchain, that are pretty neat. And somewhat ground-breaking.

The first is transparency. Being a public ledger of transactions, anyone, at any time can trace the flow of money through the system on a blockchain. Users are of course, anonymized, but as long as the movement of funds through the system is visible to all, chances of fraudulent transactions happening are massively reduced. The second is immutability. Once a transaction has been verified, it's essentially set in stone in a block on the blockchain. Any attempt to tamper with it, will require someone to re-verify every single block from that point right up to the end. Because the process of verification requires one to do the proof-of-work for every subsequent block of transactions, it is virtually impossible to amass the computational power required to execute it, and "change" the entire blockchain to reflect this one tampered transaction.

These, and just these two things is what makes the blockchain so very interesting, and dare I say, revolutionary, to a certain extent.

Unfortunately enough, it is one of these two principle strengths of the blockchain, that is under threat today. What is sadder is that this threat is internal.


Enter, the ethereum.


While the Ethereum project launched only in 2015, it had been proposed way back in 2013. Between July and August of 2014, the project had raised close to a staggering $18.5 million in bitcoins in crowd funding. Its idea was simple, but extremely audacious. It embraced a very utopic vision that all  human contracts could be rewritten and/or replaced by smart-contracts in computer code, which could be implemented in any programming language that is Turing complete. Thereby, one could do away with the pesky ambiguity that plagues existing man-made contracts and have a new set of contracts that could be evaluated by the same unbiased and unforgiving logic that makes 1+1, 2 and governs computer software. The EtherScripter website even referred to it as a new kind of law

The hype was understandable. Smart-contracts became a rage in the world of cyptocurrencies. The DAO - the world's first perfectly autonomous organization was created on the ethereum blockchain. Investors were absolutely enamoured by the idea of a self-governing organization that pays dividends  regularly, yet was outside of any human's direct control. As a result, the DAO raised a record-breaking $120 million by crowd-funding in 2016. People didn't care that the ethereum blockchain was woefully buggy. People didn't care that the blockchain had a million security loopholes that could attract (and were attracting) hackers like moths to a brightly lit light bulb. People didn't care that they were putting their money into a computer program that hadn't even passed the bare minimum levels of robustness testing that such a program should have passed. The idea was all that the people loved. Not one gave two hoots about the implementation.

And indeed, it did sound like a great idea - and yes, I must admit, it still does. But unfortunately, real-world laws don't quite work like clockwork (or like computer code). An attempt to forcibly impose a set of perfectly logical rules on a society that is largely emotion driven and non-deterministic is the stuff of dreams that social scientists have long yearned for. Sooner or later, the human element that is at the base of any such approach is bound to buckle under itself and fail miserably.

For the ethereum dream and the DAO enthusiasts, it might seem that this happened in the form of the hack.

Except that it didn't.

No, and let me be very clear here: the hack was not the epic, miserable failure that beset ethereum. The hack was a setback, certainly, but it was not the failure. The failure was the reaction to the hack. The failure was the DAO community voting to rollback the blockchain to a point in time before the hack, thereby reinstating funds into their investors wallets.

In blockchain parlance therefore, the failure was the hard fork.

By choosing to hard-fork, the ethereum community really hit itself where it hurts the most. The hard-fork essentially meant that for all practical purposes the DAO was a majoritarian anarchic community. The voting scheme that led to the decision to hard fork - which gives shareholders who possess more tokens, more clout, now looked like a rigged system simply meant to create an oligarchy.

Let's now take a step back and consider the hack from a more subjective perspective. The word hack has a certain negative connotation to it, and therefore makes it sound more illegal than what it really might have been. For all that we know, the "hacker" played by the rules of the system to transfer funds to his wallet. If you consider the Vegas Poker machine hack case, charges against the "hackers" were dropped because of that same reason. If past legal rulings set any precedents, then the move to hard-fork, which seized the hacker's wallet to reinstate the investors' funds, seems like a far more illegal move than the actual hack.

Speaking of precedents, let us consider the dangerous precedent that the hard fork now sets for the future of blockchains and decentralized organizations: if a simple majority of the community votes to seize any single person's funds, irrespective of who this person is, and what he or she has done, this individual has nothing to protect him or her from this act. This isn't like "traditional" law that the affected parties can fight out in courts; it is all up to a simple majority of voters to decide whether you get to keep your money, or not.

Moreover, by rolling back the blockchain, the community sacrificed its biggest, most revolutionary feature - immutability - at the altar of investors' happiness. If smart-contracts are supposed to be inherently immutable (which is what makes them so very special, and "better" than that dratted ambiguous human law), what keeps a simple majority vote from mutating an established contract on an apparently immutable blockchain? Nothing at all.

So what should the community have done, you ask, in response to the hack? Again, nothing at all. They should have taken the hack in their stride, and devoted more time to fixing the bugs in the ethereum blockchain in the first place. Unleashing a bug-riddled investment instrument to the public, at the behest of its investors was an audaciously criminal-esque act to begin with. What's worse is that, even today, in the aftermath of the hack, no one in the community seems to care about that aspect even one bit. What they do care about, instead, is congratulating  themselves on a job well done following the hard fork. This is surprisingly unbecoming of them, given that it really wasn't anything that warranted even a pat on anyone's back - except on maybe the hacker's - who had wonderfully put the community's integrity to the test. A test that the community so spectacularly failed.

So, what can we really learn from this saga? The simple truth that man-made systems, even those claiming autonomy from human control, can never really be truly autonomous, and be outside the scope of human flaws and fallibility; that popular vote is perhaps not the best way to channel the wisdom(?) of the crowd; and lastly, for all of that is in store for the future, moral scruples and unflinching principles can be axed at the slightest inconvenience, if the right people want.

In other words, the whim-driven world of human agreements and social contracts can perhaps, never be tied down by the laws of hard science and perfectly logical systems.
Post a Comment