Contracts are agreements that are meant to be legally enforceable. The enforcer has always been the King, a local governmental authority and a third party. The very concept of a contract assumes the neutral third party. That third party is to interpret the contract, identify potential scoundrels, nullify illegal contracts and generally make sure everyone isn't playing games. Smart contracts seek to sidestep that ancient structure by replacing the neutral third party with an inflexible machine. Good luck with that.
Contract language is also meant as a manifestation of intent. Smart contracts seek a perfect manifestation, dismissing all notions of imperfect knowledge or misunderstanding. Typos rarely matter in real contracts. Intent can trump language where appropriate. But in smart contracts typos are everything. Good luck with that too.
That's a great example of the sort of ambiguity that an arbitrator must deal with. Do you mean to refer to "the common law" as in the body of law descending from the brits, or do you mean the common law principals of precedent and authority? Or do you mean only the concept of precedent by which past decisions under similar fact patterns are used to inform decisions regarding new fact patterns. I have some assumptions based on your choice of language and my best guesses as to your cultural background, but good luck finding a machine capable of such understanding. If we crack that, then much of our culture is moot and the robots can be left to run things.
either party to this contract submit a signed request for arbitration within the escrow period of this contacts then
1) a panel of 3 arbiters from the New Atlantis Common Law Arbitration Group will be selected at random.
2) 50-ETH will be set aside for court fees.
3) The panel can execute any 1 of 5 events by submitting 2 of 3 signed tokens. If the panel cannot arrive at a consensus, one token will execute at random.
Many competing standard arbitration packages will develop.
But on the other hand, there are some simple - yet important - things that can be implemented in smart contracts pretty easily. Say, futures, or stock options, or certain kinds of insurance. For these things smart contracts are great because they offer extremely cheap enforceability and speed.
This is a textbook blue ocean, or innovator's dilemma. The new tech is much worse than the old one in some cases (enforcing intent), but far better in some other ones (speed, enforceability, global access)
The City of Cleveland and Frank McCourt would like to have a word with you about your novel theory. In real contracts, typos--like an errant comma--can be significant and completely change the meaning of the language. Cleveland lost the original Browns because of a typo; McCourt lost the Dodgers in part because of a typo.
A court will only grant that which is asked for. So for a typo to matter, one of the two parties before the court must be claiming that is isn't a typo.
(And it wouldn't stand a chance in court either, because a simple calculation would show this couldn't possibly be a right sum for a sane person to pay for whatever the contract was about.)
I challenge you to create a formalization of the intent and create a better programming language for smart contracts that includes intent. I could imagine quite well that intent could be formalized to some kind of "firewall" or "sandbox" rules for the smart contract, i.e. that if the execution of the smart contract violates these rules, it will, for example, be canceled by the system.
I'm sure there are some lawyers who got involved--I was tempted to get some experience with the concept early on. I decided not to primarily because the basic concept of crowdsourcing decisions where the ownership interest determines who has most of the voting power and the major holders are likely to be new at it strikes me as, frankly, a silly idea.
But even if all the participants were lawyers or represented by lawyers there are still going to be bugs. Pick up any set of service terms for just about anything and there will be logical flaws. It's just human nature. There is no such thing as a perfect contract.
To me the most interesting thing about this episode is that The Dao included limitations imposing an time lock on withdrawal that gave the community some time to consider what to do and the pros and cons re the whales in the Ethereum community doing a hard fork in the name of justice.
You have hit on an important point, but like most commentators here and elsewhere, you seem entirely to have failed to recognize its significance. In the American and English tradition of common law, a contract is an agreement made with the intention that it be subject to legal enforcement [0]. Not every agreement is meant to give its parties recourse to legal remedy, and hence not every agreement is a contract. That is, not every agreement is subject to contract law [1].
It is of little significance that people in the Ethereum community (or in the broader crypto-asset community) have taken to calling their programs "smart contracts"; the name signifies nothing. In the main, and particularly in the case of the DAO, it has been made clear, ad nauseum, that these programmatic agreements are not meant to be subject to legal enforcement; in short, it has been emphasized from the start, and at every intermediate step, that smart contracts are not contracts in the legal sense. Indeed, the major motivation for the development of programmatic agreements (i.e., "smart contracts"), has been to supplant enforcement de jure by enforcement de machina.
The law allows for agreements that do not have the force of law behind them, and naturally the law says little about such agreements. For this reason alone, absent separate provisions which purport to invoke legal enforcement of the intent behind the code that implements a smart contract, it is perfectly reasonable, legally speaking, to argue that prima facie these agreements are not subject to contract law.
Thus the independence of programmatic agreements from legal constraints is legally plausible; this is a very different situation from the legally absurd arguments put forth by some crypto-zealots that, for example, transfers of cryptocurrencies are not subject to laws restricting money transmission.
Now, might a judge decide that any particular programmatic agreement—or "smart contract"—is in fact a legal contract? And that therefore the judge, not the code, ultimately determines who gets what? Sure. Judges tend to decide that they get to decide, when there's any question about it. But it's not unreasonable to imagine that a judge might really say, "No, this is not a legally enforceable contract. It says so right on the box." And if that happens, then what the code says goes.
0. https://en.m.wikipedia.org/wiki/Intention_to_be_legally_boun...
1. Beyond the determination of whether the agreement is legally a contract, I mean. In particular, I mean to point out that a so-called "smart contract" might well be legally deemed not to be a contract at all, and therefore not subject to the provisions of contract law that give precedence to the parties' intent in the agreement over its literal interpretation. In other words, if a programmatic "smart contract" is not legally a contract, there is no legal reason that the law should favor any outcome other that what the code's execution ordains, or that the law should say anything on the subject at all.
Which is, of course, nonsense. You can't document your way outside the law. Not in any country I'd want to live or conduct business in anyway.
If enough of any one persons money is involved you can bet there are lawyers right now trying to working out who to sue.
DAO strives to execute through code an idealized pooled investment system by which contract issues are resolved entirely by code and wholly apart from any external societal legal or enforcement mechanisms.
All well and good but, where people are involved, code simply cannot define all the relations needed to capture what the law does (and, indeed, and in spite of its flaws, does very well indeed).
Consider the argument that the exploit here is not a flaw at all but just another variation on what the code does, with the result that investors who suddenly are $50M lighter in their wallets have not been harmed at all and should have no recourse to any remedy to restore their funds to them. The idea here is that the code is the contract and, if that is what the code does, well, that is what you bargained for, whether this is good or bad from any particular moral perspective. Right at the entry point of the system is a prominent disclaimer that says this in exact words. So a contract is a contract. If you don't like the result, tough.
The participants here are wealthy and presumably sophisticated investors. What if they aren't? What if this were marketed to a lot of gullible small investors who were induced to part with their money through various representations stating that their funds were entirely safe, subject only to normal investment risks relating to the underlying companies they funded? What does society do when people like this lose their life savings when some newly discovered "feature" of the code allows a sharpie to walk away with their funds? Are they to have no legal recourse because a "contract is a contract," especially if it embodied in code?
And what happens if a system is set up and the person or persons who find the new "feature" enabling them to walk away with other people's funds are the very people who organized the fund? Does law from the broader world step in to provide a remedy to those who lost their money? Or does the "contract is a contract, especially in code" logic work to deny any remedy to the participants here as well?
And, setting aside any of the more extreme examples, what if it is simply the case that those who did participate had reasonable expectations that any code that would define and limit their rights would do all that was expected in terms of defining their investments but would include safeguards that would prevent anyone from simply coming in to remove their funds altogether (dare I say "steal")? What if they were misled into having such expectations by promoters of the venture who said or implied that such safeguards existed? Is it enough to say that none of this matters because of some disclaimer buried in fine print? Is all of this simply irrelevant just because a "contract is a contract, especially in code"?
Contracts are part of any system of law that includes private property, and a very important part at that.
But contracts can never define the totality of the law that applies to a given situation, even if the parties swear up and down that that is their intent.
That is why securities laws exist, to help investors who get swindled by sharpies with well-honed contracts.
That is why the laws relating to fraud exist, to help those who are misled by others to their financial detriment.
Indeed, that is why a sophisticated body of laws exists relating to contracts themselves, to cover cases where the intent of the parties is sometimes so frustrated by one thing or another as to make it inequitable to enforce a contract.
Law is and always has existed in multiple layers. Legislatures pass statutes but courts exist to interpret them to cover specific cases as disputes arise. The same with administrative regulations promulgated by agencies. Even within the courts themselves, common law courts would declare legal "rules" only to have courts of equity intervene to correct things where the "rules" led to harsh or inequitable results.
Basically, all of this is another way of saying that human relations are complex and any system of laws and justice needs to be able to handle such complexity if it is to be worthy of being a system of justice.
Perhaps in narrow cases, things such as DAO can be set up to create a rich guy's playground of sorts in which, for the overwhelming number of cases, outside laws play no part within the self-contained system. Perhaps there is even an ideal of some type to be realized here (get rid of lawyers, etc.).
But no such system can ever be utterly divorced from the rules of the broader society. Ideal or no ideal, this is just not how the law works. Apart perhaps from some survivalist society or other, people simply cannot exempt themselves from the general rules of law no matter how much they desire to do so. They can limit the application of such broader laws to a degree but, when key bounds are transgressed, the law will apply in its full force regardless of their intentions.
So, I would say that the curators here probably had no choice. It was either do what they did or watch as lawsuits followed, probably in abundance. This may have violated some ideal in play here but it was a pragmatic necessity given how law in reality works (and always will work).
I think this is true, and this is probably all you had to say.
> Can code both embody and replace law for the exact function for which it is set up?
Sure, yeah. 99.9999% of people in rich code-enforced transactional systems like EVE Online and the NASDAQ order book are content with how code has replaced and embodied the "law" (or more broadly, "how things work"), despite the fact that people win and lose at this video game and in the real stock market all the time. It's clearly not just about people being mad and losing a ton of their money, because that happens in the stock market all the time but losers rarely sue NASDAQ.
It's just when people do sue NASDAQ, hilariously, it's when there's bugs in the order book / exchange code, or shutdowns of the market due to technical errors. Do you see how that is different? What matters isn't whether or not a "contract is a contract," but whether or not there are bugs.
A bug is a concrete thing. It's not something you can abstract away into your bigger point about "human relations" and a "system of laws."
You can write a test for nearly all kinds of bugs and show very confidently that whatever the issue was, it won't happen again. There's no such thing as unit tests for laws, unless you get so abstract as to lose everything essential about unit tests. You can reproduce bugs in code infinitely, but you don't get to re-adjudicate disagreements in contracts infinitely. There's so much that's different between disagreements over legal interpretations and a software bug that you're missing why people view the fork as relatively uncontroversial.
There was a bug in the code which led to an exploit. It isn't a refutation of law being embodied in code. It's just a refutation that this particular exciting contract system wasn't treated like the multi-hundred-million dollar software product it turned out to be. The story is smaller than you make it to be.
1. They're executable programs. They could have been a set of declarative rules listed in priority order, but no, the designers went overboard and made them general programs with loops and recursion. There are straightforward ways to analyze sets of rules; they're usually amenable to case analysis. It's hard to analyze programs.
Writing a declarative contract language is a challenge. But doing so forces the designers to think through what they want the system to be able to do, and what they don't want it to do. Doing contracts as executable programs is punting on the problem. It says "we don't know how to do this, so we'll dump the problem on the users."
2. The stack overflow problem is idiotic. The system should have been designed so that if a program aborts, anything it did is rolled back. That's the design flaw this attack exploits.
Also, the existing solidity language is pretty well designed, it's just a hard problem and an even better design may be needed.
The mismatch between executable code and high-level language is a known attack vector called the "full abstraction" problem. This has already been used to subvert the CLR and the JVM. If your bytecode is not inherently secure, and you permit executing arbitrary bytecode, then any language running on top that builds more sophisticated invariants that aren't enforceable via the bytecode are very likely vulnerable.
Papering over the mold seldom works. It makes things easier, not more reliable. See C++ templates.
IMO the better way to handle this is to acknowledge the mistake and let it fail. It's embarrassing I get it. Honestly, the big bank types who threw millions at this tech without doing due diligence deserve to lose their shirt. It's called speculation for a reason.
If the core team cares about the long term credibility of the project with the people who real matter - the tech community - they will not bail it out.
Edit:
For anyone interested, there's a really great discussion on this subject at the Ethereum reddit https://www.reddit.com/r/ethereum/comments/4oiqj7/critical_u...
This exploit suggests that the most competent developers in this space, who always preached simple contracts, are not yet able to consistently write secure contracts.
Also, the OP states the importance of being able to update a contract. As of last year that meant the original contract MUST include a self-modifying code provision. Self-modifying code doesn't align well with keeping your code simple.
As an aside, "contracts" are Ethereum's raison d'être and the Ether currency value is largely based on adoption. Even though this exploit did not expose a flaw in the Ethereum block chain, the Ether sell-off is an expected consequence.
Lastly does anyone have a link to the original contract code and how it could be rewritten so that it isn't vulnerable to this exploit ?
[1] https://www.youtube.com/watch?v=cahj4WJtp20 Q&A at 42m44s is relevant.
Edit: corrected time stamp for above video
Of course, if you want to be first-to-market, none of that seems to matter.
Arguably, that defeats the whole purpose because it is then who controls the code (since it is no longer decentralized), controls the contract.
If I'm reading this right (I'm not 100% sure of that), this is the equivalent almost of not running a blockchain at all (if the idea is taken to its finality).
Storing the who and the what of contracts has never really been the issue, its been the execution and the honoring of the contract that man has not yet solved.
But centralizing the code that runs the contracts, and taking it off the blockchain doesn't sound like the way to do it.
A huge majority of contracts are never disputed, carried out to completion or ran as a going concern without any issues. Contracts are routinely renegotiated when one or both parties have a change in circumstances, or at specific time intervals. Only a very tiny fraction of contracts are ever disputed, and fewer of those reach the courts.
I don't understand the problem trying to be solved here.
Lawyers. They want to get rid of the lawyers.
It's a common desire. Like politicians, you want to get rid of them up until the day you actually need one. That day may have come for smart contracts. Does anyone here doubt TheDAO are now seeking legal advice on this matter?
I think we've worked it out. Billions of contracts are executed and honoured between flesh-and-blood persons every day. 99.999999% work without issue. A few wind up in courts, but I'd still call that a very good track record.
(Yes I said billions, read up on all the various forms of contracts. Anyone reading this likely enters into and honours a dozen contracts in a typical day.)
It's a great point about volume. However a huge number of legal cases + contracts never get started in the first place because of cost. So those would be absent from your success rate.
To put it bluntly there is no point in writing a contract for a $200 dollar job. Countless little guys get screwed over every day because of this. Ultimately they work by handshake deals or through family businesses because working with larger corps is a headache. My father for example had to pay 200 euros for a large firm he worked for to process some paperwork they also invented. That is; a firm that he works for, he has to pay them money, in order to be hired by them in the future. This is probably illegal but this is what happens when you can't risk finding out whether this is a breach of contract. That seems like a failure to me.
That's where I see digital contracts making a real difference. Making the legal system comprehensible and inexpensive for the working poor.
Bookies have been doing it forever with questionable effectiveness.
PayPal offers arbitration on stranger to stranger sales. Again with questionable fairness in tough cases.
Kickstarter et al are doing a pretty good job as arbitrators and collecting money and issuing refunds more or less fairly.
Kickstarter and PayPal surely have large teams working on arbitration, review and fraud that could be delegated back to the involved parties vote with some rules.
And law suits can be very inefficient.
This absolutely could be solved without a block chain.
Use as simple of tools as possible when programming and offer many ways for mere humans to change code and review correctness and review, approve and roll back critical transactions.
But this sounds effectively like the status quo with credit cards and Kickstarter.
So I'm not sure what a blockchain adds other than a different platform and maintainers than the existing financial and group purchasing corporations.
https://blog.ethereum.org/2014/05/15/long-range-attacks-the-...
There's this almost religious level of looking the other way whenever there's some sort of failure in a blockchain system, and they always say "that was a one-off situation"
I really don't understand the mechanism or dynamics.
It seems I'm not the only one.
There's a growing set of evidence of breakdown among institutions founded on or around Blockchain: Bitcoin, MtGox, Ethereum, others.
And a profound failure to either understand or acknowledge (and I'm not sure which of the two it is predominantly, or how much it varies by individual) what money, currency, and contract actually are.
