Meditations on The DAO

Jun 16, 2016

It’s a frequent observation that the developments around cryptocurrencies - Bitcoin, Ether and others - make one feel as though one is living in a Neal Stephenson novel; specifically, Cryptonomicon. It’s not hard to see the themes of encryption, privacy, money and freedom, plus the cast of software developers, ideologically-driven enterpreneurs and psychopathic investors in how much of the cryptocurrency movement presents itself. It’s no stretch to say that Bitcoin is what you get when people who read Cryptonomicon as teenagers in 1999 grow up.

I think there’s a more compelling case for a reference back to Stephenson’s Baroque Cycle trilogy, which tells the story of the development of key aspects of mathematics, logic and finance around the turn of the 18th century, with a cast that includes Locke, Newton and Leibniz.

On one level, the cryptocurrency movement is still fighting the crypto wars of the 90s, all black shades and leather trenchcoats, equal parts Californian imperialism and Berlin underground. But on closer inspection, the far more interesting part is the attempt to create human institutions on top of the technology. This has much more in common with the origin story of modern finance, in the late 17th and early 18th centuries. We’re trying to graft collective institutions on to distributed systems of cryptographically-secured data; less Hackers and more Skynet in a periwig and buckled shoes, complete with irate pamphleteers advocating and accusing every new development.

The most interesting question surrounding public blockchains (as the distributed databases underlying the cryptocurrencies are known) is the question of governance. Blockchains are decentralised by design, but they still require a social infrastructure to design, document, promote and improve the technology itself. To the extent that we want to use blockchains as platforms for other institutions - payment systems, companies, even ‘autonomous’ organisations that operate according to rules stored on the blockchain itself - then we need to care about how the chain is governed.

Most recently, there has been an attempt to construct “decentralised autonomous organisations” (DAOs) on the Ethereum blockchain. Conceptually, a DAO is an organisation that consists of some data held on a blockchain, and some code - also held on the chain - which can be invoked to perform certain actions. The organisation is decentralised because the data and code it consists in are held across the many thousands of computers that hold copies of the chain, and autonomous in the sense that it behaves according to its programming, which cannot be changed and thus cannot be influenced by any unknowable factors.

In principle, this means that a DAO is less susceptible to corruption, censorship, bias and secrecy than many other human institutions. On the flip side, a DAO is devoid of judgement, prudence or the capacity to learn, at least insofar as it is not programmed to exercise any of these capabilities. In practice, building a DAO that does anything non-trivial will be a task of incredible difficulty, given the state of software development, but a DAO should be capable of performing simple tasks efficiently and without deviation from its intended purpose. This alone could be tremendously useful.

Rather confusingly, the most prominent DAO is known as “The DAO”. Following a tradition in the cryptocurrency community, its origin has a faint whiff of mystery. According to Christoph Jentzsch:

“We actually don’t know who started it. Of course we can see the address on the blockchain but we don’t know who owns the address. The only way to speak with the DAO is to make a proposal and vote.”

Nor does it exist for any particular purpose, except as a mechanism for pooling funds that can then be invested in projects, as voted on by its members. On the basis of this rather vague prospectus, it attracted what can reasonably be described as the largest crowd-fund in history, having raised Ether funds with a dollar value of over one hundred million dollars (depending on the vagaries of exchange rates, which are often volatile), around 10% of all Ether in existence.

It’s impossible, at this point, not be transported back to the 1720s when, in the first flush of public enthusiasm for the concept of the stock exchange, investors could be found clamouring to put their cash into “a company for carrying out an undertaking of great advantage, but nobody to know what it is”. Nobody knew who started it, nobody knew what it would do, but there were otherwise sane and sensible people out there who were willing to deposit large sums of money with The DAO on the basis of their trust in the code that it runs on. By implication, they were also trusting the Ethereum blockchain and its community of thousands of participants to faithfully enact the behaviours defined by The DAO. It turns out that both assumptions may have been wrong.

The first thing to fail was the code1. Others have covered the precise details better than I could, but the gist is that The DAO’s code contained at least one bug that enabled an attacker to divert a substantial portion of The DAO’s funds to an account controlled by the attacker. This has been described as a 'hack’, which I think is fair enough in that it was an ingenious act that produced a surprising outcome; the hacker exploited the gap between the perception of how The DAO operated, and the reality. That reality, of course, is defined exclusively by the code.

There will be a debate about whose fault this is, and what could have been done to mitigate it. Certainly the mystery around The DAO’s creation no longer looks like wizardry, and instead looks like some variety of inept abstruseness. It’s a curse of the highly intelligent that they, when confronted with something that appears to be absurd, will entertain the possibility that they just don’t get why it’s so awesome - but with enough analysis it will turn out that some even more intelligent person has created a work of genius so staggering that mere mortals struggle to comprehend it. It tickles our sense of the magical, and so it almost seems right and proper that nobody has any clue who started The DAO, because that’s exactly what one would expect if the whole thing were being engineered by the kind of mythic hacker wizard that we can’t quite stop ourselves from believing in. The reality is that it was probably started by someone who expected to receive substantial investment from the fund once it had been raised, and perhaps didn’t anticipate quite so much money and attention flowing to their creation.

It would be easy to be snarky about this2, if it weren’t for the obvious good faith in which many of the key participants are conducting themselves. They really believe in Ethereum and DAOs and they really think they can solve the problems that arise. In the long run, they’re probably right. The code governing The DAO was obviously deficient, but it’s not fair to condemn the whole idea because of a single slip-up. This kind of bug is precisely the kind of thing that one would expect to happen given the nature of the Solidity programming language - it’s very flexible, but it does not do very much to help the programmer avoid errors, and very few programmers have enough experience with it to avoid screwing up. There’s plenty of research into language security, with which it should be possible to create a language that does considerably better than Solidity at reducing the risk of coding errors causing such calamitous outcomes. With some effort, future DAOs should be able to build on much more secure language platforms.

What’s interesting with the failure of The DAO is not that it happened, as this kind of failure was almost inevitable, but the questions it has raised about what we can and should do when DAOs go wrong. This is where we get into the philosophical issues of law, control, liability, justice and the role of authorities in protecting people from malicious or unexpected behaviour. In short, we’re back in the 1720s, trying to figure out how to encourage commerce without it spiralling out of control; protect the public without limiting freedom; and define rights and responsibilities within a coherent philosophical framework. The finest minds of the 17th and 18th centuries were occupied by precisely the question of how to define and manage money, corporations and markets. In the process, they invented or popularised central banking, stock markets and paper money, defined the modern concept of constituonal limits to state power, and triggered a series of financial booms and busts that gave us both the terms 'bubble’ and 'millionaire’. The challenge they wrestled with was not how to secure individual companies, stocks or banks, but how to create a system that provided an acceptable balance of legitimacy, effectiveness and opportunity.

At the time of writing, the 'hack’ of The DAO has been widely interpreted as an illegitimate act. Clearly, nobody expected the hack to occur, at least not in its specifics. We can point to particular lines of code that, in retrospect, fail to achieve what we might reasonably assume to have been their author’s intent. It’s obviously a fuck-up. But the entire rationale of DAOs in general is that code is law. The code says “given these inputs, I will reliably produce these predictable outputs”. Anyone who reads the code can, in principle, determine the outputs that would occur for a given set of inputs. Indeed, this is exactly what the hacker has done! Given the hacker’s inputs, The DAO produced the outputs that its code had, inevitably, to produce. The Ethereum blockchain then did what the very purpose of blockchains is to do, which is to replicate that result to each participating node, with each one agreeing that this outcome is the correct outcome - the only correct outcome there could have been.

This created a quandary. Beforehand, all participants agreed to abide by The DAO’s code. That the code could be the only legitimate form of decision-making about The DAO’s future was one of the main reasons for constructing The DAO in the first place (if its investors had merely wanted to create a venture capital fund, there are any number of much less exotic structures that they could have employed to do so). Presumably people made some assumptions about how The DAO would behave in practice, but the public statements about The DAO were crystal clear: the code trumps your opinion - everyone’s opinion, every time. To quote from

The DAO’s smart contract code governs the Creation of DAO tokens and supercede any public statements about The DAO’s Creation made by third parties or individuals associated with The DAO, past, present and future. The software code currently available at is the sole source for the terms under which DAO tokens may be created.

On this basis, how can we describe the hacker’s actions as illegitimate? If the code is law, any action permitted by the code must be lawful, however absurd the outcome may appear.

For Ethereum, this presents a challenge. If the 'hack’ is allowed to stand, then 10% of all Ether will fall into the hands of someone who, however clever and however legitimate their actions might have been, accumulated their wealth in a manner most people would disagree with. The investors in The DAO would lose a substantial sum. The reputation of Ethereum as a safe place to do business may suffer.

But the alternative isn’t much better. To admit that The DAO’s code was deficient is to admit that the state of the art in Ethereum “smart contract” coding is poor. Even though the code was published and participants clearly briefed on the importance of the code, nobody other than the attacker spotted the bug. This does not bode well for the Solidity programming language (the one used for the vast majority of code on Ethereum), because it suggests that Solidity code is prone to subtle bugs and lacks the legibility necessary to enable third party investors to inspect the code before placing their funds under its control.

So, faced with an illegitimate 'theft’ of millions of dollars worth of Ether, what is to be done? It turns out that there’s at least one doomsday option - the Ethereum blockchain can be 'forked’, essentially modifying the behaviour of the software that runs the blockchain to retrospectively alter the outcome of transactions relating to The DAO. The specific mechanism - a 'soft fork’ to prevent the withdrawal of The DAO’s funds, followed by a 'hard fork’ to return the funds to the original investors - is less important than the principle: transactions on a blockchain are meant to be immutable, and working around this would appear to violate this notion. The Ethereum blockchain has - repeatedly - been described by its creators as a system that does not - can not - take an ethical view on the actions that participants engage in. For instance, here’s Ethereum founder Gavid Wood describing the concept of 'alegality’, a property of systems that are simply incapable of making value judgements about the transactions they facilitate. This is the guarantee that blockchain participants have that some authority cannot simply confiscate their digital wealth by re-writing the blockchain, so it’s not something that anyone would want to undermine lightly.

But the fact remains that it’s possible. If a consensus of Ethereum users agrees to it, it would be possible to return the 'stolen’ funds to their original owners. To do so requires coordination, and coordination in cryptocurrency communities is normally achieved by paying people to do the right thing. The system that rewards people for performing honest verification of transactions (known as 'mining’) is a straightforward financial incentive, and this works. In tightly-knit communities - Ethereum is in the process of becoming a more open community, but it’s not huge - it is also possible to coordinate using old-fashioned social mechanisms of prestige and authority. In the Ethereum community, that prestige is mostly vested in the Ethereum Foundation, and in Ethereum’s primary founder, Vitalik Buterin. And it’s Vitalik’s view that the community should fork the Ethereum blockchain and restore the funds to their original owners.

There are two main problems with this: firstly, that it would appear to violate some of the philosophical principles that got people involved in blockchains in the first place; secondly, that the Ethereum foundations’s social prestige has a rival in the form of an offer from The DAO’s attacker to pay people to reject the fork. He has, after all, recently become a wealthy individual and can comfortably afford it! This dispute will play out over the coming days, with the outcome currently uncertain.

In the end, this incident has not really changed the bare facts, but it has revealed some underlying realities. Firstly, that granting authority to code only makes sense when we can understand what the code does. It is unethical to encourage people to invest in financial instruments that are governed by code that is too complex or imprecise to understand properly. Moreover, it’s not good enough to say that coders should write better code; mistakes are inevitable, and it’s the job of the language designer to make errors impossible by restricting the available options - as Dijkstra said, “simplicity is prerequisite for reliability”. Better tools are an urgent priority.

Secondly, the immutable nature of blockchains is susceptible to attack under the right conditions and this has consequences for blockchain governance. The proper role of an institution like the Ethereum Foundation has not yet been defined. Here we have echoes of the 17th century debates over the rights of kings and states, and the status of contract law. In particular, if parties agree to a certain contract, should the outcomes of the contract be enforced even if they later seem to be unfair? If so, who decides what constitutes unfairness? If we have rights, which institutions can we appeal to when our rights are violated, and what do we owe to these institutions in return for their protection?

The Ethereum Foundation’s intervention is ethically tricky. On the one hand, Foundation members have pointed out that nothing can happen without the consent of the blockchain participants - the Foundation cannot act unilaterally even if it wanted to. From this perspective, the Foundation is just one interested party, and is merely suggesting that a fork may be a good idea that ought to achieve consensus within the community, which holds the real power to decide. This is, pretty much, the anarchist mode of decision-making, and there’s nothing necessarily wrong with that.

But for people who want to build applications on top of the Ethereum blockchain, the realisation that a consensus decision to fork the blockchain is not merely an abstract possibility but something that might seriously happen, and that there exists an entity capable of persuading people to reach a consensus to do it, would be profoundly troubling. It might seem reasonable to fix The DAO’s problems with a fork, but what comes next? Is the Foundation promising to fix similar problems in future, and if not then why not? Could the Foundation be sued by aggrieved parties unhappy with the outcome of a fork/no-fork decision? Could the Foundation be legally compelled to propose a fork in future? Nobody really knows.

Given that Pandora’s Box is now open, let’s consider a few possible paths forward:

First: do nothing. Disavow the fork solution as a fit of temporary insanity and propose that, in all future cases, the rule of caveat emptor will apply with full force to anyone who deposits funds with a DAO or similar entity. Crucially, this would set a precedent of non-intervention that might restore the trust in the immutable nature of the blockchain. This option would add substantial impetus to plans to improve the Solidity language, because if nobody’s going to save you when your DAO goes wrong then it becomes much more important to ensure that it can’t go wrong.

Second: fix the present situation, but just this once. I think this is doable, if we accept that the failure of The DAO was a truly exceptional situation, involving a technical weakness in Solidity so severe that it justifies a temporary change in the rules of the game. This would require much stricter criteria on future forks, limiting them to genuine technical improvements (e.g. the long-planned move to a “proof of stake” system in place of “proof of work”). If enough credibility can be mobilised behind this option, it might just work. This means that the justification must be technical in nature, and can’t simply be that The DAO was “too big to fail”.

Third: fix the present situation and codify a set of principles to govern the response to similar incidents in the future. I’m not sure how this would work, but it feels like something that might be possible. This would involve the Ethereum Foundation - or some other body - accepting a kind of policing role that has not, until now, been envisaged.

My own preference falls somewhere close to option #1, but I’d be happy with #2 if the promise to avoid similar interventions were credible. My sense here is that future DAO failures are inevitable, necessary and mostly harmless. The South Sea Bubble didn’t kill stock markets forever, though it did make people very wary of them (and the British government did maintain harsh restrictions on the sale of company shares for a long time afterwards). Better programming languages and analysis tools will eliminate many of the currently possible failure modes (entirely subjective, but I’d guess that well over 90% of the ways a DAO can blow up would be preventable with the right tools). For the real unknown unknowns, an insurance market seems like a better option than a police force 3.

In the long run, the public will decide how much to trust Ethereum, particularly in comparison to other public blockchains. Should public trust increase, the price of Ether will likely do the same. Balaji Srinivasan made a good observation, that there’s room for multiple governance models on different blockchains. Maybe Ethereum could evolve a different system to Bitcoin, and yet other blockchains could be different still. It’s not hard to imagine blockchain management agencies taking a governance role, responsible for arbitration and dispute resolution, with the choice of blockchain also implying a choice of management agency. However fun and dramatic the last few days have been, it’s a bump on the road to inevitable institutional innovation.

  1. The bug itself is explained here. The errors made by the developers are somewhat embarassing, strongly indicative of a failure to grasp how callbacks operate. This is not particularly advanced knowledge, and the notion that anyone could have attracted over $100m in deposits to an entity governed by code somewhere below the level of average JavaScript is… well, it’s something, that’s for sure.
  2. OK, more snarky.
  3. The insurance companies could themselves operate as DAOs. What could possibly go wrong?