Smarter Isn't Always Better- at Least Not Yet
The Blockchain has been the fintech star of 2016. Hot on its heels, however, may be smart contracts. While smart contract technology may ultimately accomplish much more than is currently possible using a blockchain, the recent exploit of the TheDao should urge caution for anyone experimenting with transactions involving assets of value using smart contracts. Until smart contracts come with clear disclaimers, native dispute resolution, or interface with the existing legal system, they should not be used for the transfer of things of value, or marketed for contributions of value from participants.
What’s a smart contract? Initially discussed by Nick Szabo in 1997, smart contracts permit parties to embed contractual language into the software and hardware of machines. The humble vending machine is the classic example. Smart contracts are viewed by some as a potential disruptor to growing list of industries that require complex contract terms to trigger releases of value, like mergers and acquisitions, consumer finance, and real estate purchases. However, to date these concepts have been mostly theoretical. With one notable exception.
In May 2016, Slock.it (a German company that initially proposed a blockchain driven bicycle lock) created TheDao, which was a quasi-entity (not legally incorporated) structured using smart contracts to emulate a crowdfunding venture. It quickly attracted investment of over $200 million USD in a cryptocurrency called Ether issued by the Ethereum blockchain system.
About a month and a half later, on Friday, June 17, 2016, TheDao was attacked by a group who exploited a function of TheDao’s code to obtain about $50 million dollars’ worth of Ether. To be clear, the attacker did something that was made possible by the code, but which was not “intended” to occur according to the understanding of TheDao's participants. Prior to this attack, TheDao was viewed as an evolutionary leap in the use of virtual currencies and blockchains, but as the attack became known, panic grew, and the value of TheDao and Ether dropped. Almost a month later, TheDao has had a significant detrimental effect on Ethereum's market valuation, and created near constant headlines in the community.
The warning signs should’ve been clear to any serious investor that TheDao was fraught with risk. Crypto-luminaries like Prof. Emin Gun Sirer, of Cornell and Nick Szabo himself cautioned that the code had considerable vulnerabilities. The marketing materials disclosed risk expressly. However unlike most other investments, the marketing materials and disclosures (which were themselves unclear and somewhat contradictory) here did not govern: the actual code itself was said to be determinative of the rights of the participants. And here’s the rub. Because the code itself provides the rules of engagement, only parties who could examine, interpret and understand the code could truly understand how the system would behave. Evidently, the exploiter was one such investor. By understanding how the code operated and how the smart contracts would behave, the attacker was able to obtain millions in a way that, as explained by the marketing materials, should have been impossible. And yet it happened. (Since the initial attack additional copycat attacks have occurred, counter attacks intended to avoid the loss have occurred and those counter-attacks themselves have been attacked.)
In response, the creators of TheDao have declared the project a failure and closed it. The Ethereum Foundation (who created the Ether cryptocurrency through their blockchain) has considered extraordinary steps to roll back the transfers made to the attacker, through a series of controversial proposals which some argue potentially endanger the credibility of the platform as a whole. Many investors in TheDao have girded themselves for significant losses.
You may be thinking to yourself, I don’t speculate on cryptocurrencies, and I’m not very technical. Why does this matter to me? The answer is simple: in the rush to appear forward thinking and edgy, many businesses have jumped on the blockchain bandwagon. Not content to simply experiment with blockchains, companies and forward thinkers are now touting the benefit of smart contracts to simplify and streamline business processes. However smart contracts, like TheDao, are inherently designed to operate based upon code sets, and thus are coercion-resistant. That’s a fancy way of saying once they go, you can’t stop them without playing according to their governance system or rules. Not with a telephone call, impassioned plea, or court order.
This creates the potential for disaster if smart contracts handle money (as occurred in TheDao), or legal rights. Similar problems could appear in other smart contract implementations. For example, suppose in the not too distant future that a will can be encoded on the block chain, and all assets may be conveyed to beneficiaries as symbolic tokens on the block chain using smart contracts upon proof of death. So far, so good. However, what happens if there is a coding error which sends the Corvette Stingray to Uncle John instead of Aunt Betty? Or, suppose that oil pipelines are connected by smart contract to payors, and an error results in over-delivery or mis-timed delivery, causing an oil spill. Blockchains and code only do one thing: they execute commands according to their code. So, what’s the recourse in the case of errors or bad faith manipulation?
It’s simple. Smart contracts only work if the participants are (a) willing to live with the benefit of their bargain (caveat emptor) or (b) if the smart contracts interface with the legal system or include their own dispute resolution system (i.e. DR). DR, in the case of TheDao’s attack, may have permitted a trusted ombudsman to stop the attacks and revert the system to its pre-attack condition. Legal incorporation and a clear allocation of rights could have allowed an investor to seek an injunction to compel an empowered party stop the attack. However, as technical purists will complain, as soon as a system relies on a third party to undo what its code did, you have departed from a strict smart contract, driven only by operation of its code base, and back in the realm of regular old law. To that I say (perhaps self-servingly), regular old law has worked well for a few thousand years, and will continue to work well for quite a while. As I’ve mentioned before, lawyers work with form contracts because they provide predictability and reliability- if they are litigated, the terms and phrases have meaning and Courts know how to interpret them in the future. Standardization provides benefit because all parties understand the rules when they sign. Because of the complexity of its code, and the likelihood that its participants were not all able to read its code, that probably did not happened with TheDao. For ventures that want to opt out of the traditional justice system, onboard dispute resolution, with clear rules about what the dispute resolution can accomplish and under what circumstances it can be invoked, is absolutely critical to the future success of smart contracts.
With further development, smart contracts will probably provide measured gains in speed and efficiency of transactions in the future, whether as middleware or as fully developed transactional platforms. While TheDao shows that smart contracts are viable, it also provides a stark lesson that as implemented, TheDao was not quite ready for prime time. Ask any of its 20,000+ investors.
Congratulations @drewhink! You have received a personal award!
Happy Birthday - 1 Year
Click on the badge to view your own Board of Honor on SteemitBoard.
For more information about this award, click here
Congratulations @drewhink! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Well written