The Uncanny Mind That Built Ethereum
June 16, 2016 10:05 AM   Subscribe

Vitalik Buterin invented the world's hottest new cryptocurrency and inspired a movement — before he'd turned 20 - "I think a large part of the consequence is necessarily going to be disempowering some of these centralized players to some extent because ultimately power is a zero sum game. And if you talk about empowering the little guy, as much as you want to couch it in flowery terminology that makes it sound fluffy and good, you are necessarily disempowering the big guy. And personally I say screw the big guy. They have enough money already."
“There’s still technical problems. It doesn’t scale. It’s not efficient. It’s not secure. It sucks, basically. It’s shitty technology,” says Vlad Zamfir, a developer that Buterin has hired to conceptualize the next iteration of the Ethereum software.
viz. Ethereum: Platform Review - Opportunities and Challenges for Private and Consortium Blockchains by Vitalik Buterin

e.g. i.e.
  • Global Money, a Work in Progress - "Our amalgamation is first about the C6, the top six central banks now joined in the central bank swap network. It took a global financial crisis to get us to this point. The next step is bringing in the periphery, starting maybe with the BRICS. Hopefully we are educated enough to do that without requiring another global financial crisis." :P
  • Today global money is largely private credit money, the issue of a profit-seeking bank that promises ultimate payment in public money which is the issue of some state, quite possibly a different state from the one where the bank is chartered and does its business. Global money is also largely dollar-denominated, even when the ultimate users of that money lie completely outside the United States. The issue of dollar-denominated US Treasury bonds is just part of the huge stock of dollar assets and liabilities; the stuff of dollar hegemony is the private credit money dollar, not the issue of the state.

    Although global money is substantially private credit money, the fact that it is denominated in dollars means that the Fed is de facto, if not de jure, the ultimate lender of last resort for global money. Therein lies the rub. De facto the Fed’s responsibility is global but de jure its authority is only local. The Fed is essentially hybrid, both government bank and banker’s bank, and also both US central bank and global central bank. The great challenge of the present time is the politics of managing the hybrid reality of the global dollar system.
  • Why Central Banks Will Issue Digital Currency - "A better model, ultimately, is central bank digital currency. This would mean that a central bank, like the Federal Reserve, would participate on the network and would digitally mint U.S. dollars onto it. Since the Fed is the legal issuer of dollars, this would make digital dollars a native digital asset. There would be no need to 'convert' back to some underlying 'real' dollar because these digital dollars would be real, just in a new medium. In the same way that dollars already exist today in multiple mediums — notes, coins, electronic reserves — we would treat these digital dollars as just dollars in a new medium, backed by the full faith and credit of the U.S. government."
  • The medium of money has only changed a few times in history, from precious metals to bearer currencies to now our ledger-based electronic systems. Bitcoin and blockchain represent a transition to a new medium. This transition is often referred to as distributed ledger technology, which is a reference to today’s centralized ledgers. But I find it more helpful to look back to bearer instruments, like banknotes, to appreciate what this new medium enables: a digital bearer instrument...

    The goal of the blockchain industry is to collapse these steps into a single step, where payment is the settlement, just like with physical notes. This is what I mean by digital value transfer, which I sometimes like to call money-over-IP. Soon, the phrase “cross-border payment” will make about as much sense as “cross-border email.”
cf.
  • Life in the People's Republic of WeChat - "I message a Chinese friend who's in the U.S. on a fellowship and ask for a loan. Within minutes, he's sent me two hong bao, or red envelopes—a play on the red envelopes traditionally used to give gifts of money. They arrive as chat messages that say, 'Good fortune and good luck! You've received a red envelope'. Once I click on them, I have 200 yuan in my WeChat wallet."
  • The Future of Banking Is in China - "Building financial services on the back of its popular WeChat messaging system. During Lunar New Year, its over 760 million users exchanged 32 billion 'red packets', a twist on a holiday tradition to gift small amounts of cash. Last year, Tencent joined Ant in launching online-only banks that accept minideposits and microloans, extending their leadership in the country's $235 billion internet payments business. At Tencent's WeBank, the one-minute process to set up an account requires little more than a mobile-phone number, the applicant's national identification number and the user's photo taken with the phone's front-facing camera." (What Is a Bank?)*
also btw...
The Web's Creator Looks to Reinvent It - "Tim Berners-Lee and other computer scientists are pondering newer technologies to create a web with more privacy and less government control... computer scientists talked about how new payment technologies could increase individual control over money. For example, if people adapted the so-called ledger system by which digital currencies are used."
posted by kliuless (62 comments total) 33 users marked this as a favorite

 
Hold on a second. Ten thousand people invested an average of $16,000 apiece into a venture capital operation based on an unproven blockchain cryptocurrency created by a 19-year-old Russian kid who got involved with Bitcoin because he was bored playing World of Warcraft, and the question being posed is "how do we fix this completely fucked up digital hegemony?" My answer has two parts.

1. We don't, we just buy stock in nautical construction equipment so we're poised to cash in when these lunatics go spend their money building Rapture in the middle of the goddamn Atlantic
2. I've created a new digital fiat currency! This novel crytocurrency is backed, not by a corrupt global cartel of financiers, but rather by the whimsy of childhood. It's currently running on a VAX-11/780 in the back of a 1978 Lincoln Towncar parked outside my house, but I'll be moving it to a distributed cluster on Amazon Webservices as soon as we raise the funds. The first five hundred people to invest $10K or more get tee-shirts. You can just send the money (small unmarked bills only, please) c/o MetaFilter.
posted by Mayor West at 11:11 AM on June 16, 2016 [32 favorites]


I mean honestly if you read a William fucking Gibson novel where the plucky protagonist had raised a hundred and sixty million fucking dollars selling shares in his magic beans new blockchain cryptocurrency, you'd throw the book across the room.
posted by Mayor West at 11:14 AM on June 16, 2016 [24 favorites]


I remember when Geocities was worth $3.5 billion
posted by Damienmce at 11:17 AM on June 16, 2016 [3 favorites]




Ten thousand people invested an average of $16,000 apiece into a venture capital operation based on an unproven blockchain cryptocurrency created by a 19-year-old Russian kid

But how much of that was in bitcoin?

Anyway if you're all about sticking up for the little guy you should... maybe be a little worried about all the bankers stampeding to get on board?
posted by atoxyl at 11:27 AM on June 16, 2016 [2 favorites]


Does pointing and laughing count as being sticking up for the little guy?

I mean, this is the tech industry in a nutshell right now.. Someone tosses out a neat sounding half-baked idea, and investors toss millions at it. It's like gambling, with less honesty.
posted by happyroach at 11:42 AM on June 16, 2016 [5 favorites]


There is no way the DAO is not a securities issuance under the 33/34 Acts. People are going to end up going to jail over this if they attempt to bring this to the US, and I'm certain US investors have already been issued DAO tokens.

I'm not familiar with European securities law, but I'd be surprised if the situation was all that different in Germany or the UK or wherever they're soliciting investors.

We really are in a new Jazz Age where the rich get richer and securities scams abound. It's amazing that people forget why we passed the 33/34 Acts in the first place.
posted by Sangermaine at 12:18 PM on June 16, 2016 [3 favorites]


The Future of Banking Is in China

That doesn't exactly inspire confidence.
posted by Sangermaine at 12:28 PM on June 16, 2016 [1 favorite]


Mayor West: "Ten thousand people invested an average of $16,000 apiece"

It's even worse than that. From the Wired article: "About half of the $168 million came from around 70 addresses." So, there may be around 70 people who invested $1M+. Or, it could be 10 people who invested $7M+. Who's dropping seven figures into this thing? Especially considering the regulatory exposure. Also from the Wired article:
That liability might not be limited to Jentzsch and the other creators of the DAO, but also extend to curators and even investors.

That doesn’t bother Jentzsch. While acknowledging that he’s not a lawyer, he argues that shares in the DAO are not securities. And it doesn’t bother Paolo Anziano, who has invested the equivalent of $7,000 in the project. “This is technology that will change the shape of the financial process,” he says.
Oh boy.
posted by mhum at 1:14 PM on June 16, 2016 [3 favorites]


Ethereum and The DAO are really interesting ideas, however half-baked and over-hyped.

But, damn, the developers, fans and supporters are so sure that people are completely rational (Homo Economicus) that they make all sorts of silly mistakes in organizing the social/political aspects of these systems.

Like bitcoin, it's going to be a field day for dishonest but financially literate predators.
posted by Infracanophile at 1:14 PM on June 16, 2016 [4 favorites]


David Andolfatto: "Can Fedcoin beat Fedwire? Probably not, says JP Koning."
Central banks have a long tradition of steering wide of competition with banks. If the Fed (or any other central bank) were to begin providing digital money directly to the public, it would be breaking with this tradition; central bank digital tokens would effectively be competing head-to-head with private bank deposits. This would be one of the most momentous policy changes in Federal Reserve history and would have many far-reaching consequences.
Adam Ludwin:* "replacing fedwire isn't the point. Creating a digital $ is."

David Andolfatto:* "Fedwire for All"* ('FedPESA')*

...

Miles Kimball: "So in conclusion, the electronic money approach is attractive."*
posted by kliuless at 5:05 PM on June 16, 2016


Ponzi for a new century.
posted by Twang at 6:06 PM on June 16, 2016


I suppose a lot of people looked at the profits made by people who got into Bitcoin early and thought "Hey, it doesn't matter how long this thing lasts as long as I can get in and get out quickly."
posted by Joe in Australia at 6:36 PM on June 16, 2016 [3 favorites]


I like to think I'm reasonably techically capable -- I understand bitcoin well at a fairly detailed level and have been hacking on git internals all day today -- but much about Ethereum remains puzzling to me. Like "proof of stake" which I continue to associate with "ponzi scheme". And how Ethereum can possibly be secure if it has this kind of bug: More Ethereum Attacks: Race-To-Empty is the Real Deal.

Also, the Ethereum proponents I've met and listened to have all struck me as wild-eyed zealots who either have little or no technical grounding or perhaps are orders of magnitude further up the stack toward the singularity than I.

That said, IPFS is the real deal and there will be other successful and useful software in the blockchain space. Just buried under mountains of hype and bleed over from bitcoin's train wreck of a scamconomy.
posted by joeyh at 8:17 PM on June 16, 2016 [5 favorites]


I like cash.
posted by bongo_x at 8:42 PM on June 16, 2016 [2 favorites]


"Hey so we're going to make a cryptocurrency where contracts are programs"
"Oh cool, so these programs will presumably be in some domain specific language amenable to formal verification"
"LOL, no we're just going to half-ass some c-like thing"
posted by Pyry at 10:16 PM on June 16, 2016 [15 favorites]


It's a bit early to see details, but Infosec Taylor Swift is reporting that someone's set up a recursive split-call and is draining all the funds out of the DAO. I'm seeing reports through her that at least $2mil is gone so far (ongoing), and there's starting to be a bank-run as people are starting to dump their holdings.

Who ever would've predicted something like this.
posted by CrystalDave at 1:47 AM on June 17, 2016 [8 favorites]


Correction: 2 million Ether, which people are claiming translates to $1,000,000 extracted a minute?
posted by CrystalDave at 1:55 AM on June 17, 2016 [2 favorites]


Nice work if you can get it.
posted by Tomorrowful at 4:10 AM on June 17, 2016


I'm shocked.

At the DevOps Summit / Cloud Expo this year there was a breathless keynote talk delivered about how this thing Changes Everything Zomg!! I guess that guy better work on a new slide deck.
posted by odinsdream at 4:36 AM on June 17, 2016 [1 favorite]


There's always someone making money out of this kind of shit.*

*Hint: It's not you.
posted by prismatic7 at 7:17 AM on June 17, 2016 [1 favorite]


https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability/

Now there's a soft fork to block transactions that drain the DAO.

So, this is a massively distributed system that is secured by patches that block bad actors? Le lol.
posted by joeyh at 8:05 AM on June 17, 2016 [2 favorites]


Here's info on the DAO / Ethereum hack. More info here and here. There's a proposed solution to fork the software so the alleged-thief's account is invalidated. Rough justice in the libertarian future, here today!
posted by Nelson at 8:06 AM on June 17, 2016 [2 favorites]


More technical information on the root vulnerability and just how bad ethereum's language is for its intended purpose.
posted by joeyh at 8:34 AM on June 17, 2016 [2 favorites]


The comments on those articles are fascinating. A number of commenters are opposed to the fork, because that would mean the community coming together to bailout the too-big-to-fail DAO for a bug in their own smart contract through centralized decision-making akin to the Federal Reserve. If they accept this fork, how is Ethereum any better than the government-backed currencies they hope to replace? Others, perhaps those investors with money in the DAO, believe such a bailout would be appropriate.

Writing traditional contracts is a challenging enough skill that lawyers spend years studying and the potential for misinterpretation of literal commands has provided countless fodder for centuries worth of genie stories. We're suddenly surprised that writing smart contracts is even harder? Traditional contracts at least benefit from longstanding legal principles that allow for a certain application of common sense and allow courts to create relief that is fair to both parties, even going beyond the terms of the agreement, if it is necessary to avoid a ridiculous result. Smart contracts have no such safeguards and will be coldly and blindly executed by the system. That's not a feature; it's a giant vulnerability.
posted by zachlipton at 10:13 AM on June 17, 2016 [10 favorites]




Just... omg, stop. This is so facepalmingly stupid on so many levels.
posted by odinsdream at 12:58 PM on June 17, 2016


If you didn't buy popcorn and laugh futures before this... actually, don't worry, there will be another one of these in a matter of weeks.
posted by tonycpsu at 1:25 PM on June 17, 2016


The more I think about this, the more firmly I come down in the "let them all drown" camp. Here's what The DAO investors did: they rubbed a magic lamp and said "genie, genie here's $150 million dollars; please follow this exact set of rules to distribute it and make us all rich." And they spent apparently way too little effort actually thinking about those rules and how they'd work in the ideal case, let alone how they would function when someone tries to abuse them. And they wrote those rules in a language seemingly designed to create crucial ambiguity and uncertainty around basic concepts like moving money around. So when the genie came out of its lamp and did exactly what genies do, what everybody who has ever heard of a genie knows they do, which is to take their commands perfectly literally and use them to trick people, people are now somehow surprised?

Smart contracts are genies. They'll always try to trick you. And everyone knows that if you try to wish for infinite wishes or wish that the genie won't trick you, you'll just get tricked even harder in a karmically appropriate way.
posted by zachlipton at 1:34 PM on June 17, 2016 [3 favorites]




It's like a kind of fermi paradox for why we may never have useable cryptocurrencies.
posted by odinsdream at 1:43 PM on June 17, 2016


From footnote 7 on page 11 of the Ethereum platform review (pdf):
Note that here lies a major philosophical difference between Ethereum and many other protocols, where there is no standard independently defined protocol specification, and in fact a policy that the protocol is the implementation is often explicitly adopted. If there is a bug in the implementation then that bug will often simply become part of the protocol.
There are not enough reaction gifs on the internet to express my feelings about this footnote.
posted by mhum at 3:37 PM on June 17, 2016 [4 favorites]


If this ethereum "thief" actually came out, could he be charged with any crime?

the DAO is autonomous, not owned by anyone, and the DAO people say it is operated by smart contracts, so if the smart contract just drains all the money isnt that a just a function of the DAO?
posted by Iax at 5:43 PM on June 17, 2016


via srw...
-DAOs, Hacks and the Law
-Why I think TheDAO is a Success
-Blockchain Company's Smart Contracts Were Dumb

it's probably still too presumptuous to say but i feel like this is kind of what it might have been like to witness the formation of early joint-stock companies (and their dissolution!)

but as sirer says: "The 'code was its own documentation', as people say. It was its own fine print. The hacker read the fine print better than most, better than the developers themselves. Had the attacker lost money by mistake, I am sure the devs would have had no difficulty appropriating his funds and saying 'this is what happens in the brave new world of programmatic money flows'. When he instead emptied out coins from The DAO, the only consistent response is to call it a job well done."
Smart contracts are and remain an incredibly exciting field. We have only begun to scratch the surface.

There can be no birth without pain, no initial foray into the unknown without some setback.

I believe that Ethereum overall will emerge from this in a few weeks, having been made much stronger as a result. It will have a newfound direction and charter that involves a slight pivot, away from "let's get DApps at all costs, let's make front-end programmers into smart contract writers," towards "let's build up the science of secure, smart contracts."
also btw, this is awesome...
The Evolution of Private Loan Agreements :P
posted by kliuless at 6:09 PM on June 17, 2016 [4 favorites]


The system was turned on Friday and was hacked within hours.
posted by Chocolate Pickle at 7:06 AM on June 18, 2016 [2 favorites]


I think Ethereum is interesting (and so does Microsoft, and other big players) but after reading the description of the bug ... jeesh. At least when I shoot myself in the foot with a programming language I can go to the doctor.
posted by RobotVoodooPower at 7:10 AM on June 18, 2016


The system was turned on Friday and was hacked within hours.

It's really hard not to feel schadenfreude over this. The entire point of cryptocurrency is tax avoidance. Bitcoin and all of these forks, sucessors and next big things in crypto money are explicitly built and marketed as "untraceable" endruns around "fiat currency" i.e., traceable and taxable by governments. The Libertarian GaltBros behind these projects aren't doing it to just to prove how much better techno-money is than paper, they're trying to opt out of the basic social agreement underlying the regular financial system, pay taxes and receive services in return.

It's kind of funny that in the process they've recreated problems which were essentially solved 75-100 years ago by regular finance, like bank runs and actual large scale bank heists being a legitimate threat, and this one is that much funnier because it sure seems like they left the blueprints to the hidden tunnel behind the bank vault framed in the lobby on opening day. But let's not pretend that there's any pure motives here. They don't want to pay taxes. That's the whole point.

(rephrasing from a comment in a deleted post)
posted by T.D. Strange at 7:13 AM on June 18, 2016 [4 favorites]


I would only partially agree with tax avoidance being the point of cryptocurrencies. Current fiat currency really does have a lot of non-governmental gatekeepers and rent-seekers, and a lot of them are honestly awful actors. I do understand the impulse to bypass all that, and I think it is one of the best arguments for cryptocurrencies.

But yeah, I completely agree that communities around most of them are primarily awful; people who want to be a big fish in a smaller pond, or somehow prove their own superiority by being "smarter" than other people, or somehow "screw the man", which is basically a laundry list of criteria for getting scammed. It's a big bummer all around.

Which is why I mine doge! in the winter, to help heat my apartment
posted by phooky at 8:10 AM on June 18, 2016


Also, a note from someone claiming to be the attacker. Unverified and probably bullshit, but kind of amusing either way.
posted by phooky at 8:18 AM on June 18, 2016 [1 favorite]


Reddit discussion about that letter from the attacker notes that the signature is not a validly formatted signature. (Not that it matters if it were; what signing key is the signature supposed to be for?) So it's probably just a lazy art piece. It's pretty funny though.

Speaking of funny, see also What stops someone from executing the attack now? The answer seems to be "um, nothing" other than some logistical inconveniences.

Even more funny: Why The DAO Attack is Good for Ethereum.

Given the widespread knowledge that the DAO design was not secure before it even launched, I'm curious about the specifics of how the $150M got committed. Does it bottom out to real money somewhere? Or is it all Ether and Bitcoin? I'm willing to accept Bitcoin is real currency, maybe at ten cents on the nominal dollar value for large amounts. Is there a legal contract somewhere about the transfer of that money into the DAO? I mean I know the whole idea of DAO itself is that there is no legal contract other than the code (the horribly broken stupid code). But how about the real money that went into it?

Wouldn't it be hilarious if some DAO insider was behind the transfer of Ethereum out of the fund? What a lovely fraud that would be, and conceivably entirely legal. "Here give me $150M and I'll give you some magic beans in return. Trust me!" Then again there's still the problem that the thief has to convert the magic beans back to real money, which might be increasingly complicated. And the value is diminishing rapidly.
posted by Nelson at 9:13 AM on June 18, 2016 [1 favorite]


oops...
Why I think TheDAO is a Success (ymmv ;)

verge writeup

re: taxes, GNU taler (for gov't!) -- helped brought to you by mefi's own jeffburdges! -- is specifically designed to prevent tax evasion which if you had a central bank minting/backing a digital cryptocurrency would be kind of useful :P
posted by kliuless at 2:11 PM on June 18, 2016


Miners to Be Offered One Million Ether – Claims DAO’s Alleged "Attacker" in Interview. Effectively bribing Ethereum participants to not accept a fork that would take the stolen money away. May or may not be a hoax, as all claims of being the attacker have been so far. I particularly like the idea that he might bribe Ethereum users using stolen Ether coins and Ethereum contracts for the payments. Code is law, bro.
posted by Nelson at 4:13 PM on June 18, 2016 [1 favorite]


What's interesting is Vitalik Buterin is now saying:
"The DAO is a piece of code. It does not have "terms", and there is no proof that the person who wrote those terms is the same person who uploaded the code. http://daohub.org and everything on github are just interfaces; they do not have the right to make legal agreements on behalf of an autonomous entity. Ultimately social contract decides. I think there will come a time when the technology is there for the social contract to lean much closer to "the code is correct in all cases" even for very complex contracts, but that time has arguably not yet arrived."
When The DAO's own terms, and Buterin is a "curator" of The DAO and an investor, say:
"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."
posted by zachlipton at 4:42 PM on June 18, 2016 [3 favorites]


Sigh. Aside from the piles of social problems they entirely ignored or dismissed, the technical issues are staggering. As someone who has written mission-critical code before, I say: if our space programs were developed like this, we'd still be blowing up 100% of the rockets on the launch pad.
posted by introp at 6:21 PM on June 18, 2016 [2 favorites]


If there was ever a domain where provably correct code had an application, it's contracts.
posted by Nelson at 8:20 PM on June 18, 2016 [2 favorites]


DAO is under attack again.
posted by Nelson at 7:21 AM on June 19, 2016 [1 favorite]


Jesus, this is like if William Gibson wrote a comedy.
posted by Sangermaine at 10:04 AM on June 19, 2016 [5 favorites]


No one would ever believe the characters in a story would be this careless with $150M worth of magic beans.
posted by Nelson at 11:56 AM on June 19, 2016


I've seen it suggested that the best course of action for DAO investors would be to launch their own instance of the exploit to try to recover some coins. Of course chances are its all gonna be worth fuck all by the time anybody can actually get it out.
posted by atoxyl at 2:35 PM on June 19, 2016


One funny side-effect of this is the impact it has on the arbitrage players. You see, part of the way The DAO worked was that you could "split" to remove your outstanding balance of ether from The DAO at face value, but that process took 48 days. Leading up to the hack, you could buy into The DAO for somewhere around 90-95 cents on the dollar, immediately split, and collect a tidy 5-10% return a few weeks later. Financial wizards that Ethereum enthusiasts are, a number flocked to this arbitrage opportunity, not really appreciating that the market was offering them this particular deal for a good reason that should now be obvious to all: there was a huge inherent risk in keeping your money in The DAO (or just in ether) even for a few weeks. What these folks thought of as arbitrage was actually a futures contract, and they wound up on the losing side.

So the "soft fork" that's being proposed now will freeze all funds in The DAO and all child DAOs, including the ones belonging to the arbitrage players who were just looking to move their money out before the hack even started. Those folks are describing themselves as "the innocent minority" and don't seem to recognize that the very reason their arbitrage opportunity existed was because the market, even made up of boosters as it was, priced the risk of keeping money in The DAO for just a few weeks that high.
posted by zachlipton at 3:53 PM on June 19, 2016 [7 favorites]


Can anyone explain what the "hack" consisted of? I don't want to learn another programming language or API, but from what I gather sending funds can involve your account, with your permissions, executing someone else's untrusted code. Is that what it boils down to? If so, how stupid is that? Extremely, or ridiculously?
posted by Joe in Australia at 4:45 PM on June 19, 2016


This is a pretty detailed explanation that is more-or-less understandable without much Ethereum knowledge.

Here's an analogy I've been playing with, and it's simplified because there were actually several parts to the hack and this only covers one of the main ones, but I like it. You go to the bank and speak to an incredibly literally-minded teller. Every time you want to withdraw money, the teller is supposed to do the following: check to make sure you have enough money in your account to cover the withdrawal; put the cash on the counter and wait for you to take it; then deduct the amount of the withdrawal from your balance. This leads to a fatal flaw: you can do anything you want while the money is sitting on the counter, including ask for another withdrawal, all before the teller updates the balance in your account.

So what does the attacker do? Say he has $100,000 in his account. He walks up to the teller and asks for $100,000. The teller checks his account and sees that he has at least $100,000, so it's ok to proceed. Then the teller puts the cash on the counter and waits. The attacker then says "I'd like to withdraw $100,000 please." The teller checks the account, sees that there's still $100,000 in the account, and puts another $100,000 on the counter. The attacker keeps doing this until the teller's head is about to explode (because the teller can only handle 128 transactions at once), and his balance never decreases because that only happens at the end of the transaction.

Normally, this would have only worked 128 times in a row before the attacker's balance was zeroed out after all the recursion, but the attacker found a further clever loophole (step 4a in the link above) to get around that too.
posted by zachlipton at 8:05 PM on June 19, 2016 [4 favorites]


An opinion piece last month on The Law of The DAO:
As litigation lawyer Steven Palley suggests, DAOs would likely be considered general partnership or joint ventures, resulting in any participant being a representative of the DAO’s interests. Palley’s article earlier this year suggests that DAOs would be considered general partnerships, which would allow a plaintiff to reach individual participants for service and or liability.

Under Palley's theory, anyone suing The DAO could attempt to obtain jurisdiction over the organization by serving any human participant in The DAO. If considered a general partnership, each partner would then be held jointly and severally responsible for all liabilities of the business, and all personal assets of each partner are subject to seizure or lien by creditors. Thus, the parties to a DAO may have unlimited potential liability for the entity’s actions. The lack of regulatory recognition will thus limit the utility of DAOs for risk-mitigation.
"Jointly and severally responsible for all liabilities of the business" are the scariest words in the English language, and much of the last few hundred years of corporate law has been designed to make us all forget that limited liability corporations were once considered extremely dangerous beasts.

What would possibly possess someone to invest in an autonomous computer program where they could be held completely liable for virtually anything voted on by a mostly-anonymous collective? Who wants to be personally on the hook if The DAO decided to invest its funds into clubbing seals or giving cocaine to babies? In what universe is "how would you like joint and several liability for the actions of thousands of partners that you'll never know in a venture that will be executed by an unthinking automaton?" not an investment pitch you run away screaming from?
posted by zachlipton at 12:48 PM on June 20, 2016 [4 favorites]


Solar-storm: A serious security exploit with Ethereum, not just the DAO. Another significant security flaw in the language underlying Ethereum contracts. I'm beginning to think these genius kids shouldn't be allowed near computers real people use for real things.
posted by Nelson at 9:27 AM on June 21, 2016 [2 favorites]


...honestly I don't really blame the kids. I blame the sycophantic child-genius worshippers who throw their money at these projects like so much pixie dust.
posted by odinsdream at 9:37 AM on June 21, 2016 [3 favorites]


Honestly, this whole episode reads like a second-year or (maybe) third-year uni project.

"OK, very nice, but what happens if there's a race condition? ... you remember race conditions, from when we did database design?"

"You're relying on a token to allow record access. What happens if the token state gets lost? No, suppose it can happen. What then?"

"Have you considered what happens to the function's internal state if it's re-entrant? No?"

And these guys got $150 million dollars.
posted by Joe in Australia at 7:44 PM on June 21, 2016 [1 favorite]


Joe in Australia: "Honestly, this whole episode reads like a second-year or (maybe) third-year uni project. "

Not being an expert (or even barely Wikipedia-level informed) in concurrency, I'm relieved that at least someone else is of the same opinion. A bunch of these issues seemed to me (again, as more or less a layman) fundamental to concurrent systems and thus maybe should have well-known mechanisms to address them (mutexes? semaphores? not sure) that don't seem to be used here.
posted by mhum at 11:37 AM on June 22, 2016


Oh it just gets better. Apparently they white hat drained the remaining funds in The DAO into two child DAOs to try to at least return a chunk of everyone's money and now the attacker (or a different one) is draining that DAO too.
posted by zachlipton at 12:24 PM on June 22, 2016 [1 favorite]


Blockchain Company's Smart Contracts Were Dumb: thoughtful piece (with examples) on why human systems have human interpretation of what contracts mean, not just literal reading of the text.
posted by Nelson at 8:10 AM on June 23, 2016


Slides from that keynote I mentioned earlier. They're noticeably silent on their blog.
posted by odinsdream at 8:57 AM on June 23, 2016


A parliament without a parliamentarian - "it might be useful to explain what I think 'blockchains' are, in social rather than technical terms."
Congress itself produces nothing but a set of official minutes, but those minutes create important social facts because we each expect other people to take them seriously, so we ourselves take them seriously, so the contents of those minutes create important social consequences. The Bitcoin blockchain produces lists of who spent what to whom of an imaginary, artificial, funny money. But Bitcoin users have become willing to surrender objects of real value for appearing on lists of Bitcoin recipients, and as long as we expect that to be true, we must take the blockchain’s adjudication of who owns what seriously. A blockchain, like a parliament, is much more a social institution than a technological one, although very clever technology was necessary to design blockchain systems that could become socially credible. Like political systems, some mix of continued legitimacy and path-dependent coordination equilibria (“network effects”) determine how durably and powerfully blockchains will be able to shape social facts into the future. Continued legitimacy may depend on continued adherence to widely shared norms, on perceptions of fairness and representation, and on how effectively the blockchain’s decisions serve the actual interests of the community that relies upon it.
also btw!
-Forming a social and political consensus in the realm of the digital
-Contracts, Code, and Complexity
-The big theDAO heist FAQ
-Understanding The DAO Hack for Journalists
-Blockchains and Buzzwords
-Legal exploits and arbitrage, DAO edition
-Cryptocurrency: No longer sticking it to the MAN
-SEC Official Says Ethereum Hack Illustrates Blockchain Concerns
-The Path to Learning requires Failing: The DAO
-Gavin Wood presentation #dbc16 hack of the DOA smart contract and options
-Proposal: Overriding Smart Contracts Through Opt-In Voting
-We need fault-tolerant smart contracts
-Cornell Professor Calls for 'DAO 2.0' Movement
-What Ethereum's DAO Disaster Means for Bitcoin Development
-Ethereum is Doomed
-A tale of two cryptocurrencies: Ethereum and Bitcoin's ongoing challenges (via)

oh and :P
Banks claim blockchain breakthrough in money transfer - "Instead of transacting via local currency accounts at correspondent banks around the world, the banks convert funds to Ripple's own digital currency, known as XRP, then complete an exchange almost instantly. Until now, the settlement process has been slow — often three to five days — and prone to errors."
posted by kliuless at 3:34 AM on June 24, 2016 [1 favorite]




« Older The GMZ   |   Now You Can Visit the Oldest Library in the World Newer »


This thread has been archived and is closed to new comments