home > archive > 2016 > this article


"Rally ‘round the fork, boys!"

By Daniel M. Ryan
web posted June 27, 2016

The hack of The DAO, by far the biggest-funded crowdfunding project in crypto space, was by far the shock of the month in crypto land. I gave a run-down on what went haywire last week. What you're about to read is a follow-up, as the tale has at least one unbelievable twist and a definite sequel. The Ethereum community has indeed rallied ‘round the wounded DAO in an impressive display of community spirit; the planned soft fork to freeze the stolen Ether is well on its way to being implemented. Despite the almost heretical implications of a ledger-altering hard fork, the community is slowly rallying around it too. Their efforts show the good side of a Vigilance Committee, a posse that's catching the bad guys and leaving innocent people unhanged. But in so doing, they'll be opening the door to eventual regulation of the cryptocurrency-only subsector.

The Hacker Surfaces, Maybe

The day after the hack, an open letter was posted on Pastebin that was signed "The Attacker." Whoever this fellow was, he's certainly brassy. Although the letter was impossible to authenticate, leaving open the chance that it was a sophisticated troll, its contents showed "The Attacker" to be an unusually nervy fellow:

To the DAO and the Ethereum community,

I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of "child DAOs".

I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:

"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO's code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO's code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO's code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO's code controls and sets forth all terms of The DAO Creation."

A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. Such fork would permanently and irrevocably ruin all confidence in not only Ethereum but also the in the field of smart contracts and blockchain technology. Many large Ethereum holders will dump their ether, and developers, researchers, and companies will leave Ethereum. Make no mistake: any fork, soft or hard, will further damage Ethereum and destroy its reputation and appeal.

I reserve all rights to take any and all legal action against any accomplices of illegitimate theft, freezing, or seizure of my legitimate ether, and am actively working with my law firm. Those accomplices will be receiving Cease and Desist notices in the mail shortly.

I hope this event becomes an valuable learning experience for the Ethereum community and wish you all the best of luck.

Yours truly,

"The Attacker"

No, no-one slipped something strange in your coffee. "The Attacker" really did write that his theft was a valid use of The DAO's computer code, and that he had a right to sue the Good Guys if they brought back the Ether. It's as if a burglar claimed that he had the right to bust down your door and rob your place because doors were meant to let people into your house – and then threatens to sue both you and the cops if either recovers the booty.

Needless to say, our intuitions are correct. Pamela Morgan, a cryptocurrency lawyer who was an invited guest on a special two-hour confab on The DAO called LTB Live - TheDAO The Fork The Fallout, pointed out that common-law corporate law would consider "The Attacker"'s self-righteous claim to be flimsy indeed. The ambiguity resolves around there being no jurisdiction and no arbitration procedure for The DAO, as well as the point in the Terms and Conditions of its purchase that said: "The DAO's smart contract code governs the Creation of DAO tokens and supercede [sic] any public statements about The DAO's Creation made by third parties or individuals associated with The DAO, past, present and future." "The Attacker" read this condition to mean that, since he found an exploitable bug in the software, he used the smart contract code in a manner consistent with the terms of sale.

But unfortunately for him, and fortunately for our sanities, the absence of legal specification means that a common-law court would consider The DAO to be a general partnership and all of its token holders to be general partners in the enterprise. So, the hacker himself was a general partner when he performed his attack. In common-law business law, general partners are held to three duties: a duty of loyalty, which prevents general partners from dealing with the partnership in an adversarial way; a duty of good faith; and, a duty of fair dealing. At least two of these three would pull the rug right out from under the attacker, especially the first. At least arguably, the hacker breached all three.

Moreover, this standard commercial-law regime allows the judge to insert "constructive" clauses into a contract that (s)he deems are clearly implied. "No theft allowed" would be a no-brainer in this category. The only point of quibble is rooted in the fact that The DAO as it stands is jurisdictionless, and these rules only apply in legal systems that inherited the principles of the English common law. Many have, but some haven't. So if "The Attacker" did follow through on his threat, which he almost certainly won't, the whole suit-countersuit imbroglio would likely be snarled up in challenges of venue. Jurisdiction-shopping is a game both sides can play. Just imagine what would happen if ten or twenty courts in ten or twenty jurisdictions heard and ruled on the same case. 

The hacker, or the imposter, seemed to be aware of this. The next day, someone claiming to be him showed up in The DAO's Slack chatroom under the nickname daoattacker. He gave away 6.37 Bitcoins on the #general channel of that chatroom, a giveaway that was authenticated by the Bitcointalk user bitusher1. He then announced a bounty to Ethereum miners if they opposed the ledger-altering hard fork and the Ether-freezing soft fork. He promised 1 million Ethers, worth more than $14 million as of the time of this writing, plus 100 Bitcoins to be sent to the miners if they let him keep his haul. He expanded on this claim in an interview with a CryptoCoinsNews writer who had found him on that same Slack channel. 

Whether or not this fellow was the real hacker, an associate or confederate, or just a troll doing it for lulz, is impossible to determine. But this backstopping did indicate that the "Open Letter" – if legitimate – was a bluff. Given that Ms. Morgan could explain those commercial-law considerations in a way that even your humble keyboard-pounder could understand, it's a sure bet that a real legal firm would have supplied advice to "The Attacker" that was tentative and full of caveats. This part of the law is likely learned in first-year law, and is certainly learned in at least one of the three years. The letter has the definite odor of amateur-lawyer to it: seize on a principle that favours your side in blissful ignorance of more comprehensive overruling principles that any pro would have learned about as part of the standard training. Clearly, the above-mentioned "law firm" was "Google, Yahoo! and Bing".

If you're perplexed as to why the self-claimed attacker was treated civilly, it's because a successful hack is a lot like a kidnapping. Consequently, even the victims fall into hostage-negotiator mode. But there is more to the story: the technically sophisticated sort, even if they're victims, do tend to extend professional courtesy to an especially astute hacker. Moreover, lots of folks in "the other county" whose own oxen haven't been gored fall naturally into "you shoulda known" mode. Case in point: the Bitcointalk user smooth, who's a dev with a completely different cryptocurrency named Monero. He flatly took the hacker's side by saying that there was no hack; it was just legitimate if unexpected use of The DAO's lousy code.

Life does have its rough side in the frontier.

In Posse Assembled

Another Youtube interview, with The DAO team member Griff Green, gives an insider's view of the hack and the Ethereum community's response to it. Although Mr. Green's tone did have some levity, he was quite serious about the eighteen-hour days pulled by the team in order to replicate the bug and then put together a rescue strategy. He illustrated the rally-round that the heavyweights in the entire Ethereum community demonstrated. A lot of independent talent joined in to help, including some who examined Ethereum's smart-contract programming language Solidity for flaws too. Put simply, there's a pitfall with a Solidity feature that's easy to use: the ability of one smart contract to call another smart contract and activate it. The trouble is, a smart contract can be fired up by another contract in a way that changes the first contract's state – the value of its variables – in a way that the programmer of the original smart contract did not anticipate. Add a current lack of a defensive-programming toolkit appropriate for Solidity, and you get unexpected behavior: the notorious "undefined" that rings alarms bells in every serious C programmer's head. Unfortunately, this peril is the Solidity analog of the notorious - and notoriously buggy – "spaghetti logic" that programming languages with goto commands can give rise to. Since the Ethereum dev team assumed more-or-less innocuous behavior, they were most worried about infinite loops instead of theft. They didn't see some of the monsters lurking inside the contract-to-contract rabbit hole, not until it was too late.

Mr. Green explained that the forking solution was feasible because Ethereum's blockchain is more like a real ledger than Bitcoin's. Because the exploit relied on a withdrawal function that cloned The DAO's code into a child DAO that resided in a different Ethereum address, the instances of the code has the same identifier on the Ethereum blockchain. (So do all child DAOs created by the split function.) It's this common identifier, in the form of a hash, which makes it feasible to reverse the theft by excising all instances of The DAO's code and replacing it with a simple withdrawal function. If the hard fork goes through, that's how it'll work. The same identifier makes the soft-fork freeze feasible too.

At bottom, the decision to perform a fork is a community decision. The miners have to agree to mine a blockchain that includes these forks. Although the community heavyweights do have a lot of influence, which has prompted some outsider snarks, the implementation of the decision rests in the hands of the community. As I write this, it looks like the soft-fork part of the rescue operation is going to go through. More and more experts are urging the hard fork, and the Ethereum community is getting over its natural resistance to censoring the blockchain.

The Future, And The Shadow In The Distance

As things settle down, there've been a lot of techie observations that say this hack-and-response is huge learning experience. Unfortunately, as some have noted, it won't just be a learning experience for Ethereum's programmers and community. It's also a learning experience for lawmakers and would-be regulators.

Blockchain-altering hard forking to reverse thefts is not popular in the cryptocurrency world. About two years ago, eight million's worth of a then-popular altcoin named Vericoin were stolen by a hacker of a now-defunct exchange called Mintpal. To help out the exchange, the Vericoin devs rolled out a hard fork that did reverse the theft but also chopped off all transactions in the same block as the theft plus all subsequent ones. This chop-and-graft alteration, which was supported by its community, turned Vericoin from hot to all-but dormant for well over a year and a half. The judgment of the outside altcoin community was that Mintpal should have suffered for its buggy code. It should have taken the fall for being vulnerable to an embarrassingly basic hack called an SQL injection; the Vericoin ledger should have been left alone.

In addition to altcoin-community beliefs, it's the surgery-with-a-chainsaw nature of this chop-and-replace procedure that has kept prior hard forks at bay. Because the innards of Bitcoin-like blockchains contain trails of transaction outputs collected all together in blocks, there's no surgical way to alter their ledgers. As noted above, this is not the case for Ethereum. The devs and community can excise specific transactions, which is what their hopes are resting on for the in-play rescue operation.

But this intrepid, high-powered and exhausting posse operation does show that it's feasible for the devs to be obliged to excise other transactions. Not only ones that effect plain theft, but also others that a certain institution deems illegitimate.

Yes, I'm afraid that the rescue operation will serve as the thin edge of the wedge for regulators to enter the cryptocurrency-only economy. With the precision of excision, smart-contract blockchain rollbacks will incur a lot less collateral damage than a Bitcoin-like ledger alteration. This operation, if successful, will quash a major argument against regulating the crypto-only space. "Infeasible without a lot of collateral damage" will no longer carry as a general principle.

Given the fact that Joe Mainstream does think that regulated is better than unregulated, there's even a bittersweet argument that a successful hardfork will have the opposite outcome to Vericoin's. Instead of killing Ethereum, the ledger excision might well help Ethereum and make it bigger. Since it's been successfully marketing itself as the Clean Cryptocurrency, unencumbered by Bitcoin's dark-market past, it might well end up as the crypto-goat that led the others into a more…mainstreamy regulatory regime.

When you meet the mainstream, you meet the demands of the mainstream. ESR

Daniel M. Ryan, as Nxtblg, is shepherding the independently-run Open Audi Initiative Prediction Market Shadowing Project. He has stubbornly assumed all the responsibility and blame for the workings and outcome of the project.





Site Map

E-mail ESR



© 1996-2020, Enter Stage Right and/or its creators. All rights reserved.