Why I changed my mind and now endorse a hard fork
This post is inspired by a live discussion led by Andreas Antonopoulos on June 29, covering the most recent developments in TheDAO and Ethereum. This excellent discussion can be viewed in its entirety here. The opinions expressed in this article are my own and do not necessarily reflect those of the panelists or other researchers at CryptoIQ. In the spirit of full- disclosure, I own both DAO tokens and ether. Nothing here should be construed as investment advice.
A Costly Experiment
Shortly after TheDAO hack came to light, and it became evident there is an unintended flaw in the code, allowing an unscrupulous party to enrich itself at the expense of all other DAO token holders, I thought it best to let TheDAO simply run its course and chalk it up as a failed experiment—a very expensive experiment indeed!
Despite being a micro “investor” in TheDAO, I held fast to the principle of not messing with a public blockchain for many of the ideological reasons cited in Dr. Gilot’s persuasive article, Code is Cruel. The risks seemed too large in my view. My calculus clung to an ideal adopted from Bitcoin, the immutability of its blockchain, secured by proof-of-work, is sacrosanct. Altering Ethereum’s blockchain to void the actions of a software exploit— programmatically permitted—though not intended by TheDAO coders, seemed a slippery slope. When the Mt. Gox exchange collapsed in 2014, the price of bitcoin suffered severely. Because control of private keys had been relinquished and granted to an unethical third-party, Mt. Gox, hundreds of thousands of bitcoins were at risk. The Bitcoin ecosystem went into a tailspin. Even so, there was never any serious consensus reached on rolling back the Bitcoin blockchain to make the users of Mt. Gox whole. Code can be cruel. Those who traded on Mt. Gox and stored bitcoins with them were putting their trust in a third-party—an unregulated one. There was no flaw in Bitcoin. A protocol whose very purpose is to maintain indelible records of financial transactions could not risk damaging the inviolability of its blockchain, despite the malfeasance of Bitcoin’s largest exchange at the time.
A Nuanced Perspective
I know many view the failure of TheDAO as Ethereum’s Mt. Gox moment. I certainly did, and there are some valid comparisons to be made. TheDAO was a faulty application built using Ethereum’s blockchain. The losses to DAO token holders are unfortunate, but the disappearance of TheDAO doesn’t threaten the long-term viability of Ethereum, just as the collapse of Mt. Gox didn’t kill Bitcoin. So aren’t the risks of compromising the sanctity of Ethereum’s blockchain too great? That’s what I thought using the Bitcoin experience as a baseline; however, after some careful consideration and taking into account the views of many experts, I think a more nuanced treatment of this situation is justified—here’s why.
First of all, Bitcoin and Ethereum are built and designed for very different purposes and are being optimized for their own particular niche markets. It’s not either or, but both—and possibly many more blockchains, that have a place in the emerging crypto-currency ecosystem. Bitcoin is designed to be peer-to-peer digital cash, not reliant on “trusted” third-parties. Ethereum, on the other hand, is designed for smart contracts and decentralized applications (Ɖapps). If we carefully examine the purpose for each of these systems, a subtle distinction arises that makes room for relaxing the immutability of the Ethereum blockchain in this extraordinary case. Obviously, a de facto digital currency such as Bitcoin cannot risk the sanctity of its blockchain. Change who owns or controls a given number of bitcoins for the sake of correcting the wrongdoing of a peripheral actor would be akin to suicide for the protocol, undermining the confidence in its value.
Ethereum is focused on higher level applications, however. Rather than mere digital value, snippets of code reside on Ethereum’s blockchain, designed to execute as programmed, with the potential to create highly complex apps that are censorship-proof. TheDAO was just such an application. A blockchain fundamentalist would therefore insist that Ethereum should not rescue TheDAO under any circumstances. But if we view this as a learning experience, where complex code was released “into the wild” too soon, and safeguards are implemented to forestall such flawed code in the future, limiting potential losses by capping the value of contracts, requiring escape hatches in certain cases, building apps from simpler, modular and well-tested code, etc., then it may be in the best interest of Ethereum to quickly excise TheDAO code and refund the ether to investors.
Although TheDAO code was flawed in its design, the developers included a time-based failsafe mechanism, locking the ether inside TheDAO for about a month. This means that if a hard fork is successfully executed before July 15, the DAO token thief will be left empty-handed and investors in TheDAO will receive a full refund of the ether invested. No other Ɖapps on the Ethereum network will be affected, and the transaction history of ether tokens will remain unchanged.
Soft Fork Option Eliminated
A few days ago, the Ethereum miners embraced a proposed soft fork to freeze TheDAO tokens taken by the hacker. At the very least, it would buy the community time to consider further action. Then this article by Cornell researchers was released, revealing how the soft fork contained a potential DoS attack vector that could negatively impact the performance of the entire Ethereum network. Fortunately, this vulnerability was revealed prior to implementing the soft fork. Ethereum miners have rapidly withdrawn support for a soft fork. In addition, white hat attacks have been mounted against TheDAO exploiter, but these “DAO Wars” can easily result in a gnarled knot of spaghetti code, even more vulnerable to subsequent exploits due to increasing complexity.
The good news is, the elimination of the soft fork option, has reduced the choices on the table to either hard fork or no fork at all. No fork would result in DAO token holders losing most, if not all, of their funds due to the flawed contract. TheDAO attacker would also make off with millions of dollars of ether and potentially gain undue influence in the Ethereum network as it moves to proof-of-stake next year. This would satisfy blockchain fundamentalists and those yelling “no bailouts”—but remember, it’s not only about the money in the case of Ethereum, rather it’s the viability of smart contracts and Ɖapps altogether, still a completely new area of research and experimentation.
The Ethereum network is designed to run applications such as TheDAO. It was, however, simply too complex and unwieldy at this stage in the evolution of smart contracts and Ɖapps. In this sense, the Ethereum community has a vested interest in how such a high-profile instantiation of a smart contract unfolds. About 14% of the ether in circulation was invested in TheDAO. The best path forward, I would argue (in agreement with many experts) is a hard fork to remove TheDAO contract from the Ethereum blockchain and simply refund the DAO token holders. It would be as if TheDAO had never happened. If the vast majority of the Ethereum community, including miners, of course, rally around this solution, then developers can move forward with a clean slate to build better and more secure smart contracts and Ɖapps. Greater caution by both coders and investors will be called for, and the revolution of decentralized apps will move ahead.
At this early stage in the experimental field of decentralized consensus, code is still only code, and we have a choice to override a malicious actor in this edge case. Because we’re fundamentally dealing with the nascent field of Ɖapps, as opposed to a digital currency like bitcoin, I believe Ethereum can easily weather a one-time hard fork without sacrificing future credibility. Great lessons have been learned, and many more will certainly follow.