In my last blog post, we examined the pros and cons of smart contracts in the context of capital markets. Today, we are taking a closer look at what happened with The DAO in particular. This is relevant to smart contracts because The DAO, a Distributed Autonomous Organization on the Ethereum blockchain, was established to invest in projects voted on by its member investors and these transactions were administered through a smart contract. The intent of The DAO is to eliminate the traditional notion of a business organization, even eliminating third party intermediaries in certain circumstances.[1] Think of it like a crowdfunded business that has no management or central authority.
In this case, investors placed Ether, the cryptocurrency, in The DAO as a means of creating a stake or membership in the organization.[2] The code outlining each member’s stake is the smart contract. Once a certain level of initial funding was achieved, projects could be submitted to The DAO for consideration and voted upon by the membership for acceptance or rejection.
Anyone could submit a proposal and 11 curators would review the proposals with five having the authority to approve or disapprove of a proposal. Then using a ‘multi-sig transaction’ they would sign/verify and permit the proposal to proceed. Once a project was approved, it would take 27 days from the participant’s request for funds until funds could be removed.
What happened next illustrates the point of the challenges related to smart contracts, namely coding. As mentioned in my previous blog, code is only as reliable as those who create it in the first place. Despite tremendous amounts of intellectual capital, which is often aided by de-bugging software, it can be difficult, if not impossible, to account for every possible contingency, not only now but into the future.
In this case, the way the smart contract was written made it susceptible to a recursive call and a hacker took advantage of this weakness. The exploitation of that weakness has created a debate around the fundamental legality of the contract—regardless of whether or not the funds were returned by the attacker. That is because the value of Ether depends upon consensus and trust in the code. If that trust is lost, the system fails. While many smart contracts continue to be executed on Ethereum, with Ether as its means of value transfer, the uncertainty surrounding the stolen funds and the vulnerabilities it brought to light put pressure on its value.
In this instance, the attacker diverted the stolen funds into another smart contract with the same embedded cooling off period in the code, giving developers 27 days from the initial attack to find a solution. During this time, the developers launched a “white hat attack” to move the remaining funds and ultimately formed a “hard fork” at a point just prior to the attack, which created a permanent divergence in the blockchain.[3] The hope is that the member community will accept this solution and build consensus around the blocks of transactions on this version of the chain. This would invalidate the blocks/transactions of the attack, as well as any that came after, and leave this chain “orphaned.”[4]
The bottom line: Compared to the relative complexity of many financial assets, this code was very simple, the intent of the transactions was straightforward, its audience was limited and yet a weakness in the code was exploited very quickly.
This is important when you consider using smart contracts in a more complex environment, like that of derivatives, convertible bonds and securitized assets. It brings to light the challenges of trying to use smart contract-enabled business processes in today’s nascent blockchain world. And, to be clear, the investors in The DAO were well apprised of its potential risks.
I want to stress that, while The DAO used Ethereum as its foundation, Ethereum was NOT hacked. To me, saying Ethereum was hacked in this instance would be like saying the Internet was hacked after a website was attacked or compromised.
In the end, this unfortunate situation only highlights the fact that blockchain has a maturity curve that needs to be realized before the notion of fully automated smart contracts can be safely and reliably applied to financial assets. More research and development needs to be done related to the legality of smart versus traditional contracts, security threats to both the underlying code and potential external inputs to that code, and how governance models can be structured in such a way so as to enhance the potential benefits of blockchain without simply creating centralized applications.
Accenture works with leading blockchain solution providers across a range of use cases and is a member of the Hyperledger Project. To learn more about our work in blockchain or to discuss smart contract and how they may apply to your business, send me an email.
[1] http://www.coindesk.com/the-dao-just-raised-50-million-but-what-is-it
[2] Ethereum describes Ether as, “’crypto-fuel’, a token whose purpose is to pay for computation, and is not intended to be used as or considered a currency, asset, share or anything else.” See https://www.ethereum.org/ether for more information.
[3] http://www.coindesk.com/ethereum-developers-draining-dao
[4] There has been an ongoing debate on the merits of the fork. Purists believe the rollback and hard fork is contrary to the spirit of The Dao and immutability of blockchain. Others support the developers’ decision to foil the hacker and undo the theft. While roughly 85% of miners began mining the ‘new’ fork (see http://www.wsj.com/articles/cryptocurrency-platform-ethereum-gets-a-controversial-update-1469055722), as of the writing of this post, there continues to be activity on both chains in the fork. Stay tuned.