A Painful Lesson For The Ethereum Community
By Frances Coppola for Forbes
After a torrid few weeks arguing about what to do, while the DAO (Decentralized Autonomous Organization) became ever more corrupted due to repeated attempts to recover the money without fixing the code problem that made it impossible to prevent the money being stolen again, the Ethereum community has finally bowed to the inevitable. The DAO code has been returned to a point prior to the original attack – a “hard fork”. Ethereum has had its first bailout.
The majority of Ethereum miners have agreed to this. This is hardly surprising, since a lot of them had invested in the DAO and it meant they got their money back. The puritans who objected to the bailout on the grounds that it fatally compromised the “immutability” of blockchain were never going to win. Accepting large losses for the “greater good” is the province of saints, and there aren’t many of those around these days.
Equally unsurprisingly, the tech geeks at Slock.it are now patting themselves on the back for their genius in solving the problem that they caused in the first place by putting live a bad piece of code after inadequate review and testing. “What an accomplishment!” cries Christoph Jentzsch:
Separate from the discussion of whether a hard fork because of the DAO is a good or a bad idea, the very fact, that the Ethereum community (devs, miners, exchanges, researchers, …) has come together, often setting personal opinions aside, and successfully managed a hard fork in this situation is truly remarkable. Given the time constraint, the fact that we were able to come to consensus on this matter is an outstanding accomplishment.
We are able to hard fork!
Reaching consensus is an outstanding accomplishment, when the majority of people involved faced losing a lot of money if they didn’t reach consensus? Really?
It is frankly unbelievable that anyone seriously thought this was a prisoner’s dilemma. The community had nothing to lose by voting to fork, and everything to gain. The remarkable thing is that there do appear to be a number of holdouts: Ethereum guru Vitalik Buterin says that 85% of miners have voted for the fork. The remaining 15% are presumably either saints or had no money involved.
Christoph’s self-congratulation then heads for the bizarre:
Although some do question the analogy “code is law”. I do not. We just found out that we have a supreme court, the community!
Oh dear. Christoph seems unfamiliar with the concept of “tyranny of the majority”, and the reasons why legal systems in civilized countries generally do not allow a majority of self-interested people with their brains in their wallets to amend the constitution to suit themselves. This isn’t a “supreme court”, it’s a cabal.
The fact is that Ethereum has compromised its principles in order to rescue a client. Or, in the language of another world, the Ethereum central bank has directly recapitalized the DAO commercial bank by monetizing its debts. I could wax lyrical about the incestuous relationship of Ethereum and the DAO that made this decision inevitable: DAO investors and Ethereum miners are to a large extent the same people, and even some coders have money in the game. Moral hazard, much?
That said, there really wasn’t any other viable alternative. The DAO was fatally corrupt. There was no way of bringing the attacks and counter-attacks to an end without fixing the code, but a permanent fix meant a hard fork. I suppose the community could just have written off their investment, put it down to experience and moved on, but….come on, this is banking, really. If you know you might get bailed out if you lobby hard enough, what do you do?
So now the question is – how does Ethereum avoid more bailouts in the future? Well, writing good code and testing it properly would help, for starters. After reading a lot of stuff about how no-one could possibly have spotted the code problem, I had a look at the code myself. It’s not my language (I’m an RPG geek), but it’s comprehensible. That code would not have passed any code review I was doing: it did not maintain the integrity of the data it was manipulating. However, I was of course looking at it with the benefit of hindsight, and even the best code reviewers miss things. But Ethereum needs to be FAR more rigorous about coding standards, review and testing if it wants to be taken seriously.
But there is a wider issue here. Has this bailout set a precedent? In an interview with the Wall Street Journal’s Moneybeat, Vitalik Buterin said it hasn’t, because Ethereum is still being developed:
“I totally get both sides,” Vitalik Buterin, the creator of Ethereum, told MoneyBeat. He said the reason he supports the fork is that Ethereum is still in development stages, and isn’t fully formed. As it grows, forks like this will be harder to do. “I don’t think the way things are done right now are precedent setting.”
Buterin has just dug himself a very large hole. The unfinished state of Ethereum should have been made clear to its investors – and those who invested in the DAO – up front. No way is it ethical to persuade people to invest large amounts of money in a product whose key selling point is its immutability, then when it goes wrong claim that it wasn’t ready for release and needs to be changed. It’s perhaps going a bit far to call this a scam, but it is certainly weapons-grade naivety to imagine that code thrown together in a hurry without much in the way of testing should even be put live, let alone sold as “immutable”. Seventeen years of working in financial systems taught me that you just DON’T take such risks with people’s money.
The problem with deciding that Ethereum, and by extension the DAO, are still in development (rollbacks are part of life), is that they are in fact live as far as their users are concerned. Never mind the code, the problem is the data. Data in a live financial system should not be changed. That is true even in existing financial systems. The Ethereum community has agreed to a change that makes their system less trustworthy than a conventional financial system. For a technology that aims to disrupt conventional financial systems, that is not clever.
But even less clever was the decision of Buterin and his fellow geeks (well, if it even was a conscious decision) to test “in live”, taking risks with their user community’s money in order to prove their system. Admittedly it is funny money, but as the funny money is convertible to real money there was always a risk of tangible losses for investors. And as investors didn’t realize they were being used as guinea pigs, bailouts were – and probably still are – inevitable. Refusing to bail them out would be a major breach of faith.
Bailouts aren’t a community decision, whatever Christoph may think. It is the decision of the geeks that matters. This hard fork was only possible because the geeks decided to make it possible. Fundamentally, “to fork or not to fork” is a technical decision. So it is the geeks, not the investing community, that really run this show. But to preserve the illusion that the community is in charge, they have to do what the community wants. And the community wanted a bailout. So they had to provide one, or the game was up.
The “Vitalik put”, as FT Alphaville’s Matt Klein dubbed it, saved the investors’ bacon this time. Whether or not they would be saved again depends entirely on whether Buterin thinks they should be. And he is hedging his bets. He hasn’t exactly said that this is a one-off, has he?
But people believe what they want to believe, as this comment sequence on Disqus shows:
Ethereum is only immutable because Buterin says it is. Until he changes his mind. Which he inevitably will, next time there is a major loss. His investors will expect him to, since – y’know – the system is still “in development”. And he will agree, since – y’know – the community is in charge. It’s all smoke and mirrors, really. Now where have we seen this before?
The Ethereum community is painfully learning why, after thousands of years “in development”, banking works the way it does.
An earlier version of this post wrongly attributed the quoted comment sequence to Reddit, not Disqus.
First appeared at Forbes