A large vulnerability has been found in The DAO and someone is at the time of writing funneling all it’s Ether out.
A proposal has been made for the various Ethereum implementations to:
- Create a Soft Fork to freeze funds in any DAO sharing the same code as The DAO. This would stop funds being released while giving the community time to correctly implement the next step
- A hard fork allowing people to get their funds out
On the sound of it to most smart compassionate people in particular programmers, this sounds like a good solution. However it introduces certain major risks:
Pierces the decentralized veil of Ethereum
What does this mean? A corporation is a legal fiction, separated from its share holders from a legal liability standpoint. This separation is known in law as the corporate veil.
If shareholders don’t follow official governance procedures and treat the companies property as their own they can lose the legal protection of this veil. This is known as Piercing the corporate veil.
Ethereum and Bitcoin have their own veil protecting the developers and promoters. You could call it the “veil of decentralization”. Core developers can not be held legally liable through this, since the code is run by independent miners and written by multiple code implementations.
These same developers are now coming up with and promoting a fix that is unrelated to the protocol itself. By doing so they are unintentionally opening the possibility of “The veil of Decentralization” being pierced.
In other words they are setting precedence for future interventions and even more worrying introducing personal liability for themselves in these cases in the future.
Where before there was plausible deniability if someone lost funds, now they have said we have the ability to act if there is enough pressure.
For a developer this may not make sense, but this is exactly the kind of hole a lawyer will go for in the future.
Converts a large but limited liability by investors in to a unlimited liability for Ethereum core team
As it stands the current legal liability is primarily on the investors. Securities lawyers and regulators would have a pretty good case in court that the promoters of The DAO (Slock.it UG) and it's principals are also liable.
Creating this takes the pressure off of those 2, but adds a large potential future liability onto the Ethereum Foundation and Vitalik Buterin instead. Which is a shame as they are only trying to help out the investors.
Turning Ethereum into a semi-permissioned ledger
No, this does not mean we need to show ID to be able to have an Ethereum account. It does mean that there is precedence for blacklisting code and accounts in the future.
Now we have shown that we can blacklist code we have unintentionally opened the flood gate.
The DAO’s developers and investors were warned repeatedly of the risks of releasing a large piece of code without some sort of investment cap.
- The DAO: This is not being marketed properly, nobody understands what this is
- Comment's to Stephan Tual's post
- The DAO a rebel without a cause
I wrote the following a couple weeks before the launch:
It may seem clever to call it "The DAO". Yet it also takes the fate of "The DAO" and forever more taints any future DAO's with it. Let's say there is flaw in the code and all funds invested are lost for ever. Or a group of hackers get a bunch of naive investors investing via data fields on exchanges to sign over control to them. Or any number of other possible failures. Now the word "DAO" will forever be tainted with this failure. This is not just academic. Bitcoin was tainted by association with MTGox. Just imagine if MTGox had been called "The Bitcoin Company"? They would have been free to call it that. But it would have done even more harm to bitcoin that it has. The DAO a Rebel Without a Cause
To which Stephan Tual from Slock.it wrote:
Unencumbered by a centralized control structure and at the center of arguably the most exciting technology development of the decade, The DAO will initially set its sights on the Blockchain + IoT economy but is ultimately free to engage on any product or services it may desire. With such powerful attributes, it’s no wonder this DAO is called The DAO. Slock.it UG commits to “The DAO”
Ironically same Stephan Tual is begging for what is really a centralized fix.
The arrogance of both was very similar to the arrogance of wall street before the crash in 2007.
A fork to protect them is very similar to a bank bailout. It creates Moral Hazard.
MTGox taught the Bitcoin world a lot of lessons. These lessons were important to be had by individual investors as well.
If the promoters and investors are able to go unscathed away, it is very likely that none of them have learned from this experience.