The Ethereum DAO Bailout Needs A Coin Vote
As you probably know, due to a programming mistake the Ethereum smart contract The DAO has lost around $50 million worth of funds to what most (though not all) are describing as an attack/hack.
The DAO isn’t Ethereum; Ethereum is a platform that the DAO runs on; Ethereum itself wasn’t attacked (though the way the attack happened does raise serious questions about the security of Ethereum). However, in spite of that separation the response to the DAO hack has been pressure to hard-fork Ethereum to recover the funds, including from the Ethereum developers and Vitalik himself. There’s also been significant pressure on the community to support a fork, even going as far as what appear to be veiled threats against those opposing the fork:
2/2 - I'd be VERY interested to know the identify of anyone coordinating an effort to oppose a hardfork. PM me email@example.com— Slock.it (@slockitproject) June 17, 2016
I’ve heard reports that the first part of Vitalik’s fork proposal has already happened: miners have frozen the funds taken from the DAO with a soft-fork, which means that miners are blacklisting any transaction that moves those funds, as well as refusing to mine on top of blocks containing transactions moving those funds. That’s not very hard to do as - like Bitcoin - Ethereum mining is sufficiently centralized that it only takes the cooperation of two or three people to achieve the majority of hashing power necessary to freeze funds1:
The second step is actually recovering the funds; modulo “white hat” hacks or the funds being returned, this will require a hard fork. That means changing the protocol to allow something that previously wasn’t allowed, such as creating money out of thin air, or moving funds without a valid signature authorizing that spend. This also arguably means created a new currency: certainly at the technical level - there will exist two incompatible chains after the fork - and maybe even at the social level. Most people might call it “Ethereum”, but going from “The DAO is based on Unstoppable Code” to “if we screw up badly enough, WE WILL FORK YOU” is a big change that shouldn’t be taken lightly.
A message to the 💂attacker...#TheDaoHack #TheDAO #Ethereum @DAOhubORG pic.twitter.com/yvLXvOli87— The DAO (@The_DAO_Project) June 23, 2016
Personally, I think this fork is a very bad idea, and I’m not alone in thinking that:
I'm impressed how Ethereum managed to take a compromise of DAO into an opportunity do destroy all of ETH by killing fungibility/etc. @nikcub— Ryan Lackey (@octal) June 19, 2016
But I’m not here to discuss why Ethereum shouldn’t do a hard-fork bailout. If they do a bailout, I want to see it done “right”, and that means giving the community genuine control over whether or not the fork actually happens; as a fellow developer, I want to see the control that developers have over that hard-fork minimized.
Why? Because I don’t want to be in control of Bitcoin. Yet as much as we keep saying that we can’t force people to run software they don’t want to, in the absence of good coordination mechanisms, the actions of developers can strongly influence that choice. The problem is ultimately that Bitcoin - and Ethereum - are monetary systems backed solely by their communities, and a currency is only valuable if there’s consensus on the definition of what the currency is. Without consensus the supply isn’t limited, the currency isn’t fungible, and anyone in a position to create that consensus has significant power to coerce the community. We developers need to be careful not to set the precedent that we’re the ones who should make the tough choices.
When it comes to technical minutia, decision making usually isn’t such a big deal: if a bunch of tech people think we should fix DER signatures we probably should, and exactly how that’s done isn’t likely to have much impact on the rest of the community. Also Bitcoin has - so far - only2 ever done protocol changes with soft-forks, which miners3 can do without user consent; if you’re in a position where you’re concerned about miners forcing a change backwards compatible protocol fixes are the least of your worries. We’ve also done everything we can to make sure soft-forks never result in user funds being confiscated.
But soft or hard forking as a response to the DAO attack isn’t technical minutia: not only are there tens of millions of dollars at stake, but many (most?) of the core Ethereum developers also have significant financial interests at stake. Freezing funds has already opened a Pandora’s Box - what is Vitalik going to say to the friendly FBI agent at the door, asking for help with a big hack on an exchange? Or to the Russian equivalent4, who wants to freeze funds of a US exchange for trumped up reasons in retaliation against the latest round of sanctions?
A miner blacklist is at least - in theory - temporary, and can only freeze funds; they’re the DoS attacks of the crypto-currency world. But hard-forks break the rules entirely; a hard-fork can create money out of thin air. While I’m sure the Ethereum developers will claim a hard-fork is “supported by the community” how do you measure that? And what happens when you start trying to measure that?
#DAO fork poll current results #ethereum pic.twitter.com/MklfWHF6uo— EthereumWisdom (@ethereumwisdom) June 22, 2016
How do you know that poll wasn’t rigged? What should you tell the SEC when they ask you that same question? What do you do when the Russian government starts astroturfing the debate? How would you ever know? Even if you do know, how do you convince the rest of the community that’s why you apparently changed the protocol against community consensus?
A Bailout Needs a Coin Vote
Like it or not, if the Ethereum devs do an official release of Ethereum with a pre-programmed hard-fork, it’ll be hard to argue that they didn’t have the final authority over the protocol change regardless of how much they claim they had “community support”. Ethereum isn’t valuable without clear consensus on what it is, and in times of controversy official releases are highly persuasive at best, coercive at worst.
So don’t pre-program it: put it up for a vote, one coin, one vote, and get cryptographic proof that you’ve actually got the support of the people who have invested their funds in Ethereum. Yes, this is arguably an imperfect measure - if I’ve invested my time in Ethereum, should I get less say than someone who has invested their money? But in decentralized systems with loose-knit global communities we just don’t have good options - if we did we wouldn’t need proof-of-work.
This coin vote needs to be part of the protocol - not just informational. Last month I met with the other developers who signed the Hong Kong Bitcoin Roundtable Consensus, and after much discussion it was proposed that the hard-fork proposal include a non-consensus flag that supporters would mark their transactions with, to give an indication of economic support. But the hard-fork itself would still be a pre-programmed “flag day”. If Ethereum went that route, what happens when the flag day arrives, yet support isn’t clear? Most likely the community will look at figureheads like Vitalik to make a final decision. Again, you don’t want to be in that position.
Of course, deciding how to make a decision is still an exercise of authority; there’s a lot of complex choices to be made in exactly how a coin vote would be done. But if you’re going to make a decision anyway, better to limit the use your authority to the process rather than the outcome.
What This Means For Bitcoin, And Myself
I’m genuinely concerned that the way Ethereum is handling the DAO hack is setting a precedent that decentralized systems should be managed with the same kind of human interventions seen in centralized systems. I didn’t get involved in Bitcoin to make an inefficient PayPal clone - I got involved to give users the choice to use a system based on something different, a choice they didn’t have before. And I don’t want to be a target for people trying to make those interventions happen.
While I did previously agree to support the idea of a flag day hard-fork with a non-consensus, information-only, show of coin-days-destroyed support, in hindsight I think that was a mistake; I will not be a part of anything less than a genuine, consensus-enforced coin vote going forward.
Finally, I’ll continue working on finding ways to reduce miners’ control over Bitcoin, whether it’s freezing funds, or forcing protocol changes against users’ will.
I’d be really interested to know if any blocks have been orphaned from the smaller pools, who may have not applied the blacklist patch. ↩
There appear to have been one or two protocol hard-forks, all due to clear bugs, in the first year of Bitcoin’s operation. But as far as we know no blocks were ever mined that would have triggered them, and at the time Bitcoin was worthless with nearly no users anyway. Since then there haven’t been any clear hard-forks; contrary to popular belief the March 2013 event was a case of Bitcoin simply being broken, with non-deterministic behavior. ↩
Users can also do a soft-fork, by enforcing new rules and refusing to accept blocks that violate those rules. A user soft-fork doesn’t need a majority of miner support, although without at least some miners adopting the soft-fork Bitcoin won’t be very useful for those users! ↩
Vitalik was born in Russia, and may still have family there. ↩