The DAO has been attacked.
The response has been both heroic and awkward. Slock.it first stepped into a managerial role with an official announcement and a list of next steps the community could take, including running Geth code to spam the network and slow down the attack. Then, Vitalik Buterin waded in, asked for exchanges to stop trading ETH and began asking for the collaboration of people who were in the process of splitting from The DAO.
One obvious solution is to split The DAO before the attacker can drain everything, but The DAO can’t be split so quickly. Users must create a proposal and wait a minimum of 1 week (a debate period) before actually initiating the split.
The only way to remove the funds quickly enough is to rely on an existing split proposal that could be called immediately. Slock.it and then Vitalik Buterin immediately reached out to the sponsors of several split proposals that could close quickly. This included several users encouraging others to offer their private keys to Vitalik Buterin to help solve it.
Now, Buterin, the Slock.it team, EthCore, and many others are calling for a pair of Ethereum forks. The first would freeze the compromised funds, and the second would essentially undo the attack and go back to a previous point in the blockchain before the attack happened. If both were adopted by the network, everyone would get their money back.
An Impossible Choice
We do not think the issue is clearcut. There are powerful arguments on both sides. A fork would provide a sense of justice for victims and addresses a growing fear that Ethereum may not recover from an attack of this magnitude. In total, The DAO held about 15% of all ether. The attack has already drained 5%, and the remaining 10% are vulnerable to future attacks (these have since been drained by a white hat attack).
It is likely that the core Ethereum community invested heavily in The DAO, and $150 million may be much more of a loss than they can shoulder. The loss could also discourage consumer adoption of Ethereum, especially if many enthusiasts lost money, and this could in turn discourage the development of consumer services. There is also the question of how to deal with a transition to proof-of-stake when 15% of available ether is held in the hands of thieves or frozen. It is undeniable that not forking would have some chilling effect on Ethereum.
However, implementing a hard fork will cast an even longer shadow on the fundamentals of the Ethereum network. Ethereum’s website states, “Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.” The smart contract did run as programmed (not as intended, but as programmed). A hard-fork, even community supported, seems like it would constitute either censorship (rendering the drain effectively invalid), third-party interference, or both. Instituting a hard fork, no matter how strong the argument, objectively compromising the promise of a censorship network free of third party interference.
A Complex Precedent
This would set a precedent that will be difficult to interpret going forward. A hard fork should be considered with the utmost care and debated thoughtfully, with many voices, and at length.
When is any catastrophe so big that the entire blockchain should get rewound? In other words, who is entitled to a blockchain bailout?
Is it by magnitude of the theft? To be sure, this heist is colossal and involves 5% of all circulating Ether, worth over $50 million at time of the theft. This is a big deal, but it is dwarfed by the biggest theft of Bitcoins from Mt. Gox, worth $460 million. The Bitcoin community did not seriously consider a fork to recover these funds. It is also not clear a loss of this magnitude would deal Ethereum a mortal wound: there are many projects (including other DAOs) relying on the Ethereum blockchain.
Is it by affiliation with the Ethereum development community? Many people in the Ethereum Foundation, including Vitalik Buterin, were Curators in the DAO. They held official positions. Combined with the investment of 15% of all available ether into The DAO, it slowly began to seem like The DAO was an official Ethereum project, like a feature update. If affiliation and association helped drive this it would behoove all entrepreneurs to attract Ethereum developers to their boards. How would the community react if this attack took place on a Dao of the same size, but deployed by a Chinese development group, largely funded by Chinese investors, and with little to no communication, involvement or affiliation with the Ethereum foundation or other notable community members?
Is it by cause of the theft? In this case, Ethereum’s code was not broken, the DAO’s use of it was. This was not a bug in Solidity, Ethereum’s programming language; rather, it was an exploit that could be used based on how some smart contracts were using Solidity. The way the DAO was using smart contracts made it vulnerable to this attack. Should all developers who make mistakes, even almost unforeseeable ones, be entitled to a hard fork?
This will not be the last attack, collapse or misstep by a cyrptocurrency-based organization, and isn’t even the largest in recent history. No matter how many times these forks, soft and hard, are framed as “singular” or “one-time” the implicit message of these forks is that some projects are indispensable enough for the network to be modified.
More Debate is Needed
The response to this is that no one person makes the decision about a fork, but given the swift support across the board it significantly stacks the deck in favor of a fork.
Much of the defense of these forks come from the belief that there is a clear right and wrong in this scenario. That the attacker was wrong and the investors are victims. This is true.
The danger comes from the next instance where perhaps the community does not agree as strongly about the morality of the action that needs reversing.
Regardless, if the Ethereum community approves a hard fork, it should develop a clear set of conditions under which future hard forks will be considered. Without this, it will appear that hard forks are at the whim of the community, and who influences the whim of the community?
If Ethereum chooses to address this attack though the use of forks then Ethereum will no longer have the same level of independence and neutrality as a platform moving forward. This isn’t necessarily bad: people may prefer to develop on a platform in which there is the possibility of mistakes being undone and method of consensus based justice. There are many examples of centralized development environments with such guarantees. But Ethereum would then be a different platform, and this would open the door for the emergence of a new platform to carry the torch of complete neutrality.
Who, what, where is Ethereum?
There is also the reality that there is overlap between the board of the Dao and the core Ethereum developers. This presents a challenge to the community – where does the DAO stop and the Ethereum team begin? How much did the members of Slock and the core Ethereum team invest in the Dao?
These are questions the community will wrestle with. No one can force the network to adopt a fork. However, there is the awkward fact that so many influential members of the community who also had a relationship with The DAO are supporting the fork.
Even more awkward, the CEO of Slock.it has implied that those opposing the fork might be involved in the theft. If the community cannot openly exchange ideas without accusation of conspiracy, it ceases to be a community.
Who really owns the Ethereum? Users complain when software providers remove features but they are consumers of the product, not owners. When reserve banks convene to decide on monetary policy, people wait as members of an audience, not a community: people aren’t decisionmakers in the monetary system.
Vitalik Buterin has earned immense moral authority for his role in Ethereum and the cryptocurrency community. He is a genius and has garnered respect as a trusted third-party. He carries the weight that Satoshi Nakamoto did with Bitcoin. Nakamoto stepped away from governance of Bitcoin, for better or worse, and the community had to make decisions without his wisdom, blessing, or criticism. Bitcoin wasn’t his anymore.
Developers are not elected officials. Their roles aren’t public ones; if they were, the case would be a little clearer. President Obama was heavily criticized for his support of Solyndra, a solar company which ultimately went bankrupt. If he had also been on the board of Solyndra AND had asked the US government to bail them out, corruption charges would be clearcut.
As one user noted, “I guess when it comes to crypto currency, we’re living in the wild west. Hopefully a new sheriff will ride into town soon!” In the wild west, we might arm the sheriff and have him or her write new rules and enforce them. But then it’s not a democratic process anymore.
The reality is that all paths forward from this incident for Ethereum present difficult tradeoffs and challenges. While none are clearly an end for Ethereum each scenario of soft forks, hard forks and non-fork recovery will have lasting effects on the network and the way it’s used moving forward. If the network is forked, it can never regain the status of totally neutral censorless network, and if nothing is done time cannot be rewound to fix the contract vulnerabilities and restore the lost Ethereum.
At this point the question for the community is simple and difficult:
What is Ethereum?