Constraints on smart contract modification permissions — Issues faced by smart contract asset protection after The DAO crisis

About the author: Ma Haobo, CEO of Haopu Information Technology Co., Ltd. He was an early Bitcoin and Litecoin miner in 2013. In 2014, he co-founded GemPay with Xu Yiji and served as CTO. He was the first to realize Bitcoin payment in China and developed Jingfubao, a multi-blockchain asset digital wallet. In 2015, he cooperated with Yuanbao.com to establish the digital trading platform AllCoin. In June 2016, he founded Haopu Information Technology Co., Ltd., which mainly engages in blockchain technology consulting services and is also actively exploring the 2C application of blockchain.

For a mature fund, how to use the funds is decided by the GP (fund manager), and the fund company has clear regulations to constrain the GP. Some funds also have liquidation lines, and redemption is forced if the net value is too low. I have always been a little worried about DAO. In the real world of real names, the fact that major shareholders embezzle the interests of small shareholders still happens from time to time under strict legislation. So in a relatively anonymous environment, is it easier for the holders of 60% of DAO assets to plunder the wealth of small shareholders? The major shareholder initiated an investment in his own related project, leading the investment himself, and others followed suit. Is there a great risk that the funds of others will be embezzled? Based on concerns about this business model, I did not pay much attention to The DAO even after it raised a huge amount of funds.

However, what was unexpected was that The DAO actually had a code vulnerability, which led to the theft of a large amount of assets. This raises an interesting question: if a hacker deliberately spills a basin of water on the ground, who has the right to put the water back into the basin?

Let's analyze who makes up the whole system. The DAO is based on Ethereum, which is composed of the Ethereum development team, Ethereum holders, and Ethereum miners. Let's first discuss how Ethereum modifies the rules. The development team collects the opinions of the general public (coin holders), legislates (modifies the code) and submits it to the miners. The miners decide whether to accept the new version based on the nodes that the people choose to run (vote with their feet). Although Ethereum is currently based on POW (proof of work), miners cannot make their own decisions on the point of modifying the code. They still have to look at the will of the general public (coin holders), because once the miners update the new code and run the new algorithm, which is inconsistent with the will of the people, they can only run (fork) their own isolated chain, and the people will not recognize the Ethereum they mined on the isolated chain. This creates a very interesting phenomenon: a POW system, when the code needs to be upgraded, the consensus algorithm is POS (proof of stake), which is determined by the people (coin holders). But the interesting thing is that the masses often lack judgment and are easily confused, and they believe in official statements. So it is possible that everyone will upgrade once the Ethereum official website is updated. If there are no righteous people to spread the word, sometimes the hard fork upgrade is not difficult. So from this point of view, the power of the official is very great. As for miners, I am not very worried. Ethereum miners may not be as concentrated as Bitcoin miners, and the mining equipment is not as advanced. For upgrades, profit-seeking miners seem to have no choice but to keep pace with a large number of coin holders, because if they are not consistent, the mining will be in vain.

The decision to upgrade Ethereum lies in the hands of coin holders. It is a process of equity voting, similar to POS, but the government has a lot of control, which makes things more complicated. Ethereum can carry a variety of assets. In fact, after The DAO crowdfunding, The DAO's tokens should be classified as a new type of asset. This asset should be no different from the assets formed by a sovereign country's central bank issuing a trillion dollars in bonds and putting them on Ethereum. So what is the ether in The DAO? If we regard The DAO as a company, the ether in The DAO is cash.

A company's cash was stolen and the shareholders' rights were infringed. Shareholders should report the case. Obviously, the shareholders of The DAO are the holders of its tokens. Who should shareholders report the case to? The first reaction should be to find the developers of The DAO, but the developers of The DAO did not set up a transaction rollback mechanism, so it can only be done through code upgrades. The developers of The DAO can theoretically call all The DAO shareholders to stop running the old contract and run the new contract to prevent further loss of cash. It is even possible to use some mechanisms to make the transfer of coins with a 27-day lock-up period invalid. But the game is not that simple. It is not only the shareholders of The DAO who run The DAO. All those who run Ethereum nodes are executing and verifying these smart contracts of The DAO. If they are inconsistent with the smart contracts they execute, they will refuse to execute. Miners also run nodes and have the same problem.

So the problem has expanded. The DAO's cash has been lost, and the designers of The DAO are powerless and can only rely on Ethereum officials. As we analyzed in the previous article, as a decentralized system, users who hold Ethereum coins theoretically have the right to decide. So, can Ethereum officials pass a version update?

Once a system has a fork, it will cause some very chaotic situations. Maybe in this system my Ethereum is transferred to A, and in another system my Ethereum is transferred to B. An unplanned hard fork may cause volatility in the value of Ethereum.

Then let's analyze the relationship between the holders of Ethereum and the holders of The DAO. Some of The DAO's holders are original Ethereum holders, while others may have bought Ethereum with legal tender or Bitcoin and invested in The DAO's system because they were attracted by The DAO's project. The good operation of The DAO can increase the value of Ethereum, after all, it depends on a subsystem of Ethereum. However, the interests of Ethereum holders and The DAO holders do not seem to be consistent. Now Ethereum holders are faced with a choice, whether to risk hard fork technology or public opinion pressure to protect the interests of The DAO holders. What's interesting is that the decision is not made by one person, but by a group. How to judge whether a group has passed is also a very troublesome thing. Ethereum does not seem to have a voting mechanism yet. Does that mean that voting can only be done through hard forks?

Finally, let’s take a look at the hacker. Because we don’t understand the principle of hacker attacks, we don’t know whether the hacker participated in the crowdfunding of The DAO or purchased The DAO’s tokens. If the hacker once owned The DAO’s tokens, then he is a shareholder of The DAO. What is The DAO’s company charter? There is nothing else except smart contracts. How The DAO invests is also written in smart contracts.

Now let me ask you a question. If only the hacker saw the company's articles of association that stated that the money could be taken out within a certain period of time, and everyone else ignored this detail, and the hacker really took out the money according to the company's articles of association, how would you rule if you were the court? The hacker and the majority of users saw the same smart contract, and the hacker exercised the power granted to him by the contract. Where was the hacker's legal error?

The DAO crisis raises a good question for the public blockchain: when the assets on the blockchain (The DAO tokens) conflict with the assets of the blockchain itself (Ether), how should we choose? In the article, I also mentioned that if a country's central bank issued a trillion-dollar asset certificate on the blockchain, and the same problem as The DAO occurred, and it was stolen by hackers, how should we choose?

If there are N types of assets on a public chain, then the number of its stakeholders plus the system itself should be N+1. These N+1 assets naturally correspond to N+1 interest groups. This will lead to a problem: the fate of N assets may be determined by one asset. Does this mean that the token assets of the public chain are greater than the sum of the N assets? But even so, their interests are still divided.
So at this stage, I am still optimistic about dedicated chains. Such chains can have many assets, but they are all issued by different issuers based on the same smart contract. On such dedicated chains, holders of different assets are best to hold system equity in a certain way. In this way, if there is a problem with the smart contract, everyone will act in unison.

No matter what consensus algorithm we use, what we need to reach in the end is the consensus of people. No matter what smart contract we use, what we ultimately constrain is the relationship between people. Rules are made by people, and it is the people who ultimately overturn the rules. Blockchain and smart contracts are just a technology that simplifies communication between people. Real-world problems still need to be analyzed in the real world.