To Be Or Not To Be — After TheDAO Incident

Just 20 days after TheDAO (daohub.org) easily won the world's first crowdfunding with more than 1 billion RMB, making the world exclaim "the era of smart contracts has arrived", it began to dominate the screen again in a teasing way: hackers took advantage of the error loophole in TheDAO contract and swallowed up more than 3 million Ethereum (before the incident, the price of each Ethereum was about 130 yuan, and about 50% after 1 day. At the same time, this part of Ethereum was frozen for 27 days and could not be withdrawn). Afterwards, TheDAO and the Ethereum community responded quickly and proposed soft and hard forks to deal with hacker attacks. The next step the Ethereum community needs to go through will be: choose to fork = accept centralized doubts and break the myth of smart contracts, or maintain the status quo = watch hackers laugh and run away with the money.

When someone told me about TheDAO incident, my first reaction was: Are you kidding? No kidding. Life is the most exciting script, you never know what the next chocolate will taste like. Regarding TheDAO incident, the following two aspects are worth thinking about.

1. Centralization or decentralization?
2. Trust people or trust machines?

1. Centralization or decentralization?

Putting aside the controversy over smart contracts, the focus of the debate is on "centralization" or "decentralization" based on the fact that Ethereum founder Vitalik publicly stated that the incident would be resolved through a soft or hard fork. There is a saying that Ethereum's proposal for a fork is a "centralized" behavior, which is the opposite of "decentralization" and disappointing. On the other hand, there is a view that the Ethereum team responded promptly and stopped the situation from deteriorating further, which is a good thing. In fact, the implicit debate behind these two views is: What kind of practice is just? Is it equality or leadership? Is it a good result or a good process? Is it machine justice or human justice?

First of all, I think people have given too many other things to "decentralization". The "decentralization" view mentioned above implies an idea of ​​"equality for all" or even "communism". In this idea, "decentralization" is an ideal world where everyone can share what they have and everyone is equal. From the perspective of network structure, this idea of ​​"communist decentralization" is an expected state for a "random network".

Network science tells us that there are three types of network states, based on the degree of clustering and the average shortest distance: completely random, small-world, and lattice. In reality, the network state of human society is neither an idealized random network of equality nor a bureaucratic militarized regular network, but a moderate and effective small-world network that is not completely equal but not boring. Due to the limitations of the human brain, the network state in which people participate does not form a random network (low local efficiency and high overall network efficiency), but a small world (high overall network efficiency and high local efficiency). The small world is a world that obeys the power law (the 28th law), and it is also an effective world, the real world, and the blockchain community is also a network in the form of a small world.

Let's take another look at the questioning of "centralization" in the TheDAO incident: This time, the Ethereum leader initiated a soft fork to save TheDAO, and it is inevitable that he will use this power to "do evil" next time. The problem is that in a completely "decentralized" equal random network, not to mention the future, even this soft fork decision will be difficult to make due to inefficiency. TheDAO is likely to lose the option of remedy (note that it is an "option", not necessarily. Although we see that the soft fork was initiated in hindsight, it is only an option (option), not a constant) in the process of what happened.

Market fundamentalists would say that if you don't want to save the bank, then don't save it. Let the market decide. This is justice. Let's look at a familiar example: On September 15, 2008, Lehman Brothers, the fourth largest investment bank in the United States with a history of 158 years, filed for bankruptcy protection due to investment failures. The subprime mortgage crisis that originated in the United States quickly developed into a global financial and economic crisis. Even today, eight years later, people around the world still cannot see the end of this crisis. On September 12, US Treasury Secretary Paulson publicly stated that he "did not save" Lehman Brothers, which was generally considered to be the last straw that broke the camel's back.

Let's imagine boldly, if Paulson chose to rescue Lehman Brothers, and Vitalik decided to "let TheDAO die", what would the outcome be? Maybe the economic crisis would not be as severe and far-reaching as it is now? Maybe TheDAO has been reset to zero on the same day? Maybe the world has not changed at all. I am not saying that any choice is necessarily correct or just. Is it just to choose to kill a passerby for the life of a train? Not necessarily. But sacrificing the life of a train for the life of a passerby will also be criticized afterwards. At least the network status of the real small world still gives us the opportunity to choose. What we need to pay more attention to is not how to choose in danger, but the cause of the danger. In the case of TheDAO this time, it is, should or can smart contracts be trusted?

2. Trust people or trust machines

After this incident, people began to question: Are smart contracts really trustworthy? Are smart contracts just a gimmick? Even more, is blockchain trustworthy? Is the so-called "trust machine" just a hype?

Technically, this bug occurred in the contract writing of TheDAO team and has nothing to do with Ethereum itself. The direct cause of this bug is believed to be the lack of ability of TheDAO team and the lack of a code review mechanism. But is that all?
What is TheDAO? According to its official website, “TheDAO is Code, Autonomous, Revolutionary, Rewarding”, which means “TheDAO is a revolutionary autonomous code, and there is money to be made by the way”. Overnight, TheDAO’s “decentralization” in the cloud seemed to have turned around and became “unreliable” and fell heavily to the ground.

So what is "de-trust"? Is it really achievable, or is it just a self-deception of blockchain enthusiasts? Vitalik proposed relevant in-depth thinking more than a year ago when Ethereum was not yet online (this blog did not receive much attention, but I always think that this is one of the most important parts of his overall thinking about blockchain, and even "one" can be removed. This blog is very difficult to read, especially the two model diagrams in the middle. I even had opposite understandings for a period of time. At the end of this article, the relevant interpretation text of the previous communication with Professor Han Feng is attached for readers to criticize). I don’t like to use the word "de-trust" because this word gives people a wrong suggestion: trust is a burden, trust is unnecessary, and people will be better off without trust. This is like saying: eating is a burden, if you can leave eating, people will be better off. In my opinion, trust is an important prerequisite for human cooperation, and cooperation is the basic part of cooperative game. The economic development of human society is inseparable from cooperation, collaboration, and trust. Blockchain does not solve the problem of eliminating trust, but produces a lower-cost trust mechanism to make the cooperation cost of human society lower and more efficient. This is also the meaning of The Economist's title "Blockchain: The Machine of Trust", that is, the existing human trust system is costly in certain areas of cooperation. At this time, cooperation can be achieved through a low-cost trust system (machine) such as blockchain.

If trusting people means that we cannot know people’s institutions and systems but can only trust them, then trusting machines means that we cannot know machines, codes, and systems but can only trust them. From the example of TheDAO, people had full trust and confidence in TheDAO before the bug appeared. This trust and confidence came from: we can finally get rid of the shaky and unpredictable cooperation of people, and enjoy the openness, transparency, and stability of machine contracts. The problem is that although the code contracts are open and transparent, they are very complicated, so complicated that even if there is a problem, ordinary people cannot find it.

Now it seems that we have more or less ignored the human factors behind smart contracts in the past: we more or less equate smart contracts with machines or omnipotent artificial intelligence. In fact, smart contracts are codes that need to be written line by line by people. When the code becomes more and more complex, it means that smart contracts are becoming more and more unknowable - this unknowability is not only reflected in the user level, but also in the publisher of the code. After this incident, even with Code Review, the accuracy of the code cannot be guaranteed - if trust in people is an expectation generated by inability to see through and touch, then trust in machines is also an expectation in a state that cannot be fully understood. Is a contract that cannot be understood by the participants a good contract? Is it trustworthy? So that in the future, will there be such a situation: the trust in a smart contract requires professional third-party coders to give credit scores. If this is true, it will be awkward and humorous - the trust machine that replaces human organizations to achieve trust needs humans to give trust scores.

In fact, if we consider blockchain as a practical tool rather than a mythical tool from the perspective of evolution and cost, it will be easier to accept this result, that is, the future will be a process of continuous evolution. In this process, no matter what form it takes, as long as blockchain can reflect lower costs and higher efficiency, it will appear and be widely accepted, otherwise it will be eliminated. In this way, it is not a bad idea to use a third-party organization organized by humans to conduct trust scoring on smart contracts as long as it can provide corresponding efficiency. As for TheDAO and Ethereum, the areas that need to be improved are just as Vitalik said more than a year ago: "Whatever our model is, figure out how to reduce the probability that our systems will fail."

After the TheDAO incident, we can find that trusting people or trusting machines is not an either-or relationship. For the application and development of blockchain, "To be or not to be" is not even a question. Whether it is trusting people or trusting machines, as long as it can improve the overall efficiency of human society and achieve Pareto improvement, it is a good cat. I think blockchain is not a destructive innovation, but an improvement on the existing trust mechanism. The various trust mechanisms in existing human activities can better play an overall role after combining with blockchain. Compared with the previous attitude of talking about blockchain as if it were a mythical thing in the cloud, I would rather see this kind of thinking that falls into the earthly reformism.

Impact on the Ant Blockchain

TheDAO incident is a warning and a good case study for all blockchain projects in the world. For the Ant Blockchain, in future iterations, emergency plans should be pre-set into the framework to avoid forks; it has already started, and it should learn and cooperate more with existing electronic signature systems such as CA; and the timely response of the Ethereum team to the black swan incident and the active response of the community afterwards are also what the Ant team and the community need to learn. Compared with the above, I think the more important thing may be a change in mentality: the impact of what Ant has done on the future of society and the requirements for security are deeper and higher than we thought before.

Fortunately, the Antminer blockchain was designed from a reformist perspective, integrating the existing trust system into the design of the Antminer blockchain. The Antminer blockchain design complies with the existing framework of the Company Law and the Electronic Signature Law. At the same time, corresponding interfaces are reserved, which will enable efficient and direct connection with various existing trust systems in the future. The Antminer team firmly believes that the combination of blockchain and the legal system, as well as blockchain and the existing social trust system, is the future direction of its development.

Appendix: Understanding the two model diagrams in Vitalik’s “Visions, Part 2: The Problem of Trust”

For Type A people who hold the Trustless viewpoint/model, they always hold a kind of agnosticism towards people, that is, they are agnostic about the information they can obtain about the "motivation-interest" of others doing bad things (Incentive agnosticim), and they don't know whether what people say is true or false. This is what we often call distrust of people. Due to this agnosticism, in the Trustless model of Type A people, there is a natural tendency for the horizontal axis to move to the right, that is, a tendency to become less and less trusting of others (the information about the "motivation-interest" combination is becoming less and less available, and they are becoming more and more dishonest). Based on this, what Type A people can do is to try their best to keep the vertical axis (Survivability, system tolerance, system credibility) from moving downward while the horizontal axis moves to the right. The result is this picture.

For Type B people who hold Trustful views/models, they naturally have a tendency to lean to the left on the horizontal axis, that is, they trust people and believe that they can obtain information about people's "motivation-interest" for doing bad things. In this case, the best way to improve the overall model is to move the vertical axis upward (a change in the horizontal axis to the left will reduce the overall model efficiency). In other words, what Type B people can do is to try their best to improve the vertical axis without changing the horizontal axis, that is, to reduce the possibility of system failure (vertical axis upward) without changing a set of "motivation-interest" combinations.