Thoughts after The DAO was attacked

Author: Who is Prince Yong?

The DAO, a blockchain project that just set a world record for crowdfunding projects in May, encountered a major accident yesterday (June 17). A contract exploited a loophole in the DAO and hijacked more than 3.6 million ether (about 500 million yuan at the price before the incident). Ethereum maintainers and community participants responded quickly, such as calling on everyone to block the transfer process by sending spam transactions. For such an innovative project, it is not surprising that such an accident occurred. It can be said to be an inevitable process in development. What is more worthy of concern is how to respond and deal with it, form an effective mechanism, and prevent similar problems from happening.

Based on the programming of the DAO contract, these held ethers can only be withdrawn and converted into cash after 27 days. According to some measures that have been proposed, in theory, there is a way to recover the hijacked ethers, or at least freeze them. However, what measures to take are causing heated debate. The main focus of the debate is whether to adopt some special measures because of this incident (currently characterized as an attack) - such as revoking/changing transactions that have already occurred, or "temporarily" modifying the rules by modifying the software. Any human intervention in transactions, or temporary changes to the rules, will be considered a violation of the most basic tenets of blockchain.

It can be seen that even if the founders of Ethereum, members of the Ethereum Foundation, and core developers want to do something outside of normal trading operations, such as modifying the software, they must obtain the consent of the participants in the blockchain network (mainly miners), because the characteristics of blockchain based on peer-to-peer network distributed storage and collaborative maintenance determine that such changes must not only be written into new software codes, but also must be adopted by enough nodes together - if not all people update the software together, the minority will eventually have to obey the majority's choice or withdraw, and if the disagreement is relatively balanced, it may cause the original blockchain to split. In this process, many interesting phenomena can be seen.

On the one hand, the leaders and core members of the community are being criticized (for example, some people will ask why it took so long to respond); on the other hand, some measures have just been proposed, and some people say that this undermines the foundation of decentralization and question their excessive power, etc. It can also be seen that miners seem to be irresponsible, and they have a stronger influence than the more numerous ordinary nodes. But the latter may be ordinary users who directly suffer losses, often "novices" who do not understand technology. How can they gain the influence they deserve in the "technical" debate of the disposal plan that affects their own interests? They may even find that they don't know who is the real person responsible for their representative or service, even if it is the notification of information or the instructions of emergency response methods.

This reminds me of what I have been thinking about recently, what are the main problems facing blockchain. I think that technical problems such as block capacity and transaction efficiency will eventually be easy to overcome. The biggest challenge for the development of blockchain may come from the operation and governance structure issues at the social and economic level, and the reconstruction of the value chain.

The first is the so-called government regulation issue that everyone has paid enough attention to, the most obvious of which is application areas such as currency and securities issuance.

The second is the issue of legal applicability, which has been hotly discussed recently around The DAO. This issue is related to the regulatory issue mentioned above, but it is not exactly the same. The former is mainly about access or licensing issues, while this one involves areas where the original law is completely blank.

Another crucial issue is the relationship between responsibilities and interests among various participants in the blockchain ecosystem.

For example, if this incident eventually causes economic losses to some DAO chip owners, they seem to be unable to find the responsible party at all. Even if the so-called hacker is found, he/she may make a not guilty defense: he/she only completed some operations allowed by the system rules and obtained benefits. How to determine whether these benefits are illegal may also be controversial. For example, is the initiator of DAO (currently unknown) responsible? He/she may have only proposed the idea and "triggered" the project, and may not even have any interest relationship. Is the DAO contract programmer responsible? He/she may have provided the code to the open source community completely on an obligation, and his/her personal income and code production have no definite connection. One of the keys to the modern corporate system is to clarify property rights and responsibility (subject). The company becomes the legal responsible subject-legal person, so that investors can only bear limited liability, and managers must also bear management responsibilities but mainly linked to their remuneration. The most typical public chain has no responsible subject. Therefore, any participant may have no way to be held accountable for losses, although the losses may be caused by specific people intentionally or negligently. This kind of chain of responsibility may be a break that a reasonable social system cannot or should not tolerate. Good development requires a complete and efficient chain of responsibility and value chain.

How to establish the responsibilities and interests of various roles in a blockchain ecosystem is a big challenge. The most important roles may include: the compiler and maintainer of open source software, the participants in system operation (mainly miners), the users of system functions (users), and the providers of "third-party" applications or services. This not only involves the division or assumption of responsibilities on the surface, but also involves many deep-seated issues. For example, the value chain between open source software code contributors and projects (applications) may be disconnected, and the same is true for the chain of responsibility. For example, should the code of anonymous people be adopted? How to prevent people or companies with their own commercial development on the blockchain from taking advantage of certain funds or talents to reach unfair decisions for selfish purposes? How to prevent software developers from using their own professional and technical advantages to make profits while ignoring or damaging fairness or public interests? When the system is highly complex, the code is likely to be understood and maintained by only a few people; when these codes directly dominate the actual operating social and economic system, they undoubtedly have enormous power in fact. In this case, how efficient and effective is the supervision mechanism of open source code, public review, and free adoption?

Related to the above issues are the governance structure and decision-making procedures of the blockchain development community or ecosystem. A blockchain ecosystem will face complex issues such as technology development and application and social ethics. For example, many people point out that the so-called expansion dispute in the Ethereum community is more of a "political issue". It may involve a complex balance of interests among multiple parties. Without a sound institution and system, can a group of people who come together naturally make appropriate decisions in a timely manner? Another example is the countermeasures for the ongoing DAO attack. From monitoring problems, publishing information after problems occur, adopting emergency measures, to developing complete response plans, without a proper organizational structure and process, can it cope with wider, larger and more diverse applications in the future? How can such a governance structure be generated? How to develop and connect from the existing open source software community to a large-scale, complete business ecosystem? These are all major challenges.

Blockchain or the Internet-based value transmission and exchange network brings the opportunity to rethink and design a more reasonable and efficient economic structure based on new tools and possibilities, starting from a blank sheet of paper. In this process, it is possible to eliminate some unreasonable social and economic structures that have gradually formed under the original technical conditions, such as excessive costs and value distribution of intermediaries/authorities, parasitism of vested interests, and human operations and decisions that can be eliminated. However, the development, maintenance, and governance of the entire system ultimately rely on specific people to achieve it. The formation of a social governance structure and value chain in the blockchain ecosystem may be a greater challenge than technology.