How could this disaster have been prevented?
One possible method of avoiding mistakes by smart contract developers in the future may be a certification process. It can provide participants in various smart contracts with greater assurances that they won't lose their money. However, the security of a smart contract becomes much clearer once it's been released into the wild. This issue may affect distributed models more than so-called "
-
If the financial services industry wants to avoid spending years aimlessly testing blockchain prototypes, it needs to focus on coming up with standards and working together.
July 15 -
David Saul, State Street's chief scientist, has completed a proof of concept for the Financial Industry Business Ontology, a standard way of expressing contract terms electronically. To him, it's a prerequisite for blockchain technology and smart contracts.
July 14 -
The cryptocurrency ecosystem operates on the fringes of tradition, with "initial coin offerings" announced, discussed and carried out largely via online forums and without regulation. The phenomenon is high-risk and should be treated as such.
June 29 -
As sexy as decentralized systems and automation are these days, human involvement is still necessary in many areas.
June 17
The security question has come to the fore at a time when financial institutions are cautiously investigating the potential of smart contracts, along with other applications of blockchain technology. To proceed, they will need some reason to be confident that the DAO-saster won't be repeated.
[Get up to speed on distributed ledgers, cryptocurrencies and the bleeding edge of fintech at American Banker's third annual Blockchains + Digital Currencies conference July 28 in New York. Click
For the uninitiated, a smart contract is a way to automate the execution of an agreement, usually financial in nature when in reference to blockchains. (As a simple example, bitcoin can be
Banking and financial institutions have become
Intended to be a sort of decentralized venture capital firm controlled by those who bought into the concept, The DAO instead set off a crisis in the Ethereum community, where the basic idea of how that blockchain operates was put
As
"The DAO was a new kind of application, implemented in a new programming language, compiled with a new compiler, run on a new platform, exposed to a new kind of vulnerabilities," Lerner continued. "That's why it requires special attention. It should have been audited by experts in blockchains … and by more than one group."
The foundation "need not provide the vetting service itself, and can delegate that to third parties, who would then charge for this service," he explained. "I would envision that there would be different tiers. Not every contract needs to have as much scrutiny as one that will hold $220 million, for instance."
The nonprofit did not reply to a request for comment. ETHcore, the enterprise software company that has a similar position in the Ethereum community to RedHat's role in the open-source Linux software world, said it could not comment because it was swamped with work related to the hard fork.
Sirer's point about different tiers for different contracts gets at a key issue of the whole fiasco with the DAO, which is that no one thought this much money was going to be put into an Ethereum smart contract so early in the game. Early estimates for how much money would be crowdfunded via the DAO put the expectations at around $10 million, but over $125 million worth of ether (the native currency of Ethereum) eventually made its way into the smart contract.
One of the main issues with smart contracts, especially on distributed platforms such as Ethereum, is that it is hard to determine whether they're secure until hackers can attack them in a real-world environment.
While multiple security audits from respected institutions can provide smart contract users with greater peace of mind, the reality is that bugs and flaws can be overlooked. Once the open-source code goes live, hundreds or thousands of new eyes may comb over the code to find an exploit.
For this reason, RSK Labs, which is developing a smart contract platform called Rootstock as a "
With something as complex as a
RSK Labs recommends releasing a smart contract in stages where it is first controlled and easily updated by a set of cryptographic,
"Clearly some higher form of review and curation of smart contracts that secure significant amounts of money is required," said Allen, who now works as principal architect at
The effective bounty on the security of a smart contract described by Allen is part of what has led to the relatively high level of trust that has been put into the code behind the bitcoin network. As the market cap for bitcoin (or any other cryptocurrency) increases, so does the reward for a hacker who finds a critical flaw in the system. The same concept applies for smart contracts; it's unclear how much time a hacker would have spent poking around the code for the DAO if thousands of dollars were raised as opposed to millions.
Allen also pointed out that companies or individuals who review smart contracts or offer certifications put their own finances at risk. Should they fail to find a critical flaw in the code before it is deployed in the real world, their reputations could suffer, or they could get sued.
He said he doubts large security review companies are ready to complete these sorts of reviews, partly due to a lack of standards in the space. "I don't know that any organization today could support that level of risk," Allen added.
For now, it appears there may be too many possible downsides to smart contract review for anyone serious to get involved.
"Instead, I do think there needs to be a requirement that smart contracts have more tripwires, for instance, various forms of human arbitration and mediation under adverse conditions," Allen said. "Having these be a minimal requirement for 'approval' by a foundation or other organization seems reasonable and possible."
It may be possible, he added, to stop some smart contracts at the system level if they are becoming "too big to fail," which appears to have been the issue with the DAO. However, "this can raise confidentiality concerns," since it would require someone to snoop around the network. Even if that were desirable, "privacy security technologies can make doing this difficult."
At this point, there is no reason for progress to come to a complete halt in the realm of smart contracts. While the DAO has been a massive setback for these new financial instruments, development will likely continue, perhaps in a more limited capacity. After all, a simple bitcoin transaction is also arguably a type of smart contract.
When asked if the DAO may have been a case of trusting too much money to the Ethereum network too early, Sirer responded, "Who am I to turn to investors and to tell them not to invest in this potential future technology? Clearly, every individual investor saw a value opportunity, and invested an amount that they could afford into that dream. This is exactly how crowds latch on to good ideas, propel them forward with capital, and how we make technological progress. Trying to stop this is like trying to push back on the Apple II because it's not a 64-bit modern PC."
Despite the bailout of the DAO token holders, Sirer pointed out that the large amount of money put into the smart contract in aggregate poses a PR risk to Ethereum.
"Once the DAO mess blows over," he said, "I hope that the Ethereum Foundation will think of processes, perhaps voluntary, opt-in validation procedures, that encourage high-value smart contracts to be vetted."
Kyle Torpey, a freelance writer and researcher, has followed bitcoin since 2011. His work has been featured on VICE Motherboard, Business Insider, Nasdaq, RT's Keiser Report and other media outlets. Follow him on Twitter:
