openpolitics.com

Blockchain Company’s Smart Contracts Were Dumb

The California electric grid operator built a set of rules for generating, distributing and paying for electricity. Those rules were dumb and bad. If you read them carefully and greedily, you could get paid silly amounts of money for generating electricity, not because the electricity was worth that much but because you found a way to exploit the rules. JPMorgan read the rules carefully and greedily, and exploited the rules. It did this openly and honestly, in ways that were ridiculous but explicitly allowed by the rules. The Federal Energy Regulatory Commission fined it $410 million for doing this, and JPMorgan meekly paid up. What JPMorgan did was explicitly allowed by the rules, but that doesn’t mean that it was allowed. Just because rules are dumb and you are smart, that doesn’t always mean that you get to take advantage of them.

 .. The descriptions didn’t matter; only the code did. The descriptions didn’t allow for today’s hack, but the code did. (By definition! If the code could be hacked, the code allowed for the hack.) Any vulnerabilities in the DAO’s code were not flaws in the code; they were flaws in the descriptions — which were purely for entertainment purposes.

.. It isn’t how human institutions operate. But it is very much how “smart contract” utopians want future institutions to operate, or how they think they want those institutions to operate. “Immutable, unstoppable, and irrefutable”; free of human bias and stupidity and intervention; a utopia of coldly logical code. Human expectations are irrelevant, except to the extent that they are correctly translated into code.

.. Even if you invest in a company whose bylaws say that the board of directors can sacrifice you to a demon on the first full moon of a leap year, it’s unlikely that that term would be enforced. There is only so much leeway to depart from the standard terms.

.. And while cryptocurrency/blockchain/smart-contract fundamentalists have a tendency to think that they can place themselves outside of national legal systems just by saying that things happen “on the blockchain,” the national legal systems have a tendency to disagree.

.. To true believers in smart contracts, there is no problem here. The system is fine; the failures — writing bad code and not anticipating this attack — were trivial, mere human error.Next time, write better smart contracts and you’ll be fine. To those true believers, changing the code after the fact — even to conform it to almost-everyone’s reasonable expectations about how the DAO would work — would be a betrayal of the smart-contract ideal.

.. You can’t really base the financial system of the future on computers rather than humans, on trusting to immutable code no matter what happens. Financial systems are supposed to work for humans. If the code rips off the humans, something has gone wrong.