SMART CONTRACTS : TOO SMART FOR THEIR OWN GOOD?
A very interesting attack happened today on an Ethereum project named TheDAO; an attacker managed to drain approximately 3.5 million ether, worth 10s of millions of dollars and over 4% of all Ether in existence.
While this may prove to be an existential threat to those companies directly associated with TheDAO, this event proves more than ever the importance of treating security not as a feature, but as fundamental DNA that needs to be woven into each component of a secure system.
In this vein, three beliefs about how to build secure cryptographic consensus systems underpin how we at Credits have architected our platform:
- It’s hard to build simple systems that are fully secure. It’s impossible to build complex systems that are fully secure.
- Statements of authorisation, not executable code, should be the basic building block for interacting with a consensus-driven network.
- Human judgement and trust cannot and should not be removed from the systems we use to interact with one another, whether those be financial or non-financial interactions.
All three of these tenets work together in a complementary way to ensure three outcomes we think are very important:
- Functionality built on the Credits platform is easy to reason about and does not require unnecessary complexity.
- Isolation of services at the blockchain network level not only allows for great scalability, but allows for fewer opportunities where a malicious outcome in one service negatively affects other services or users.
- Intent of the actions of participants allows for governance to be built into services and limits the potential damage and liability resulting from bug-ridden or malicious code, much as the legal system functions in that capacity for traditional contracts and law.
In the end, it looks like the solution being put forth by the Ethereum Foundation is to convince the miners to accept a fork that completely refunds those who purchased TheDAO tokens in the crowdfunding campaign.
This is a laudable move that proves the value of having human oversight and controls at the app or organizational level whenever automated transfers are initiated to move money outside of the system.
Hopefully the next set of DAOs will implement this at a local, organizational level, rather than relying on the Ethereum Foundation as an ad-hoc governance body for all projects running on the ethereum blockchain.
Next week, we will explore several approaches we have regarding implementing governance controls into distributed systems as well as a companion tutorial for how to build one such governance system directly on top of the Credits platform.