Hacker News new | past | comments | ask | show | jobs | submit login

To me, this turns me off to the entire tech, no matter how stupid and kneejerk that sounds. If the biggest draw to get me using your technology (immutable contracts) is actually not true, then I'm less inclined to give it a shot outside of novelty value.



Unfortunately it's not an honest portrayal of events.

Disclaimer: I was a DAO investor. The DAO held 5% of my Ether at the time of the attack.

Having said that, it's not as simple as saying: I support the DAO refund because it was in my best interest. That doesn't necessarily follow, and it didn't necessarily follow for most of the other DAO investors.

I still held 95% of my crypto $ in Ether. I would have been happy to eat the 5% loss if it would have been the right thing to do and instilled confidence in Ethereum and its leadership. There were many debates at that time about what the right course of action was, and it was a very hard decision. If saving 5% of my investment meant I ended up with a worthless 100%, it would be foolish to save that 5%. And everyone else knew this as well.

I think the decision the Ethereum team made was the best moral and legally advisable choice. They had the opportunity to stop the theft of 14% of all Ether, which would have gone to a criminal actor. It required a very risky solution (a hard fork) which came with big consequences (an alternative chain which remains to this day), so the solution wouldn't be feasible for smaller attacks (as some people like the poster before you try to allege). But for an attack which threatened 14% of the available supply, a hard fork to retrieve the funds was a viable solution.

Most of the market agrees with this decision. In the time since the Ether market cap has grown to the second largest of any cryptocurrency at 1/2 the size of Bitcoin. The alternative chain that didn't fork is still alive but only has less than 10% of the Ether market cap. The vast majority of dApps are running on the Ether chain. And it's the chain that is being taken seriously by enterprise (look up "Enterprise Ethereum Alliance"). Large businesses know the founders can't simply hard fork whenever they want to better themselves. The model works around consensus, consensus that is clearly shown by the considerations listed above, and I am glad that the consensus model is strong enough withstand an attack on 14% of its supply and respond with a difficult solution to rescue the chain from a catastrophe. It makes me feel more confidence in the technology, the community, and the protocol.


Your whole argument is predicated on the idea that what happened with the DAO was "theft".

All the publicity for the DAO explicitly said that the code was the full specification of the contract even if it disagreed with any other statements, and the code allowed someone to transfer the funds to their own child DAO. What crime, exactly, are you accusing them of committing when everyone agreed to a contract that allowed them to do what they did? How do I know using another contract won't be labeled theft and rolled back?

> Most of the market agrees with this decision.

This is exactly the problem. Ethereum would have been interesting if it could enforce unpopular decisions because they're specified in the code and them's the rules. Instead it will enforce them as long as there's not too much public outcry. No thanks.


> Your whole argument is predicated on the idea that what happened with the DAO was "theft".

So did the Ethereum Devs, who owned a bulk of coin from the initial auction. And they just so happened to also control development of the protocol AND the client programs. This was the message they "asked" users... https://upload.wikimedia.org/wikipedia/commons/thumb/d/d7/Et...

"....IN WHICH FUNDS RELATED TO THE EXPLOIT ARE RESTORED...."

Consensus is nice, especially when you can manufacture it. Noam Chomsky talks about this in great detail. https://www.youtube.com/watch?v=tTBWfkE7BXU

Chomsky: "The first place to look is, who's in a position to make the decisions that determines the way a society functions."


Your two points:

> What crime, exactly, are you accusing them of committing when everyone agreed to a contract that allowed them to do what they did?

And

> How do I know using another contract won't be labeled theft and rolled back?

What the DAO hack revealed is the following fact, which I learned over the past year:

That there are two kinds of cryptocurrency holders, one group demands immutability at any cost, the other group demands 'reasonable immutability'.

The reason why ETH/ETC split was 90/10 because majority of the Ethereum holders fall in the second group, and majority of the people who fall in the first group holding nothing but bitcoins.


There is no morality on the blockchain.

As far as legality goes, I think the attacker is in the clear because what matters is the code and not the intentions.


Or, "the code is the contract" as they say.


> Ethereum contracts are unstoppable and uncensorable until a core developer loses money

Source: https://news.ycombinator.com/item?id=14162399


Maybe the immutability is not 100% now, but it will be when the technology is finalized, which will take a few more years. The fork to save DAO funds was a good thing, because otherwise too much ETH would have been in the hands of an attacker. The ETH distribution would have been skewed. That's all.


Can you really call the person an attacker when they simply used the contact as-written?

I think that's spinning things a bit to fit a narrative.


Yes you can call the person an attacker. The rules of a mature Ethereum protocol should be neutral to the intentions of users, including those that one would reasonably characterize as hackers, but Ethereum was not a mature protocol at the time. It was effectively in early-stage beta. The DAO was the first smart contract of its kind, and was expecting $500,000 worth of ETH to be deposited in it. Instead $150 million worth was deposited.

I believe that a fork like the DAO rescue would be perceived as totally unjustified and impractical today, and Ethereum is still a very young and experimental project. I think in a few years, when the network and technology are mature, such an application-rescue HF would be unthinkable.


Regardless of any of this, the person didn't attack anything.

I'm not saying my position on whether the fork was right or wrong, but I think folks on either side should not characterize that incident as an attack.


The project was very young, and the community miniscule, at the time. It could be justified as a one-time beginner's incident. The network and ecosystem can be expected to behave very differently when it's mature, or even today, given how much larger the community is now, and how much more aware people are of the risks facing smart contracts (which means there is much less justification to rescue those who put money in a complex smart contract that gets hacked).

The project itself made mistakes early on by not sufficiently warning people of the risks of the DAO, which gave justification for the do-over. I think they can be excused given the DAO was the very first smart contract of its kind, and given how much was deposited in the DAO so quickly, which was totally unexpected.

So I think Ethereum can easily be forgiven for the DAO and subsequent hard fork to redo it. It was a highly experimental technology, that saw a major hack of a early-stage application that was only aiming to attract $500,000 of ETH, but had ended up having $150 million worth of ETH deposited in it, when the ecosystem and the state of the technology were not ready.


> The project itself made mistakes early on by not sufficiently warning people of the risks of the DAO, which gave justification for the do-over.

This is the weakest justification I've heard out of all of them. How do you get a "do-over" for not realizing that weird new financial instruments are risky? And how does rolling back the risk make people more aware of risk? Anyone who was not aware of the risk the whole time deserves the most to lose their money.

The right time for the DAO to say "wait, guys, this is risky as hell and we have no idea what we're doing" and give back the money was before they lost the game they had created.

(The fact that you refer to this loss as their "smart" "contract" getting "hacked" indicates that you still don't want people to be aware of the risks.)


>How do you get a "do-over" for not realizing that weird new financial instruments are risky?

People didn't realize the smart contract was at great risk of being hacked, and the project, meaning thought leaders in Ethereum, were partially at fault for this, for not warning people.

This was the first smart contract of its type. It's easy to blame the community in hindsight. I choose to forgive it, as I remember early on in any endeavor, mistakes are normal.

>The fact that you refer to this loss as their "smart" "contract" getting "hacked" indicates that you still don't want people to be aware of the risks.

I don't follow. "Smart contract" is a term of art, and does not imply it's well made or secure. I also don't know what putting the quotations around the "hacked" is supposed to signify.


The "contract" was evaluated according to the rules that supposedly made it a contract, not hacked. Getting a bad deal in a contract is not getting hacked.

There will be more bad deals in the future because Solidity is badly designed. Mistakes are normal indeed, and Ethereum is certainly not done making them. Promising "this time it's for real, no more take-backs" is just increasing the risk unless they buy some insurance or something.

What's the indication that anyone is aware of the risks now, or that Ethereum devs are warning people of the risks? The investment in Ethereum has increased -- there are banks getting involved in this shit. The risk has not decreased. And yet the devs are still not handing back the investors' money and asking them to kindly wait until more security or insurance features are designed.


It was hacked from the perspective of ordinary people.

I address the sanctity of the protocol in an earlier comment:

>The rules of a mature Ethereum protocol should be neutral to the intentions of users, including those that one would reasonably characterize as hackers, but Ethereum was not a mature protocol at the time. It was effectively in early-stage beta.

>What's the indication that anyone is aware of the risks now, or that Ethereum devs are warning people of the risks?

That's what I've observed. I haven't compiled instances of social behaviour that indicates this so I have no objective evidence on-hand.

>The investment in Ethereum has increased -- there are banks getting involved in this shit

They're not putting hundreds of millions of dollars worth of ETH in complex smart contracts like the DAO.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: