The “hack” of The DAO and the ensuing debate over whether funds should be returned to DAO token holders via a hard fork has been the biggest story in cryptocurrency recently — with the temporary exception of Bitcoin’s halving event. While the Ethereum community is still trying to figure out how they’re going to deal with the problems associated with The DAO, at least two security experts believe more trouble could be found further down the road.
More Disasters to Come?
Christopher Allen is the co-author of the TLS security standard and principal architect at Blockstream. In his view, serious changes are needed to avoid situations similar to The DAO in the future. When asked if he thinks more of these disasters will happen with Ethereum in the coming years, Allen responded, “I think [they] will if we don’t move to more conservative approaches when significant money is involved. Both Ethereum and Hyperledger rely on code execution of relatively arbitrary code on multiple computers.”
Emin Gün Sirer, an associate professor of computer science at Cornell who researches distributed systems, is more certain that more spectacular failures are in Ethereum’s future. “Writing good contracts has always been difficult,” he stated. “Smart contracts are orders of magnitude more difficult to write, and there will probably be some spectacular failures ahead. The DAO was a wakeup call for improving the science of smart contracts, so we can avoid some of them.”
Ethereum a Useful Testbed for Smart Contracts
Although Allen and Sirer believe there could be more disasters built on top of Ethereum in the future, they also see the platform’s value as an early testbed for distributed smart contracts. “I like that Ethereum with Solidity allows us to rapidly pilot various ideas and learn about problems not even discovered yet,” said Allen. “But I am a long way from trusting it with a significant amount of money. For that community, a new, more limited language on top the Ethereum Virtual Machine (EVM) may be a better choice.”
“Our (the #RebootingWebOfTrust) smart signatures project may be among those more specific, narrower, yet constrained solutions. At some point I could envision higher level tools passing smart signature proofs around as part of more complex smart contracts.”
Allen stated that some simple DAO forms may be codified and secured for common and easy-to-implement use cases; however, he noted that some of the privacy, game theory, economics, and other external problems may be harder to figure out than simply making the smart contract secure. “Only then can we put multiple millions into a smart contract DAO,” said Allen.
Allen also added, “To do what The DAO wanted to do (invest in projects and get a positive return on investment with minimal human intervention) — we don’t even know how to reliably do so in the venture capital and investment world, so that may be an example of the kind of real problems to overcome.”
In Sirer’s view, disasters like The DAO are inevitable when developing a new technology. “Had we backed down after Tacoma Narrows, we would not be able to span many of the bigger valleys with suspension bridges today,” he stated. “We need to explore the boundaries, and expect occasional failures.”
Important for Ethereum Community to Learn from Mistakes
Of course, more disasters related to smart contracts will only be worth it if the community is able to learn from their mistakes. Sirer stated, “The determining factor in the success of a technology is: Did the community take away a scientific lesson from a disaster? Were they able to enact meaningful changes that made that kind of disaster unlikely to happen.”
Sirer claimed that the Bitcoin community has not learned from the mistakes that occurred with Mt. Gox. “People still trust their money to exchanges, and we still continue to have thefts from opaque exchanges entrusted with far too much cash,” he explained. “So, we can see that this pain point has not improved, and indeed, represents some kind of obstacle for more widespread adoption of the currency.”
Although large thefts from bitcoin exchanges still take place, none of the recent thefts have been anywhere near the scale seen with Mt. Gox. It’s possible that The DAO will act as a similar event for the Ethereum community. Although future thefts may take place via Ethereum-based smart contracts, they may not involve anywhere near the more than $125 million taken from The DAO.
Sirer concluded, “I trust that the Ethereum community will not only take measures to fix The DAO hack (e.g. through a hard fork), but will also act to fund activities that will make similar failures less likely.”