Legal experts examine the DAO attack and Ethereum fork

Nobody knows right now if there are likely to be lawsuits coming out of the $50m-plus attack on Ethereum's The DAO (decentralised autonomous organisation), but Ethereum's decentralised governance model will be tested to its limit.

The numbers involved are high: The DAO, which is a non-hierarchical, for-profit vehicle, raised over $150m of crowdfunding in the last few weeks; the night before the attack, the value of Ethereum's native currency, ether, reached $21 giving the fund of DAO tokens a value of over $230m; in a matter of a few hours on Friday some 3.5 million ETH, about a third of the fund, was drained by an attacker exploiting a weakness in the DAO code.

There's plenty of opinion out there right now, but some of the most insightful analysis came from Andreas M. Antonopoulos hosting a special Let's Talk Bitcoin show, where the DAO was examined by legal experts. There was also a technical discussion of the attack and the proposed stages of forking to remedy it, and the precedents this creates for Ethereum and the execution of smart contracts more generally. We should remember that Ethereum is censorship-resistant and the terms and conditions of The DAO state that the code constitutes contract law. So where does this leave the 25,000 DAO token holders?

Antonopoulos was joined by attorney and cryptocurrency expert Pamela Morgan who began by stating that default laws can be applied in certain situations, and that in a case like this common law, facilitated by a judge, would arrive at some sort of "equitable remedy". She went on to say the DAO could likely be interpreted as a "general partnership" and as such, those within this profit-orientated organisation have a duty to behave fairly with their partners and not in his or her "adverse interest".

But this only applies in US law; one of the fascinating features about the DAO is that it hovers above specific jurisdictions, so it could be subject to any jurisdiction and none. Here is an easy first lesson to be learned said Morgan: "These sorts of risks could have been mitigated if there had been terms and conditions in the DAO that designated a choice of law and a choice of venue."

This could have been a private forum or a national law jurisdiction. There is a simple, free of cost clause creator which can be applied to iron this out, added Morgan.

The technical oversight exploited in the DAO code was a function to issue rewards in ether when someone created a split proposal. A loop was instantiated whereby the child DAO was continually rewarded by repeated calls. This exploited weakness prevented the code ever reaching the point where it could update the balance. This sort of undesirable situation which occurs when a device or system attempts to perform two or more operations at the same time is known as a race condition. In hindsight, this could have been prevented by structuring the contract to update first and then issue the reward, noted Antonopoulos.

Ethereum's Taylor Gerring, who was one of the curators of the DAO, said of the attack: "This is a problem that could definitely happen in any sort of programming language. The network has only been in existence for about a year and the tools are still a bit raw."

It was suggested the bounty amassed was simply too immense and resulted in tests to the security of the system when the maturity of the code was not quite there yet – and that putting a limit on the figure raised would have been prudent. Gerring agreed that it could have taken a lesson from the recent DigixDAO token sale which reached its cap very quickly. "We can see there's tons of interest but I suppose it begs the question, was it smart to leave it totally uncapped."

Regarding the proposed forking process – a soft fork to firstly freeze assets relating to the DAO, followed by a potential hard fork which could forfeit assets – Antonopoulos said this cure may be worse than the disease.

He said: "Vitalik Buterin's proposed cure has caused consternation because many see it as an intervention in a smart contract and you have this seeming contradiction between the idea that the contract is the law, it stands alone, is self-executing and subject to no human interference – unless of course we f**k it up really bad, in which case we call Vitalik and Vitalik fixes everything for us, which is a very dangerous precedent."

The proposed soft fork puts a freeze on contracts with a specific hash code, in a sense blacklisting transactions relating to the DAO byte code in the eyes of Ethereum miners. The second stage which has been proposed involves a hard fork to attempt to return money to DAO holders. "Let's call it the freeze followed by the sieze," said Antonopoulos. "This is not a bailout. No new ether is being created. It's simply undoing a specific 'theft'. But whether it's a bailout or not, it's asset seizure; it's asset forfeiture – done through a majority vote consensus mechanism."

Attorney Brian Klein, an expert on crypto law chimed in at this point: "It does seem like an attempt to make people whole, and it's trying to front run potential law suits or regulatory action. For the people who lost their DAO tokens I expect there is going to be a lot of legal fall-out here."

On the subject of the soft fork/hard fork proposals, Gerring said: "There are probably about four or five different proposals about what to do in this situation depending on where in the party lines you fall, ranging from holding lots of tokens to holding no Ethereum. We need to find some common middle ground. While there may be no perfect kind of result there are some possibilities.

"There could be a change to the mining part of the software so that they can opt not to process certain kinds of code signatures, let's say. So if there is a bit of code that looks like this, I can say let's not process that and validate that part of the chain.

"It does offer a really interesting way to bridge the idea that contracts are self-executing, but because of human and social aspects there are certain ways to side step some problems so it's possible to choose to not do business with certain people."

Someone claiming to be the attacker of the DAO has added insult to injury by stating that they have taken legal advice and that they are legally entitled to the rewards under the terms of the contract i.e. its code. In a further ironic twist, Cryptocoins News (CNN) said it has an exclusive interview with the attacker in which that person vowed to further game the Ethereum network by offering a one million ether (about $12m) bounty to miners to ignore the fork and process transactions.

In a piece of positive news among the DOA onslaught facing Ethereum, the Bank of England gave a positive mention to the technology in its latest assessment of the evolving world of crypto-economics, in which there does not appear to be a dull day.

Disclaimer: Ian Allison is a holder of DAO tokens.