To live in interesting times!
First TheDAO started up as a crowd funded smart contract which took in about $160m of contributions. Hoorah!
Then, a programmer spotted a bug and used it to sweep about $60m across to own account. Howzat!?
Next, the Ethereum coredevs reacted in collective angst and moved to unwind the 'theft.' Hooray!
Finally, someone called "attacker" claimed credit for the actions, and reminded everyone that there was a legal contract in place. YeeHaa!
Ethereum is the reality TV of the new financial cryptographic generation. However, let's not be entirely damning, it is also important to take pause and review what they have achieved. Positively.
Firstly, Ethereum has established beyond a doubt that the smart code needs to be part of a wider agreement at law. You can see this on the Explainer page of TheDAO where it carefully lays out:
"When you click the “I Accept” button or check box presented with the terms you are agreeing that you are taking part in The DAO’s Creation under the terms set forth in The DAO’s smart contract code at your own risk."
By clicking "I Accept", you enter into a legal contract, with the above text as part thereof.
To see that it is a legal contract, imagine if it didn't exist - in the absence of an agreement, there is no party who claims responsibility for TheDAO, and therefore TheDAO is abandoned at law. Which means that anyone can do whatever they like. Indeed, that means whoever can claim the value within can do so - it's like an abandoned ship at sea or unclaimed land; first person to plant a flag is the winner.
Clearly, the founders of TheDAO were smart enough not to want their smart contract to be 'abandoned' so it/they must and did enter into a legal agreement with contributors to (a) exert existence and (b) exert its authority to control the assets on behalf of the beneficiaries.
Having asserted its capacity to act, it also asserts that the smart code dominates over the legal prose:
The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code.
This is the correct order, which you can divine if you follow the logic: the legal agreement is prime over the smart code because it can bind the humans, and the legal agreement then has to defer primacy explicitly to any or all terms in the smart code. In summary, TheDAO has now exemplified 3 principles.
With these principles in hand, we are almost at the point of a viable smart contracting industry. And, we can thank the evolutionary efforts of many for this: Nick Szabo for the abstraction now called the smart contract, Satoshi for converting Nick's abstraction into the inspired form in Bitcoin, the Ethereum team for their more Turing-complete environment, and the authors of TheDAO for their big reveal of what it takes to make a real smart contract. What a social experiment!
On behalf of the entire Internet, I thank you. But we are still one step short of a complete smart contracting environment.
Recall that the point of a contract be it smart, simple, dumb or otherwise, is to create certainty over the uncertain agreements of human agents. Think about that statement for a moment - the goal is to create certainty. Got it? Now look at TheDAO and ask what you see?
If there is a better example of uncertainty in cryptographic affairs than TheDAO, I do not know of it, off hand. Indeed, the current life of TheDAO is so uncertain, it is likely to become a catchphrase for uncertainty in smart contracting!
Right? Let's list the ways. We have half the community up in arms that the terms of the smart code are going to be overridden and thus their contractual worldview is going to be overturned. We've the other half up in arms over the fact that someone has scarfed up a good chunk of the contents, and thus has breached the intent of the contract. And, now we have the Ethereum coredev team asserting their authority for a hard fork, and "Attacker" reminding them that there is a legal contract:
I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:
"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."
A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. ...
When we have such strong, valid-on-the-face arguments, at dramatically opposing poles, we have ... a dispute. TheDAO is now in fatal dispute. And what Ethereum lacks is a clear way forward to resolve that dispute.
Let's check the options. "Attacker" suggests a United States reading of the law, which suggests a USA court. USA courts typically accept any case for any nexus. But they will likely not accept the contract as valid under the securities laws in the USA, so Attacker will likely also find surprise in the event that it goes there. No matter, at $60million or whatever it is is well worth this minute, someone might try their luck in court.
And for the most part, Ethereum people are apparently located in Europe - London, Berlin, Switzerland. I'm not saying TheDAO was done by these people, but if Attacker knows who they are, and this seems reasonable, and any lawsuit names the authors and founders of TheDAO, what have we got?
A mess. What we haven't got is resolution. We can see a law suit that ricochets around the globe and locks a lot of people up in a world of pain. Everyone loses. We can see echoes of Assange and Snowden - we'll get articles, books, movies, but the one thing we won't get is ... resolution.
Certainty, this ain't.
And this is the critical step that Ethereum is short of - resolution, certainty. The traditional courts of law are not well suited to resolving this sort of dispute for a myriad of reasons - both good and bad.
Which brings us to the inevitable discovery that Ethereum must now make. There is a way that can give certainty to this mess in the general case; there is a way to resolve this sort of dispute. It is beholden on the community to find that forum of dispute resolution that can bring certainty to the smart contract when the smart contract itself has lost certainty.
Ethereum needs to set up its own forum - its own court - a court of smart contract dispute resolution.
This is not a trivial task; but it is a lot easier than you think. It's a matter of law, the choice is called Arbitration, and if you search around you can find volumes written on it. I'll leave that as an exercise for the reader, but you might want to look at DAMN. That's not how I would do it, but hey - compare and contrast!
Know it now - you face a fork in the road. On the one hand you have the failed social experiment known as TheDAO. On the other hand, you have your own forum of dispute resolution, designed to resolve precisely this mess, the smart contract in trouble. Like some science fiction movie, the choice is clear: choose to repeat the failure in TheDAO, or choose to engage in informed dispute resolution, customised for your disputes.
Choose quickly, before the next big reveal. Good luck.