I have been asked about “the DAO” numerous times since its launch, and was planning to make my views known, but the recent DAO situation precipitated this post where I’m including an analysis, lessons and recommendations for the future.
For background and context, over the past month, I have warned twice publicly about the DAO, primarily that the amount of money raised was too high. Second, I felt that the complexity of its governance and sole dependence on smart contracts were a ticking bomb. I thought there was too much on the table all at once. I strongly believed that the same experimentation benefits could have been achieved with much lower risk, while preserving a similar diversity in user participation.
You don’t need $150M+ to initiate an experiment in autonomously funded and operated organizations based on smart contract governance with unproven code and inexperienced managers. In my opinion, $10-15M would have sufficed, and yielded the same benefits and lessons, even if it might have gathered less headlines and public attention.
Rolling back the clock to April when I heard rumblings about the DAO from Slock.it, I had just finished writing my book, The Business Blockchain that included a section on DAOs, with the header “The DAOs are coming” (p. 111):
However, that passage in the book was based on my earlier research and analysis, and my own interpretation of a DAO framework to ensure sound operations. It had none of the hype and overly optimistic cheering for the DAO model that we later saw as envisioned by its Slock.it founders.
On May 1st, as the DAO funding started beating records, it was explained to me that the DAO was an experiment meant to distribute funds to Ethereum projects, and I thought it was a noble goal if it was tightly managed with clear and strict guidelines. I wished them well, and considered investing, just to be part of the experiment, but didn’t end-up doing it. I decided to remain an outside spectator because I didn’t believe that their implementation as envisioned was sound enough.
In mid May, as the DAO funding numbers swelled to new heights, I became worried. On May 18th, at the OuiShare conference in Paris, I specifically warned that the DAO experiment may be too big and too risky. Specifically I said:
“I would caution about not wanting to run too quickly and assuming we can have DAO’s from the get go. It takes practice, it takes some tests. I’d like to see testing these DAOs with small dollar values, not with millions of dollars where the losses could have some severe repercussions on the whole system.”
As recently as a few days prior to the hack, I freely volunteered my services to the DAO in the hope of influencing them to improve their governance and management approach. The response was: “Thanks, but it’s moving forward fine on its own.” They were obviously dogmatic on implementing their auto-pilot mission.
Then, Friday June 17th happened, and we know where we are today. So, what are the lessons and implications?
First, an analysis.
Analysis of the Attack
For background, you can read this FAQ that was written by the Ethereum Foundation on Reddit, The big theDAO heist FAQ.
There hasn’t been a shortage of analysis and opinion pieces, although I was more drawn to the ones providing solutions and constructive paths forward, such as Vitalik’s analysis, Thinking About Smart Contract Security, or Emin’s Thoughts on the DAO Hack, or Albert’s The Path to Learning requires Failing: The DAO. I also enjoyed Andreas’ LTB marathon Hangout on that topic, here, and this Bloomberg article, Blockchain Company’s Smart Contracts Were Dumb. There were other good ones.
I kicked off some of my thoughts on Twitter with this:
If I leave my door open & $10M on the table & guy enters takes $3M & says you left it open, it’s mine. It’s still theft. #DAOhack @aantonop— William Mougayar (@wmougayar) June 19, 2016
There are different ways to see what the perpetrator did. Behind the “hack”, there is also a case of law, ethics, governance, theft, terrorism, bribery and blackmail. If I were a judge issuing a ruling, I would hold the hacker accountable on multiple charges.
This isn’t the time to get philosophically cute and believe that the hacker didn’t do anything wrong because they ran a valid smart contract using a feature that “allowed” the movement of funds to a child DAO. We shouldn’t buy that argument. The hacker is treating the 3.6M ether as a selfish reward for doing nothing except the exploit itself. In their “open letter”, the hacker(s) did not show an interest in using the funds according to the mission and intent of the DAO, which is to fund projects and companies. The child DAO feature is a means to an end. That end is to approve project proposals and disburse funds to bona fide companies via the DAO. For the hacker, the end was to keep the funds, and not fund companies, therefore they are guilty of theft.
The hacker’s intent was clearly to harm and cause damages to the DAO and Ethereum together, as well as put a black mark of confidence against the field of crypto technologies. Therefore, they are rogue and unlawful actors. To add insult to injury, the hackers offered to fund miners that don’t follow the fork, which is the equivalent of bribery and blackmail. So far, the perpetrator(s) don’t pass any “good intentions” test. They are full of bad intentions.
In my opinion, this is crypto-terrorism. We know what we do with terrorists. They deserve no sympathy and no reprieve. Extraordinary circumstances require extraordinary measures, and I’m hopeful that the community will do the right thing.
Did the hackers indirectly cause any good by making us aware of the inherent risks of smart contracts and the malformation of the DAO? Yes, perhaps. But I wouldn’t give them an award for that. These flaws were already known as Vitalik Buterin explained in his blog post, and they were being worked on, gradually. There was no need for a spectacular exercise of zealotry to point out the weaknesses of the DAO and its suite of governance smart contracts.
If the hackers had an ounce of goodness in them, and wanted to ethically expose the flaw in the contract code, they could have ended their exploit by just proving it, and promptly returning the ether, just as an ethical hacker would. There is nothing ethical about this hacker or team of hackers.
Lessons for the community
Several lessons we can learn from.
Running a company’s governance on DAO principles is similar to setting a car on autonomous driving. It is a big responsibility requiring tests to avoid accidents. Possibly Ethereum might be as close to DAOs as Tesla is to giving us autonomously driven cars, but we are not there yet. We need the training guide first, and we might need to start semi-autonomously, just like Tesla drivers can take their hands off the wheel momentarily to observe and learn how the car behaves on the freeway, and just like we can summon the car out the garage, or let it park itself,- two relatively harmless procedures, even if they failed.
Simplicity trumps complexity. The DAO, as constructed was complicated and over engineered. The DAOhub website was gradually updated throughout the fundraising cycle, and ended-up being quite polished. Yet, the more I read, the less I understood, and the more questions I had. If it’s complicated, it’s bad news. The language was semi-legal, semi-technical, semi-contractual, non-committal and technical all at once. It was confusing, subject to interpretation, yet scored high on the marketing sizzle scale.
DAO governance is not easy. The DAO had two intertwined governance challenges on their hands, not just one. It had to deal with its own governance, and it had to figure out the ensuing decentralized governance of its operations concerning the implementation of the smart contracts, and the relationship with the recipient companies and its voting members. This created an increased complexity that perhaps was not originally envisioned by the DAO founders.
Autonomy comes with a lot of responsibility. A smart contract that contains money is not a piñata. It is a big responsibility. We need to be very careful when smart contracts carry large sums of economic value.
Smart Contracts are not a hammer. To some crypto enthusiasts, smart contracts are like a hammer. They want to apply them for everything, and the DAO was the epitome of that belief. But not everything is a nail. Maybe it’s too early for smart contracts to rule the world.
Security first. The larger the amounts of money at stake, the higher the security requirements. Security is required before deployment, not in mid-flight. Blockchains undergo obligatory “testnet” phases with blank cryptocurrency. Why not this DAO? There was too much assembly in the air.
Technologists alone are not enough. You can’t make up management and operations experience if you haven’t been part of a properly run organization. Involving a number of non-technical people with business experience will go a long way in avoiding common errors and trivial issues. Don’t concoct a DAO if you haven’t had operational experience, because you will run into blind spots. It takes more than curators to ensure a properly run DAO.
Effective faceless leadership is still science fiction. Are we ready to trust faceless leadership? The only faceless leadership that we know of today is of the evil kind: ISIS/ISIL and Al-Qaeda. True that Satoshi Nakamoto was a faceless leader, but she/he/they was/were there at least until that leadership was replaced by a decentralized one.
Good intentions don’t count. In the presence of evil or incompetence, sadly enough, good intentions will be trumped. That is the reality.
A smart contract with money is not like any piece of code. You can’t just code up a smart contract just because you can code a few lines of Java. Smart contracts that carry monetary value should be tighter than tight. It is about trust after all, right? The decentralized protocols are promising a better version of trust where we trust the machines more than incumbent trust intermediaries. Bugs are very costly, figuratively and explicitly.
Code-based governance is still immature. We are still at the baby steps levels. Let’s not overshoot too quickly what it can do, and let’s start with smaller experiments. I wrote about What It Takes to Succeed as a Decentralized Autonomous Organization in February 2015, 16 months ago; and much of it still applies today. I updated these thoughts in my book, The Business Blockchain (Wiley, 2016).
Pure DAO is tough. Why not start with hybrid versions? Pure DAOs need guidance and business model iterations. We can’t assume they will be rightly assembled from the start.
Implications and Recommendations
Going forward, what are some ideas for a better future pertaining to DAOs, smart contracts and decentralization as a whole? This isn’t an exhaustive list, and I’m sure that others will be adding excellent ideas, but this is my starting point:
Institute classes of smart contracts. Vitalik has written a comprehensive review of smart contract security problems and potential solutions, but let’s hope we’re not whacking a mole. We could identify the risk profile of smart contracts related to their economic linkages, just to be sure we limit the potential damage resulting from malfunction. Kind of like movie ratings.
Institute a self-imposed limit on any contract or set of interrelated contracts up to a maximum of $10M. Then gradually increase it after we are sure that no flaws occurred. This is like gradually raising the speed limit as long as no accidents happened for a while. I envision this self-imposed limit to be a multi-year process.
Conduct more research and studies on DAO and their governance. DAOs are still a very immature field. We need to apply the research in reasonable doses within benign sandboxes, then collectively learn and continue to innovate accordingly.
Always think of the trilogy of blockchain applications: business, technology, and legal. It is not just about designing better smart contracts. This trilogy approach will ensure that no stones are left unturned while implementing decentralized technologies.
Invest in smart contract engineering science. This new field has been bust open, pushed by Ethereum, and the more we get into it, the more we seem to find out there is something left to learn in the field of proper implementations.
Keep in mind the second trilogy of success: vision, code and humans. These three parts need to come together with clarity, precision, quality and competency.
Don’t ignore jurisdictional considerations. Choose and specify the laws and jurisdictions that you will be bound by. We still live by the rule of government law. Exclusively choosing the laws of cryptoland is the equivalent to choosing jungle and Darwinian laws at best. You will be subject to shenanigans like the DAO hacker who will test the limits of your legitimacy.
Going Forward and Getting Smarter
Did the DAO have to end this way? No. For the DAO, this was an unfortunate way to “fold”, before it could even learn the real lessons we were hoping to learn about decentralized governance models. What we learned, we already knew: that you can’t reach the moon with parabolic and overly ambitious claims, and you can’t skimp lightly on organizational issues or tightly sealed security. Humans behind the technology count a lot. And the whole way you construct an organization still matters considerably.
Startups screw-up all the time, but the good ones do it gracefully, learn, iterate, and keep moving in the right direction. Unfortunately, it turned out the DAO founders were in the water over their heads.
Ethereum doesn’t deserve the bad rub it is getting by association guilt. Yes, it is attempting to come to the DAO rescue, out of an ethical impulse, even if it is bending some of the autonomous decentralization principles. In Ethereum’s defense, they don’t want this heist to go in the history books the same way that Mt. Gox did for Bitcoin, although Bitcoin recovered spectacularly well from it.
Ironically, it was the initial Ethereum pseudo-involvement in the DAO that gave it a positive signal that precipitated record funding. On the surface, when you looked at the list of curators and saw who was involved from the Ethereum side, you would think, how could anything go wrong when some of the original Ethereum founders or operators are also “curators”. Sadly, we learned that technical curators are not enough to make a DAO hum, nor to prevent it from failing.
Although the end of this DAO story is not yet known, there is pent-up demand for experimentation on DAO governance models and implementations. We can assume there will be a DAO 2.0, 3.0, and many other versions and flavors thereof. Other DAOs and related constructs are also being worked on (e.g. MakerDAO, SocialKapital, Wings), taking less flamboyant routes than the grand daddy incumbent, but they still need to proceed with caution.
To say that Ethereum will emerge stronger and more powerful is an understatement. Give it some time, and the fog will lift.
I believe that goodness will prevail, and dumb and evil people will veer to the left. The smart and ethical ones will succeed, and we will resume our path to implementing the greatest technological innovation since the World Wide Web protocol and its underlying Internet infrastructure: the decentralization era with crypto technologies as its foundation layer.
What we have just witnessed is a mini version of the Carlota Perez paradigm shift principle in action: the overshooting that follows the installation phase, but precedes the deployment stage. The DAO overshot their exuberance. The hacker overshot their zeal. The rest of the community will benefit from further deployments of Ethereum and decentralized technologies, once we can close this chapter, and apply the learned lessons from it.
We can’t rush a technological paradigm shift, but we can get closer to it everyday. If we rush, like on the road, accidents happen.]]>