Following the Links to the Emerald City
When I first heard of Bitcoin, I was fascinated. It was like a tech toybox for me- cryptography, computers, global communication and money. Shiny. What’s not to like? As both a technology and finance geek, the advent of a purely digital currency seemed like the natural next step for money. I had to learn more.
As I researched Bitcoin, I found out that it was enabled by an underlying group of mature technologies collectively called “blockchain.” This platform could potentially be used for an unlimited number of distributed, synchronized applications. Suddenly we could have global, secure transactions at the speed of synchronization without intermediaries. Poof! No more lawyers and the potential for the masses to attain effective tax rates comparable to rich, major international corporations. “How does the story get better?” I asked myself.
But it did get better. I discovered the concept of a “Decentralized Autonomous Organization”(DAO). A new form of a corporation defined entirely by computer code running upon a blockchain. Each DAO’s organization, governance, behaviors and all of its business relationships are determined entirely within computer code shrewdly labeled as a “smart-contract.” Once initiated, a DAO is enabled to function as an ongoing entity requiring no human leadership, no enforcement, no political structures, no intervention or external laws to operate. DAOs hold the promise to eliminate escrow, settlements, and the need for trust others to carry out their contractual obligations or face the hassles and costs of enforcement. Just software acting with computer precision on clear rules that each party agreed upon.
I began to speculate beyond cost savings and regulatory solutions. Could we be witnessing the emergence of a new market form based upon a purely “Digital Political Economy?” Were we seeing the nascent form of an economy that was driven and enforced by contracts running on computers in an open, transparent, self-enforcing manner? One that could not be gamed, rigged, altered or devolve into cronyism? The prospects were stunning. Given the potential economic gains, I knew that sooner or later, there would be a test case to see whether blockchain contained the seeds of a new market structure.
The way of the DAO
Part 1: “To understand the limitation of things, desire them.” – Lao Tzu, the Dao de Jing
In May, 2016, I watched the formation of the “DAO” project closely. The DAO was a decentralized autonomous organization based upon a “smart-contract” running atop Ethereum blockchain technology. Because I don’t read Solidity (the code which the DAO was written in), I had no other choice but to rely upon those that wrote the DAO contract to explain it to me. As I understood, the DAO was to:
- Raise a fund of Ether (ETH) over a 28 day “creation period” commencing at April 30, 2016, 09:00 UTC and ending at May 28, 2016, 09:00 UTC.
- At the end of the creation period, the pool of ETH was to be used to fund Ethereum blockchain based projects.
- DAO funded projects were going to be owned by the DAO with any proceeds from their activities being distributed to DAO token holders on a percentage of ownership basis.
- Once initiated, apart from one exception, the DAO was to function solely on the basis of its smart-contract. While DAO members would vote upon projects submitted, there would not be any human intervention needed for it to continue in perpetuity. All interaction with humans, funding, closing, DAO token distribution, project voting & approval, project funding, and ETH distribution to DAO token holders were going to be conducted strictly by the DAO’s smart-contract. Effectively, the distributed computer was in total control.
- There was one human interaction permitted. A group of 12 individuals were designated as “curators” whose primary function was to guard the DAO from proposals that could be potential scams. They were to review proposals prior to submitting them to the DAO and designate them as “whitelisted” if they passed several identity and authenticity tests.
The DAO project was a high quality proof of concept for DAOs and especially for “smart-contract” agency. Those who designed and wrote the DAO’s contract were among the core developers of Ethereum blockchain technology and Solidity, a computer language created specifically for Ethereum “smart-contracts”. With a premier technology team, clear presentation and transparent process, all the elements were in place to test the efficacy of smart-contracts and a decentralized autonomous organization under the stress of real world conditions. Like all initial experiments, I knew that there would be surprises, but the DAO’s technologists were best able to eliminate or address potential problems that could derail the test. I was expecting to see if my hopes for a “Digital Political Economy” were merely the last vestiges of adolescent idealism, or the initial step into a bright, new economic era.
Part 2: “Success is as dangerous as failure.” – Lao Tzu, the Dao de Ching
The formation of the DAO exceeded all expectations. Interest was very high and ETH poured in rapidly. The only snag that the DAO encountered occurred one day prior to the end of the creation period. A blog post by several noted experts called for a moratorium on the DAO in order to address potential security problems. Nevertheless, at the end of the creation period on May 28th, there were about 12 million ETH contributed with a USD equivalence of about 150M$. In keeping with the terms of the smart-contract, the assets were fully committed upfront thus eliminating the need for capital calls.
As an investable pool of assets, the DAO sparked a virtual frenzy of activity. Proposals for projects were crafted and floated to the DAO which included a full spectrum from near fantasy to non-fiction. Speculators noted the fund’s success and the ETH price climbed from $8.85 USD/ETH on the day the DAO creation period started to its all-time high of greater than $20 two weeks after the creation period ended. Pundits weighed in from many sides, each talking their book; some declaring that the “end was near” and that the DAO was doomed to fail without human intermediaries and governance. And others, declaring that a new economic era was dawning and blockchain was on the cusp of fulfilling its economic destiny.
However there were others watching too. Others with very different ideas on what to do with the DAO funds valued at nearly $250M.
Part 3: “The further one goes, the less one knows.” – Lao Tzu, the Dao de Jing
One of the features written into the smart-contract of the DAO was the ability for participants to exit the DAO by “splitting” off from the DAO after a waiting period. If an owner of DAO tokens invoked this clause of the DAO contract, then it would trigger a waiting period during which others could join the splinter DAO and exit as a group. At the end of the waiting period, all participants in the splinter DAO would receive their proportional ownership stake at the time of the split. It was expected that splits would be a natural process as contributors’ interests changed.
However, among the first groups to exit, one of the participants understood that the DAO’s “smart-contract” was in fact only a “needs-improvement-contract”. By invoking the DAO’s “split” code in a specific manner, the number of ETH withdrawn from the DAO was not limited to their proportional ownership based upon the amount they originally contributed. This meant that the total number of ETH in the DAO itself could be drained upon exit – even if your initial contribution was 1 ETH.
In the early morning hours of June 17th the waiting period for a split was completed and during the split, an unknown person used this “smart-contract” flaw to begin draining the DAO of the more than 12M ETH collected. Once noticed, a frenetic effort began to understand and stop the exploit. It was soon recognized that the there was no “hacker exploit” involved. The loss did not circumvent the inherent blockchain security architecture, and the “smart-contract” had not been altered or tampered with.
The ironic realization set in that the failure was not security, but in translating the intent of the contract into computer code. The DAO was being drained simply by using its “smart-contract” in an unintended manner.
Since the DAO was written as a completely autonomous, distributed organization, complete agency for the fund was committed to the “smart-contract.” Consequently, there was no provision for human intervention, no “off switch”, no measure to modify the contract should an error be discovered. Furthermore, it was now fully (and publicly) understood that the DAO contract was fatally flawed, unalterable, and unstoppable. The DAO was in peril of losing all of its contributor’s funds within 3 weeks of starting operations.
Table 1: Timeline to “DAOsaster”
|Date||Event||ETH Closing Price (USD)||*DAO Market Cap (USD M)|
|2016-04-30||DAO Creation Period Starts||$8.85|
|2016-05-27||Call for Moratorium on the DAO (due to security concerns)||$11.29|
|2016-05-28||DAO Creation Period Ends
12.07M ETH Contributed
|2016-06-09||Blog post by Peter Vessnes published: “More Ethereum Attacks: Race-to-Empty is the Real Deal” warning about the possibility to drain any DAO contract via balance accounting in smart-contracts. States that notices of potential problems sent to key developers on 2016-06-05.||$14.45||$174|
|2016-06-12||Slock.it Founder Publishes Blog Post Titled,||$15.66||$189|
|2016-06-16||ETH reaches all time high > $20
77% return since DAO Creation Period ended
|2016-06-17||DAO is drained of millions of ETH by individual exploiting recursive send exploit warned of by Vessnes. There is no way to stop the drain because the smart-contract code is not altered, hacked or otherwise tampered with. No stop switch, no way to prevent the smart-contract code from executing as it is written.
ETH community is urged to join together to conduct a DDOS attack against the draining of the DAO.
|“The DAO Strikes back”
Recognizing there was no way to stop the entire DAO from being drained, an unnamed group conducts a “whitehat” counterattack against the DAO to secure 7.2M ETH into a wallet that cannot be drained.
Market cap decline of 60% from high
|2016-19-22||Anonymous group claims to file online complaint to Securities Exchange Commission (SEC), European Securities Committee (ESC), and Monetary Authority of Singapore (MAS) regarding DAO hack.
TCR1466578092053 suggests that they used the SEC’s Whistleblower website.
|2016-06-25||Voting commences on “Soft Fork” of Ethereum blockchain code. Designed to render the ETH appropriated by the “Dark Side of the DAO” as Null and void. However, researchers at Cornell (which called for original moratorium) discover DoS vulnerability in the “soft fork” code.||$12.27||$88|
|2016-07-20||“Hard Fork” in Ethereum code applied, erasing the transaction that appropriated the ETH from other investors. Immutability shown to be an aspirational concept rather than a fact.||$12.15||$87|
|2016-07-21||Refund Period – DAO effectively dissolved and all contributors are able to retrieve their ETH.||$12.15 – $11.09||N/A|
*There is currently no official tally of ETH at the various dates.
Source: Chris Montaño, CFA, various articles
Fortunately, for an inexplicable reason, the drain on the DAO stopped after more than ¼ of the ETH had been taken. What ensued after the initial loss was more suited to a hacker exploit movie rather than the staid realm of investing (see Table 1.) In addition to the initial failure, the subsequent activity included an anonymous group that conducted a “counter-hack” and drained the DAO of all remaining assets in order to protect the assets from additional losses.
Ultimately, the funds were recovered, but not before the Ethereum blockchain was altered by a controversial “roll back” of the transaction that took the funds. The concept of “immutability” was dispensed but everyone that contributed to the initial fund now has the option to retrieve their funds.
The DAO of the Fiduciary
“It is better to do one’s own duty, however defective it may be, than to follow the duty of another…” – Lao Tzu, the Dao de Jing
There has been an abundance of analysis on the technological dimensions of the “smart-contract” failure. And there are rigorous efforts to address many of the tech challenges with the code used to create “smart-contracts.” All these are critical for contracts on blockchains to live up to the marketing hype of “smart-contracts” rather than buggy contracts running atop blockchains.
However, I was, and remain troubled there has been no mention of what I consider to be the primary and most basic issue in this entire debacle. The first principal of investing is that agents owe a fiduciary duty toward those whose assets they are entrusted with. In the case of the DAO, a “smart-contract” was given agency over close to $150M of assets and would have lost it all within 20 days but for some equally dubious intervention that would be illegal in a regulated market.
As we look at wildly optimistic market and technology research on the impending era of machine learning, artificial intelligence, and “smart-contracts” running on blockchains, I suggest that now is a time that we assert the primacy of duty and agency. Regardless of whether an agent is a person, an artificial intelligence or a “smart-contract” on a blockchain, once agency is accepted, fiduciary responsibility IS immutable (unlike blockchains).
As we face the prospect of a “brave, new, fintech world”, I know of no current technology that can pass two legal tests of a fiduciary:
- Duty in the exclusive interest of clients.
- Professional competency – the “prudent expert” standard.
Flashy, shiny, new tech is important to experiment with and test in incubation labs and innovation centers. But until the “fiduciary test” can be passed by a machine, entrusting governance of any sort to machines, will inevitably prove to be a fool’s errand, as in the case of the DAO.
For me, it has been a full-circle lesson regarding the most human and fundamental element of commerce itself- trust. There is an acknowledged trust gap the domain of finance and investments has unfortunately earned. And I do hold out optimism and hope that we will see significant reforms from wise use of technology in finance. However, if we mistake technological prowess for fiduciary duty, we risk replicating the same mistakes in the technology realm that we have made in the financial management domain.