20th June 2016

The DAO: what you need to know

Written by Matthew Field, Policy Adviser, Digital

If you’ve been ignoring the blockchain / digital currency discussion, it’s time to start paying attention. On Friday the DAO (Decentralised Autonomous Organisation), an automated investment vehicle that allows investors to choose what the fund invests in, was ‘hacked’ resulting in the loss of $50 million. Of course it was not actually USD that was lost, but rather $50 million worth of ether, the digital currency which the DAO trades in. This is big news in the blockchain world because the DAO as a fund isn’t located in any one jurisdiction, but rather sits entirely on the Ethereum blockchain using smart contracts to operate.

If that sounds too techy to be relevant, consider that on that same day both the Bank of Canada and the Bank of England made mention of blockchain applications in central banking. The former announced it was experimenting with creating a digital version of its fiat currency which would sit on a blockchain while the latter discussed the potential application of distributed ledgers to the Bank’s payment system RTGS.  In short, we are fast moving away from the days when distributed ledgers were solely the realm of Twitter chat and digital currencies equalled crypto-currencies.

So what happened with the DAO? First some background. Ethereum is a rival currency to the better-known Bitcoin. It uses its own version of the blockchain technology famous for underpinning Bitcoin. Earlier this month the Economist looked at the phenomenal rise in value of ether since the start of this year (see chart). The DAO,  which exists only in the Ethereum world, is in essence the world’s most successful crowdfunding venture. The fund raised around $150 million worth of ether from investors who in turn received voting rights. The stated purpose of the fund is to invest in digital ventures that are chosen with the consensus of its investors through the use of smart contracts designed to execute themselves automatically if certain conditions are met: for example, investing funds only if the majority of investors agree to the transaction. On May 28th the DAO stopped accepting new funds and became an investment vehicle unlike any other in the sense that it is entirely computerised with no humans in charge. Various papers have, with obvious glee, called it venture capitalism without venture capitalists.

tales from crypto

So given all the hype around blockchain and the growing interest expressed by central bankers, it’s comes as big news that the DAO has suffered a hack of sorts resulting in the loss of some $50 million of its funds. The Wall Street Journal was interested enough to cover the story on Friday and there will no doubt be more coverage to come in the following week(s) as the DAO and Slock.it, the company which wrote the funds smart contracts, work out what to do next.

I say hack of sorts because in fact this wasn’t really a hack, but an exploitation of flaws in the smart contracts underlying the DAO system. It turns out that a few weeks ago a group of academics warned about the potential flaws in the code and called on investors to hold off on any potential investments until the vulnerabilities were fixed. The paper examined several ways in which the voting process that makes the DAO democratic could be corrupted to alter the intended purpose of the fund. According to the paper “at a fundamental level, these attacks all stem from unintended consequences of the mechanism built into the DAO.”

Sure enough, only a short while later that is exactly what happened. The academics argued that “these problems can give rise to complex strategic behaviours, all resulting in a corruption of the intended, honest debate and voting process to select the most deserving proposals.” In short, the attacker(s) didn’t hack the system, they found a way to make the code serve their interest in a way which the writers of the code never intended, but which was still fully in keeping with the designed functionality of the code. A Bloomberg article by Matt Levine analyses the situation in full and is highly recommended.

Aside from the practical questions of how the “theft” was executed, the most interesting questions that will arise from this episode have to do with the nature of regulation in a world where financial interactions are governed by computer rather than legal code. The DAO finds itself in a Catch 22 of sorts. If, as they intend, they reverse the transactions which violated the stated purpose of the code by achieving consensus around an earlier block in the chain the DAO are in essence acknowledging the code’s subservience to human language in the form of terms of reference for the fund, something digital utopians will consider a step in the wrong direction. They are also acting as a central authority which goes against the principles of the fund. On the other hand, if the DAO choose to maintain the integrity of the blockchain and instead ask the courts to get involved they are accepting regulation by a central authority, the very thing a decentralised automated organisation is intended to avoid.

These tricky questions for the DAO and blockchain enthusiasts are the direct result of operating in a world where computer code and not legal code govern actions. True believers will say that the code simply wasn’t good enough. That may be true, but it nonetheless highlights some of the possible dangers to a more universal application of this technology. The jury is still out on what will happen with this Catch 22, but you can rest assured that central bankers will be paying close attention, and so should you.

Please register or login to add this to your interests.