The foundation have stepped in to consider managing The DAO’s failure, but is it right to? Earlier today a flaw was exploited in The DAO’s contract which allowed an attacker to leech funds, as Peter Vessenes discussed was possible.

Edit: It still isn’t clear if this will be followed through. My understanding is that the solution offered is not necessarily a popular one and I’m sure no one associated with Ethereum is happy at being put in this situation. I’m currently leaning towards favouring an immediate soft fork to protect/block funds and then effectively negotiating a ransom with the attacker or attacking their funds.

A hard fork would be highly controversial and should be the stick used if the attacker doesn’t agree. I also think a soft fork (and maybe miner attack to recover funds) is a community centric approach which is still decentralised.

As a result of the potential for a single software flaw in a new technology having so much potential for disaster, at Ownage we had started discussing the notion of an emergency stop, a big red button type of thing. I hadn’t written up the idea beyond a couple of slack posts but I put the concept in a short Medium post earlier.

This is too late for The DAO but The Ethereum Foundation have stepped in to offer a potential solution prevent losses. I want to put forward my argument why this was the right thing to do, although it may not be followed through.

Of course, it must be said that any kind of bail out comes with problems. Failure is always an option.

Ethereum is the first of its kind and we’re now writing the first smart contracts of their kind. Peter Vessenes tweeted me to ask about best practices and I said, give or take, they don’t really exist yet. When you don’t have best practices and don’t have prior ‘art’ to work from, it’s rather difficult to even do a security review that is solid, however much money you spent on it.

When the first big smart contract arrived and when that contract holds a substantial proportion of ether, the risk is then enormous. When The Dao had around $20m that was one thing, and I didn’t believe it would reflect on Ethereum. When that became $200m, it’s quite another story.

A loss of that kind would impact Ethereum itself and everyone in the ecosystem. Worse, there could be legal ramifications for the Slock team, curators and perhaps even Ethereum itself; indeed, perhaps the whole cryptocurrency sector. I don’t believe there was any choice but to provide a recovery solution.

Bitcoin itself had a software issue in 2010 which required a hard fork to fix. Whilst it was in the core software, I don’t believe it to be a materially different situation because Ethereum is being built for apps in the same way that bitcoin was build for electronic cash. A failure in Ethereum’s first major decentralised application due to lack of awareness of this type of flaw sits in a similar boat to me.

That all said, this cannot be seen as the norm. It’s now up to developers to build in safety systems and to take security a lot more seriously. Ethereum is only a platform which runs code, it does not say anything about code quality. The Dao had already come under attack from some for downplaying some of the security risks. It’s now clear that better protections need to be in place for when exploits are found. However, I don’t think this is anyone’s fault, I think it’s a result of new technology that isn’t sufficiently understood yet.

To those worrying that this sets a precedent, I think it up to the Foundation to make clear that this is a one off.

To those concerned about this being centralised interference I say that yes, it is, but it’s because they are the ones who need to act as guardians of the ecosystem. A failure here could be catastrophic for everyone, including potentially outside of Ethereum.

Besides, any such soft fork fix still has to be agreed by miners, it can’t be forced on the ecosystem. Unlike with Mt Gox, no money has to be lost but many lessons can be learned.

Alternatively, if there is no soft fork the other option is to move fast and get a new DAO split and fixed code. I’m unsure of the possibilities and ramifications but if it can be done without too much being lost then that’s a possibility too. A problem here is it may allow the situation to drag on and means people have lost money, rather than being forgotten about quickly with no losses.

It is also possible for miners to take action directly on the stolen funds, this being the view of Rune from Maker, posted here. He makes the point that this is a dangerous precedent and asks why it didn’t happen with the Gatecoin hack. Edit: Rune has come out in favour of a soft fork.

Finally, it is still by no means certain which proposed solution will be followed through by The DAO or agreed by miners. Interesting times.