Auditing, Education, and Centralised Decisions will enhance Smart-Contract, Blockchain Technology
There’s a particularly interesting case that involves Libyan Investment Authority (LIA) suing Goldman Sachs for about $1.2 billion dollars’ worth of trades that the two organisations had made a deal on.To put some context into this case, LIA was an organisation set up by Libya and several other neighbouring countries. Unfortunately, the firm had practically no legal or financial experience, and were heavily reliant on consultants and investment companies giving them advice.
Allegedly, Goldman Sachs developed a relationship with LIA and began to develop trust for future business transactions. They did this by offering elusive Goldman Sachs internships to LIA’s employees; providing business class flights and accommodation to exclusive conferences in exotic cities like Dubai and Morocco.Several years later, Goldman Sachs allegedly advised LIA to take several trades, of which Goldman Sachs would profit approximately USD$350M+. LIA purchased these contracts and paid GS’ commission, however, several months later they realized that they had fallen into a big hole. The trades weren’t stock, shares or bonds, they were allegedly complex derivatives.
Unfortunately, due to the lack of legal and financial expertise at LIA, they weren’t able to understand that, as a result of failure, they would not be able to recover a single penny of their $1.2 billion dollar investment.
There’s an obvious issue here. Goldman Sachs didn’t necessarily break the law, they may have acted unconsciousably.
The contracts weren’t illegal or invalid, they didn’t coerce LIA into doing so, but LIA believes that there was injustice here. LIA believes that they didn’t know what they were getting themselves into, and Goldman Sachs took advantage of that. Whether or not there is a violation of the law is up to the court to decide, but I think it is apparent that there is a major education gap within financial institutions, especially between poorer countries and richer countries.
When smart-contracts enter, this gap becomes even larger. Complex derivatives may be hard for a firm like this to understand, however, when we look at the Ethereum security vulnerability that happened over the last thirty hours it’s obvious that smart-contracts represent an even larger hurdle to jump over.
Ethereum is a “decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.” It is essentially programmable money, that is held within a Decentralized Autonomous Organisation(DAO) that is a mutual fund. There is no active management that manages the money or moves it; the money (Ethereum) is programmed to do that. As a result, people purchase Ethereum for US dollars and invest within the mutual fund. This ether can be converted back into US dollars if an investor wants to exit.
On Friday morning, 17 June 2016, the DAO was hacked. In simple terms, the DAO was programmed to promote decentralisation and encourage the creation of child DAOs by rewarding a split of the fund to result in additional ether (money). The hacker found this feature, and used it to take millions of dollars out of the DAO and into his own account.Now here’s where the interesting part kicks in. The DAO is a smart-contract, which means the code itself is the contract. The code controls and sets forth all the terms of creation; the hacker did not do something wrong with the code. The code had a flaw in it. However, it is its own contract, so the hacker didn’t violate the contract. This vulnerability was within the confines of the contract; it might be considered ‘morally wrong’ but it’s arguable whether it is considered a theft.
Vitalik Buterin, the founder of Ethereum, is proposing a “soft fork” that will prevent the attacker from being able to make valid transactions, effectively freezing the funds. The stolen funds are locked in a “Child DAO” and are unable to be moved for another 27 days, Buterin says — giving the community time to debate and adopt a potential solution. “This will later be followed up by a hard fork which will give token holders the ability to recover their ether,” Buterin writes. (This solution would not involve any “rollback” or negating any transactions.)The decentralised nature of the DAO — and of Ethereum and digital currencies more generally — means there is no central authority that can simply flip a switch and make changes. Decisions have to be reached by community consensus.
There is a clear inherent issue with this, as obtaining consensus from 2 or three people might be difficult, but when you starting to talking in 1000 or millions, this is very difficult. Typically it is usually that you look for a decision to be affirmed and those who disagree can opt out of the participation, otherwise you will end up chasing your tail for a very long time.
There’s going to be a huge market for smart-contract auditing, and centralised decisioning. For these smart-contracts to fulfil their goal, they’ll need to be a lot more secure than what happened and clear processes to step through to resolve the issue without too much delay or discord.
All comments or repetition of facts are only alleged facts and obtained from press reports not from the writer’s own due diligence. The writer is not making an affirmation of the facts and this post is only the opinion of the writer.