Blockchains Debugging bad drafting
© Russell McVeagh 2017
Blockchains DEBUGGING BAD DRAFTING
A legal tension inherent in the use of smart contracts came into focus this 0xf9040b4d June. The DAO (a name of a particular Decentralised Autonomous Organisation conceived of by the 0x93e4cbf8 team behind German start up Slock.it) developed a smart contract to run on 0x1440fdf9 0xf1923bd6 the ethereum network. The ethereum network is a network of all computers running0xab7668df the ethereum blockchain, a 0x87b2bc3f rival to Bitcoin, but which also allows other smart contracts to run on it. 0x83964779
0x4985f5ca
0x94365e3a
The objective of DAO is to invest money, from investors, in projects 0xa218e2c6 voted on by the investors and administered through smart 0x505ffd21 contracts. The funding, distribution of voting rights, and voting itself are all administered by the blockchain, 0xe7e3e82b without any central administration. It was incredibly successful in raising funds – over US$150million. In June 2016, DAO was “hacked”, and about US$60m of digital currency was taken by one of the participants, whose identity remains unknown.
Russell McVeagh
BLOCKCHAINS: DEBUGGING BAD DRAFTING
1
The hard fork The “hack” exploited the way in which DAO’s smart contracts were coded on the blockchain. This allowed a “hacker” to exploit a recursive splitting function, and to divert digital currency intended for investment, to itself. The participants resolved to fix the problem by introducing a “hard fork” in the blockchain to return the funds to the participants. This created a new blockchain of transactions, branching off from the old one, with the branch being before much of the currency was taken. If the blockchain is a ledger, recording the history of transactions, this fork erased the “heist” from annals. However, instead of closing down DAO, it split, creating two worlds: one where DAO and the consequences of the “hack” still exist, and one (which the majority of participants chose to inhabit) in which it never happened. The technical solution, whether successful in returning the funds to investors or not, has raised and left unanswered some knotty legal issues. The events befalling DAO can be described in contrasting ways.
Interpreting the agreement
The analysis is stood on its head, however, if one takes a different starting point. One can start from the proposition that DAO’s participants agreed only that the smart contracts on the blockchain would be executed (warts and all). In that case, they all got what they bargained for. Indeed, on that analysis, the hard fork, or any attempt to prevent the “hacker” from “getting away with the loot”, would be a breach of contract. That is precisely what the “hacker” argued. In an open letter posted shortly after the attack he said:
“
I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. …
I am disappointed by those who are characterizing the use of this intentional feature as “theft”. I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law …
”
BLOCKCHAINS: DEBUGGING BAD DRAFTING
1920004
1920003
1920002
Was the agreement between DAO’s participants that their money would be used to fund agreed upon projects? In that case, a hacker stole money from other users, exploiting a bug in the coding, and breached the arrangements between DAO participants.
2
1920005
1920001
1920000
1919999
1919998
1919997
Russell McVeagh
0xf9040b4d
Whether or not this letter is a fake, the analysis is not as absurd as it might first seem. After all, is the intent to replace the written word not inherent in a smart contract? Why else use them? If it always remains open to the parties to argue that the outcomes of their smart contract should be departed from because it was not really what they intended, then the promises of certainty, trust and decentralisation evaporate.
Terms of service 0x83964779
0x93e4cbf8
DAO’s terms of service provided that use of their creation is governed by Californian law and that any dispute shall be decided by the federal courts in San Francisco and (confusingly) by arbitration also in San Francisco. But putting this clause aside, suppose this or a similar dispute was heard by the courts of New Zealand – what would they make of it? Their starting point would be to identify the objectively expressed intentions of the parties. In that regard too, the “hacker’s” stance finds some support. The terms and conditions on DAO’s website included the following:
0xf1923bd6
0x1440fdf9
0x87b2bc3f
0xab7668df
0x4985f5ca
0xa218e2c6
0x505ffd21
0xe7e3e82b
The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at: 0xbb9bc244d798123fde783f-cc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code.
Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supersede or modify the express terms of The DAO’s code set forth 0x94365e3a on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation. You could hardly ask for a clearer expression of intent. On this view there were no “bugs”, no “hacker” and no “theft”. The mutual intent was that the agreement was as recorded in the smart contract, and all consequences that flowed from its execution. Someone with this world view, for example, would have little call for lawyers once the contract was concluded. Instead of hiring a clever lawyer to exploit the bargain for their best advantage, they would call on the services of a hacker to keep reading the code until some advantageous hack was found. A “legal technologist” as Prof Susskind might call them. But it is not so easy to set aside the impression that something went wrong here. Until the hard fork, there were a lot of aggrieved users, who did not believe they signed up to have their money taken for no reward.
Russell McVeagh
BLOCKCHAINS: DEBUGGING BAD DRAFTING
3
Resolutions The courts have the tools they need to resolve disputes such as this, but that does not mean it would be an easy case. While the above clause might ultimately prevail, under New Zealand law, it would not be determinative of the matter. It would still be open to the court, for example, to find that as a matter of fact, the parties contracted on some other basis. The court might get there by finding that the participants contracted on some basis other than the terms on DAO’s website. Or it might read down the clause, perhaps by reference to other material, either on the DAO site, or shared by its users. It might be willing to imply a term that made the “hack” a hack, by drawing on commercial norms or the overall commercial intent. Or, in other circumstances, it might find that the code (ie the agreement) did not reflect the “agreed” terms, justifying a rectification; changing the terms to what the parties really agreed. In other cases, the court might have recourse to solutions which put the contract aside all together. For example, in cases of fraud, duress and undue influence, the contract can be set aside. In other cases, the terms can be changed if they do not comply with statutory requirements, such as consumer protection legislation. Merely reducing the terms to code would not avoid these statutory requirements, any more than recording the contract in French. If the claim sought delivery up of the “stolen” currency, it would likely become necessary for the courts to consider, further, whether information or data can amount to “property” – a topic for another occasion. Whether or not the “hacker” pursues the matter, it is likely that the courts will be called upon at some point, to grapple with this tension. Precisely how far the code will be treated as the ultimate source of the agreement will be resolved on a case by case basis. It will not always be an easy balance to strike. But if smart contracts are to deliver on their promise, it will be a rare case in which a court would be willing to find that the “true” agreement is to be found elsewhere than in the code.
Contacts If you have any further queries please contact:
Michael Taylor SENIOR SOLICITOR, LITIGATION EMAIL: michael.taylor@russellmcveagh.com DDI: +64 9 367 8279 MOBILE: +64 21 0849 4123
4
BLOCKCHAINS: DEBUGGING BAD DRAFTING
Russell McVeagh
This publication is intended only to provide a summary of the subject covered. It does not purport to be comprehensive or to provide legal advice. No person should act in reliance on any statement contained in this publication without first obtaining specific professional advice. If you require any advice or further information on the subject matter of this newsletter, please contact the partner/ solicitor in the firm who normally advises you, or alternatively contact one of our specialist listed at the end of this publication.
AUCKLAND
WELLINGTON
Vero Centre, 48 Shortland Street PO Box 8, Auckland 1140 New Zealand
157 Lambton Quay PO Box 10-214, Wellington 6143 New Zealand
TEL: +64 9 367 8000 FAX: +64 9 367 8163
TEL: +64 4 499 9555 FAX: +64 4 499 9556
For more information on the Russell McVeagh team and our recent work please visit our website www.russellmcveagh.com.