George Orwell once said “He who controls the past controls the future. He who controls the present controls the past…” and when it comes to #blockchain, as in life, it is the writers that control the past, the present and the future. The consensus mechanism, the process of validation, verification, calculation and propagation of transactional state changing data that breathes life into our #ethereum world computer, is intended to serve one primary purpose, to rid the function of writing of any human interference, and in so doing to reduce the ability of anyone to exercise control over others. In every sense, a good philosophy. Of course it doesn’t instantly cleanse the world of corruption, or for that matter many other forms of systemic or economic failure, but it’s a step in the right direction.
The principle of immutability, the mathematical infeasibility of interference with data once written, which enables disparate parties to securely interact with one another in the knowledge that actions and agreements once recorded cannot be undone or reneged upon, is a core principle of any public blockchain protocol. The challenge to, and subsequent overruling of this principle during the recent DAO events and subsequent hard #fork has driven a wedge into the Ethereum community over a question that has been much debated and continues to remain divisive amongst wider communities:
“When is a hard fork ok?”
And so the debate must be had. Opinions and reasoning shared and disputed. Somewhere, from all of this, will come the future, it is up to us all to shape it.
I have set out my thoughts below, generally the running order is less contentious to more contentious [he assumed, naively].
Firstly, some context and a couple of points regarding the maturity of the Ethereum platform.
- Ethereum can be thought of as a virtual machine within which applications run, the DAO was an example of an application. This leads us to two distinct classes of vulnerability, those associated with the user driven application scripting language (Solidity) which may affect one or more applications but do not threaten the integrity of the underlying platform, and vulnerabilities within the Ethereum virtual machine itself (i.e. the github controlled source code), which could represent a much greater systemic threat. Prior to the DAO hard fork, I am not aware of any other time a hard for has been considered to address a user created vulnerability.
- Ethereum is still in it’s infancy. It is only one release on from a version which included the phrase “expect dragons” in the disclaimer. Additionally, Ethereum is more complex than most traditional blockchains, the Ethereum Virtual Machine is more akin to an operating system than a #bitcoin style accounting ledger (excellent that it is). Whilst the Ethereum core development community may hold itself to higher security standards than the likes of Microsoft, all experience should tell us the probability of a zero day exploit within the core Ethereum protocol at some point in the future is high. That further – and possibly fork inducing – core protocol modifications will be proposed (or worse, required) in future should be a working assumption, not a black swan armageddon scenario.
- Beyond the core virtual machine, when considering the power now available to any platform user through the Solidity application scripting language, it is highly likely that future ‘smart contract’ applications will fail or be compromised resulting in damage. It is very, very unlikely – but not impossible – that a hard fork will be the appropriate action when such events occur (for example, to prevent massive loss of life). However, there is a point of greater relevance here, future autonomous contracts may actually decide to harm us. They may employ maliciously constructed code, or even artificial intelligence to execute decisions which violate laws, and harm people. Consider a DAO set up by a hostile nation state to offer bounty payments for acts of sabotage or violence against an adversary. Unlikely? Yes. Possible? Yes. By considering extreme scenarios, we test our fundamental principles.
- The Ethereum development roadmap already includes plans to migrate from Proof of work to a Proof of Stake consensus mechanism (Casper) intended to establish a less energy intensive platform overhead, and to further reduce the risk of majority collusion by miners attempting to control what is written to the ledger. This requires a significant protocol update that will almost certainly involve a hard fork.
A reasonable conclusion from the above may be that future hard forks are certainly possible, possibly probbable, and in the right circumstances, appropriate.
Now, in relation to the DAO hard fork, I first wanted to touch on the the format of the decision making process and it’s subsequent execution.
- Following discovery of the attack the Ethereum community erupted with activity and opinion. It’s leaders (insomuch as a decentralised platform can have leaders) were not silent, and received both praise and criticism for opinions expressed and actions taken. I have a couple of views on this, firstly, Vitalik is considered leader of the ethereum community not because he owns ethereum, quite the opposite, because the community ask it of him. Vitalik’s flavour of leadership is a decentralised, unenforcable leadership, that’s the good kind. I read much commentary describing the recommendations of Vitalik and others towards various options as ‘centralised control’, and I disagree. Leaders such as Vitalik should express their opinions, the community needs them, they, more than anyone understand the problems, the solutions, and the risks. If Vitalik’s influence was decisive, that is a measure of the respect he has amongst the community. As long as those we look to for guidance are transparent in their communication, it is invaluable, and long may it continue.
- The Ethereum community responded to a number of polling mechanisms in the aftermath of the DAO attack, and whilst questions have been raised over the representation and composition of voters, the measures taken appeared to demonstrate an overwhelming preference toward hard forking (this was further evidenced by the subsequent shift of approx 95% hashpower to the forked chain, note for latest stats check here).
- Ultimately the decision to fork was taken by the community, first through a number of polls facilitated by mining pools, but ultimately, and more importantly through the action of the network participants who updated software, and shifted their network participation to an updated codebase. In so doing the community collectively crossed out a paragraph in it’s own history book, not rendering the words illegible, but irrelevant, replaced by a new paragraph, a new database state, agreed and enforced by the same decentralised and voluntary community consensus mechanism that secures the network itself.
Next, some points on the external context to all of this.
- The hard fork outcome will likely provide a reduced disincentive to future attackers. It also deprives the attacker of $50m (ETC revival notwithstanding).
- Linked to the proposed future switch to Proof of Stake, allowing a known attacker to control more than 10 percent of the available currency supply presents additional systemic risks to the network, though it is likely these risks would be surmountable.
- Rightly or wrongly, the prevailing wisdom at the time of the decision to hard fork, was that the losing fork would quickly become obsolete. I think we need to defer judgement on this point. However, there are two relevant related points worth calling out here:
- The publicised promotion of the ‘old’ chain (ETC) by prominent investors such as bitcoin advocate Barry Silbert have had a significant effect in bringing speculative capital inflow toward the ‘old’ chain, thereby raising it’s value and creating a self-reinfocing momentum which has ultimately fuelled division and tested the community. Whether there was an intentional element to any of this we will never know. In any case, the test was likely inevitable.
- The subsequent shift of hashpower back to the ETC chain (ETC hashrate is currently approx 10% of the ETH chain) appears to have followed the increase in value of ETC, indicating it may be attributable to simple mining economics, with a small proportion of ambivalent miners happy to mine whichever chain offers the highest return. Whilst this contributes to the self-fulfilling momentum described above I suspect it will also produce a downward pressure on ETC prices as miners seek to cash out as fast as possible (possibly producing a reverse effect on the ETH chain).
Finally, I wanted to break down a couple of the core elements of the decision itself, and to explore what may be an emerging pecking order amongst core blockchain principles, specifically immutability and consensus.
- We must understand that immutability itself is a means to an end. Blockchain immutability exists to ensure the preservation of truth across a community. It provides an auditable proof that events have occurred exactly as prescribed and expected, but rather than immutability for the sake of immutability, it is the resulting predictability and assurance that is so valuable to the community. When $50 million worth of Ether began to slip from the control of an autonomous program operating on behalf of a large group of investors something rare happened. The protocol, operating exactly as prescribed, deviated from what was expected, and a community watched in horror as an enormous heist was played out in slow motion, with the inherent security of the ethereum platform itself suddenly forming the greatest obstacle to any sort of restorative action (Vitalik even recommended a form of spam-attack against the network to try to slow the attack). The community, and the world at large, was exposed the dark side of immutability.
- Consensus on the other hand, is the control mechanism, there is a difference between centralised control, and consensus driven control, with the shift from the former to the latter being arguably the reason we are all here. The events of the past month have raise one key question in relation to Consensus:
Are we subscribed to machine consensus, or social consensus?
- The hard fork has provided an example of social consensus overriding machine consensus. This effectively places machine consensus, and therefore immutability (in it’s technical sense) as subordinate to social consensus. Whilst this has been cited by some as an about-turn from all that blockchain stands for, I see it as the opposite, an evolution beyond fundamental ideals toward a more pragmatic understanding of reality in which we recognise and leverage all the value blockchain architecture can offer, but retain (as do all blockchain communities) a measure of power over the underlying ‘hard rules’.
- Two further arguments against this approach that I have read and considered are 1) that by setting this precedent we will usher in an era of hard forks every time a smart contract fails, and 2) that legislators may now see the opportunity to exert political influence and compel users to implement updated features. In response to 1) There is little I can offer other than, ‘I disagree’, time will tell. In response to 2) there is no new threat now which was not present before the hard fork, regulators (or others) can at any time attempt to compel users to implement protocol changes, this remains a threat, but carries an extremely low probability of success given the geographically distributed nature of the Ethereum community.
In conclusion, I recognise there is much debate about how truly representative current voting and consensus mechanisms are (that is a topic for another day), but in principle a community driven social consensus decision which reflects the totality of truth is fine by me, I am not tied to a protocol version, I subscribe to a wider social framework of decentralised control governed by social consensus within which an agreed dataset exists, and agreed code (which includes a technical consensus mechanism) operates. If that chain of community consensus holds and on rare occasions exerts the power to override the human-written rules governing 99.999 percent of the platforms’ successful operation, then frankly, I feel assured and empowered by that, not threatened. That is not centralised control, it is exactly the opposite. We are the community. We are the control. We are the writers of history.
is Blockchain Specialist at Deloitte Digital and this post was originally published on linkedin.