demise of Ethereum's DAO project. It was a fine idea: a sort of VC fund (expressed as a smart contract on the Ethereum blockchain) that would seed other projects and enterprises. Trouble was there was a bug in this contract (not in Ethereum itself) that enabled a slow motion $50 million dollar heist in broad daylight. The bug (the exploit) was discovered well before the DAO's funds (ethers) had been depleted, but little could be done to stop it. For smart contracts are programs written in stone (the blockchain, itself), executable code whose state (when conditions are met) inexorably advances as new blocks are added to the chain.
Real world contracts, by contrast, are interpreted by humans, which unlike machines, are far more forgiving. We allow for syntactic errors--errors in punctuation, grammar, spelling, etc. (Recall the 2nd amendment to the US constitution.) We can even tolerate a moderate degree of illogic. When the meaning of a contract is in dispute, we (the courts, or other empowered arbitrators) analyze and interpret both the letter of the contract and intent of the parties to that contract. This ability to re-interpret contracts, to clarify, amend, or even annul them in the future is an indispensable tool of human progress. If society were governed by immutable contracts (think slavery), we'd all be screwed.
The Trouble with Financial Instruments as Smart Contracts
The collapse of the DAO was viewed by many in its community as a blow to the ecosystem itself. Considerable resources (people, time, energy, dollars and ethers) had been expended, and the project's success was to underscore, validate--indeed some would argue kick off a demonstration of the true purpose of--the foundational Ethereum it was built on.
How to save the DAO? There was considerable wrangling about just how this could be done, but none involved fixing the contract itself, since by the rules of the game (Ethereum blockchain), contracts are immutable. No, the only way the DAO could possibly be saved was by somehow actually changing the rules. And the only way that could be done was (and always will be) by consensus.
Of course in blockchains like Bitcoin's and Ethereum's (proof-of-work based) "consensus" means a plurality in mining (hashing) power: the more computing power that you can plug to the network, the more say you have (at this time, the proof-of-stake version of Ethereum is still in development). The details, tradeoffs, and risks of the proposed solutions (soft fork vs. hard fork, etc.) are not important here. As it turned out, the community successfully pulled off a hard fork. Rather, the issue here is how a bug in a contract put the larger system (Ethereum itself) in play.
Systemic Risk: At the Intersection of Randomness and Determinism
Forget the challenges of crafting bug-free contracts. Let us assume we've achieved a bug-free ecosystem of best practices, and the contracts themselves work as intended. The larger and more important question is whether the system itself (the totality of the contracts) will work as intended.
In particular, what happens when financial contracts (on a blockchain) fail to price in risk correctly? Regrettably, the history of finance is filled with examples of ruin such mis-allocations of capital have caused (the 2007-2008 crisis being the most recent in memory). It is easy to imagine a blockchain embedding a web of contracts (recall, they can invoke each other's public interfaces) going down an execution branch that would have previously been considered a 6-sigma event. As we pile more contracts atop existing ones, the ability to analyze the future paths the blockchain might take becomes computationally hard. This calculation is compounded by the fact that, generally, the order of execution of the contracts cannot be guaranteed on the blockchain--there are therefore even more paths to consider given the combinatorics of ordering.
That last observation, by the way, holds irrespective of the richness of the programming language expressing those contracts--be it Turing-complete (as Ethereum claims with some caveats--gas), or one in which the execution path is constrained to a directed acyclic graph. Each contract is properly seen as a thread of execution and the blockchain, the current state of a highly concurrent system. The very nature of concurrency is disorder.
The '07-08 crisis, while still fresh in memory, is instructive. Financial institutions had sold insurance against outlier events that they had priced as astronomically unlikely. They insured against various forms of default: mortgages, corporate debt, the solvency of the insurers themselves. There was so much insurance being traded around that the impenetrable pile looked safe, and soon the insured were themselves insuring the insurers through circuitous paths few could see. Quite the contrary, the pile of paper instruments was viewed as a marvel of modern financial engineering.
And then, of course, a brick fell out of that fragile wall: mortgages. When the market realized that the default rate on these had surpassed all historical norms, the entire model on which everything was priced was called into question. The pile was now a tangled web of obligations no one could properly unravel. Counter-party risk became paramount: no financial player could trust that the other was actually solvent. The credit markets were frozen.
While the manner in which the Federal Reserve (and Congress) responded in the aftermath of the crisis can be legitimately scrutinized, putting aside questions of fairness and accountability, there's little doubt that some form of intervention was necessary. Some have argued that we should have left the chips fall where they may. But there was real risk that ATMs would soon stop working. Something had to be done. Someone had to suspend the rules of the game.
Which brings us back to smart contracts. Who will intervene when a pile of smart contracts form a dumb collective? In the case of the DAO, the Ethereum community's intervention manifested itself as a hard fork (a change in the rules that is not backward-compatible with the old rules). It was an impressive, if messy, feat. And it also brought controversy, as it called into question the very immutability of transactions on blockchains. But these are early days for Ethereum. It's doubtful a fork like this could have been pulled off if the project were in a more mature state like, say, Bitcoin.
Much has been made of the "lessons learned" about the DAO's failure and how a more rigorous, better tested, bottom-up approach promises a better second-go at it. I want to believe. Still, the real lesson, I'm afraid, might be that contracts written in stone are a bad idea, period.
And a Bit Glum About Bitcoin..
If having struck such a downer note, I might as well list some personal peeves about Bitcoin (a sort of cleansing of my mind). I will try not to bore you with technical peeves others have already made--that the system is an inefficient energy hog, for example.
So you might argue, What's the harm in a contract that records the transfer of ownership, of say, a car? Not much really. Except that the world is filled with unsavory actors. What if someone is holding a gun to your head? Would you buy into a system of ownership in which the courts cannot undo a transaction even after you've proven that it was executed under duress? (That no central authority can govern its transactions is in fact the key feature of the distributed ledger that is the blockchain.)
Now this argument must apply equally to Bitcoin, too. Owning bitcoins is much like owning gold in an impenetrable, pass-phrase-protected vault in your basement. If you store much gold there, you might want to take additional security measures--a security camera, for instance (so a would-be thief is less inclined to hold that gun to your head). Except, again, that with bitcoins, the camera is of little use, since the courts will have a hard time returning the stolen goods. Indeed, the courts generally have difficulty returning anything stolen from your safe--which is why we tend to prefer the banking system.
This doesn't necessarily mean that bitcoins are an unsafe store of wealth. Indeed, bitcoin is arguably safer than gold. For one, gold is more fungible than bitcoins: gold atoms are indistinguishable from one another, whereas the transaction history of any [fractional] bitcoin can be traced back to its beginning (when it was first mined). Bitcoins are thus less anonymous than once supposed, and this can make spending the loot harder for a thief. Two, the total supply of bitcoins is easier to predict than that of gold. The supply of gold is sensitive to one-off events, like the discovery of new sources (say a newly discovered mine, or more fantastically, imagine a bus-size gold asteroid landing in Siberia), whereas the maximum future supply of bitcoins is bounded (the sum of a decaying geometric series), and the network's mining power growth rate is relatively steady. And third, bitcoins are easier and safer to transport ('cause you don't).
But for me, investing in Bitcoins burdens me the same way as owning gold: great care must be taken to protect any significant amount of it from theft. I am far too sloppy to invest in either (and own too little to consider changing my ways worthwhile). No I think bitcoin's most important feature is that it functions unimpeded across geographical, governmental, jurisdictional boundaries--though, I've yet to actually need any of this.
A Better Name: Bitgold
I'm not suggesting, of course, that Bitcoin should be renamed. But bitcoins are more like precious metals than currency. Currencies, after all, aim for price stability. Ideally, a basket of everyday goods costs the same over time in a given currency. But Bitcoin, like gold, owing to its limited supply, tends to appreciate in value relative to most common goods and services that over time become ever more abundant through innovation and technological efficiency. So if it's a currency, Bitcoin is deflationary one.
Deflationary currencies, however, are ill-suited for tallying debt. A lender has little incentive to lend bitcoins long term. And a borrower's obligations tend to balloon in real terms over time thereby increasing credit risk even more. So bitcoins can be lent more like Treasury bonds: they can be used as collateral for other debt, but are themselves seldom borrowed for any meaningful length of time. (Typically, you borrow long term T-bonds short term, in order to sell them short in anticipation of a quick drop in price.)
Now some argue that debt and usury are evil twins that we'd best do away with anyway, that a system of finance that discourages credit is just what the doctor ordered. It's a questionable argument, supported by only a minority of economists. (To wit, the total value of bitcoin debt is minuscule when compared to aggregate supply, even though a good number startups provide intermediation services for such lending in the marketplace.) Whether right or wrong, whatever its merits, it seems to me buying into the Bitcoin system is somewhat synonymous with abandoning long term debt: the system inherently favors equity over credit.