Professor Emin Gun Sirer played a pivotal role in a number of recent major events in the world of crypto-currencies, such as Bitcoin and Ether. Here’s the story so far of Sirer’s recent interactions with “the DAO”, a “leaderless company” once called “the biggest crowdfunding project ever”, which at one time controlled a crypto-currency fund worth about $150M; we trace out this saga through press mentions from around the globe.
(For a brief, lighthearted timeline, A TechCrunch article outlines the history of crypto-currencies, including the drama surrounding the distributed autonomous organization known as “the DAO”. It describes the major impacts Sirer has had on the evolution of the ecosystem.)
Prehistory. The New York Times: “Sirer … has particular authority in the area because he previously was” a co-author, with Ittay Eyal, of a “[2013] paper pointing out a serious vulnerability in the structure of Bitcoin, the most popular virtual currency.”
The Rise of the DAO. Forbes: The DAO, created to crowdfund startups, is governed not by humans, but by algorithmic “smart contracts”. It raises $133M worth of the digital currency known as ether, but despite the enthusiasm, it may not be better than traditional crowdfunding. Sirer tells Forbes, CoinDesk, and the American Banker: “The DAO is not operating within our existing legal framework … Some protections that are give[n] to investors that take the shape of 600 pages of regulations do not exist for distributed autonomous organizations, but on the other hand, DAOs have the benefits of algorithmic control and algorithmic restriction”.
Sirer and co-authors discover seven flaws in the DAO’s mechanisms. Sirer, with Dino Mark and Vlad Zamfir, find the potential attacks so serious that they call for a moratorium on DAO activity. The New York Times: "At a fundamental level, these attacks all stem from unintended consequences of the mechanisms built into the DAO... These problems can give rise to complex strategic behaviors, all resulting in a corruption of the intended, honest debate and voting process to select the most deserving proposals." Wired: “Sirer says the DAO’s biggest problem is that it doesn’t encourage honest voting on new pitches. …. if you don’t believe in a project, you’re better off abstaining than voting no.” Elsewhere, Sirer says that “There are so many attacks against the DAO that some of them cancel each other out."
This news receives further widespread press coverage, including in Israel’s Haaretz, The Merkle, Blockchain News, CoinDesk, FX News Call, Quartz, and EconoTimes.
The DAO is actually hacked, exploiting a vulnerability pointed out by Mark, Zamfir, and Sirer. The Economist: About $55M was stolen. “[T]he DAO … does not have rules, or staff … instead, it has computer code, which is supposed to embody its purpose and to operate automatically. If the attacker found a flaw in the code, whose fault is that? .... In effect, says [Sirer], the attacker simply read the terms and conditions more closely than anyone else." In the NY Times, Sirer continues further, stating that "this is one of the nightmare scenarios everyone was worried about: someone exploited a weakness in the code of the DAO to empty out a large sum."
This causes a flurry of press mentions around the globe, causing someone to comment, “Prof. Sirer is now more popular an international sensation than David Hasselhoff." See Sueddeutsche Zeitung, the largest German national daily and Die Zeit, Germany's counterpart to Time with a readship of 2M people, ZDNet.be, L’Informaticien, The Financial Times, and CryptoCoinNews in Oslo.
A fix proposal --- the so-called “soft fork” --- gains great momentum until a Sirer-led investigation reveals flaws, halting the change in its tracks. Bitcoinist: Sirer worked with Tjaden Hess, an incoming Cornell freshman, and Columbia freshman River Keefer to reveal a potential denial-of-service vulnerability. They later write: “Following our announcement, the [underlying blockchain platform] the Ethereum price took a 10% dip, losing approximately $100M …
On the other hand, various people have remarked that, had the … vulnerability not been discovered, and [an attack occurred], it likely would have created a severe setback for the system, possibly killing it entirely. So, we've been told by a few people that the right way to view the [announcement] is that it saved $900M in value. :-)”.
Overall (International Business Times): Sirer notes: “The DAO was badly broken in multiple ways. It should not have been entrusted with as many coins as it did. Undoing this, in the early days of a system, with appropriate lessons learned, would set no precedent and provide the path of maximal societal good." Bitcoinist notes that community members have called Sirer's moratorium piece "the most logical write up on the story yet." He wrote there, "Smart contracts are and remain an incredibly exciting field. We have only begun to scratch the surface. There can be no birth without pain, no initial foray into the unknown without some setback. I believe that Ethereum overall will emerge from this in a few weeks, having been made much stronger as a result. It will have a newfound direction and charter that involves a slight pivot, away from ‘let’s get DApps at all costs, let’s make front-end programmers into smart contract writers,' towards 'let’s build up the science of secure, smart contracts.’ And that will make everything worth it.”