A Legal Analysis of the DAO Exploit

source: Bitcoin News

2016. Jun. 21. 02:06

A Legal Analysis of the DAO Exploit

NOTHING IN THIS ANALYSIS IS LEGAL ADVICE. IF YOU NEED LEGAL ADVICE, SEEK OUT A QUALIFIED ATTORNEY.

News broke early Friday morning that TheDao had been exploited using a code error in TheDao software that caused a user to be paid extra amounts of ETH held by TheDao when executing a split proposal which would create a new child Dao containing the extra ETH taken from TheDao. 

Also read: Ethereum Miners Back Buterin’s Soft Fork

Unlike mass consumer software, which is typically rigorously qc’d before release, TheDao was released more or less in alpha or beta condition. This means that it had likely not been robustly tested and was likely to encounter errors states or behavioral outputs not yet observed. Although I cannot speak specifically to Slock.it’s qc efforts, it may not have been the same as that which might be implemented by large commercial software developers.  (Of course even large software developer roll out buggy code. However, the law strongly regulates financial services software to prevent software laden with exploits that an affect consumer funds). This bug was widely discussed (including by such crypto-luminaries as Nick Szabo (Ethereum/Bitcoin), Zooko (Zcash), Emin Gün Sirer (Hacker, Professor at Cornell University) and Diego Gutiérrez Zaldívar (CEO of RSK-Labs, Rootstock)) prior to the exploit occurring. From this context, the exploit should have been considered inevitable, especially given the attractiveness of TheDao (and its $205mm US holdings) as a target.  Of course the relative rights and powers of parties to remedy this bug exploit attack is far more complicated to diagnose because of the unique centralization of Ethereum and because the exploiter may not be doing anything more than executing commands on the system resulting in an unexpected and/or undesired outcome.

In that context, we’ll take a look at the potential rights of investors (i.e. Dao Token holders), the Exploiter his or herself or themselves, and of the Ethereum Foundation with respect to the exploit.

 

Analysis Is Difficult Because Unlike A Conventional Contract, The Terms Are Unclear

It is unclear where an investor in TheDao can go to find the contract terms that bind them, and it is unclear, once they are found, as to whether there is any contract at all. There are terms, rules, regulations, terms, recitals, and warnings about theDao, found at (1) Daohub.org, (2) the Slock.it github (and its readme.md file), and (3) in the executable code itself (i.e. .sol files) as implemented. Slock.it’s github, its readme.md file and its .sol files were ostensibly authored by Slock.it and whoever applied the latest commit to those files; until recently, it was unclear who was operating Daohub.org. Let’s look at some of the most germane provisions:

Daohub.org (all excerpts below captured from https://daohub.org/explainer.html)

Daohub.org’s statements suggest that its terms (as related to the creation of Dao Tokens) are secondary to that of the code, and references code at a specific Ethereum wallet as prevailing in the event of conflict between the two. This language also suggests that the terms related to the function of TheDao beyond the creation of Dao Tokens are all found at the designated Ethereum Wallet. Thus, although the statements found on Daohub.org are written in plain English, there is no guarantee that the code found at the Ethereum wallet address noted, when actually executed, will comply with those disclosures. If there is a contradiction, the code wins. Daohub.org’s statement also suggests that the terms are also held at the github address noted therein which is the address for Slock.it’s repository. This conflicts from the statement above that suggests that the code terms (as related to the creation of Dao Tokens) are found at the specific Ethereum wallet address, unless they are identical to the terms found on Daohub.org.

Here, DaoHub.org suggests that using the code is risky, and if you do not understand the Code you should not use it, and that theDao does not “pertain in any way to an offering of securities in any jurisdiction.”

Here, Daohub.org advises its users that there are risks of bugs or weaknesses in the platform due to coding updates by Slock.it or by Ethereum, or others attacking the system’s behavior.

The “Disclaimer of Warranties” found on Daohub.org appear to be limited to creating Dao Tokens, only.

The “Limitations Waiver of Liability” suggests that users of TheDao will not hold “third parties or individuals” associated with the “Dao creation” liable for injury “caused by or related to the use of, or inability to use, Dao Tokens or the Dao Platform” , and shifts risk to investors, and that no warranties express or implied are provided.

Now, let’s look at the Github (readme.md, found at https://github.com/slockit/DAO/blob/develop/README.md) :

Here, the readme.md attempts to shift risk from Slock.it to the Investor and implementer of the code. In this case, however, slock.it is the implementer of the code.

Here, the readme.md file disclaims creating any legal and binding enforceable contract and urges participants to consult with legal counsel.

Here, the readme.md file disclaims any warranties, and refers to the GNU General Public License.

Through this language, Slock.it disclaims the creation of a legally binding contract in any jurisdiction, instructs users to seek legal advice from a lawyer, and urges caution that its use may create securities (which seems to contradict what was noted on daohub.org).

Now, let’s look at the actual code files: Dao.sol (same found in DaoTokenCreationProxyTransfer.sol, DTHPool.sol, ManagedAccount.sol etc.) which contains the following comment:

In the comments to the code itself, warranties are expressly disclaimed, and further reference is made to the GNU license. This suggests that the GNU license’s terms are integrated into the terms of theDao as well.

So, are any of these terms enforceable against investors? Maybe. The disclaimer of entry into contract may preclude any of these terms from being enforceable at all- otherwise they could be viewed as illusory for lack of consideration flowing back to the investor. Alternatively, the investor may be imputed to awareness of the terms when contributing ETH to TheDao, whether or not any contract is or is not formed.  The law may also impute that a contract exists despite the language stating otherwise. The provisions that attempt to impose a waiver against claims brought against third parties may be weakest, as it is not clear who may claim to be an intended beneficiary of those provisions, and thus, a third party (perhaps the Ethereum foundation) may have difficulty if claiming to be a beneficiary of the waiver under that provision.

The terms and disclosures above, however, do not reflect the activity of the system- which is only discernable by a review of the execution of the code itself. Thus, an investor would have to be able to read and understand the functionality of the code to understand what the code will do, and then determine the risks of investment. While it may seem far-fetched, generally speaking, to expect every investor to read the code, parties to contracts are generally imputed to have understood their terms upon entry, except in cases like contracts of adhesion (i.e. agreements which may be voided because one party has unequal bargaining power, and the terms are unconscionably unfair). However, the fact that theDao readme.md file and daohub.org terms roundly disclaim any formation of any contract suggests that there may be more ambiguity in the construction of these terms than expected.

Suing for or against the Dao is Challenging Because of Standing

A lawsuit naming a DAO as a Defendant would likely stall immediately because of the difficulty of identifying a representative of theDAO. The party served with process as a representative of a DAO would likely move to quash service on the basis that they do not legally “represent” the DAO. The Court would then determine whether the person who was served appropriately represents the DAO for legal purposes. To make this determination, the Court would attempt to classify the DAO legally, and then, by analogy, determine who within that DAOs structure appropriately represents it. In certain jurisdictions, entities may not represent themselves pro se, and must be represented in litigation by a lawyer. This could, illogically, lead to claims for intervention by others (perhaps Investors) who claim that the person designated to act for the DAO is acting without authority and perhaps to seek declaration that the lawyer is not authorized to act for the DAO because no person is authorized to subject the DAO to the jurisdiction of the court. To avoid this, a DAO may choose to designate an owner, manager, or legal representative. A DAO may choose to not designate a human representative to avoid regulatory interaction or potential liability. However, a lack of representative capacity will complicate any legal claims asserted, as it is unclear whether the various human actors affecting the DAO’s conduct (i.e. Creators, Investors, Curators, or Contractors in the case of TheDao) or the DAO itself, may actually represent the DAO. (If the DAO itself is recognized as a legally independent actor, its representative may be sued repeatedly, and those plaintiffs may attempt to hold that person personally liable.) Thus an analysis of DAO’s structure will likely be required.

DAOs may be analogized, based on their structure and function, to other legally recognized entities, but their lack of incorporation will preclude DAOs from exercising rights typically granted to incorporated entities. Incorporated entities are independent legal actors, and in most situations, claims related to the activity of the entity are brought against or on behalf of the entity, not its individual operators/investors/members. Business entities exist as individual actors with independent legal existence based upon the legal grant of power by governments. This grant of power created by force of law permits entities to exercise legal powers, (for example, the power to enter contract on its behalf), and to shield individuals from individual liability for the actions of the entity. However, because DAOs are not typically incorporated, the traditional corporate shield protecting registered entities will likely not apply to protect the individuals acting under the DAO structure. Thus, a DAO will probably be considered an unincorporated association, or a general partnership. Although the analysis is nuanced, if a DAO is considered a general partnership, any partner (who those would be remains unclear) could represent the DAO and be sued and held fully liable for its debts. If it’s considered an “unincorporated association,” the analysis is more complex, but a participating member may be a representative of the association provided that a level of control over the association is established.

The next question is one of geography- has theDao submitted to the personal jurisdiction of your Court? Because DAOs use pseudo-anonymous blockchains, identifying persons involved may be extremely difficult. Disclosures in the code of the DAO, or in the technical specifications of a Project Proposal may help identify creators of a DAO. (Slock.it is noted to be based out of Germany.) However, it may be extremely expensive and difficult to obtain jurisdiction over any person who represents a DAO where the injured plaintiff resides. Thus, litigants may be required to bring actions in multiple jurisdictions to obtain relief, and litigation against a DAO may be an economically impractical exercise.  Based upon the potential lack of domestic representatives appropriate for service, and the general difficulty of identifying participants, prospective plaintiffs may not be able to identify persons who can be served on behalf of a DAO.

Who May Have Claims Against Whom? (THIS IS NOT LEGAL ADVICE)

Hypothetically, claims may be brought against the Creators of TheDao for misrepresentations asserted to induce investment (i.e. related to marketing disclosures), improper design, function, and/or coding of the DAO itself (where behaviors of the DAO do not occur as expected because of technical errors or undisclosed/clandestine behaviors), or torts committed by the Creators against the DAO (such as theft of assets through otherwise undisclosed intrusion vectors). In this case, the question of whether a contract exists or not is critical. If there is no contract, then the provision of ETH in exchange for Dao Tokens could be considered a bailment (i.e. the creators are holding ETH) and the loss of those ETH (to the extent that they are not available for a split) could be considered the breach of a bailment relationship, entitling the investor to damages.

Likewise, it is possible that claims may be brought against a Contractor who promotes a Proposal to a DAO, if the Contractor makes misrepresentations as to the attributes, functionality, or expectation of repayment related to a Project, or if a Project fails to fulfill its repayment obligation to the DAO, whether intentionally (i.e. by fraud, or by absconding with the funds), mistakenly (as a result of a hack), or negligently (because of an internal coding error, or data breach). It is unclear whether Investors would be determined to have contractual privity with a Project Contractor (who must be another investor), as it is unclear if any parties to TheDao have any privity with any other party based on the disclaimers provided with its marketing materials. If the proposal run that causes a loss event is a split (i.e. is not voted upon by the Investors) then it is possible that, depending on the circumstances, there may be a claim for theft and the civil claim of conversion. However, the ETH held by TheDao is no longer held by the investors, so they could probably only bring such a claim as derivative on behalf of TheDao.

Curators may have liability for “whitelisting” a Project that fails or does not behave as represented. Curators may also have joint liability with Contractors for a proposal coding error that results in harm to the Investors. Curators may likewise have liability for dishonest behavior intended to benefit themselves, or some participants in a DAO at the expense of others. If there is no contractual relationship, a curator who whitelisted a malicious proposal may have liability for aiding and abetting or conspiring with a proposal contractor who causes injury to investors, although as noted above, the underlying claim for the conspiracy or aiding and abetting liability may not be clear.

Investors potentially could bring claims against other Investors, either individually, or derivatively on behalf of the DAO, or as a class (except that proceeding as a class was purportedly waived in daohub.org’s terms), for acts that subject the investment base of a DAO to risk, including for any improper voting behavior, for conspiring with Curators to promote their own self-interest, or due to “management decisions” made by sub-classes of Investors with disproportionate voting power. Here, the exploiter is an investor who offered a split which was whitelisted.

Let’s look at some specific legal theories:

Theft/conversion

A claim for theft would allege that the exploiter took what did not belong to him/her/them or took something without authority to do so, and that doing so damaged someone else. The exploiter, according to the governance schema, should not have been able to take more than their own ETH into their own child Dao. However, by exploiting a bug, the exploiter was able to do just that. Thus, a conversion claim may be available, provided that the court determines that the exploiter was bound to the governance schema. The civil claim, for conversion, requires a plaintiff to have ownership rights, the defendant to have intentionally interfered with those rights /exercised domain and control of those rights, deprived the plaintiff of possession and use, and cased damage.

An investor individually could show standing by failing to get 1.0ETH per 100 Dao Tokens after a split (which takes about 2 months), and sue for the difference between what they expected to get out versus what was left to take out via split. Alternatively, an investor could attempt to represent theDao derivatively for this claim, claiming that theDao itself was injured. (Note that Investors purportedly waive class action according to daohub.org) As noted above, standing on behalf of theDao is difficult to determine in the absence of a designated representative.

Breach of Bailment Claim

As the marketing materials and code suggest that no legal contract exists, an alternative interpretation would be that theDao created a bailment relationship- wherein theDao held ETH for Investors, and that it failed to hold them. (This is the same claim you might bring if the valet who parked your car lost it). This claim could be brought by an investor against TheDao, which, again, may be impossible to serve.

Tortious Interference Claim

Investors could attempt to individually sue the exploiter for tortious interference with business relationships. To allege tortious interference a party must show a valid contract or economic expectancy between the plaintiff and a 3rd person, knowledge of the contract or expectancy by the defendant, intent by defendant to interference with the contract, actual interference, lack of justification, privilege or excuse (i.e. was improper to interfere), resulting in damage. An investor may show a business relationship with TheDao (which, depending on jurisdiction may or may not require a contract), knowledge of the investor’s relationship to TheDao (maybe, because the existence of token holders is public knowledge, but any individual investor’s participation is not necessarily public), intent and actual interference are likely established (by taking ETH which would have existed for investment or for withdrawal via split). This leaves lack of justification, privilege or excuse and actual damage. These elements may be tricky, as the exploiter may use the fact that it was a bug and not a hack to establish justification, privilege or excuse. The exploiter may also contest if there are actual money damages. However, the drop in market value of Dao Tokens and ETH, along with the reduction in theDao’s investment funds may suffice.

Computer Fraud and Abuse Act

Pursuant to 18 U.S.C. §1030(a)(4) “Whoever … knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period.” Although this claim sounds simple, the interpretation and implementation is complex and quickly evolving. The threshold question is whether the exploiter “exceeds authorized access.” An argument may be offered that the exploiter exceeded his/her/their authorized access by taking funds that were not rightfully theirs. Again, this claim would be brought by TheDao.

Contract based claims like breach of contract, violation of good faith and fair dealing and even quantum meruit may fail as a result of the express disclaimer of contract formation. Thus, a claimant is probably resigned to seeking equitable, tort, statutory, and/or non-contract based claims.

Ethereum Foundation Potential Responses

The Ethereum Foundation was alerted to the exploit at about 3:09am EST on Friday. The log of the chat opened by foundation members (many of whom are also curators of TheDao) is riveting and shows that a multitude of approaches were discussed early on, including hard fork, soft fork, and a roll back. Within 30 minutes of the discovery of the exploit, the Ethereum Foundation caused exchanges to suspend Ethereum withdrawals and trading. The chat log includes discussion of coping mechanisms aimed at preventing a crash in the value of ETH. Both of the below discussed fork-based solutions are notable in that they are not to be implemented by TheDao, but contemplate Ethereum itself modifying its blockchain to fix TheDao’s exploit. Of course, while the Ethereum Foundation can propose whatever software modification it wants, but unless the majority of miners adopt the new code, none of the proposed Ethereum-driven solutions will go into effect.

Hard fork

The proposed hard fork would move all stolen ETH funds into a new wallet which would be used to refund investors in TheDao and shut down TheDao. Slock.it has already advocated for the hard fork solution. Others have argued that the hard fork undermines the credibility of the Ethereum platform, creates legal risk for developers, (and potentially excuses for third parties such as law enforcement to intervene) and rewards participants in an experiment who should have understood their risk.

Soft fork

The proposed soft fork would create code that would permit miners to selectively invalidate transactions, and intends for those miners to invalidate transactions made using the ETH taken by the exploiter. This approach would permit Dao Token transfers to continue and permit The Dao functions that do not touch ETH to continue. (So much for fungibility.) This would permit miners to lock the stolen ETH and theDao’s ETH. Advocates of this approach suggest that the soft fork would be less damaging because it would be reversible and buys time for more elegant solutions to be devised. Detractors point out the same centralization arguments as above. The soft fork may introduce further havoc by providing miners with discretion as to what transactions they may block.

Problems with either forking option:

Is The Dao too big to fail, and should it be bailed out? That’s the real question being considered here. Although the motivations behind forking appear compassionate and directed at stabilizing Ethereum and TheDao, these solutions may ultimately destabilize Etherium and TheDao. As argued by Pelle Braendgaard, neither Ethereum nor TheDao are incorporated like conventional entities, but they substitute the legally-bestowed corporate veil that shields an entity’s underlying actors from liability with the veil of decentralization.  Provided that the system is executed via decentralized actors, creators are not liable. However, if a hard or soft fork is implemented to correct the exploit, by violating the decentralization the creators and those who maintain these platforms may be subjecting themselves to arguments that they have taken or the ability to take, control at any time, which may result in personal liability. Although Slock.it may have potential liability for the exploit, by forking, the Ethererum Foundation may be taking on potential liability.

Braendgaard’s point is well taken. If Ethereum intervenes to roll back transactions or sequester funds, the claim of decentralization or immutability is shown to be illusory. This may even invite claims by the exploiter against the Ethereum Foundation for taking away the ETH obtained by the exploit. (It is understood that many Ethereum Foundation members are heavily invested in theDao.) A fork would be viewed as a “bank bail-out,” potentially self-serving, and those with the power to do so would be looked at as responsible.

Bitcoin’s Mt. Gox Approach:

Bitcoin had a mass loss event in the well-publicized Mt. Gox disaster. As a result of Mt. Gox, bitcoin users were unable to control their bitcoin and functionally lost hundreds of millions of dollars of value. In the wake of Mt. Gox, bitcoin valuation against USD plummeted, the platform was pilloried in the media, and many predicted its doom. Yet, there was no split, or roll back or freezing of assets to try to reclaim bitcoin for those affected. Today, Bitcoin continues to exist as a decentralized immutable platform, and is at a total market cap approaching its all-time high. Perhaps the Ethereum community should look at Mt. Gox before endangering its platform with knee jerk reactions for the benefit of a subset of the Ethereum users who risked participation in TheDao.

Although many investors holding Dao Tokens may be frustrated with the exploit, and bemoan their loss of millions of dollars, the overcorrection of forking to reclaim those ETH may be more disastrous long term than permitting the exploit to persist. This is a problem for TheDao, not for Ethereum. The only impact on Ethereum is that the hack caused the value of Ethereum against USD to drop. Thus, a fork smacks of self-interest. A fork that permits Investors to reclaim their ETH but crushes the value of ETH by impairing the viability of the platform long term may cause more damage the loss caused by the TheDao exploit.

Exploiter’s Potential Claim against the Ethereum Foundation

The exploiter, having taken advantage of a bug as opposed to having actively hacked the system (although better minds than mine may draw the line between the two, I will not) may actually have a claim against the Ethereum Foundation if they implement a hard or soft fork. The exploiter, claiming to have not violated any laws, may actually seek to enjoin the Ethereum Foundation from taking any action to restrict his/her/their use of the ETH in the child Dao created by the exploit. The exploiter could also claim tortious interference with his/her/their rights to the child Dao they created. Although these claims would require the exploiter to identify themselves, there is an argument to be made that the Ethereum Foundation itself may be liable for taking away assets obtained by the exploiter. However, if the ETH are deemed stolen, then the exploiter cannot show legal title or a viable claim to the funds, and these claims would fail.

Conclusion

The law is unprepared for TheDao and TheDao is unprepared for the law. The disclosures, terms and legal warnings are inconsistent and confused.  Although it mimics the structure and behavior of a registered business entity, because it avoids compliance with registration requirements by operating as a distributed software platform lacking executives, directors, legal jurisdiction of incorporation or physical location it will likely not be provided with the same legal recognition, or be provided the rights and privileges typically provided to registered entities. Thus, in the instance of a lawsuit, a court will be forced to grapple with the implications of a web of contracts and computer code imitating an entity, but without the infrastructure created by statutes, and centuries of common law precedent and civil law interpretation that guide courts when considering claims regarding incorporated entities. Because of the lack of recognized legal form, TheDao and other unregistered DAOs will create significant impediments to involved parties seeking to obtain dispute resolution related to their activities involving DAOs from courts, which suggests that specialized proprietary alternate dispute resolution (“ADR”) provisions may be necessary. The disposition or determination of claims alleged by Investors against TheDao, against the Creators of TheDao, or against the exploiter who took ETH via bug exploit remain uncertain. However, the exploit will likely be considered a type of theft, and investors, if they can establish standing to act for theDao, may have a variety of claims.

This article was a guest post by Andrew Hines

NOTHING IN THIS ANALYSIS IS LEGAL ADVICE. IF YOU NEED LEGAL ADVICE, SEEK OUT A QUALIFIED ATTORNEY.

Cover image courtesy of Pixabay.

The post A Legal Analysis of the DAO Exploit appeared first on Bitcoin News.