Two days ago, the biggest exploit on an Ethereum smart contract took place. An amatuer developer managed to take control of some Parity multisig wallets and proceeded to accidentally kill referencing libraries. This had the effect of freezing over $150m in ETH and making it unspendable.
This is particularly bad news for the developer behind this particular multisig wallet. Parity was hit by a similar hack in July that saw clients losing $30m in ETH and upon fixing that bug they were unable to spot this one. However this transpired, the exploit and resulting fund freeze has ignited a strong debate in the Ethereum community.
If there is anything to go by, one can take a look at the DAO hack that took place last year. In that hack, about $50m of ETH was hit. Yet, in this case the loss is almost three times as much. With the DAO hack, there was a great debate that rage and eventually the community decided to hardfork the chain in order to recover the funds.
This decision led to a contentious split and the creation of Ethereum classic. Can the Ethereum network risk such a split and does it create a moral hazard? How will investor confidence be harmed with a loss of $150m?
Contract Developers to Blame?
Many in the Ethereum community are pointing to the fact that the problem was not with Ethereum but was the smart contract that was built on top of it. The Ethereum protocol worked just as intended. FunFair founder Jez Obe stated that:
It emphasizes what we already knew, that writing smart contracts is hard and that we’re still learning best practices and the chance to introduce bugs is still present
The whole idea of how code is immutable is part of the advantages of Blockchain. However, this also means that the bugs that may be inside these smart contracts is also immutable.
Although there has been a lot that has been done on Ethereum in terms of security since the DAO, one cannot claim conclusively that it is 100% secure for such large amounts of money. Many are pointing the finger at Parity claiming that they should have audited the code properly after the July multisig hack.
However, Parity strongly denies that they were irresponsible. They claimed that they did indeed do a full audit before the patch was released. They say that it was also audited by ZK Labs before they released it.
Should Ethereum be Examined?
There are some who think that the problem may indeed lie with Ethereum itself. They claim that it can be easy to dismiss the bug as a bad contract and not focus on the reasons why that bug could have come about. For example, some are taking issue with the language used to code smart contracts. Charlie lee, the creator of Litecoin said:
The Solidity language for writing ethereum contracts is one of the worst languages to use if you want to write bug-free code
Johnson Lau, a developer over at Bitcoin Core did not mince his words when he responded to the incident on Twitter
07/Nov/2017 @VitalikButerin on brink of second bailout for dumb contracts
— Johnson Lau (@johnsonlau01) November 7, 2017
Perhaps the lack of security on the contracts that are being developed are as a result of past actions by the Ethereum community. Allowing for funds to be returned after the DAO hack could have created a feeling of complacency when coding such critically important contracts.
Some are of the view that with so much of someone else’s money at stake in these contracts, there may come a point at which lawyers get involved. Can the state intervene in a massive dispute if a particular party is being sued? Will lawyers be able to force the hand of these developers?
Where does The Community Stand?
Right now the Ethereum community as a whole has to decide how they should react to the incident. The only way to recover the funds is through a hardfork and, as we mentioned, these are contentious enough. However, in this case many feel that “bailing out” irresponsible developers is a moral hazard that will make the next contract just as unsafe.
On the other side of the debate you have those who lost funds through no fault of their own. How can they ever have faith in the system again? Moreover, there are many who have not invested in Ethereum and they could see this as enough reason to avoid it all together. This could lead to Ethereum failing when it comes to mass adoption.
With a really small sample size of 1,000 twitter users at press time, Local Ethereum asked whether the chain should fork to save the funds.
Critical bug found in @ParityTech multi-sig wallets. ~500K ETH lost forever.
Should Ethereum fork again?#ethereum
— localethereum.com (@localethereum) November 7, 2017
At time of writing close to 60% of the respondents said no. Whether this is a genuine belief is hard to tell. There are many who see the elimination of so much ETH a positive for the price short term. Yet, this may undermine long term predictions as confidence wanes.
There are some who are trying to remain optimistic about the situation. There are a great deal of incredibly smart white hat hackers in the Ethereum community. The hope is that these individuals could try and find a way to somehow unfreeze the funds. We should not forget that when parity was hacked in July it was these same hackers who managed to rescue a great deal of funds before too much damage was done.
Featured Image via Fotolia