Ethereum's Vitalik Buterin: Soft fork vulnerability means a mining oligopoly cannot engage in censorship
Soft fork vulnerability is a blessing in disguise, which means a cabal of miners cannot unilaterally make changes to Ethereum.
The Ethereum community, a large and disparate group of people, must decide in just over two weeks' time whether or not to implement a hard fork of the protocol as a way of dealing with the DAO debacle.
To recap, the DAO hacker drained around $40m (£30m, €36m) worth of ether. The community considered and voted in overwhelming support of a soft fork, which was about to be implemented. Then, Cornell associate professor Emin Gun Sirer with two students Tjaden Hess and River Keefer, discovered that a soft fork would pose a vulnerability for Ethereum.
The soft fork creates a denial of service attack vector which, if exploited, would prevent the network from processing valid transactions at negligible expense to the attacker. Specifically, an attacker can flood the network with transactions that execute difficult computation, and end by performing an operation on the DAO contract. Miners running the soft fork would end up having to execute, and then subsequently discard, such contracts without collecting any fees.
This led to the community abandoning the soft fork, leaving the choice of either a hard fork or taking no action.
The basic idea of the hard fork spec is actually quite simple. It is to transfer ether from the "attack DAOs" into a contract from which DAO token holders will then be able to withdraw their ether at close to a 1:100 ratio. Hard fork clients will be released as early as next week, stated Ethcore.
While it seems likely the Ethereum community will reach consensus on a hard fork, to make this change would seem to contravene the philosophy of decentralisation and principle of censorship resistance. Vitalik Buterin, the chief scientist of Ethereum, pointed out that this is a democratic decision and not a top down edict from the Ethereum Foundation.
He told IBTimes: "Note that the Ethereum Foundation is not explicitly pro-hard fork and has not committed to any specific stance on the issue; developers both inside and outside the foundation (eg. Ethcore) are writing the software to activate the fork if needed but I think that the developer community is generally aligned with being neutral stewards and allowing the fork to be a community decision."
Commentators from the Bitcoin space have been quick to point out that the Bitcoin blockchain has never been altered at the protocol level to pander to an application running on top of it, as the DAO sits on top of the Ethereum blockchain.
Buterin said: "In my opinion, outside of the scope of this one narrow incident, the difficulty of implementing soft forks is a good thing; it means that a small mining oligopoly cannot engage in censorship (a property that Bitcoin does not have!) and that the only way to practically interfere with the protocol operation is a hard fork, and hard forks are, in my opinion, more democratic as the entire community and not just a few miners must participate."
Buterin also discounted claims made surrounding the soft fork proposal, that an attacker could attempt to game Ethereum miners by proffering a bounty worth millions to get them to verify blocks.
He said: "Personally, I think that Paul Sztorc is a bit extreme in his pronouncements that the miners will take the 1m ETH bounty; he is the sort of person who takes assumptions of extreme economic efficiency, liquidity and zero market friction far too seriously for his own good.
"In reality, I think miners would not take the bounty at least at this point in time, especially since doing so is a coordination problem (one pool staying off the fork unilaterally would lose out unless all did so, for example). However, the DOS attack does make any soft fork very hard to accomplish."
Buterin said the worst consequences of taking no action is that a thief gets away with somewhere above $40m worth of ether.
Gun Sirer, an expert on consensus systems, agreed with Buterin that the soft fork vulnerability is actually a blessing in disguise. It means that a cabal of miners cannot unilaterally make changes to Ethereum; changes must be enacted through the democratic hard fork mechanism.
Regarding doing nothing and preserving censorship resistance of the network at all costs, Gun Sirer told IBTimes: "There are many consequences to doing nothing: it can lead to a months-long cat and mouse game with attacker(s), bring bad publicity, and lead to 'heat death' where the DAO is split into many smaller children until the child-DAOs are each too small to be worth attacking. This process would consume precious resources on participating nodes.
"A hard fork, in my opinion, has no consequences for decentralisation in Ethereum, because it is arising organically from the decentralised community. The Ethereum Foundation has remained mostly outside of this, rather civil, discussion. The real centralisation threat in any distributed system is centralisation at the hands of the developers, and the developers have been reactive here, urged on by clear community sentiment in favour of a hard fork.
"And a hard fork would indeed be a good idea to patch a mistake. The DAO was badly broken in multiple ways. It should not have been entrusted with as many coins as it did. Undoing this, in the early days of a system, with appropriate lessons learned, would set no precedent and provide the path of maximal societal good," he said.
By contrast, Ethereum Foundation lead designer Alex Van de Sande has spoken out against the hard fork, because he believes it sets a damaging governance precedent. He pointed out that in the same way Bitcoin's woes with the block size debate aren't about scalability, but rather who has the power to make the scalability decisions, the hard fork debate is also about governance in Ethereum.
Van de Sande told IBTimes: "At the beginning I was vocal against the hard fork and I actively participated in all other avenues: soft fork, white hat attack etc, to avoid it. Since these have somewhat failed I have avoided voicing support or opposition of the fork because I realised something important: this is not about the DAO, it's about governance.
"See, the value of all money is an illusion: it's worth something because there are enough people believing that others will believe it is worth something. At any point in history, someone can (as they have done previously) create a new Bitcoin clone or a new Ethereum clone and claim this is the 'correct' chain.
"I wished against the fork because I believed it should not be technically possible, but just by debating it we now realise it is, and will always be possible, independently if we do it or not. I think a world where a very wealthy minority, or a very angry majority can arbitrarily take property from a group of people is not the one we are trying to build."
Van de Sande said that his focus since has been building governance: "I am trying to build better tools so that the community can better voice their opinion and help figure out how to best make such decisions on the future.
"I don't want the community to be divided and enter in a political shouting match as we saw happen in Bitcoin, and I believe current social media tools are not good enough for that. I built an UI that we'll be releasing soon that allows a better stake vote to agree or disagree with any statement, so that ether owners might measure the voice of the community.
"I also tried two experiments on voting on important decisions by locking ether for a given amount of time – which I was happy to see inspired a Vitalik post about how, in the future we can use interest rates built in the Ethereum protocol to make these decisions.
"This would solve the issue I mentioned, as in the future we can make fork decisions not based on the will of an elite or a mob, but on rational parameters that are designed to optimise the long term viability of the project.
"So I'm happy to see that the DAO debate has brought us better governance tools for Ethereum, and I believe these tools will definitely be very healthy for our ecosystem."
In conclusion, Buterin said that this is still sufficiently early days and that a hard fork is not as precedent-setting as people think: "The community has now learned the lesson of caution and will be proceeding on future cryptoeconomic projects much more carefully and I think the probability of large 'systemic risks' will be smaller. I will certainly do my part to encourage systemic-risk-minimising behaviour in the future," he said.
* The headline of this story has been changed from the original version - "Ethereum's Vitalik Buterin: Democratic hard fork means a mining oligopoly cannot engage in censorship". This was a misquote, stating that a hard fork itself implied censorship resistance.
© Copyright IBTimes 2024. All rights reserved.