Smart Contracts

A leading test case for “smart contracts” has stumbled seriously by being hacked. While the underlying tools for making smart contracts are not at fault, the mishap provides a serious challenge to true believers’ view of smart contracts. These believers see in smart contracts a computerized world free from human intervention, including the law. However, courts will likely not see smart contracts that way.

Smart Contracts and the Human- and Law-Free Dream

The company Ethereum aims to implement smart contracts. This implementation, like other such efforts, grounds its smart contracts in the “blockchain” digital ledger technology underlying Bitcoin. Smart contracts are, in essence, digitally administered contracts which are able to analyze, confirm (while faultlessly recording), and react to the performance of contracting parties.

True believers are excited by the numerous benefits smart contracts provide. Most importantly, if a party violates the contract, the contract itself can theoretically provide the remedy without needing to go to court. For example, if you don’t pay on time for your car, then your car is remotely locked by the seller. Similarly, when a party does perform, the contract can trigger the next “step” in the contract. There seems no need for a court to interpret smart contracts because smart contract administration is self-executing; whatever its code does is defined to be correct. Transaction costs appear reduced and interference from messy human institutions and laws, minimized. Finally, say true believers, the law can work as cleanly and crisply as technology.

The DAO and the Hack

A small team not directly affiliated with Ethereum used Ethereum’s technology to create a “Decentralized Autonomous Organization,” or a DAO. The DAO was effectively a venture capital firm that lacked central management, instead behaving off of the inputs and votes of its myriad members. The DAO allowed people to “split” from the main DAO into their own sub-DAO. People who ran the “split” function would, while splitting, take a corresponding amount of digital currency with their split.

One of the DAO users exploited a bug in that function, which allowed the sub-DAO to take a disproportionate amount of the main DAO’s currency. Crucially, the underlying Ethereum code is not at fault. Rather, the DAO-specific code, which had been seen as under-secured, contained this serious vulnerability.

Smart Contracts and DAO, Meet the Law

What redress do the members of the DAO have? The DAO affiliate’s own writings explained how the DAO worked in English, but emphasized that the code underlying the DAO was the real contract and the explanations were to have no legal effect. If the courts agree, arguably what the hacker did was not illegal, because he did something permissible within the DAO’s code. (This is exactly the hacker’s stated legal position.) Under this view, the victims failed to read their contract closely enough and have only themselves to blame.

Programmers on the decentralized Ethereum network are debating what to do. They could lock up the digital currency in the sub-DAO (a “soft fork”) and prevent the thief from getting away, or they could change the past rules (a “hard fork”) to return the stolen money.  The hacker intends to sue if the rules are changed to undo or limit damage from the hack. The Ethereum community is torn by debate, as members are split on whether the bigger concern is taking care of the victims or ensuring messy centralizing human institutions are kept out of the pristine, decentralized world of smart contracts.

A Lawyerly View on Possible Legal Outcomes

If it comes to litigation, it is hard to imagine courts siding with the hacker. The hacker acted in extreme bad faith and courts loathe rewarding such behavior. Thus, a court outcome may be on the horizon that will dash true believers’ dreams of smart contracts that simply execute themselves.

The real issue is what theory courts would endorse in rejecting, and maybe allowing damages against, the hacker. Many potential legal theories respect the idea that the DAO’s code is the contract, while remembering that contracts do not bind all areas of law. Perhaps the DAO is a general partnership and this is a case of a partner violating his fiduciary duties to other partners. Or perhaps the issue is one of more fundamental contract law; perhaps there was a fault in formation of the contract, or the implied duty of good faith was violated. Or perhaps restitution law would undo this unjust enrichment.

Further, courts may see that code, like human language, needs interpretation, and that the apparent precision offered by code is false. Under this view, errors in code are possible, and courts still must discover the “true” contract interpretation, which (as with any contract) reflects the parties’ objective intents. For example, courts may find it was objectively, unambiguously clear what parties’ intent behind the “split” function was, and that the hacker’s running the split function in a way inconsistent with such intent violated the contract. Said differently, the way that the hacker abused the split function is itself an interpretation of how contract provisions may legitimately be “read,” and is a reading courts may reject.

This analysis does not come close to exhausting the legal issues raised by the DAO hack. For instance, what should the law do about the promoters and creators of the DAO, who caused others to believe it would act as advertised? And what about those working on the Ethereum network—do they have an obligation to users of the decentralized network, as though it were a legal entity? And what does this incident suggest about any need for future regulation of smart contracts?

While such legal intrusions are anathema to smart contracts’ true believers, it may ultimately be in everyone’s interest to have them. Once legal standards are set, the public can better trust smart contracts. And smart contract designers will be comfortable knowing that they are fully considering the normative considerations that motivate courts to not enforce certain contracts. In short, our society will finally become fully able to implement smart contracts, smartly.

Disclaimer: This blog and website are public sources of general information concerning our firm and its lawyers, as well as the information presented. They are intended, but not promised or guaranteed, to be correct, complete, and up-to-date as of the date posted. This blog and website are not intended to be, and are not, sources of legal opinion or advice. The materials, information, and communications on this blog and website do not apply to any particular person, entity, or situation, and do not apply to you or to your specific situation. You will need to consult with an attorney and/or other appropriate professional about your specific situation. Thank you.
Roger Royse

Roger Royse, the founder of the Royse Law Firm, works with companies ranging from newly formed tech startups to publicly traded multinationals in a variety of industries. Roger regularly advises on complex tax structuring, high stakes business negotiations and large international financial transactions. Practicing business and tax law since 1984, Roger’s background includes work with prominent San Francisco Bay area law firms, as well as Milbank, Tweed, Hadley and McCloy in New York City.
Read My Full Bio | Contact Me