Smart Contract Bug Results in $31 Million Loss

A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts.

Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX updates prices after each swap by calculating new prices for both tokens. When the swap is completed, the price of tokenIn­that is, the token sent by the user­decreases and the price of tokenOut­or the token received by the user­increases.

By using the same token for both tokenIn and tokenOut, the hacker greatly inflated the price of the MONO token because the updating of the tokenOut overwrote the price update of the tokenIn. The hacker then exchanged the token for $31 million worth of tokens on the Ethereum and Polygon blockchains.

The article goes on to talk about how common these sorts of attacks are. The basic problem is that the code is the ultimate authority — there is no adjudication protocol — so if there’s a vulnerability in the code, there is no recourse. And, of course, there are lots of vulnerabilities in code.

To me, this is reason enough never to use smart contracts for anything important. Human-based adjudication systems are not useless pre-Internet human baggage, they’re vital.

Posted on December 2, 2021 at 8:32 AM47 Comments

Comments

Scott Havens December 2, 2021 9:33 AM

If the code is the ultimate authority, with no further adjudication, then by definition it wasn’t a “loss” due to a bug, just a legitimate transfer per the encoded rules. Nothing to see here.

(This comment is intended to be in support of your point, in case that is unclear to anyone.)

Steve December 2, 2021 10:05 AM

Great distillation as usual. And while, IMHO, we are a long way from code being a better arbiter of justice than a human, I think the basic problem here has less to do with code being the ultimate authority and more to do with the lack of an adjudication protocol.

At present, there is no good way to retrospectively adjust outcomes of these so-called “smart” contracts based on knowledge or facts that can only be fully appreciated ex post rather than ex ante, whether that be knowledge of unintended code functionality or specific circumstances never anticipated by the contracting parties. This is an issue well understood by legal professionals and largely supported by legal systems (e.g. through various doctrines such as expectation damages or foreseeability); by smart contract proponents and smart contracts, apparently not so much though…at least not yet.

Winter December 2, 2021 10:07 AM

Technology nor logic are reasonable.

This is the extension of Libertarianism to its logical end-point. If everything should be regulated by contract, a Smart Contract is the ultimate Libertarian wet-dream:
A binding contract that cannot be undone or changed.

I think the Smart Contracts are showing us all what Libertarianism leads to: Madness.

(as if we need more proof)

Ted December 2, 2021 10:21 AM

Dan Goodin linked to MonoX’s exploit post-mortem in his article.

In the spirit of transparency – says MonoX somewhat earnestly – the developers share other reports from the wider DeFi community.

One of these is a pretty good analysis from Rekt who says the following:

Both Halborn and Peckshield conducted audits of the Monoswap contract. How did they both miss this simple bug? Was it deliberate, or just careless?

Did the auditors miss these flaws? Dan provides a link to the audits as well.

https://rekt.news/monox-rekt/

Impossibly Stupid December 2, 2021 10:42 AM

@Scott Havens

a legitimate transfer per the encoded rules

I have to agree; this is the logical result of the “move fast and break things” approach. People need to get their thinking straight about this kind of thing. It should have more properly been reported as security researchers collecting a $31 million bug bounty. If the people involved have a problem with paying that much, they need to design and implement a system with more checks and balances.

And as I’ve said in other discussions here, we need to stop calling things “smart” when they’re stupid. Back in the day, a device that wasn’t useful without a network connection was properly called a dumb terminal. Maybe the better term for these things is “hackable contracts”. Code is vulnerable, just like Bruce says, and any developer that doesn’t understand that is a dumb hire.

Clive Robinson December 2, 2021 11:40 AM

@ Bruce, ALL,

The basic problem is that the code is the ultimate authority — there is no adjudication protocol — so if there’s a vulnerability in the code, there is no recourse. And, of course, there are lots of vulnerabilities in code.

There is another “basic problem” and one that if not correctly addressed will leave “Smart Contracts” for ever broken.

The problem is the majority of programmers write limited sequential code, not full state machine code. Thus one heck of a lot gets left out, and thus “dangling” and waiting to be used/abused. Lawyers unlike many programmers appear to be aware of this issue.

This issue was known to be a problem back in the 1950’s. British Computer Scientist and logicion C.A.R.Hoare worked on the problem and came up with a fundemental set of rules that became known as Hoare Logic which he published at the end of the 1960’s.

The fundemental block of Hoare Logic is the Hoare Tripple,

A Hoare triple is of the form

{P}C{Q}

Where {P} and {Q} are assertions about state etc and C is a command.

P, is the precondition
Q, is the postcondition

Where the assertions P and Q are expressed as formulae in predicate logic.

When the precondition P is met, executing the command C causes changes and establishes the postcondition Q.

Whilst you can build “full state” code with Hoare Logic, it’s not something most would want to do…

In short “It’s tedious not creative” and “dotting the I’s and crossing the T’s can be a tedious task ordinarily.

So it has a “slip-shod” habit of not being done which unfortunately gets carried over into unrevokable issues.

But… In normal life the last thing anyone actually wants is unrevokavle contracts so arbitration usually gets “built in”. In principle there is no reason why smart contracts can not have arbitration built in, it just creates a whole heap of downstream issues nobody wants to address.

Untill arbitration or full state control is implemented in Smart Contracts we are going to see a lot more of this sort of thing happening.

Jon December 2, 2021 12:10 PM

@ Clive Robinson

I don’t believe that Hoare’s analysis would have helped here.

As I understand it, it’s a logical blunder, and if your assertions have a logical failure, that’s the assertion’s problem, not the implementation.

E.g. TokenA is worth [US]$1. So is TokenX. When a token is sold, it loses value, when it is bought, it gains value.

So TokenA, after sale, is worth $0.90. TokenX, after using TokenA to purchase TokenX, is worth $1.10.*

However, TokenX IS TokenA, therefore TokenA is now worth $0.90 AND $1.10 – at the same time.

Obviously, those can’t both be true, therefore the problem is the assignment of value after purchase overrode the assignment of value after sale, something Hoare’s logic would not prevent.

Logically, it’s perfectly self-consistent.

  • Repeat ad nauseum.

Winter December 2, 2021 12:11 PM

@Clive
“In principle there is no reason why smart contracts can not have arbitration built in, ”

There is a reason, arbitration would involve people. And people are corrupt and under the rule of the State. The whole point of “block chain” is that you can do away with (other) people.

I think they will first resort to your Hoare Logic and teach it to lawyers before they will implement arbitration.

As I already wrote Libertarianism is a direct highway to madness.

Shoal Creek December 2, 2021 2:48 PM

@Winter

“If everything should be regulated by contract, a Smart Contract is the ultimate Libertarian wet-dream: A binding contract that cannot be undone or changed.”

I would merely ask if you classify Murray Rothbard as a libertarian. If so, you have contradicted yourself, as Rothbard promoted the idea that a contract is only valid within a code of laws that is based on natural law. By Rothbard’s standards, only contracts that can enter arbitration or jury adjudication in case of a dispute would be valid; thus, the smart contracts referenced by Schneier would be invalid by Rothbard’s standards.

(FYI, Rothbard is almost the high priest and prophet of many, if not most, people who claim to be modern libertarians.)

Cassandra December 2, 2021 2:56 PM

I should correct an error in my previous posting. I referred to Reichmarks. It should have been Papiermarks. Apologies.

Cassandra

Jon December 2, 2021 4:03 PM

@ Shoal Creek

And just what is “natural law”? Where is it codified, and is it amendable? Does it have “natural penalty clauses” and definitions of terms? Was it voted upon? Can it be voted upon? If not, why not?

Hmmm…

J.

Cassandra December 2, 2021 4:17 PM

On review, it seems like a previous comment that mentioned Karl Marx, Rosa Luxemburg, Ayn Rand and Murray Rothbard, Accelerando by Charles Stross, and an article by Andrew Odlyzko on the South Sea Bubble, referencing Charles Mackay’s 1841 Extraordinary Popular Delusions and the Madness of Crowds, has been held up in moderation. This means my correction doesn’t make sense. Sorry.

Cassandra

Scam Coin December 2, 2021 9:28 PM

@Winter writes, “There is a reason, arbitration would involve people. And people are corrupt and under the rule of the State. The whole point of “block chain” is that you can do away with (other) people.”

Exactly. That’s the joke, that’s the scam. Because of course you can’t get rid of other people. Someone wrote the code, someone audited the code, someone hosted the site, someone provided the encryption, etc and etc.

So all of this is based upon one big lie: that one can do away with people and all their liabilities. It’s tosh, utter rubbish, nonsense. Yet many people believe it, dream of it, hope for it, pray to the great people-free God.

The question is what are we going to do when the bubble bursts? Or even worse, what happens when the crazies take over?

Winter December 3, 2021 12:31 AM

@Shoal
“If so, you have contradicted yourself, as Rothbard promoted the idea that a contract is only valid within a code of laws that is based on natural law.”

That is a very reasonable point of view, depending on what you consider natural law (probably his only reasonable view). Obviously, the existence of laws is a problem for Libertarians as you are born into a world of laws which are limiting your freedom without you having had any say in it. Natural law is a good escape route here.

But if we look at how modern techno-libertarians in the USA see it, they want to make every interaction one of bilateral contracts that do not involve other humans. The “code is law” utopia of Silicon Valley. Which is nonsense, even according to Libertarians who can think rationally.

I observe this extreme viewpoint especially in block chain advocates as this is the ultimate conclusion of absolute personal freedom: No one is able to interfere with my transactions.

When we look at Libertarianism applied to real “government”, we see that it quickly falls apart. Look up: A Libertarian Walks Into a Bear

Winter December 3, 2021 12:40 AM

@jon
“And just what is “natural law”?”

https://en.wikipedia.org/wiki/Natural_law

It is a branch of law studies. The idea that all humans share needs and desires which should be reflected in good legal systems is not unreasonable.

The following phrase is an example of the ideas in “Natural Law”:

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable rights, that among these are Life, Liberty and the Pursuit of happiness.

Tom Rollins December 3, 2021 12:56 AM

@Winter: Wrong- “the extension of Libertarianism to its logical end-point” is a really expensive child-sex themed theme park.

Winter December 3, 2021 1:11 AM

@Tom Rollins
“is a really expensive…”

Utterly wrong. Libertarians might be selfish and stupid Utopians, they are humans and not psychopaths.

Jon December 3, 2021 1:39 AM

@ Winter

Which is basically to say it’s highly fuzzy nonsense. For example, in your very quotation ‘with certain’ and ‘among which’?

So what others are in there? Can we decide which to put in, and which to take out?

Is there a fundamental right to an abortion? Is that in conflict with the right to Life for a zygote? And given ‘endowed by their Creator(s)’ that would be the sperm donor and the egg donor – do they both have equal rights? Does having sex (including rape) create rights?

There are already fantastic disagreements on just this one example.

Howzabout “Liberty”? The existence of prisons and jails show that’s not really a fundamental right – the state’s laws very much overrules that and believes that Liberty is a thing that can be taken away.

Not much of a fundamental right if it can be so readily taken away. Not to mention slavery, at the time your quotation was written.

And “Pursuit of happiness”. Tell that to every anti-prostitution law upon the books. Not much of a fundamental right, if by pursuing happiness you get arrested.

So, in short, the three ‘rights’ you mentioned in that specfic quotation aren’t “unalienable” rights at all – that the Wikipedia article is basically nonsense – and that the entire idea has no fundamentals at all.

“Natural Law”. There is no such thing, except as a fantasy.

J.

PS – Mentioning “God” is a real quick way to get laughed at. Which God, eh? Ba’al, Marduk, Quetzalcoatl? Jupiter or Belenos? Xenu or a Flying Spaghetti Monster? Pick one, or spin the wheel!!

Winter December 3, 2021 1:46 AM

@Jon
“Is there a fundamental right to an abortion?”

Is there a fundamental right to life? The integrity of our body? Freedom of speech? Religion? Can you own things? Is slavery acceptable? Torture? Do you have a right to a trial?

There are many things we consider bad in, say the legal system in North Korea. Why would the legal system of North Korea be worse than that of Switzerland or Iceland? If you consider all laws to be equal, then there is no difference in quality.

Peter Galbavy December 3, 2021 1:48 AM

This is simply another example of “Computer says no” – a catchphrase that should be familiar to anyone in the UK – or rather in Little Britain. Fancy foreigners head to YouTube.

Both the UK Data Protection laws and, to my amateur knowledge, under GDPR, there is a provision to prevent purely automated decisions for certain kinds of transactions – typically those involving personal credit.

Winter December 3, 2021 3:11 AM

@Tom Rollins
“you were wrong before, now you’re just engaging in fantasy”

I have been wrong many times, but that does not make you right. And QAnon remains a murderous horror fantasy if you paste it unto another group.

Clive Robinson December 3, 2021 3:23 AM

@ Shoal Creek, Jon, Scam Coin, Tom Rollins, Winter, ALL,

Rothbard promoted the idea that a contract is only valid within a code of laws that is based on natural law.

Sorry there is no such thing as “Natural law”, just the working rules of evolution.

In fact “law” or more correctly “legislation” is it’s self an artificial construct of man that comes about due to a failing which as I’ve pointed out before can be sumed up as,

Abdication of responsability, to self and others.”

As such “abdication is unavoidable” for individuals (you have to sleep or go mad and die). As none of us wish to be,

1, Killed in our sleep
2, Jumped from behind

We form groups where we share the responsability of watching over others.

That is those groups as small as two individuals form the basis for what we chose to call “society” in humans, and herd mentality etc in other abimals.

Unfortunately as they say “For every upside there is a downside”. Whilst this is not an absolute, it does apply to “Abdication of Responsability”.

That is you can not give some one responsability over your life whilst you sleep or to watch your blind spot, without also giving them the “power” to chose if you live or die, by their action or inaction.

This rule where abdication of responsability gives power to others is realy the only “Natural Law” if you are looking for such.

All other laws and behaviours within groups and societies of any size follow on from this, simple rule.

As a consequence of this rule it can be seen that hierarchies form. That is one person can watch over more than one person who sleeps or is otherwise not taking responsability for their defense. So it is more efficient to have more people being watched than it is watchers.

At a certain size it is more convenient to have two people watch over a group, as not only can they look out for the many sleeping they can also cover each others blind zones thus watch each others backs.

This by the way is not a “human construct” you can see it in many creatures. In fact some point out that plants also do this watching out for others.

But it should be clear from the way immune systems work the rule applies on the cellular level as well. So has not come about via the agency of a “directing mind” but is in fact a basic evolutionary process that works at many levels and has done for longer than we can determine.

Unfortunately when an organism is sufficiently complex it developes “agency” that is it can follow or not follow rules based on other rulrs, chance, or choice. It is this agency that gives rise to what we chose to call “power” via choice. As such, “power” is attractive to certain mentalities.

@Winter has listed the “dark triad” of these mentalities in the past and you can go and see what it is that they find particularly attractive.

Interestingly these attractions form a hierarchy as well. From this you can see why there are “authoritarian followers” who fill the levels that are the “guard labour” and above in the social hierarchy.

As a consequence we get not just power accumulating towards the top of hierarchies, but certain people attracted to diferent aspects of that power.

The higher the level in a hierarchy the less poistions there are. Thus competition / fighting to be at the top of hierarchy is not just inevitable where there is agency, it is highly visable and considered a primary requirment to hold a higher position.

This gives us the “King Game”, from which the “Estates of Man” followed and gave us deities and religion.

To answer @Scam Coin’s final questions above,

So the reality of what some call “Natural law” is the incurable lunatics realy do run society, or if you prefer “the asylum”. So we already know…

Interrstingly though, what in the US are called “libitarians” are those that due to their own inadequacies have failed to rise in the existing social hierarchies. Thus they form their own hierarchies which they want to force every one else into. More interestingly is that at the lower levels of their hierarchy they delude themselves into thinking they have not formed a hierarchy as a “natural consequence of their existance”, nor that they are just the fodder to be prey for those further up the hierarchy.

As was once observed,

“The more things change,
the more they stay the same.”

Or the more fun,

Hey, that’s evolution baby.

Winter December 3, 2021 3:42 AM

@Clive
“Sorry there is no such thing as “Natural law”, just the working rules of evolution.”

There is at least one such Natural Law: All societies and communities have laws. The laws can be unwritten, but unwritten laws can be just as deadly as written laws.

For the rest, Natural Law is a research project that tries to find legal systems that wreck the least havoc on humans.

For all the criticism heaped upon the writers of the declaration of independence and the US constitution, it was based on ideas of Natural Law and it was hugely successful (see 2 centuries of history). There have been quite a number of legal systems that were spectacular failures plunging nations into civil war and disaster.

Cassandra December 3, 2021 4:22 AM

@Peter Galbavy

Nice to see you popping up again. I still have fond memories of Demon.

You make a good point: it is difficult to force people to abide by ‘smart contracts’ if the external legal system says it is not allowed. It is akin to the problem of setting up trusts with conditions that endure beyond the lifetime of the person setting it up: clever lawyers can usually find a creative way of bypassing conditions ( Cy-près doctrine in English law ).

Cassandra

jbmartin6 December 3, 2021 6:57 AM

This is why “dumb contract” is a better term. It works in the old sense of dumb terminal, as well as the obvious warning.

JonKnowsNothing December 3, 2021 7:00 AM

@Peter Galbavy, @Cassandra, @All

re: Both the UK Data Protection laws and, to my amateur knowledge, under GDPR, there is a provision to prevent purely automated decisions for certain kinds of transactions – typically those involving personal credit.

There exist systems where “purely automated decisions” exist in many countries, including the UK and EU. The formats are generally held secret and the processes deliberately opaque. They are defined by “a machine algorithm or formula”, the format and criteria are not revealed to the public.

Examples are: Hostile Environment, Windrush+Windrush Compensation, Taxation+Tax Audit Selection, nearly all government support systems such as workfair-work4food-work4shelter programs.

In the case of support systems:

The systems secretly select a victim and then send demands that the victim prove they are still eligible or worse outright exclude the person and demand full restitution of all funds previously received. Should a person be able to provide the proofs required they are rejected on a wholesale basis as Not Enough. 30 years of arrears proofs are not an uncommon demand. Penalties for non-response or inability to provide the demanded proof include loss of all support and income, shelter, the right to work, the right to remain, the right to citizenship, the right to live in the community.

In the case of taxation systems:

Nearly all countries provide their tax collection system a budget amount to verify submitted tax documents. In the USA, many decades ago, that was only the end of year payroll summary provided by the employers that was included in the basic tax return. Now every tax document must include copies of all tax related paperwork: property tax payments, payroll receipts etc. and all submissions must be done electronically. From this pool the AI selects a percentage of tax returns for audit. How that selection happens is a closely held secret.

What isn’t so secret is that very wealthy persons and very large corporations have far fewer inquires than persons who can barely pay the rent, keep the lights on, feed their children and need “food support” payments to keep food on the table for 30 days.

The primary reasoning is that very wealthy people can afford lawyers which can push back on the demands legally and negotiate a lessor penalty, making the Time To Audit, the Time To Resolution with the Amount-Collected a longer period than sending an average person “You owe the Tax Agency $X due to an error in calculation”. These sorts of calculation errors are often due to last minute changes in the taxation codes and the form was submitted under the old rule.

The difference in valuation is extreme but when you apply a multitude of $X demands across a population the amounts add up. Just like mills (1).

One reason that allows such systems to exist is the shift in Burden of Proof. Once the burden of proof is moved from the government to the individual then the AI can do all the selection. Proof of Error is not required to be selected. Proof that the selection was in error rests on the individual. All proofs provided can be rejected as insufficient.

===

1) The mill is a unit of currency, used in several countries as one-thousandth of the main unit.

Winter December 3, 2021 7:30 AM

@JonKnowsNothing
“From this pool the AI selects a percentage of tax returns for audit. How that selection happens is a closely held secret.”

This is indeed illegal in the EU under the GDPR. It does happen though.

It happened in the Netherlands and came to light at the start of the year. The “AI” was “AS” and discriminatory. This scandal has caused the biggest political and legal crisis in the Netherlands since the high profile murder of a member of parliament in the early 2000’s.

As a result, a total of 5B Euro has been reserved for compensation, which is ~0.5% of GDP, with more to come. The Dutch IRS are in turmoil and the courts do not trust the Dutch IRS anymore, just as they have started to double check all government court cases.

Which was to show that it is indeed illegal in Europe.

JonKnowsNothing December 3, 2021 8:32 AM

@Winter @All

re: AI enabled decision making

A MSM report gave an unintended hint at how such systems are enabled:

During last year’s portion of the SARS-CoV-2 pandemic many governments enacted payment methods to help their populations Stay Indoors and Stay Safe. They gave money directly to their populations and they gave money to businesses to fund payrolls (to avoid having everyone hit the unemployment lines).

Some of the applicants were less-than-honest and there is scrutiny as to who, what, where, when and how the funds were distributed.

“Government prioritised getting bounce-back loans to small businesses quickly but failed to put adequate fraud prevention measures in place. One impact of these decisions is apparent in the high levels of estimated fraud.”

Gareth Davies, the NAO’s comptroller and auditor general.
National Audit Office, which scrutinises public-sector spending

The key phrase is: estimated fraud

This is not real fraud, proven fraud, actual fraud, criminal fraud or inadvertent misfiling. It is an AI ESTIMATED value.

How do they do these ESTIMATES? (1) And to whom are they applying it?

Again, the proofs will be reversed from the governments to the recipients.

===
1) Like many systems they are likely applying a statistical value against a selected sub-group. There are historical and actuarial values that can be applied to any distribution. 80-20. 10-80-10.

In this case that might be:

  • 80% got what was supposed to be handed out
  • 10% got less than what was supposed to be handed out (but we won’t mention that the process short changed anyone)
  • 10% will be in error. This error we can call FRAUD because there isn’t any proof otherwise.

They will then run more sub-groupings by regional, ethnic, geopolitical, wealth values.

  • If HIGH Wealth Then NoFAUD else AllFRAUD

Throw out the net and see what you can claw back.

Clive Robinson December 3, 2021 8:55 AM

@ Winter,

The laws can be unwritten,

Where I come from there are supposadly no such thing as “unwritten laws” of that kind,

There are however the “moores” and “morals” of society and religion. The judgments are generally not formal or binding and the punishments for transgression generally being some form of “distancing” or “exclusion”.

In fact both “unwritten” and “unpublished” laws are an anathema prejudicial to the good order of society with anyone subscribing to them being likewise “struck down” by society.

Winter December 3, 2021 9:05 AM

@Clive
“Where I come from there are supposadly no such thing as “unwritten laws” of that kind,”

I have seen people argue that you have an unwritten constitution. But in practice that might be a fairy tale.

c1ue December 3, 2021 9:17 AM

We have had laws and lawyers for hundreds of years. That entire profession of law continues to grow and law codes continue to evolve because both are still clearly insufficient.
Software is much the same way: is software more or less robust than in the past?
I have never seen how combining 2 fundamentally flawed paradigms can somehow yield a better outcome.

Clive Robinson December 3, 2021 9:50 AM

@ Winter,

I have seen people argue that you have an unwritten constitution.

More fool them, they can not even plead they do not understand,

An unwritten contract is not worth the paper it is written on.

As was taught to me about “log books” for both science and engineering research,

If it’s not written down it never happened

Winter December 3, 2021 10:04 AM

@Clive
“An unwritten contract is not worth the paper it is written on.”

Laws, like literature, predate writing by a large margin. Contracts also predate writing. Even now, a verbal contract, with witnesses, is legally binding in the Netherlands. Not to say that this produces difficulties when trying to enforce it. But the law specifically allows such contracts.

It is why you have witnesses at a marriage.

aron December 3, 2021 10:54 AM

It should have more properly been reported as security researchers collecting a $31 million bug bounty.

I’ve been saying for years, the innovation of cryptocurrency was not in cryptography nor currency, but in game-theoretic incentives. Chaum had already figured out digital cash, and many people had worked on distributed networks. Such networks would be fair if they had one vote per person (i.e., if we guarded against Sybil attacks, perhaps by having governments issue anonymous ballots).

Nobody, though, could ever get more than a small group of researchers and cypherpunks to run such systems for long, until they saw a promise of getting rich quick for doing so. I’m still unsure whether the implicit bug bounty of Bitcoin was a brilliant manipulation or an unintentional side-effect. Either way, for years people have been getting away with leaking private data with very little punishment, and computer security has been a joke—all’s good, apparently, as long as people fix bugs after they become known. Except, now, there’s real money (after a fashion) attached to security flaws; now, there’s an actual market incentive to be proactive.

While I don’t see the future of our financial system in cryptocurrencies, they have the potential to trigger the greatest leap forward of our lifetimes in security research (with as much pain, maybe, as China’s Great Leap Forward). It’ll be interesting for however long it lasts.

Cassandra December 3, 2021 11:39 AM

@Clive Robinson
@Winter

If it’s not written down it never happened

Which, amongst other things, is the key to infiltration/takeover of organisations. The most important position on a committee is not the chairman, but the secretary, because it is the secretary that writes down what happened and what the documented truth should be. It is difficult to argue with the minutes.

Terry Gillam examined this in the film Brazil, which draws heavily on Orwell’s Nineteen Eighty-Four. History is written by the winners, and revised by whoever is currently in power.

As for oral contracts, they are valid in the law of England & Wales:

Oral construction contracts: RCS Contractors Ltd v. Conway, a costly affair indeed ( RCS Contractors Ltd v. Conway )
hxxps://www.lexology.com/library/detail.aspx?g=a8a0e23f-42d4-42bb-a46e-8b1fe89274a3

“The judgment turned on the facts, the oral evidence and the credibility of the witnesses led by both parties.”

Cassandra

Jon December 3, 2021 12:15 PM

@ “Natural Law”

Yes, some agreements do not need to be written down to be enforced, but then adjudication of “Who said what” becomes a game of “He said, She said” in very short order. Thus the idea of a “witness” (presumably unbiased) who can credibly say, “Yep, they’re married” (or not).

Note that even writing it down doesn’t solve this problem. Lawyers have, since the invention of their profession (and, I imagine, writing), been arguing about “What do those words written down mean?”. For example, a law beginning “Any person” can be argued right off the bat, “What is a person? Is a slave a person? Is a corporation a person?” &c.

(For those U.S. Constitution / Declaration of Independence types, note the question above and contemplate “3/5ths”.)

I’m with Mr. Clive Robinson on this. There is no such thing as “natural law”.

In order to construct a useful society there do have to be some agreements and trusts, but they are not any foundation to build a civilization upon, and are most definitely not “laws”.

Keep in mind animals, from mice to bears, sleep as well – and they don’t get stabbed in the back every time either. Does a mouse have a law? (aside from thermodynamics… 😉 )

In hopes of circling all this back around again to the topic at hand, someone noticed “as this contract is written, and looking at what the computer says those words mean, I can make a lot of money”. Without adjudication, there’s no argument “That’s not what we meant when we wrote it.”, and given lack of agreement along those lines, it’s not much of a law.

J.

Winter December 3, 2021 1:41 PM

@jon
” There is no such thing as “natural law”.”

Then there are no crimes against humanity, or war crimes, or unjust laws. There is only national law.

Also any legal system has to be founded upon “self-evident truths”, as you cannot prescribe each and every concept.

Natural Law has been discussed for centuries by legal scholars and is at the foundation of, e.g., the US constitution. I myself would hesitate to declare it nonsense just because I do not see the point.

Jesse Thompson December 3, 2021 2:36 PM

@Bruce

The basic problem is that the code is the ultimate authority — there is no adjudication protocol — so if there’s a vulnerability in the code, there is no recourse. And, of course, there are lots of vulnerabilities in code.
[…]
Human-based adjudication systems are not useless pre-Internet human baggage, they’re vital.

But here’s the rub: Human-based adjudication systems already ARE code (with their own inexorable vulnerabilities). It’s just a legal or a procedural code for people to follow, instead of machine code for machines to follow.

Both kinds of code are almost by definition rife with bugs, and both kinds of hardware are orders of magnitude too complex for anyone to properly audit for exploits.

The kettle is a mirrored surface, Mr. Pot.

JonKnowsNothing December 3, 2021 4:02 PM

@Jesse Thompson, @All

re: Human vs Machine decisions

In theory, although open to challenge:

  • Humans have brains, intelligence, smarts and a wider scope of knowledge.
  • Machines have a lesser scope but can chunk through reams of GIGO faster.
  • Machines cannot change their minds (they have none to change).
  • Humans change their minds all the time (although sometimes it many seem they have nothing changeable in that department either).

There is a significant difference in outcomes, provided humans are treated as thinking persons rather than a set of Manual Check list Tick Boxes.

The move towards machine decisions comes in part from 2 views:

  a) Machines are less prone to deceit
  b) Faster means Better Outcomes

Clearly both are incorrect.

Scam Coin December 3, 2021 5:09 PM

@Jesse

“Both kinds of code are almost by definition rife with bugs, and both kinds of hardware are orders of magnitude too complex for anyone to properly audit for exploits.”

This is without doubt true but lacks context. The first is that we have thousands of years of experience working with and living under fiat currencies and associated legal codes. We have no experience with cryptocurrencies. The second is, as already stated, the problem with cryptocurrencies isn’t just in what they are, it is in what they hope to achieve. Cryptocurrency claim to eliminate the very vulnerabilities you concede they have.

If techno-anarachists want to defend the claim that we should trust them over politicians they can be all means do so. It is telling that they want no such conversation. Because to have that conversation: who should you trust? would be to dash their hopes before the talking even begins.

Jon December 3, 2021 7:21 PM

@ Winter

I’m afraid those are very poor examples.

Then there are no crimes against humanity, or war crimes, or unjust laws. There is only national law.

a) Crimes against humanity are crimes because there are laws about it – not “natural”, but enacted and enforced (sometimes).
b) War crimes are crimes for the same reason.
c) Law and laws are not justice. There may be some overlap – but in a lot of cases there is not. Equating the two is nonsense.
d) There is also international law. See also “war crimes”.

Furthermore, many things get discussed for centuries while still being ridiculous. The “divine right of kings”, and “phlogiston” spring to mind. The U.S. Constitution specifically enumerated another idea that had been discussed for centuries, that being that slaves aren’t people.

And there’s nothing “natural law” about the U.S. Constitution. It was written down by men who decided among themselves what they thought the law should be. Finally, unlike any absolutist “natural law”, it can be and has been amended!

How unnatural, to amend natural law. What a concept.

I’m afraid I must stand by my position. There is no such thing.
J.

JPA December 3, 2021 8:27 PM

I think when people refer to “natural law” they are referring to the process of using relationships or process inferred from the study of nature to creating human laws. This can be quite dangerous, as humans have a very limited understanding of the processes by which nature operates and applying that limited understanding to structuring human society causes problems.

For example, the misunderstanding of Darwinian evolution was applied to social Darwinism and used to justify forced sterilization, eugenics, and genocide.

This is the same type of process as that used by those who want to use “God’s law” to structure society, whether those are islamic fundamentalists or Christian evangelicals.

Any appeal to “natural law” IMHO is quite suspect. The exact natural laws and their proposed applications must be examined very precisely to see what consequences we are likely to experience.

Winter December 4, 2021 2:31 AM

@JPA
“I think when people refer to “natural law” they are referring to the process of using relationships or process inferred from the study of nature to creating human laws. ”

That is not what legal (or economic) scholars are discussing when the talk about Natural Law. That is all about Human Nature.

From the Wikipedia article:
Natural law[1] (Latin: ius naturale, lex naturalis) is a system of law based on a close observation of human nature, and based on values intrinsic to human nature that can be deduced and applied independent of positive law (the enacted laws of a state or society).[2] According to natural law theory, all people have inherent rights, conferred not by act of legislation but by “God, nature, or reason.”[3] Natural law theory can also refer to “theories of ethics, theories of politics, theories of civil law, and theories of religious morality.”[4]

Nicholas D Marshall December 12, 2021 3:51 PM

I think that crypto contracts have shed some light on a fundamental limitation of software testing. That it is subject to the same limitations as logical reasoning.

Proving a negative is hard. Often it’s impractical.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.