I happened to publish an essay titled “I’ve seen the future of the web and it’s Ethereum” on the same day that between 150 and 300 million dollars worth of Ethereum was lost forever or until the next fork, due to yet another bug in Parity multi-sig wallets.
I’ve gotten quite a bit of feedback on the timing, especially since I’m a security professional, and thus expected to recoil at anything so full of holes. Ethereum is a total mess, how could I possibly tolerate it, let alone think it’s the future of the web?
I’ve spent my entire career in security, as a penetration tester, code auditor, and a startup founder. I’ve also done professional audits of Solidity contracts. This is all to say that I understand how to think about security and I’m here to tell you that nothing about what happened on November 7th changed my opinion about Ethereum.
A lot of articles about cryptocurrencies are written by people who are trying to use hype to pump up their investments, so I’m going to start with some disclosures. I hope everyone writing about cryptocurrencies follows suit!
Disclosures
I don’t consider myself an investor, but I am a cryptocurrency thousandaire. I currently hold:
1.8 BRC1 ZEC4.8 ETHA share of the 150ETH generated by the Thousand Ether Homepage (which is split with my partner on this project Andrey Petrov).In 2011 a friend gave me 2BTC for a hug, but they were lost when I shredded a harddrive and backed up the wrong wallet. Every time Bitcoin hits a new price ceiling I remember that I’m a dingus.
I don’t consider myself an “investor” in Ethereum or any other cryptocurrencies because the majority of my holdings come from charging for consulting work in cryptocurrencies, and of course the aforementioned Thousand Ether Homepage. This is by design. I prefer to think of it as bartering for a cool techno-toy, rather than speculating in a highly volatile currency. Even if I had the desire to speculate in crypto currencies, I lack mental fortitude to deal the fluctuations and how easy it is to lose it all.
Also, politically, I’m no kind of libertarian. I am fine with fiat currencies. I think inflation is healthy. Deflation is good for creditors and inflation is good for borrowers, and today another way to say this is that deflation is good for the 1% and inflation is good for the 99%.
I think the financial collapse was caused by a failure of centralized authorities to do their job and regulate markets, and I don’t believe that decentralizing the casino somehow makes it less likely to blow up.
What is Ethereum anyway?
With over hundred million dollars lost forever because of a software bug, it’s hard not to pooh-pooh Ethereum, and I do agree that a lot about it broken. And I love it for that.
Ethereum is a global-scale distributed system that powers a global computer and key-value store. And it works! You can interact with distributed applications written on Ethereum today. You can hire a freelancer, breed virtual kitties, and (shameless plug) buy ads by the pixel.
The above isn’t list of things you can buy with a cryptocurrency called Ethereum. This is a list of applications that run on a global computer called Ethereum. Applications that work without servers or databases. Applications that use a cryptographic identity that’s impossible to forge. Applications that use a cryptocurrency for payment that happens to also be called Ethereum. Using these applications is as easy as installing a chrome extension. And writing your own is as easy as doing anything in javascript —which is part of the problem.
What happened?“i’m an eth newbie… just learning”
So what happened on November 7th? You can read more details elsewhere, but in short, a software flaw allowed someone to “take over” a contract that was embedded into every Parity multi-sig wallet, and then self-destruct it, rendering every Parity multi-sig wallet useless. This means that over a hundred million dollars worth of Ether is locked away, unable to be spent.
Is this a fundamental flaw in Ethereum?
No. This issue is a problem with a specific (popular!) contract, and came about because the language most Ethereum contracts are written in today, Solidity, is a very bad programming language and full of ways to shoot yourself in the foot.
There is a problem with the ecosystem, but it’s not a fundamental flaw in Ethereum the technology. A promising technology with an incredibly shitty programming language puts Ethereum squarely in the genealogy of the web itself.
Doesn’t this prove that we should never use smart contracts for anything real?
When we were deciding whether to use a multi-sig wallet for the Thousand Ether Homepage, I told Andrey that I trusted his integrity more than the code of any multi-sig wallet. And boy was I right!
When we were writing the smart contract for ad buying, we were very worried about what could go wrong when we wrote the contract for ad buying . What if someone could steal our money? Buy ads without paying? Take over someone else’s ads?
You think about these sorts of questions when designing a traditional webapp, but it’s different when writing a smart contract. The main difference is that smart contracts are newer, less well understood, and don’t provide as many tools for developers to make sure they’re getting the details right.
As a security person and a programming language nerd, I really want to see good accessible formal verification tools for smart contracts.
I’m excited about the future of Ethereum as a global computer. I don’t think that cryptocurrencies will (or should) replace fiat currencies as stores of value or mediums of exchange, but even if I did, I wouldn’t think they’d be ready today!
Doesn’t this prove that technology X is superior to Ethereum?
I don’t know, probably.
When I first learned Solidity I was shocked at how hacked together and ugly it was. But this might be a feature. The world runs on Linux/x86. Hacky maximalist solutions with community buy-in beat the beautiful tech no one uses. Worse it Better.
As a technologist, I want to ship my products to the broadest possible audience, and today, that’s Ethereum.
They might fork and reverse the transaction! Isn’t Ethereum just going to discover governance like the central banks?
I hope so! Ethereum is exciting for a lot of reasons, and the decentralized crypto-libertarian part isn’t one of them. It’s important for Ethereum to figure out governance to grow, and so far the solution of following the edicts of a 23-year old wunderkid is holding up surprisingly well compared to the rest of the cryptocurrency space! I hope we figure out a better way before it doesn’t.
I sincerely believe that a global computer network that is evolved from the ideas in Ethereum is going to play a major role in the future of technology. To get this to work on a global scale we need to do three things:
Develop a programming language that allows developers to write safe and verifiable contracts.Create a fair, repeatable, and appealable governance system.Most importantly, reduce the environmental impact by leaving proof-of-work.
Today, Ethereum doesn’t have any of those three things, but they do have the ongoing research that gives them a good shot at evolving towards them.
I believe that in the future, we’ll have a global computer like the one Ethereum today gives you a glimpse of. Maybe it will be built by Vitalik Buterin and his team based on the foundation of Ethereum, maybe someone else will solve the above three things faster. The question of which team will be the first to get there is a question for the investors, and I’m not an investor.