Smart contracts – that is, computer-code-based contracts that automatically enforce themselves – are based on a simple insight: old-fashioned contracts are an awful lot like computer code. Like code, contracts contain a series of rules that force contracting parties to do things. But words, the thinking goes, are ambiguous and lead to arguments when people don't agree on what the words say. And arguments are settled in front of fusty, inefficient courts.
Code, on the other hand, is unambiguous. Code does not need courts. Make the code the contract and mix in some crypto-currency blockchainery and you have the digital currency "ether," one of the hottest products in tech.
This solution is not perfect: We can write bad code just like we can write bad contracts and, when that happens, we need those fusty old courts to save us.
Take last week's hack of the Decentralized Autonomous Organization. The DAO is the crowdfunding venture of the moment. Investors who use the DAO invest ether and then vote on where to allocate the funds. Funds are allocated algorithmically, leaving no room for human chicanery.
Well, almost no room. Last week, a hacker exploited a fault in the DAO's code to redirect more than $50-million of ether away from the DAO and, most likely, into his own pocket. This looks like theft, but, as other smart commenters have pointed out, it also seems to be something expressly allowable under the DAO's contract.
The DAO's legal contract contains many words explaining how the DAO works, but, nestled among those words, are what lawyers call an "entire agreement clause." Namely, a clause specifying what counts as part of the contract and what doesn't. In the DAO's case, the clause explicitly excludes anything but the actual code from being used to interpret the contract. See for yourself:
"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain ... Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO's code."
Framed this way, the hack isn't so much theft but a permissible action under the contract. Investors agreed that their investments would be determined entirely by the code. While investors expected that the code would tabulate votes and invest funds accordingly, the "entire agreements" clause means that, whatever the DAO's explanation, investors' only assurance was the code itself. If a programming error allows a user to divert funds for personal benefit, there's no recourse; the only rule is the code.
Moreover, one solution – editing the code to recover the frozen money – seems offside. If the terms of the contract (i.e. the code) don't allow for retroactive modification, all parties, including the hacker, must agree to amend the contract. The "theft" may be fine; the recovery may not be.
And now we can interject antiquated legal concepts into our flash discussion of smart contracts. One such principle is that contracts are interpreted based on reasonable expectations of the contracting parties. Another, the fount of much controversy in recent Canadian jurisprudence, is that there is a duty of honest performance based on a duty of good faith. Good faith is an equitable principle – part of a group of legal concepts that exist to do what's right when strict application of legal rules yields an injustice. Entire agreement clauses notwithstanding, the reasonable expectation of DAO users was not that they would have $50-million diverted to a single user's bank account. And it's hard to call a $50-million diversion of funds by one person acting contrary to all expectations "honest performance" done in good faith.
Neither argument is necessarily a winner – good faith is always a long-shot – but you could see how equitable principles might help to get the money back. The law came to the conclusion long ago that, sometimes, it needs flexibility to do what's right; contracts don't always automatically work like they should, whether on paper or on the blockchain.
Don't kid yourself, techno-utopians: as smart as your contracts may be, you still need legal principles to save them from your dumb mistakes.