Hacker News new | past | comments | ask | show | jobs | submit login

Unless the attacker is an author of DAO or Ethereum I fail to see where the con would be.



It is clearly theft and whatever legal mumbo jumbo he provides doesn't change that. I'd personally say the claims that this is somehow legal is the con, but I agree it's not entirely clear.


It's hard to justify a statement like "it's clearly theft" given the amount of time and money and legal resource that was used in the Google/Oracle case about the use of an API.


If a valid contract was entered and accepted, where is the clear theft?

Supposedly DAO has the ability to cancel the transaction anyway. Failing to cancel will be additional de facto evidence of the validity of the contract.


At least in my country contract law is regulated by regular laws, especially contracts between consumers and corporations. There are definitely limits to what rights you can sign away and some of these are based on more general, open-for-interpretation definitions, using terms like "reasonable", "expectable" and the concept of "bonus pater familias" ("good family man", apparently referred to as the Man on the Clapham Omnibus in the UK), i.e., what would a regular, reasonable, moderately educated person expect. I don't know about America, but I would assume there are somewhat similar protections, at least for consumers.

Honestly, I'm almost in favour of letting the attacker keep the money to hold some of these foxhole converts to their own ideology. But I am quite sure that at least here, a contract which purports to be about proportionate sharing of a mutual pool of money but happens to contain a loophole that allows one person to run away with the pool would be void, and exploiting the flaw regarded in the same way as exploiting any other code flaw to obtain unauthorized access to a computer system - hacking.

Of course, my country's legal system has a often proven itself incapable of understanding how computers work, so who knows what they'd conclude, but I can't imagine that it is as clear cut as some suggest.


You're begging the question here. He's trying to use spurious legal claims to prevent cancelling the transaction. His success at that can't make his legal claims valid.


Who is the "he" you are referring to?


The attacker. Who can't say that it's illegal to block his money, and use the lack of blocking as an argument in a court of law.


I anal, but I'm pretty sure that the law mostly operates off what the intent of a contract was.


I have read the article, and the terms are very clear (assuming the article is accurate): the code specified the actual intent and all other claims are void.


The intent was to set up an autonomous corporation, not to be bankrupted by the first person to find a security hole.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: