Smart contracts – that is, computer-code-based contracts
that automatically enforce themselves – are based on a simple
insight: old-fashioned contracts are an awful lot like computer
code. Like code, contracts contain a series of rules that force
contracting parties to do things. But words, the thinking goes, are
ambiguous and lead to arguments when people don't agree on what
the words say. And arguments are settled in front of fusty,
Code, on the other hand, is unambiguous. Code does not need
courts. Make the code the contract and mix in some crypto-currency
blockchainery and you have the digital currency "ether,"
one of the hottest products in tech.
This solution is not perfect: We can write bad code just like we
can write bad contracts and, when that happens, we need those fusty
old courts to save us.
Take last week's hack of the Decentralized Autonomous
Organization. The DAO is the crowdfunding venture of the moment.
Investors who use the DAO invest ether and then vote on where to
allocate the funds. Funds are allocated algorithmically, leaving no
room for human chicanery.
Well, almost no room. Last week, a hacker exploited a fault in
the DAO's code to redirect more than $50-million of ether away
from the DAO and, most likely, into his own pocket. This looks like
theft, but, as other smart commenters have pointed out, it also
seems to be something expressly allowable under the DAO's
The DAO's legal contract contains many words explaining how
the DAO works, but, nestled among those words, are what lawyers
call an "entire agreement clause." Namely, a clause
specifying what counts as part of the contract and what
doesn't. In the DAO's case, the clause explicitly excludes
anything but the actual code from being used to interpret the
"The terms of The DAO Creation are set forth
in the smart contract code existing on the Ethereum blockchain ...
Nothing in this explanation of terms or in any other document or
communication may modify or add any additional obligations or
guarantees beyond those set forth in The DAO's
Framed this way, the hack isn't so much theft but a
permissible action under the contract. Investors agreed that their
investments would be determined entirely by the code. While
investors expected that the code would tabulate votes and invest
funds accordingly, the "entire agreements" clause means
that, whatever the DAO's explanation, investors' only
assurance was the code itself. If a programming error allows a user
to divert funds for personal benefit, there's no recourse; the
only rule is the code.
Moreover, one solution – editing the code to recover the
frozen money – seems offside. If the terms of the contract
(i.e. the code) don't allow for retroactive modification, all
parties, including the hacker, must agree to amend the contract.
The "theft" may be fine; the recovery may not be.
And now we can interject antiquated legal concepts into our
flash discussion of smart contracts. One such principle is that
contracts are interpreted based on reasonable expectations of the
contracting parties. Another, the fount of much controversy in
recent Canadian jurisprudence, is that there is a duty of honest
performance based on a duty of good faith. Good faith is an
equitable principle – part of a group of legal concepts that
exist to do what's right when strict application of legal rules
yields an injustice. Entire agreement clauses notwithstanding, the
reasonable expectation of DAO users was not that they would have
$50-million diverted to a single user's bank account. And
it's hard to call a $50-million diversion of funds by one
person acting contrary to all expectations "honest
performance" done in good faith.
Neither argument is necessarily a winner – good faith is
always a long-shot – but you could see how equitable
principles might help to get the money back. The law came to the
conclusion long ago that, sometimes, it needs flexibility to do
what's right; contracts don't always automatically work
like they should, whether on paper or on the blockchain.
Don't kid yourself, techno-utopians: as smart as your
contracts may be, you still need legal principles to save them from
your dumb mistakes.
Originally published in The Globe and Mail.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Under the Income Tax Act, the Employment Insurance Act, and the Excise Tax Act, a director of a corporation is jointly and severally liable for a corporation's failure to deduct and remit source deductions or GST.
Under the Income Tax Act, the Employment Insurance Act, the Canada Pension Plan Act and the Excise Tax Act, a director of a corporation is jointly and severally liable for a corporation's failure to deduct and remit source deductions.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).