EIP-999: Restore Contract Code at 0x863DF6BFa4

While you could argue that parity multisig’s contract eth was frozen while proof of weak hands contract was hacked, both contracts shared the same result - The developers made a mistake in the code and investors want their eth back.

so do we have a stand that restoring contracts with frozen funds are OK while restoring hacked contracts are NOT OK.

If we want to allow parity to restore their contract, we need to allow all frozen contracts to restore since ethereum started. Then we also need to allow anyone with frozen funds to restore their contract automatically in the future as well. There needs to be new op codes for this. This is just being fair.

This EIP would be seen as a discrimination if its just doing for the sake of parity.

Do we want that?

1 Like

Yes the rabble is boisterous and possibly I’ll informed… Ignore them at your own risk.


Furthering your US analogy, could such groups ever find a ‘happier’ separate existence given that they are codependent? History tells us otherwise. Perhaps a hard fork would not follow the norm?

1 Like

I’m a strong advocate of EIP 867, which proposes to do that. It allows anyone willing to put in the effort to provide a rigorous proof (or hire someone to author it for them) to get funds recovered IF they can prove to a reasonable human that the funds are clearly theirs and that they are inaccessible due to human error. The multisig deletion would fall into this class, as would many other accidental fund losses that people have suffered over the years. TheDAO recovery would not qualify since it took funds currently under control by one user and gave them to others.

I think that the two groups can govern independently, while still engaging in mutually beneficial trade. I think the same is true for blockchains, it is possible to have two blockchains that cater to two different groups of people and as long as there is opportunity for free trade between them then they can co-exist.

An immutable chain (ETC) and a mutable chain (ETH) may serve different demographics, which have different risk profiles, and people can freely move from one to the other (e.g., via exchange). I’m personally not a big believer in “one chain to rule them all”, I think multiple chains can coexist and solve different problems and target different users.

1 Like

Not that extreme.

Yes that extreme. In reality, the Ethereum Foundation can choose to develop any software they like, and as long as they control the network brand called “Ethereum,” they have both de jure and de facto control of which blockchain gets to be called “Ethereum.” The same way “Bitcoin Cash” can have 99% of the market cap and hash-power of Bitcoin, but still the Bitcoin Core group socially (if not legally) controls what network gets to be called “Bitcoin.”

Fixing the Parity Multisig bug costs zero in deployment and is fully “non-contentious,” as forks (or any form of expansion in the symbolic space) are always “non-contentious” by technical definition, since they do not impede the continuation of the previous blockchain.

The only point of “contention” is Market Fundamentalists getting angry at the idea that the Ethereum Foundation may choose to christen the Parity Multisig Fix as “Ethereum,” using their social and legal branding powers. This is like people complaining that they got banned from Internet forums with cries of “Oppression!”, when in fact the Internet is completely abundant of space where you can go instead. You can be censored in symbolic space, but you cannot be oppressed, since you cannot be squeezed into a corner like in purely physical, or physical-symbolic systems (and this is a quick model to try to show a moral angle; please don’t be literal about it and force me to expand this into five pages).

Market Fundamentalism is a bane for the social adoption of crypto. When the DAO fix was in, Bitcoin Maximalists were spilling poison in online bitcoin rags about how the Eth Foundation was having “phyrric hopes” of not being legally persecuted. I.e. they can have fantasies of volunteer developers being jailed for reverting symbolic thefts in an MMO. These people are insane and the Parity Multisig bug and the DAO hack are gifts in disguise, which allow us to identify them and drive them away from the social Ethereum network.

Right now Ethereum is in the early stage in which control over the protocol is de facto centralized

No. Protocols are not controlled, since they are just math objects and our present society is free enough that anyone can create their own math objects and post them on Github.

The Ethereum brand will always(*) be legally and socially centralized to whatever the Ethereum Foundation decides is the Ethereum network, and the majority of exchanges will always socially agree with what the Ethereum Foundation decides. Even if they completely cease doing any actual software development and just endorse other people’s implementations.

The Ethereum Brand is a social object, and that is what “controls” what miners and exchanges do. But that’s how basic leadership and naming works in our society. All those parties are free to ignore the Ethereum foundation and do their own thing.

(*) unless they give it up, of course.

It costs $xxx million in value being redistributed from the current holders of ether, permanent harm to the reputation of Ethereum and a strong leap towards a central governance model where a special minority get to choose which transactions are valid and which are not.

For those that want a quasi-centralised system where transactions can be undone, they should opt-in to a solution on the Ethereum application layer; these decisions shouldn’t be made at the protocol level. It’s clear from the volume of debate in this EIP-867 and EIP-999, the split sentiment on reddit and the results of the EIP-999 coinvote that many people are not interested in a system like this.

It is a contentious fork.


For those that want a quasi-centralised system where transactions can be undone,

The system is not physically nor socially centralized in any meaningful fashion. The only centralized asset is the brand and the social respect that the Ethereum development body enjoy. You have not read my post.

It is a contentious fork.

For a generic, meaningless definition of “contention” (i.e. “noisy angry people”).

Actually that is an interesting thought, and now that I think about it, it makes sense. Eventually two perpetually disagreeing groups within one entity WILL split (history has shown) so any steps taken to make it an amicable, free choice split should be considered.

This is where I like and see Phil Daian’s proposal fitting in. Client developers’ unbiased support in instances like this for both choices, free of defaults. Two releases, one including the irregular state transition, one not, and neither default.

Could create an ETHr (recovery enhanced) and ETH (immutability preferred) for those who value such.

Support both histories as equally “Ethereum” but customized for needs / values. It is inevitable that some users, projects, etc. will want or need recovery paths vs immutability. I see no reason why the devs can’t support both. Let the market value them as it will.


Build ETH recovery chain as a sidechain / childchain.

Unfortunately, if the client developers don’t express preference, the exchanges will by deciding which one gets the token ETH. Personally, I would prefer developers deciding defaults over exchanges deciding defaults.

It is unfortunate that Bitcoin long ago set the precedence that when a hard forking protocol upgrade occurs one branch gets to keep the ticker symbol and the other doesn’t. It would have been better IMO if at every fork the original ticker symbol was end of lifed and two new ticker symbols spring into existence, with no preference as to which is “correct”.


It’s just sad in general that all these exchanges have so much influence over the protocols and development.

If that’s the case and we can’t have nice things like true freedom of choice, then I would have to say that unless it’s a clear majority that support the irregular state transition, the burden should be on the proposer, and they should provide the option (and can see if a client team will assist), versus the change being deployed as the default. That would deter most claims outside the most serious.

This has historically been Bitcoin’s policy, if a change doesn’t have 90% support or something crazy then it isn’t included. IMO, this has resulted in Bitcoin effectively stopping development because their community is of the size that they can’t get 90% support on anything, even things that are pure technical upgrades (like adding new opcodes).

I can see the argument for treating things like recoveries differently, but I think no-contest recoveries are generally good and there will always be someone who didn’t lose money who doesn’t want to support someone else getting their money back (accessible supply goes up with every recovery).

Personally, of all of the options available (Exchanges choose, client devs choose, default to no-change), I prefer to let the client developers choose (where “choose” here means pick the default). If I ever get to the point where I feel like the client developers are not making good choices in general, or are making choices that are outright terrible (like introducing some form of government KYC into the system) then I’ll fork. Until then, I’ll likely go along with changes proposed by the client devs even if I don’t wholeheartedly agree with them (like I did with TheDAO).

1 Like

Seems we are presented with a binary choice? Recover the funds or not; to fork or not to fork? In these two scenarios the lost funds are either worth 0, or some less than current value due to the damage caused by a fork.

Do the lost funds truly need to be recovered 1:1? Could partial recovery be considered? A predetermined value might be preferable to an unknown post fork value. Partial recovery would retain some incentive for thorough testing.

I suggest reading @alexvandesande’s write-up of an alternative solution to lost ether.

Basically, what’s described is a “recovery contract” concept where beneficiaries of lost ether are distributed an ERC20 token at a 1:1 ratio. The recovery tokens can be redeemed pro rata for some amount ETH, with the potential source being from donations, EIP1015 (basically a tax on PoS) and possibly insurance.

1 Like

What value does this provide over full recovery? If we go through the effort of recovering, why not do the whole thing?

This assumes the fork would be damaging (net). I’m not convinced of that. It is possible that knowing that Ethereum is willing to do no-contest fund recovery could incentivize further interest in the platform due to a risk reduction compared to a fully immutable system. There are of course arguments on the other side that it will damage confidence, but at the moment it is all speculation.

I have seen this proposed a few times, and it has never been clear to me why anyone would ever want those tokens. They have no potential future value for network fees, nor do they have any future utility. Also, why would anyone voluntarily give away their ETH (donate) to such a thing with no guarantee that everyone will donate equally?

It’s not my idea, so I’m not a good authority on this topic. However I can think of two reasons why somebody might donate to a recovery fund:

  1. To avoid a fork (because a fork arguably hurts everybody)
  2. Pity for the victims

Whether these donations would be significant – I don’t know. Of course, it wouldn’t get close to the original sum lost.

It’s not my proposal, but I prefer it over an involuntary contribution from all to the affected parties. Your questions are probably better directed at @alexvandesande or someone else backing it.

@alexvandesande addresses this question in his post. His proposal involves building an insurance marketplace where those tokens collect fees in the future.

If I’m following the argument correctly, it starts off with the assertion that the client dev teams (besides Parity) will not include recovery in a hard fork. That means the arguments it makes are not relevant to whether or not client dev teams should include recovery in a hard fork, which is what mast of the discussion is about.

As far as the token thing, it needs funding to be worth anything and each of the proposed funding items have problems:

  • Donation: This requires people giving free money away to people who lost their ETH. Human behavior studies have shown that humans won’t generally do this unless they believe everyone else is also going to do it, in which case they often will. Since the “community” has already decided not to recover in this scenario, there is no reason for users to believe that other humans will donate, thus they won’t donate.
  • Block reward: This is effectively no different from just restoring the ETH directly, but is more complicated. It just hides what is really happening in an obscure way, which I find to be a worse option than being transparent about what is being done.
  • Services: This is basically saying that Polkadot/Musiconomy should (effectively) just run another ICO. Why would people give those two products more money in this new round of funding? Presumably, the projects have already tapped out the funding source since at least Polkadot ran a dutch auction. This would also be disingenuous to the original token buyers who were promised that there would only be one round of funding.
  • Future Insurance of Contracts: This appears to be arguing that people with lost tokens should build a new insurance company, and use the profits from that insurance company to fund their losses. This isn’t a recovery at all, it is just a business idea.

I mostly agree with @MicahZoltu. While working on EIP-867, I saw many people say things like “I hope you’re considering non-hard-fork solutions as well”, so I asked around and tried to collect a list of recovery options that didn’t require a hard fork. The only two options I found were:

  1. Retroactive insurance payouts.
  2. Tokenization of losses.

I don’t see Option 1 as viable to address past issues. I didn’t really understand @alexvandesande’s point toward the end of the article about why an insurance company would voluntarily take on enormous liabilities on Day 1. Even if some well meaning person wanted to, what investor would fund them?

Also, even for future incidents I’m skeptical. Imagine an insurance company starts up and is wildly successful. It pays out some small claims while making a great profit. Everyone is happy. Then, the big one hits. Why wouldn’t it push for a fork? It would potentially have huge resources available to run an aggressive PR/legal campaign.

For Option 2, I had considered that the recovery token contract would be funded by future recovery. At best, this would postpone a fork, and at worst it would just dupe a lot of people into buying worthless tokens. Alex did not make this assumption, but I think some of my other pros/cons still apply.


  • Immediate liquidity for some projects that are desperate for funds
  • Does not require an immediate hard fork (block reward will require a hard fork)
  • A reusable solution


  • The allocation of recovery tokens will itself be controversial.
  • New allocations of recovery tokens could devalue existing tokens by a lot. Knowing even a few minutes in advance of a decision would present an enormous advantage and (in my opinion) a much bigger potential for abuse than something like EIP-999.
  • It does not address stuck tokens
  • There is always the possibility that there is some clever way to recover stuck funds. Imagine a future upgrade of the EVM which seems totally unrelated actually makes some type of class of stuck ether recoverable. What then?
  • Which accounts will receive tokens? Won’t this process look almost exactly like the ERP process? If not, how will it work?
  • What if the Recovery Token contract has a bug? Would people support a recovery fork in that case? Who is responsible for the recovery token contract?
  • Would recovery tokens be viewed as securities?
  • People that hold recovery tokens will have an incentive to make them more valuable – what sort of behavior might that encourage (e.g. fighting against every recovery issue that comes after you, spreading rumors about a huge loss to get people to sell before you, a large donation promised that never actually takes place)?

I’m not entirely opposed to this approach, but these are the reasons I originally dismissed it. In the end, I think if people are willing to allocate recovery tokens and then allocate blocks rewards to back them, I don’t see why they wouldn’t be willing to just recover the funds in one go and avoid all this complexity and risk.

1 Like

That’s simply not true - the fundamental difference of a blockchain isn’t that you can’t change it, it’s that you can’t change it without everyone’s involvement and consent.

Why would you fetishise ossification like that?

What losses are being socialized?

Doesn’t locking up ether “change the available supply in an unpredictable fashion”?

1 Like

Everyone’s? Taken literally, it’s exactly what I wrote

a decentralized system requires unanimous agreement

yet clearly you don’t agree. So what do you actually mean by ‘everyone’?