EIP-999: Restore Contract Code at 0x863DF6BFa4

@fubuloubu This EIP is following the current governance process. Many people do not like this governance process, and that is fine and reasonable but this isn’t the place to change the governance process. If you want to argue that this EIP is not following the governance process this is “the right place” but that has been debated pretty extensively and I believe most of the EIP editors and core dev team agree that this EIP is correctly following the current process.

Sorry! I think you misunderstand. I am not advocating for a change in the current governance process at all. This EIP and ones like it I believe arise from a deficiency in the governance process overall, and that’s the context I am discussing changes from. I am simply brainstorming solutions to what the problems might be in order to scope out what the problem is. There are no concrete recommendations I am suggesting to the current EIP process, and I think the discussion here is very relevant. My apologies for the confusion!

1 Like

You are certainly not alone in this regard, and this Discord group (ethereum-magicians.org) is definitely the right place to participate in such discussions. But if there is a deficiency in the current governance process, you are likely to not be heard or taken seriously by expressing it in this thread. I (and I suspect others) would love to see you voice your concerns in some of the other governance related threads though!

The things that do make sense in this thread are arguments for or against this change being implemented (e.g., why is it bad, why is it good, etc.) as well as technical arguments discussing implementation details, optimizations, potential consensus issues, etc.

The stuff that isn’t adding value to this thread (and should go elsewhere) are things like:

The fact that we haven’t taken a vote on this is bad

the community has spoken and this should be summarily rejected" (the current process doesn’t have a mechanism for actually measuring the community).

I hope everybody considers sound principles for blockchains when deciding EIP-999 and restoring funds in general: 1. Trust minimization, 2. immutability, 4. finality, 9. least authority and 10. adherence are the key ones in this debate.

10 Principles for Blockchain Governance:

  1. Trust Minimization: To reduce the reliance on trusted third parties for entering, processing and finalizing transactions and smart contracts.

  2. Immutability: Accounts, balances and smart contracts cannot be modified except by holders of corresponding private keys by entering transactions according to protocol rules.

  3. Fungibility: Native tokens must all be the same and interchangeable globally.

  4. Finality: Transactions and executed smart contract code cannot be reversed once entered, processed and finalized according to protocol rules.

  5. Censorship resistance: As long as they are compliant with protocol rules, transactions or smart contracts cannot be prevented from being entered, processed and finalized.

  6. Permissionlessness: As long as they are compliant with protocol rules, anyone from any place in the world can create accounts, enter transactions and smart contracts, or participate in the network as a competent developer, miner, validator, node operator, user, or any other prescribed participant or stakeholder.

  7. Auditability: Transaction and smart contract history must be analyzable and reconcilable by anyone or by holders of corresponding private keys.

  8. Reconcilability: Transaction and smart contract history must match mathematically to the latest and all future states according to protocol rules.

  9. Least authority: Developers, miners, validators, node operators, users, and all other prescribed participants and stakeholders must limit their participation to practicing only the functions of their roles in accordance with protocol rules and these common principles.

  10. Adherence: Developers, miners, validators, node operators, users, and all other participants and stakeholders must make sure they collectively decide and implement future changes to the protocol in accordance with these common principles.

This video explains it further: https://youtu.be/2Se97PBrMj4

2 Likes

I support this proposal.

  • There are multiple hard forks planned, each of which would be an opportune time to implement this EIP without the need for an “ad hoc” or “unplanned” hard fork. (I don’t believe there is any urgency to its implementation, much as I’m sure everyone affected would like to have had this activated yesterday/ asap.)

  • This proposal restores access rights to the proper owners of assets on-chain, where the loss of access is strongly believed beyond reasonable doubt to have been unintentional.

  • Bonus but not a deciding factor: I believe a portion of these assets will go towards improving the Ethereum ecosystem (infrastructure, applications, culture and community, etc), and that without access to these funds Ethereum as a whole suffers a significant loss.

FTR I would also support other recovery EIPs that meet the above criteria.

3 Likes

I’m disappointed that this proposal has made it here after the previous, vociferous rejection.

Hard forks should not be contentious if we wish to retain the same community. I don’t think we’ve fully grokked the social consequences of this one - I believe it would be significantly worse than the DAO split.

The cost-benefit tradeoff here is not purely technical - it is also social.

3 Likes

The cost-benefit tradeoff here is not purely technical - it is also social.

I think this cannot be overstated. We live in times of unprecedented inequality. Therefore, the optics of this decision (indeed, the optics of even broaching the subject) should be given the utmost consideration. Even assuming the intentions are good and there are logical ways one could argue in favor of this EIP, I don’t believe the broader community will agree with those arguments and that should be respected.

I think it’s accurate to say that a large part of why blockchains have recently gained popularity has to do with a surge in distrust toward traditional financial and governance systems. Ignore this at your peril.

4 Likes

For all of those who lost funds with the Parity multisig wallet bug: Get a lawyer and sue Parity to recover your money. The entire Ethereum network cannot be jeopardized for your loss and Parity’s poor development and irresponsibility.

Rationale:

  1. Public blockchains, as they are systems exposed to the environment with no protection other than their internal security (cryptography, game theory, extra-economic incentives, and coordination problem), need to have a strong ethos of immutability at the protocol layer and social layer.
  2. Immutability is about property and contracts. Blockchains contain ledgers with property titles, assets, programs and contracts. These rights, provided by these new networks, cross all borders and reach everyone in the world regardless of their country, religion or local security conditions. Since no social layer blockchain community can understand or manage the local situation of all humans and their specific geographies, the only way to make blockchains available and usable for everybody is to make sure the database, with the property and contracts, are neutral and unchangeable. If they were changeable by people or authorities foreign or strange to them, people would not be able to rely on blockchain nor deposit their wealth nor count on them for their agreements.
  3. To make blockchains immutable, the developers and their blockchain communities need to focus only on technical development, upgrades and fixing bugs if any. These have global impact and are scalable. If the community spends time and effort solving local accounting problems that lead to property restitutions and changes in programs and smart contracts, then they are intervening in the matters of specific users, which is a path to lack of integrity and security of the public network environment. It also opens the blockchain community, and the platform itself, to possible manipulation through bribes, possible government coercion, and other narrow human interests and vices in general.
  4. The above means that local issues such as the Parity multisig wallet bug and their users’ losses should be dealt with between those parties privately, but not using the general public blockchain network as a loss restitution and resolution device. This would make the blockchain an arbitrary, rule changing environment and thus not secure and not useful for unrelated strangers globally.
  5. If it’s true that the community, developers and node operators must not intervene changing the state to solve the Parity loss to protect the general public blockchain’s secure environment, then that means that Parity and its users must deal with that through other means.
  6. By ‘other means’, it is meant either through the traditional legal system if there is no agreement between the parties on how to reimburse the victims, or through friendly settlement. It also means that maybe there is no solution and the users must bear the loss.
  7. I am not a lawyer nor am I arguing the above to actually propose a concrete legal solution, but to state that the blockchain environment must be left alone and secure, and any solution of the Parity loss must be dealt with off-blockchain, whatever that solution may be, legal or non-legal.

This was originally posted on Reddit: https://www.reddit.com/r/ethereum/comments/8d0ic6/for_all_of_those_who_lost_funds_with_the_parity/

1 Like

You may want to add the coinvote poll at etherchain to the list. Although technically not a discussion, it might still be useful to gauge sentiment.

1 Like

Here are the main points I’d like to add

  • Practical cost of all clients to fork
    Requiring all exchanges, wallets, and web apps that touch public Ethereum to participate in a hard fork is a non-trivial burden to impose

  • Negligibility of change in the protocol
    Forgetting the temporal, social context, is the EIP itself at least a non-negative technical addition to the protocol? (idk)

  • Risk of splitting new chain
    This proposal seems contentious, in which case the worst case scenario of a split chain could cause more collective economic loss than the sum of the locked funds. Is there anything we can do to ensure the community stays together? Random example: wait till more dApps launch, become popular and interconnected, then those communities will likely all fork together.

  • Moral imperative
    Helping others recover the funds that they have clear claim of ownership, is in and of itself the right thing to do.

If anything, I don’t think anyone should make the argument that this sets a bad precedent of bailing out large amount of funds. The real precedent that I hope we continue to make, is the precedent of sound judgement, meaning any potential EIP is on the table, and there are no hard rules of what is ruled in or out.

2 Likes

Even though I still do not support this EIP I appreciate Parity’s process for the retrieval: first a general improvement on the chain that helped them as side effect (rejected), then a general recovery process (rejected) and now a specific recovery fork.

Instead of rehashing old the Dao arguments about hard forks and bailouts I’d like to post a new one about the cost of the fork. I started typing here so it got too big and made it into a Medium:

TLDR: if a proposed fork is implemented then both chains will exist. If that happens it will cause trouble to every single token and app.

7 Likes

I oppose this EIP.

My position can be summarized as:

  1. It is not universally supported, and implementing it could lead to a disruptive and contentious hardfork.
  2. As soon as you add a subjective process for deciding what the blockchain state should be, you are compromising on the core utility of the protocol as an objective source of truth.
  3. We should try and solve issues that are unrelated to security or scalability at the application layer rather than at the blockchain protocol layer.

I think its clear that there is significant demand for a mechanism that makes the platform more forgiving to user mistakes. However, I think such a mechanism should not be built in to the base-layer blockchain protocol.

I would support and encourage community adoption of a private insurance model where users pay a premium to insure specific contracts they use, the insurance provider would assess the risk of a given contract, and if the user experiences a bug that is covered by their insurance agreement they can be paid out.

I would also support the adoption of a new token (perhaps a stable-coin) which has a fund-recovery process built-in. Changes to balances of that token would not require irregular state changes at the base-layer. Users would be able to use the token and be assured that their funds could be recovered, while users and developers who rely on the objective nature of the Ethereum would not be impacted.

Both of these approaches have the advantage of separating the concerns of securing and scaling ethereum from the subjective governance over user balances.

1 Like

We should be very cognizant of the incentives that result from implement EIP-999:

  • All rational actors will now be incentivized to spend less resources auditing their contracts and instead spend more resources lobbying Ethereum core devs or playing politics with members of the ecosystem and gaming various social media outlets.
  • Ethereum devs will be perceived as a final arbiter of asset balances. They will be the weakest link in securing the Ethereum ecosystem. There will be rapidly increasing incentive to target and forcibly coerce client developers by criminal and state actors.
  • If the blockchain can be edited by a few key people, then governments will demand Ethereum devs implement KYC/AML measures in Ethereum client. State agencies of various nations can issue compliance demands in secret that order Ethereum devs to freeze various accounts that are accused of helping fund terrorism. Going public with these security letters to gain consensus or refusing to implement them can easily result in criminal liability and imprisonment for developers.
  • Very large entities in Ethereum can now adopt the “too big to fail” attitude where they can recieve a bailout from core devs if and when they act recklessly. Privatizing gains while socializing losses is unfair to small entities that do not have the clout to pass a non-technical EIP.

This may be a great benefit to certain friends in the short term. In the long term, however, Ethereum would suffer a permanent stain that will result in a non-trivial amount of businesses and developers abandoning the ecosystem for another that is perceived as both more stable and more fair.

3 Likes

Why is discussion happening here and not being kept on GitHub?

1 Like

The GitHub issue is a linear thread, and as such it might be best occupied with work done by editors and the author. Here, we can have a threaded conversation. We can also create new topics in here should we find some detail that we all want to delve into.

Lastly, we aim to follow a different set of principles and practices than those which may guide discussions in the EIPs (and these are not finalized): https://goo.gl/DrJRJV

2 Likes

@dpyro Everything you have said outlines exactly enough reason to discontinue this EIP.

Frankly, I am disgusted that this discussion has been moved away from the perfectly functional and familiar GitHub to this other forum (which needlessly makes the newest posts very inaccessible).

Fortunately I highly doubt this EIP will get any further.

(edited for clarity)

@bwheeler96, can you elaborate on why this has disgusted you?

I am also confused about how an objection to where we are discussing EIPs relates to why one would support or reject a proposal.

For more background on why FEM set up this discussion forum: we are attempting to improve on the evaluation of proposals with categories, topics, and the ability to reply to a specific post. This approach to discussing complex issues is something that Ethereum Research has used effectively at https://ethresear.ch.

4 Likes

@jpitts for one, this site does not work very well. Also I don’t see a lot of other EIPs here, except 867 which is basically the same EIP in different wording. Secondly, this site doesn’t work very well if we’re being honest.

It very much feels like an attempt by the people that are heavily involved with this EIP to stifle discussion by people that don’t agree.

The site works great for me, what problems have you run into with it?

This site is fairly new, and the concept of having EIP discussions here is even newer which is why you will only find a couple discussions here.

2 Likes

I’m sorry that the site doesn’t work well for you and feels like a way to stifle discussion about a specific EIP, @bwheeler96.

The origins of this website are in the ethereum/governance gitter channel. While ether recovery is a topic that is widely discussed in the community, it was not very strongly in our mind when @gregc and I began work on the Fellowship. The goals are more general for this group and this website.

We are using Discourse software here and learning about how it works. Let’s open a new thread on site feedback if you want to discuss how the site doesn’t work well.