EIP-999: Restore Contract Code at 0x863DF6BFa4

It would be good if the ordering of posts was more chronological. Putting oldest posts first does not feel very effective, and on top of that I have to scroll a lot (with stops for lazy-loading) just to get to the bottom. Other than that the site is very nice.

What I particularly don’t like is that ethereum-magicians is a new site that developers have to sign up for, making it a few extra steps of difficulty for people to have this discussion. It seems like a conversation that was well in the public eye (Github) has been moved to this other site that essentially does the same thing but is less accessible to the general public (of developers).

Lets keep conversations out in the open.

Added.

(20 characters)

I am not sure how such a decision should be made. Is it going to be counting hands? If so I would like to add my hand in the “Rejection of this proposal” camp.

The points made by fellow posters already (@alexvandesande especially) are the reason why I am opposing this. This would definitely cause another chain split and I just don’t want to impose this to the Ethereum community.

I am strongly against this proposal since it doesn’t directly improve Ethereum, I rather have Parity have another ICO/donation address to get some of the funds back.

Also , please watch this … don’t make it happen please.

Immutability is the difference between a decentralized platform and an inefficient hosting service. There’s no point for ethereum to exist if it’s mutable.
Put another way, ethereum with bailouts is a poorly scalable and inefficient version of EOS, which is a poorly scalable and inefficient version of AWS Lambda.

Events in the past (the dao fork) don’t matter by itself, because well, they already happened, whether it was a mistake or not. What matters is the future: was that change a one-off, or the start of a pattern.

To add to your points Alex, I would like to put emphasis on tokenized physical assets. Tokenized plane tickets, house ownership and similar tokenized real life assets will all need to choose a single chain to support. You can’t fit more people in a plane than there are seats, just like someone can’t own “two” houses.

These applications can only support a single ledger and a contentious fork without a proper governance scheme could seriously damage their platform. We could end up having apps that definitively choose different chains and end up being somewhat permanently separated from each others (until chain inter-operability, but that’s still quite a burden).

There could be “chain” migration methods implemented in their contracts, but I doubt most applications currently implemented this.

Playing devil’s advocate here and please feel free to tear this apart, especially incorrect assumptions:

1. Is this considered an “improvement” to the protocol as identified in the definiton of Standard Track / Core proposals? If it is should “improvement” be further clarified in EIP-1 or removed and replaced with “change” or something with a little bit more flexible a definition. If it isn’t an “improvement” under the conventional definition of the term, or as intended in EIP-1, should EIP-999 remain open/be merged or closed/withdrawn?

2. Based on 1, should EIPs be requested to demonstrate their benefit to the Ethereum ecosystem/protocol (as it stands now the benefit for EIP-999 seems to begin and end at a small interest group versus all users/participants).

3. If the EIP isn’t concerned with any protocol level improvements or protocol level remediation efforts, is this a topic the Core Devs should be spending much time on? If one of the beneficiaries of the EIP weren’t a highly influential client development team, would the matter be something the Core Devs would spend significant time discussing, except maybe for technical viability once community consensus is gauged? If clear consensus is never reached (as it appears with this), should the Core Devs devote time to discussion at all.

The problem I see here is there is a lot of attention being paid to this because Parity is a major and highly valued member of the community. If we remove Parity from the equation, I think generally the sentiment would be “you’re free to explore other recovery options, or attempt your own fork.” Because this is a valued team, we don’t want it to come to that, so certain accommodations have been made, which is understandable, and I’m not sure how to resolve this in a way that is beneficial to Ethereum and Parity / The Other Affected Parties.

I want everyone to get their ETH back, but I don’t know if a contentious fork is the way to do it. Nor if it’s something the Core Devs or EIP process are designed to facilitate, being extraprotocol and all.

This is the most eloquently put advocation of immutability I have ever seen. If we fail to be immutable, we fail.

I’m not sure I agree. Immutability is a goal, but it isn’t a promise, not even with blockchains. I’d argue true immutability doesn’t exist, since agreed upon changes can be made as part of the on-chain governance process.

Immutability tends to result from bad governance processes incapable of, or unwilling to, handle classes of changes. The decision not to address classes of changes is also a decision, and should be made only with input from all, and revisited as a network matures / grows. I argue Bitcoin’s claim to immutability is actually a function of a centralized decision to not deal with classes of changes that their governance process is ill equipped to handle, or they simply refuse to out of some dogmatic belief. They’ve also not had to deal with a test of that conviction, except for early on when previously valid transactions creating 184bn Bitcoin were invalidated through human intervention.

Off-chain governance aside, the blockchain is capable of deciding these things and is the natural venue for such hard decisions. Off-chain governance just seeks to gauge sentiment and whether putting it to the blockchain even makes sense.

Aside: How do I quote on mobile lol?

On a top level, I support a process that enables clear-cut recoveries when possible. I believe that in the long run Ethereum needs such a mechanism to keep growing and compete in this space. If the risks are too high and there are other chains that enable such recoveries, I think the bigger players will just move to other chains.
The whole ERP process while it sounds good, I do not support it yet. I think it’s too soon and before it is accepted alternatives need to be thought out. If it turns out to be the best way - that is fine, but a clear group / process with responsibilities must be thought out before. We really should not put it all on developers to decide.
As for this EIP - I support EIP999 because it’s a clear cut thing that’s quite easy to implement and when included in another hard-fork really isn’t a big risk of splitting the chain.

Regarding EIP-999 discussion on the 4/20 core dev call:

A: Me:
Yes. Contentious EIPs/initiatives are given due discussion time but there is a certain level of contention at which they aren’t deserving of the implicit coordination and development work of all core developers to build out the contentious solution and time a fork.
That work can be left to the forker.

Initiatives that have consensus get core dev coordination, initiatives that don’t, get tabled indefinitely within the core dev forum.

I believe ethereum core development, as an organization, should strive to focus on highly agreed-upon initiatives and initiatives that improve the protocol as a whole. Individuals and other groups are always able to coordinate under a different community brand.
The core developer organization should not be required to divide itself at the behest of interested parties without very good reason (reasons that garner the consensus of the core dev organization).

At DevCon2, Piper Merriam was issuing the DevCon2 token. There were 231 coins issued.

At the time, there was some discussion that these tokens might be used for voting. How difficult would it be to set up a voting dapp for holders of DevCon2 tokens?

Might that be a way to get a sense of the feelings on this issue from “relatively” early adopters who we are certain are ( a ) not sybils, ( b ) not weighted by ether holdings, and ( c ) known to have been at DevCon2.

Here’s some information on those tokens: https://github.com/pipermerriam/devcon2-token, https://medium.com/@pipermerriam/devcon2-token-upgrade-fa9fa4af59b5, and https://etherscan.io/token/devcon2.

Just to add to other options for types of votes. I have a database of usernames, date of first post, and karma from the top 4 ethereum subs. I’ve made the tool I used to scrape this available so the results can be checked. People register this data on-chain when they register to map an ethereum address to their username via the r/recdao project. Currently 700 people have pre-registered an address. Possibly this data could be used to formulate some threshold criteria for different kinds of votes.

Whether or not we fail is dependent on what our objectives are.

We are free to define our own objectives but meeting those objectives does not imply that we have provided any real value; I can build a trivial system that is immutable, decentralized, and absolutely useless. If my objectives are immutability and decentralization, I can declare success (imagine a big “Mission Accomplished” sign flapping in the wind behind me). However, I don’t think that’s why we’re all here.

Re: EIP999 Hardfork proposal.

If it ain’t broke, don’t ‘fix’ it

Ethereum is working just fine as intended. Learn from it, write better code. Parity messed up even AFTER the first multisig exploit. Now they are learning the lessons as they go along, just like EVERYONE else.

Are we going to ‘fix’ that one as well? I don’t see any discussion on that. Why? Because they didn’t lose THEIR funds in that failure it seems. This failure was caused by PARITY, not ETHEREUM.

If it was caused by the PROTOCOL, sure fix it and return the funds. But it was not.

They only have themselves to blame, unfortunate for them.

I will not support bailouts for Parity when there are thousands of people who are NOT going to be bailed out in a similar respect.

Supporting EIP999 is goes against the very nature of non-censorship.

The “Slippery Slope” objection is false and needs to be addressed.

There are fundamental differences between most cases of lost funds and the massive “The DAO” and “Parity Multisig” cases, and they should be used to draw the distinction, and that is of the sheer size of lost funds and of people affected by a single issue. Cases eligible for a hardfork are (A) cost-efficient and (B) completely unequivocal.

Any time the cost C of fixing the issue by hacking a manual hardfork is lower than the benefit B to parties damaged by an event that is a clear-cut, provable bug, the network has an obvious moral duty to act and issue the simple one-line hardfork.

This is not hard.

First, the definition of bailout is “an act of giving financial assistance to a failing business or economy to save it from collapse”. EIP-999 does not move any funds. It does not “give” any tokens or ether to anyone, especially not Parity.

Second, have you looked at EIP-867? I agree that there are other cases that can and should be addressed.

and that is of the sheer size of lost funds and of people affected by a single issue.

What size is sufficient? How many people must it affect? Why are mistakes that affect a large balance fixed but mistakes that affect a small balance not fixed? What criteria determines who is eligible to receive a fix?

Any time the cost C of fixing the issue by hacking a manual hardfork is lower than the benefit B to parties damaged by an event that is a clear-cut, provable bug, the network has an obvious moral duty to act and issue the simple one-line hardfork.

You are socializing losses while privatizing gains. Parity chose not to spend sufficient time or funds auditing their multisig contract and this is the result. They aren’t the first and they won’t be the last. What criteria will you use that enables Parity’s mistake to be fixed but not other users? How is it fair to entities that did spend resources to ensure the trustworthiness of their contracts?

I think we can all agree that the implementation cost would be trivial. There are network costs though:

• Changing the available supply of ether in an unpredictable fashion which will affect both users and hodlers alike.
• Incentivizing entities to not spend resources auditing code and instead spend resources lobbying core developers.
• Reducing confidence in the immutability of the Ethereum network. How do you think this will be written up across various cryptocurrency forums and sites? It will destroy Ethereum’s reputation.
• Regime uncertainty that spooks businesses with incalculable risks. The possibility of an unpredictable undo button on an otherwise immutable state machine makes anyone who doesn’t have a direct line to core devs uneasy about investing serious time and money to provide services on the Ethereum network.

There are wide-reaching economic consequences here beyond changes some balances.

This is not hard.

Please don’t assume people disagree with you out of ignorance.

What size is sufficient? How many people must it affect? (…) What criteria determines who is eligible to receive a fix?

Individuals answer such questions for themselves, and then they take action. That is the beauty of moral, right action. Simple truths can be realized independently by each individual, which a process different from that of technical decisions, which require expert, specialized reasoning. And then those individuals act out of their own trust in their capacity to assess what is “right” and what is “wrong.”

In this case, the “Ethereum devs,” which is a bunch of open-source developers who have no real connection to the network, issue a patch, and a bunch of “miners” voluntarily run it on their own machines, resulting in a “network” which people decide to call “The Ethereum Network,” although that is what they called a prior and unrelated ruleset that determines what “network” it produces (which is how names work in human society). Miners are free to run whatever “network” they wish to be in.

This has already happened. It was called The DAO fix, and it was an unmitigated success.

Why are mistakes that affect a large balance fixed but mistakes that affect a small balance not fixed?

I literally answered that in my original post, even in a technical format.

Please don’t assume people disagree with you out of ignorance.

And yet:

• You have used the scare-word “Regime” to describe open source developers and a network of volunteers;
• You have reduced pro-social restoration of millions of dollars’ worth of actual existing people’s economic intention as something that may or may not “spook” some abstract set of people;
• You think hypothetical negative economic effects of massive economic restoration, i.e. doing the obvious right thing, is more worrisome than not doing the right thing. That is, you actually, seriously believe that confidence in an agreement platform increases if hundreds of millions of dollars of obviously, correctable damage are purposefully not addressed, while we even have a measure of that “impact” in CoinMarketCap (i.e. nobody cares about Ethereum Classic);
• You believe it is possible to write bug-free code if only people and organizations fear enough its consequences. You believe that so strongly that reverting hundreds of millions of dollars in accidental damage should not get in the way of soiling that precious cultural incentive;
• And last, but not least, you have actually linked to the Moral Hazard Wikipedia page as part of your argument. (Here’s a link to the Morality Wikipedia page.)

To have an immutable rules event history running on the Internet, you need to perform the impossible technical feat of placing the engine that executes those rules completely beyond reach from humans (in this case, the decentralized society of miners, not the “Regime” at the Ethereum Foundation), since humans are moral agents and not robots and are thus forced to act, even when it is extremely socially inconvenient for them to have to do so (“Ethereum devs” and “miners” are all rich, they can financially afford to be sociopaths and just not care, and avoid the social cost of debating morality with Market fundamentalists). If you oppose moral action then your quest for an immutable rules event history on the Internet requires you to scare those moral agents from taking action (which is what you’re attempting right now);

Meta commentary: When a moral discussion is started as a technical discussion, this is what you get. Most people that bother to show up are those who have an ideological axe to grind against the moral decision – since it is weakened enough when framed as a “technical” decision, and thus prone to attack by “rational” people who have no interest in being actually rational about it – i.e. starting by reframing it as the moral issue that it is. People who see how obvious and a non-issue the obvious moral action is – the silent majority – won’t bother to show up, as it is way too depressing to have to spend your time spelling out teaching basic humanity to a noisy minority that won’t have any interest in letting you correct the framing of the discussion, even if you yourself have the means to pull off that correction (which most people do not, as they are just naturally moral and they cannot really explain it – explaining the obvious is really hard).

I have used the least amount of humor that is humanely possible in this obvious discussion for the restoration of millions of dollars’ worth of damages. However, the best way to carry out this discussion is actually with humor – see the success of The Daily Show, Last Week Tonight, etc. There are things that are best conveyed though humor, and this is one of them. For instance, you could have cops stopping a robbery and then suddenly they realize: “What about all the other robberies that we haven’t stopped? What about the robberies we don’t even know are taking place? This is not fair!” Or maybe there are unforeseen ramifications to stopping robberies, like mass incarceration, and what about the social causes of robberies? Then they just walk away.

the “Ethereum devs,” which is a bunch of open-source developers who have no real connection to the network

So you’re saying all core devs own 0 ETH?

In this case, the “Ethereum devs,” which is a bunch of open-source developers who have no real connection to the network, issue a patch, and a bunch of “miners” voluntarily run it on their own machines, resulting in a “network” which people decide to call “The Ethereum Network,” although that is what they called a prior and unrelated ruleset that determines what “network” it produces (which is how names work in human society). Miners are free to run whatever “network” they wish to be in.

Except that its often bundled with a major feature update. Even if there is a flag to toggle EIP-999, what’s the default going to be? Who gets to pick that default?

This has already happened. It was called The DAO fix, and it was an unmitigated success.

I was not even around for The DAO fix and I’m still hearing about how contentious it was and how fragmented the community appeared to be as a result. That is not an unmitigated success. If you visit the Ethereum subreddit the consensus there is than an overwhelming majority of commentors are rejecting any selective arbitrary funds restoration such as EIP-999.

I literally answered that in my original post, even in a technical format.

Any time the cost C of fixing the issue by hacking a manual hardfork is lower than the benefit B to parties damaged by an event that is a clear-cut, provable bug, the network has an obvious moral duty to act and issue the simple one-line hardfork.

So now we can all just submit a pull request whenever we type in the wrong address? There are people with thousands of ether lost that would love to have that ability. How will core devs decide what is a “clear-cut, provable bug”? Do we need community consensus or should we have an arbitration panel and start implementing our own legal system for every case? When some people get rejected and others don’t and they sue core devs personally, who’s going to pay for the lawyers? Why would any core dev continuing working on an open source project when they could be sued for their participation? How is that in way scalable? What happens when the price of ETH changes?

You have not addressed the core issue: exceptions made for one that are not made for all in an economic system is a very quick way to devalue that system. It also brings a host of legal liabilities that as an international community we should be cognizant of.

You have used the scare-word “Regime” to describe open source developers and a network of volunteers;

The phrase I intended to use is regime uncertainty. It’s not a scare-word, its a technical term that describes a specific issue: ad-hoc, unpredictable rules and regulations scare off investors that must plan ahead and wait for their investment to pay off. It is why unstable governments lead to multinational corporations pulling out from entire countries. You need to approximate that cost per your own criteria.

You have reduced pro-social restoration of millions of dollars’ worth of actual existing people’s economic intention as something that may or may not “spook” some abstract set of people;

Your morality is not universal. If we talk in terms of morality then you must also achieve a consensus because everyone will have their own version of what is morally right.

You think hypothetical negative economic effects of massive economic restoration, i.e. doing the obvious right thing, is more worrisome than not doing the right thing. That is, you actually, seriously believe that confidence in an agreement platform increases if hundreds of millions of dollars of obviously, correctable damage are purposefully not addressed, while we even have a measure of that “impact” in

That abstract set of people is every member of the Ethereum network. Increasing the supply of ETH 1% will reduce the price of ETH 1-10%. The lost ETH is somewhere around 1% of the total supply of Ethereum. If every member on average lost 10% of their confidence in Ethereum from a selective restoration hardfork that they didn’t sign up for then no, the loss in network value is far greater than the funds recovered.

The greatest loss will be the number of current and future developers in the Ethereum ecosystem who have idealogical and economic objections to this proposal. I myself will walk away if this kind of EIP-999 is adopted in its current form because I believe the Pandoras Box this would open will lead to the eventual irrelevancy of mainnet.

You believe it is possible to write bug-free code if only people and organizations fear enough its consequences. You believe that so strongly that reverting hundreds of millions of dollars in accidental damage should not get in the way of soiling that precious cultural incentive;

I never said that. There are multiple ways to deal with this:

1. Audit all contracts thoroughly
2. Bug bounties
3. Testnet
4. Third-party insurance
5. Builtin failsafe fund reversion method

There will be more as people innovate. I just listed some off the top of my head.

And last, but not least, you have actually linked to the Moral Hazard Wikipedia page as part of your argument. (Here’s a link to the Morality Wikipedia page.)

A moral hazard is a term and not its own form of morality. Excerpt from the wiki page: “A party makes a decision about how much risk to take, while another party bears the costs if things go badly, and the party isolated from risk behaves differently from how it would if it were fully exposed to the risk.” That is the too-big-to-fail mentality that pissed off many people and helped incentivize the adoption Bitcoin.

To have an immutable rules event history running on the Internet, you need to perform the impossible technical feat of placing the engine that executes those rules completely beyond reach from humans (in this case, the decentralized society of miners, not the “Regime” at the Ethereum Foundation), since humans are moral agents and not robots and are thus forced to act, even when it is extremely socially inconvenient for them to have to do so (“Ethereum devs” and “miners” are all rich, they can financially afford to be sociopaths and just not care, and avoid the social cost of debating morality with Market fundamentalists). If you oppose moral action then your quest for an immutable rules event history on the Internet requires you to scare those moral agents from taking action (which is what you’re attempting right now);

The economic problem isn’t modifying immutable state. It’s modifying it unpredictably according to political or social pressures on a very small set of people. That leads to regime uncertainty because you aren’t sure the rules of the game will be the same 5 years down the road.

If you really want to argue on the basis of morality and not the future of Ethereum then here’s my question: why are you concerned only with the morality of restoring funds for some number of users but completely ignoring the effect it will have on every other user of Ethereum in existence? If everyone else loses 10% of their ETH holdings’ value, is that not a moral issue? Or will “do the right thing” only be selectively enforced applied for possibly unknown benefactors?

My gut tells me you have some not-insignificant amount of funds lost in a wallet that would be saved by EIP-999. Perhaps you plan on dumping these hypothetical funds the moment they’re recovered and have no interest in Ethereum even existing five years from now. Now regardless of whether all this speculation is true or not it’s a reasonable enough thing for a bystander to ponder. Now imagine this kind of argument and suspicion–but for every mistaken funds transfer event ever–past, present, and future.

Full disclosure: I have no funds lost in the Parity wallet or any mistaken funds transfer or wallet bugs. I do have some amount of Ethereum I use actively and am developing projects that use Ethereum.