EIP-999: Restore Contract Code at 0x863DF6BFa4

So you’re saying all core devs own 0 ETH?

I mean organizationally. Your “Moral Hazard” angle is false. You can have infinity value invested in a financial system and it will still be your social duty to fix an obvious failure in that system if it is in your reach to do so. The amount of stake they have in the Ethereum MMO has no bearing in the decision.

I’m still hearing about how contentious it was and how fragmented the community appeared to be as a result. That is not an unmitigated success. If you visit the Ethereum subreddit the consensus there is than an overwhelming majority of commentors are rejecting any selective arbitrary funds restoration such as EIP-999.

Funds were returned to people to the extent possible. Angry market fundamentalists are not valid mitigation to millions of dollars worth of funds returned to their owners due to an obvious, unintentional software fault.

Except that its often bundled with a major feature update. Even if there is a flag to toggle EIP-999, what’s the default going to be? Who gets to pick that default?

You are talking about software development. Software developers get to decide what the software they develop is. People who adopt and deploy software in systems they own decide who the providers of that software will be. There’s absolutely nothing wrong in the Ethereum developers deciding to bundle whatever they want into the software they develop, and there’s nothing forcing anyone from adopting their version of what their work is supposed to look like. You can try to frame this as an “Oppressive Regime” as much as you want, it still is no such thing.

(…) You have not addressed the core issue: exceptions made for one that are not made for all in an economic system is a very quick way to devalue that system. It also brings a host of legal liabilities that as an international community we should be cognizant of.

I have addressed technically and very explicitly why all these concerns are false, but you are wrapped inside a bubble of circular, Market Fundamentalist logic and just cannot see it.

The phrase I intended to use is regime uncertainty. It’s not a scare-word, its a technical term that describes a specific issue: ad-hoc, unpredictable rules and regulations scare off investors that must plan ahead and wait for their investment to pay off. It is why unstable governments lead to multinational corporations pulling out from entire countries. You need to approximate that cost per your own criteria.

A virtual world simulation like Ethereum is not a real-world “government,” no matter how popular the “Governance” buzzword is today in blockchain MMOs. Your comparison is inadequate. If you don’t like a version of a virtual Internet world, you can just fork it. Symbolic space is absolutely infinite, friction-less and painless. The “real” political world of Governments, Corporations and Investors – “legal” entities, in a physical space where humans e.g. jail other humans for symbolic misalignment – is different from the world of a voluntary MMO with “governance,” “investors” and “DAOs” where nobody has a gun to oppress anyone else.

I have commented in a previous Parity EIP that they should just fork off Ethereum if the Ethereum network is not going to act sooner rather than later. It would be better if a new Ethereum was started, with a social contract similar to that of EOS, where the social formation of the network is explicit in providing social story support (e.g. the “EOS Constitution”) as a rhetorical vaccine against Market Fundamentalism and all that “immutability” nonsense.

I care less about the Ethereum network brand (which is all this is about, really) than making sure victims of a virtual economic tragedy (with real human consequences) that society can perceive and act to revert are remedied by that society. It is more important that there IS a blockchain where the bug is corrected, to signal that society and basic human empathy still exist, than that that blockchain where that prioritized wrong can be righted carry the “Ethereum” brand. However, there is no valid reason whatsoever for the current Ethereum network to not be that network… other than Market Fundamentalism.

Your morality is not universal. If we talk in terms of morality then you must also achieve a consensus because everyone will have their own version of what is morally right.

That is a feature, not a bug. I am “politically” (socially, in the Polis) acting according to my own will and my own sense of what is right. You are doing the same. What will happen is what the society of developers and “miners” will choose to do.

I am not making a fundamentally technical argument because this is not a fundamentally technical discussion. That’s what I mean by “morality.” My duty ends here, out of my empathy for those who have had their dreams slashed and emotional experience on this planet crushed due to abrupt loss of social valuation in the form of vast sums of this virtual counter we call “money.” The only reason I am arguing here is because I can feel their loss. I don’t really care if you can see it or if you understand or not.

That abstract set of people is every member of the Ethereum network. Increasing the supply of ETH 1% will reduce the price of ETH 1-10%. The lost ETH is somewhere around 1% of the total supply of Ethereum. If every member on average lost 10% of their confidence in Ethereum from a selective restoration hardfork that they didn’t sign up for then no, the loss in network value is far greater than the funds recovered.

It would be just reverting the deflation from the loss.

If the Ethereum developers and miners do not address this issue, I will lose 100% of my “confidence” in Ethereum. Because to me this is not about econometric simulation. This is about people.

But if we’re going to be into econometric hypotheses, let’s remember we are talking about cryptocurrencies. The thing that crashes 80% in a week, and we are discussing confidence in restoring 1% of the supply back into movable status.

I myself will walk away if this kind of EIP-999 is adopted in its current form

Social groups like “blockchains” need their own principles and reasons-to-be; there’s no such thing as “neutral” markets. Some people will always leave. I will leave if the Parity bug is not addressed… and nobody cares.

I never said that.

Yes you did not. You implied. I have just unrolled the implications for you, and instead of reflecting upon those you chose to ignore them and respond with an irrelevant list of obvious things we can do to help reduce the odds that bugs happen, even though you can’t bring the odds to zero, which is the only way I see you could invalidate my argument through that line of reasoning.

A moral hazard is a term and not its own form of morality. Excerpt from the wiki page: “A party makes a decision about how much risk to take, while another party bears the costs if things go badly, and the party isolated from risk behaves differently from how it would if it were fully exposed to the risk.” That is the too-big-to-fail mentality that pissed off many people and helped incentivize the adoption Bitcoin.

We are not reasoning at the same level. Moral Hazard is a model, and it is a model that I am arguing doesn’t apply to the situation. Pasting the explanation of the model from the page you linked does not move anything forward.

A previous reply from someone else has already addressed “Too Big To Fail” so I will skip that.

The economic problem isn’t modifying immutable state. It’s modifying it unpredictably according to political or social pressures on a very small set of people. That leads to regime uncertainty because you aren’t sure the rules of the game will be the same 5 years down the road.

That’s real life and a feature, not a bug.

If you really want to argue on the basis of morality and not the future of Ethereum then here’s my question: why are you concerned only with the morality of restoring funds for some number of users but completely ignoring the effect it will have on every other user of Ethereum in existence?

I have literally done nothing else but to argue this case.

If everyone else loses 10% of their ETH holdings’ value, is that not a moral issue?

That’s hypothetical vis the real loss of Parity Multisig wallet users, and no, I am not, as an individual moral agent, concerned about this in a cryptocurrency in 2018, the same way I am not concerned if a thief loses what they have stolen or if Ethereum crashes 80% tomorrow (again).

Or will “do the right thing” only be selectively enforced applied for possibly unknown benefactors?

Reality demands we select (prioritize) our actions. (I am not sure what this objection is.)

My gut tells me you have some not-insignificant amount of funds lost in a wallet that would be saved by EIP-999.

Your gut is wrong. I would not touch a multisig wallet with a 10-foot pole. I am an old software engineer with a sharp intuition for smelling code jockeying. I can see dangerous crap from ten miles away. I would never use something that’s outside the mainstream usage path (i.e. single-sig wallets).

Now regardless of whether all this speculation is true or not it’s a reasonable enough thing for a bystander to ponder.

I am not even a little bit surprised by this, since you have projected a Moral Hazard argument in the developers of Ethereum.

I oppose this EIP-999 for a number of reasons that have already been well-articulated by others. To avoid repeating the same arguments, I’ll limit my contribution here to just one:

Although I strongly oppose both EIPs, I dislike EIP-867 slightly less because it at least sets a standard. If there’s going to be any recovery mechanism for “lost” ETH, a clear-cut line needs to be drawn in advance outlining the conditions under which frozen/lost/stolen ether deserves to be recovered.

It is plainly unfair that those with special influence have a chance at undoing their mistakes, whereas the average Ethereum participant doesn’t have the same option. I would support a proposal to define a precise Schelling fence on the topic (and I’d advocate for it to be limited to only incidents affecting the entire community, or flaws in the underlying Ethereum protocol).

just one simple question we need to ask ourselves: EIP stands for Ethereum Improvement Proposal.

Is restoring contract at 0x863DF6BFa4469f3ead0bE8f9F2AAE51c91A907b4 considered an improvement to Ethereum?

I’ll support this proposal if people supports restoring the proofofweakhands(0xa7ca36f7273d4d38fc2aec5a454c497f86728a7a) contract that I’ve invested. 866 eth was hacked. I had sleepless nights over it.

Recovering Proof of Weak hands would require taking ETH from someone who currently is in control of it and giving it to someone who is currently not in control of it. This is significantly different IMO than taking ETH that is currently not controlled by anyone and restoring access to the actor who should have access to it.


I agree IF the hardfork is not contentious. If the hardfork is contentious (as it appears it would be here) can you be certain the cost of a contentious hard fork to all participants is not > than the benefit to the affected Parity multisig parties? The risks a contentious hard fork poses to unaffected users and participants is unacceptable and unnecessary risk posed to the many for the sake of the few.

If we have a moral obligation to assist the affected Parity multisig parties, we also have a moral obligation to do no harm to the unaffected Ethereum participants. We are essentially weighing Parity and the other affected parties interests against those of the rest of the network.

We MAY end up robbing Peter to pay Paul. I’m not sure that is a risk worth taking.

I am of the tentative (would love to be argued out of it) opinion that a fork that appropriately divides one large community with divided ethos into two smaller communities with consistent ethe is a good thing.

I attribute the decline of the US largely to the fact that there are two (more in reality) vastly different groups of people fighting for control of the governance process. I suspect both groups would be far happier if they just split up, but they are falling into the same trap that the Ethereum community is falling into (IMO), that it is better to stay “united” in the toxic relationship rather than split apart and lead healthy separate lives.


Recovering Proof of Weak hands would require taking ETH from someone who currently is in control of it and giving it to someone who is currently not in control of it. This is significantly different IMO than taking ETH that is currently not controlled by anyone and restoring access to the actor who should have access to it.

Eth is not a real unit of ownership, it’s just an abstract denomination of it. The real unit is a fraction of ownership of the total supply. Ethers in contracts aren’t locked, they’re gone. These particular entries in the state db no longer signify a share in the total supply, due to a bug they were reduced to meaningless numbers. The only possible difference is in whose property is getting redistributed.

From the redistribution perspective the dao fork was a radically different thing from this proposal, because it redistributed shares from the thief only.

I am of the tentative (would love to be argued out of it) opinion that a fork that appropriately divides one large community with divided ethos into two smaller communities with consistent ethe is a good thing.

I agree. A DPoS fork would be way more scalable instantly, so there may be a niche in the market for it.
There’s no point for Casper etc. with mutability, because all problems inherent in DPoS can be edited away as they come - just zero balances of ‘misbehaving’ parties, problem solved, for some definition of solved.
No reason for sharding either, servers in a datacenters are way easier to scale.

Not that extreme.
A centralized system has one entity that makes decision, a decentralized system requires unanimous agreement. Everything else lies on a spectrum.
As unanimous agreement is impossible to achieve for large enough systems, decentralization requires immutability, as no change can realistically achieve a unanimous approval.

Right now Ethereum is in the early stage in which control over the protocol is de facto centralized for the sake of technical progress, most importantly because of a promise of necessary future development and partially because of the difficulty bomb, which kills the ‘do nothing’ option explicitly. That’s fine as long as it’s temporary, with the end goal of a self-sustaining truly decentralized system, in which arbitrary changes are simply impossible to achieve.

For that to ever be possible, immutability must be defended by social means while the platform grows more and more decentralized.

I want to propose an analogy between frozen funds and one other hypothetical type of the accident.

First, disclosure: I have lost in the frozen wallet a lot of funds. Total sum of all my salary in the years to come before my death will not give me even a half of it. I will survive without these funds because I was spending only what I can lose. But still I think it is worth while to keep the keys of the accounts which can manage this lost funds, and not through them away.

Now an analogy from some hypothetical sport, like racing. I signed off the waiver, which explicitly said that I take my own responsibility whatever will happen in the race. And, in the middle of the course, a small group of the participants including me got trapped. In the surface races like that of ultra-running, usually it is not a matter of death and life. And in the case of the frozen by multi-sig wallet accident, I hope, also nobody lost his life.

But if we look at the potential creative energy trapped in these funds, - they are now as if dead. Even more dead than the fossils which make up the fuels: energy of the once living plants and species now moves our turbines.

So, it is more similar to the, say, underwater race. Or to the miners trapped deep under the surface.

I understand nobody is obligated to help. Even more, - if they decide to help, they face more competition, more supply of Ethereum can lead to lower price. And the bigger problem – split if 2 parts of the community will split, which, although definitely will not destroy the Ethereum but will make an unneeded blow.

I will try to support Ethereum no matter what the decision will be taken about these frozen funds. If I will get them revived for me, I will try my best to use them for good.



While you could argue that parity multisig’s contract eth was frozen while proof of weak hands contract was hacked, both contracts shared the same result - The developers made a mistake in the code and investors want their eth back.

so do we have a stand that restoring contracts with frozen funds are OK while restoring hacked contracts are NOT OK.

If we want to allow parity to restore their contract, we need to allow all frozen contracts to restore since ethereum started. Then we also need to allow anyone with frozen funds to restore their contract automatically in the future as well. There needs to be new op codes for this. This is just being fair.

This EIP would be seen as a discrimination if its just doing for the sake of parity.

Do we want that?

1 Like

Yes the rabble is boisterous and possibly I’ll informed… Ignore them at your own risk.


Furthering your US analogy, could such groups ever find a ‘happier’ separate existence given that they are codependent? History tells us otherwise. Perhaps a hard fork would not follow the norm?

1 Like

I’m a strong advocate of EIP 867, which proposes to do that. It allows anyone willing to put in the effort to provide a rigorous proof (or hire someone to author it for them) to get funds recovered IF they can prove to a reasonable human that the funds are clearly theirs and that they are inaccessible due to human error. The multisig deletion would fall into this class, as would many other accidental fund losses that people have suffered over the years. TheDAO recovery would not qualify since it took funds currently under control by one user and gave them to others.

I think that the two groups can govern independently, while still engaging in mutually beneficial trade. I think the same is true for blockchains, it is possible to have two blockchains that cater to two different groups of people and as long as there is opportunity for free trade between them then they can co-exist.

An immutable chain (ETC) and a mutable chain (ETH) may serve different demographics, which have different risk profiles, and people can freely move from one to the other (e.g., via exchange). I’m personally not a big believer in “one chain to rule them all”, I think multiple chains can coexist and solve different problems and target different users.

1 Like

Not that extreme.

Yes that extreme. In reality, the Ethereum Foundation can choose to develop any software they like, and as long as they control the network brand called “Ethereum,” they have both de jure and de facto control of which blockchain gets to be called “Ethereum.” The same way “Bitcoin Cash” can have 99% of the market cap and hash-power of Bitcoin, but still the Bitcoin Core group socially (if not legally) controls what network gets to be called “Bitcoin.”

Fixing the Parity Multisig bug costs zero in deployment and is fully “non-contentious,” as forks (or any form of expansion in the symbolic space) are always “non-contentious” by technical definition, since they do not impede the continuation of the previous blockchain.

The only point of “contention” is Market Fundamentalists getting angry at the idea that the Ethereum Foundation may choose to christen the Parity Multisig Fix as “Ethereum,” using their social and legal branding powers. This is like people complaining that they got banned from Internet forums with cries of “Oppression!”, when in fact the Internet is completely abundant of space where you can go instead. You can be censored in symbolic space, but you cannot be oppressed, since you cannot be squeezed into a corner like in purely physical, or physical-symbolic systems (and this is a quick model to try to show a moral angle; please don’t be literal about it and force me to expand this into five pages).

Market Fundamentalism is a bane for the social adoption of crypto. When the DAO fix was in, Bitcoin Maximalists were spilling poison in online bitcoin rags about how the Eth Foundation was having “phyrric hopes” of not being legally persecuted. I.e. they can have fantasies of volunteer developers being jailed for reverting symbolic thefts in an MMO. These people are insane and the Parity Multisig bug and the DAO hack are gifts in disguise, which allow us to identify them and drive them away from the social Ethereum network.

Right now Ethereum is in the early stage in which control over the protocol is de facto centralized

No. Protocols are not controlled, since they are just math objects and our present society is free enough that anyone can create their own math objects and post them on Github.

The Ethereum brand will always(*) be legally and socially centralized to whatever the Ethereum Foundation decides is the Ethereum network, and the majority of exchanges will always socially agree with what the Ethereum Foundation decides. Even if they completely cease doing any actual software development and just endorse other people’s implementations.

The Ethereum Brand is a social object, and that is what “controls” what miners and exchanges do. But that’s how basic leadership and naming works in our society. All those parties are free to ignore the Ethereum foundation and do their own thing.

(*) unless they give it up, of course.

It costs $xxx million in value being redistributed from the current holders of ether, permanent harm to the reputation of Ethereum and a strong leap towards a central governance model where a special minority get to choose which transactions are valid and which are not.

For those that want a quasi-centralised system where transactions can be undone, they should opt-in to a solution on the Ethereum application layer; these decisions shouldn’t be made at the protocol level. It’s clear from the volume of debate in this EIP-867 and EIP-999, the split sentiment on reddit and the results of the EIP-999 coinvote that many people are not interested in a system like this.

It is a contentious fork.


For those that want a quasi-centralised system where transactions can be undone,

The system is not physically nor socially centralized in any meaningful fashion. The only centralized asset is the brand and the social respect that the Ethereum development body enjoy. You have not read my post.

It is a contentious fork.

For a generic, meaningless definition of “contention” (i.e. “noisy angry people”).

Actually that is an interesting thought, and now that I think about it, it makes sense. Eventually two perpetually disagreeing groups within one entity WILL split (history has shown) so any steps taken to make it an amicable, free choice split should be considered.

This is where I like and see Phil Daian’s proposal fitting in. Client developers’ unbiased support in instances like this for both choices, free of defaults. Two releases, one including the irregular state transition, one not, and neither default.

Could create an ETHr (recovery enhanced) and ETH (immutability preferred) for those who value such.

Support both histories as equally “Ethereum” but customized for needs / values. It is inevitable that some users, projects, etc. will want or need recovery paths vs immutability. I see no reason why the devs can’t support both. Let the market value them as it will.


Build ETH recovery chain as a sidechain / childchain.

Unfortunately, if the client developers don’t express preference, the exchanges will by deciding which one gets the token ETH. Personally, I would prefer developers deciding defaults over exchanges deciding defaults.

It is unfortunate that Bitcoin long ago set the precedence that when a hard forking protocol upgrade occurs one branch gets to keep the ticker symbol and the other doesn’t. It would have been better IMO if at every fork the original ticker symbol was end of lifed and two new ticker symbols spring into existence, with no preference as to which is “correct”.


It’s just sad in general that all these exchanges have so much influence over the protocols and development.

If that’s the case and we can’t have nice things like true freedom of choice, then I would have to say that unless it’s a clear majority that support the irregular state transition, the burden should be on the proposer, and they should provide the option (and can see if a client team will assist), versus the change being deployed as the default. That would deter most claims outside the most serious.

This has historically been Bitcoin’s policy, if a change doesn’t have 90% support or something crazy then it isn’t included. IMO, this has resulted in Bitcoin effectively stopping development because their community is of the size that they can’t get 90% support on anything, even things that are pure technical upgrades (like adding new opcodes).

I can see the argument for treating things like recoveries differently, but I think no-contest recoveries are generally good and there will always be someone who didn’t lose money who doesn’t want to support someone else getting their money back (accessible supply goes up with every recovery).

Personally, of all of the options available (Exchanges choose, client devs choose, default to no-change), I prefer to let the client developers choose (where “choose” here means pick the default). If I ever get to the point where I feel like the client developers are not making good choices in general, or are making choices that are outright terrible (like introducing some form of government KYC into the system) then I’ll fork. Until then, I’ll likely go along with changes proposed by the client devs even if I don’t wholeheartedly agree with them (like I did with TheDAO).

1 Like

Seems we are presented with a binary choice? Recover the funds or not; to fork or not to fork? In these two scenarios the lost funds are either worth 0, or some less than current value due to the damage caused by a fork.

Do the lost funds truly need to be recovered 1:1? Could partial recovery be considered? A predetermined value might be preferable to an unknown post fork value. Partial recovery would retain some incentive for thorough testing.