If the hacker had not said the bit about donating to Ukraine, but instead just made the proposal "send me all the money" would he have committed any crime? It's not clear to me that, apart from lying, he really did anything you're not supposed to do.
If, analogously, my bank had a program where people could propose actions to the bank and vote on them by putting dollars in a "yes" or "No" jar - and I started a "give me the bank" proposal, took out a massive loan and won the vote... What have I done wrong?
Yes, it would be theft because the usage was clearly outside of the intended use of the system. This sort of thing has been tested in the courts before and likely falls under the realm of any bug exploit.
For another example, let’s say you were an employee of a retailer with the power to set a discount on certain items. You suddenly set a 100% discount on every item in the store and then buy all the inventory for $0. Try explaining to the police that you were actually fully within your legal right to do that.
> For another example, let’s say you were an employee of a retailer with the power to set a discount on certain items. You suddenly set a 100% discount on every item in the store and then buy all the inventory for $0. Try explaining to the police that you were actually fully within your legal right to do that.
But if you were the board, or the majority shareholder, it would be fine. Which is what happened here.
They borrowed money, bought a majority of the BEAN, used that BEAN to vote on their proposal to take all the money, and it passed. They kept the money, sold the BEAN, and returned the borrowed money.
You wouldn’t want to be an investor in one that did or looked like it was doing that
But yes there are other deterrents like not optimizing share price or returns for the other shareholders, by laws, state laws, rules from the exchange you trade on and mayyybe a regulator
When i heard beanstalk was exploited, i was thinking this was some like some instant leveraged buy out, like in tradi where a investment fund borrows a bunch of money (with the other companies assets as collateral), buys a company and sells there most profitable assets while the company lingers own death door for years (with some kind inflated asset valuation with the rest of their collateral leftover) before bankruptcy.
Just much faster in crypto because they allowed for their governance to be vulnerable to flashloans.
Which analogous cases are you talking about specifically?
And as much as your example would likely result in some kind of conversation with the police, it also highly depends on whether you discounted items fraudulently or if you did it because you specifically were in the position to do so. Your example describes it as though you had full legitimate power to discount certain items up to 100% off. At that point, at worst you would have violated company policy and not the law. You might get fired for it but when a retailer you work for offers a discount you are eligible to participate in it.
Code is law in crypto. You can’t hate the law/regulation then call it in when you need it.
Also I don’t think your retailer comparison works, in this case the power to give the user the rights and ability to create 100% discounts was designed into the system and although the outcome is unintended, it is not a flaw because the system allowed it and everyone using the system was allowed to audit it before putting value in.
> Code is law in crypto. You can’t hate the law/regulation then call it in when you need it.
"Code is law" is the mantra of people who are either ignorant of how the law works or attempting to run from the law [1]. You don't get to choose whether or not the law applies to you [2].
[1] Or both. These aren't mutually exclusive categories.
[2] Source: see every sovereign citizen case ever. I was originally going to write "ask any sovereign citizen," but then I remembered that the failure of their legal theories to ever find purchase in a courtroom does surprisingly little to make them realize that they are wrong.
we don't get to choose whether the law applies to us, but we do get to choose whether the code applies to us. The idea being that code is is far more powerful than law
Edit: see Tor/I2P vs censorship law, or BitTorrent vs copyright law
That seems odd. People get fined when trying to circumvent copyright (or more). Censorship laws don't disappear just cuz you have a trick around the implementation of some firewall.
I would also counter the idea that we choose whether code applies to us! Loads of daily interactions with different companies or the government go through automated systems that make their own decisions.
We don't have line item vetos on what affects us in life, in a lot of scenarios. There are a whole lot of package deals, and big bureaucracy is a part of that.
> That seems odd. People get fined when trying to circumvent copyright (or more).
If they get caught. If you were opposed to copyright law, why go toe-to-toe against IP lobbyists when you can make a computer program that makes their tyrannical laws irrelevant?
> Censorship laws don't disappear just cuz you have a trick around the implementation of some firewall.
Censorship laws don't need to dissapear so long as they are rendered unenforcable.
> I would also counter the idea that we choose whether code applies to us! Loads of daily interactions with different companies or the government go through automated systems that make their own decisions.
You can make code apply to you, but you cannot make code not apply to you. Once someone starts using a technology, that changes the game in an irreversable way.
> We don't have line item vetos on what affects us in life, in a lot of scenarios. There are a whole lot of package deals, and big bureaucracy is a part of that.
No, you merely accept bureaucracy because you are old and complacent.
Bureaucracy and legal systems pose some sort of physical threat to you and can use violence (or the threat of violence) to enforce their rules.
In most western societies this happens only if absolutely necessary, after many warnings and the reactions are quite measured (e.g. you won't get shot for a parking ticket). The existence of assholes make people ask for rules to reign them in.
Whoever can send armed people to your door makes the rules. If you are a lucky you have some degree of say who that is (elections) and what that rules might be (e.g. ballot measures, public discussion). If you are unlucky the militia just shows up and takes you to a dark alley.
Crypto (or any other technology for that matter) doesn't change that fundamental fact that your physical body is located somewhere on this world and is accessible to someone. It takes some time for the bureaucracy and the laws to adjust but it always happens.
If need be (e.g. you created a smart contract that does something illegal) you can be punished so other people won't do the same.
In conclusion:
> No, you merely accept bureaucracy because you are old and complacent
In this case I was just using it as a figure of speech, commonly used in the crypto community.
It would be interested to see how different courts would settle the matter. I imagine it will be an interesting legal future for various crypto projects.
You can choose to give your consent to activities like exploiting code though. You can consent to being in a fight (e.g. boxing or mutual combat states). You can consent do whatever with your code (e.g. CTF style sites). To me, it seems like saying "Code is law" or allowing people to create arbitrary proposals and voting on them with loaned money is kind of consenting to whatever happens.
There are things you can't legally consent to. You may able to consent to being in a fight, but you generally can't consent to a fight to the death (e.g., a duel). Nor can you generally enter into an agreement to commit fraud, or other illegal activities.
Fine, but my values say that fraud is fraud whether you do it on a blockchain or not. I expect most of the public to agree and the laws of most countries to eventually reflect that even if some crypto maximalists don't like it.
I don't follow the analogy, but here's one that works for me: it's like leaving your door unlocked by accident, b/c you didn't understand the lock properly or were in a hurry. Negligence, sure, but it takes a person exploiting that negligence to get to the point of theft.
When you use or own a cryptocurrency, some of your wealth is transferred to miners in exchange for securing the network (block reward, fees -> mining, development). When you use or own a fiat currency, some of your wealth is transferred to governments in exchange for securing the economy (inflation, fees -> regulation, protection).
I think it is generally unfair to make the taxpayer to front the bill of the government protecting cryptocurrency institutions (via the justice system), especially when the cryptocurrency networks are supposed to be trustless and self-securing. That's basically a net transfer of wealth from the public to a special interest group of cryptocurrency users, and furthermore a rival financial system.
Well, if your bicycle is stolen in a big city feel feel free to discuss how important the law is with an officer at your local station; you aren't going see it again.
The "law is law" response to "code is law" is terribly uninteresting. It's just semantic shuffling.
I don't think it is because "law is law" has physicial enforcement behind it (in many cases) while "code is law" doesn't (unless through the regular legal system which won't enforce "illegal" smart contracts)
The intended usage in my opinion is up to the governance to decide. They can vote on things related to how things should work. The project can be taken any way the governance decides and if the governance decides that it wants to send all of the funds to a single person I don't see how that is outside the indented usage. The exact same action could benefit all the users in case the smart contract had a vulnerability and he wanted to save everyone else's funds from being stolen.
In regards to your example if the employee truly does have the power to do that and the intention for that power is not stated. I think it's fine for them to take actions which cause the store to lose money.
Edit: As a sibling comment mentioned it's more like if a owner of the business decided to add these discounts.
A majority shareholder in a company isn't allowed to take all the assets even though they have the votes. The minority does have rights. Like, this is what the eternally misunderstood fiduciary duty is about: the company isn't your personal piggie bank just because you're at the wheel.
The same could be said about other vulnerabilities like mysql injections. The difference in this case is that there was a government proposal that was legitimately passed, but it was unpopular with the community as votes are not 1 per person but rather based off how much you have financially invented into buying voting rights.
In real life this would be the equivalent of buying enough shares of a company to make unpopular changes. Hostile takeovers aren't illegal AFAIK.
If someone had a website that said "My server's code is law. You can do whatever it lets you do." And you found an sql injection vulnerability I would think you'd be allowed to mess with it.
Banks, and other companies, can indeed have shareholder votes to make decisions. You can't vote with dollars directly but you can buy more shares.
So shares are similar to governance tokens in DeFi projects. And in the real world, people also borrow money to get more than 50% of the shares. This is called a leveraged buyout.
However, the difference to DeFi is that shareholders have certain rights (like the right to share in the profits and assets) that are protected by laws. That means a majority shareholder cannot take actions that amount to stealing the company's profits or assets from other shareholders, or they'll be sued. They may do things that the other shareholders don't like, like dismantling the company by selling of parts for cash, but they'll have to fairly share the proceeds.
If, analogously, my bank had a program where people could propose actions to the bank and vote on them by putting dollars in a "yes" or "No" jar - and I started a "give me the bank" proposal, took out a massive loan and won the vote... What have I done wrong?