Here the code has a bug/ defect/ exploit
The whole point is how to objectively define what is a bug or what is a feature?
You are viewing a single comment's thread from:
Here the code has a bug/ defect/ exploit
The whole point is how to objectively define what is a bug or what is a feature?
Objective definition of that is impossible if you don't have a formal specification. If you have a formal specification then that would be the start. If you have that then the code has to meet that or it's wrong. In addition to the formal specification you should probably also write out a document of intent which reveals the intentions of the developers on a regular basis, or just add some comments to the code which says "this part of the code intends to do only x and only for y purposes. TheDAO code was very well commented and people still missed the bug, even after it was audited, even after many people looked at it.
If it's a bug then it's not a hidden feature and the smart contract is not a scam. The developers simply made a mistake. If it's a hidden feature then maybe it's deliberate and the smart contract is a scam. When written in a Turing complete imperative language like Solidity it is very hard to determine exactly what a piece of code is doing. Code becomes like poetry with a lot of room for obfuscation or mistakes.
How do we determine whether it's a bug, a defect, or a feature? Honestly we can't. We can only look at the behavior of the code as it runs to determine that.
A "feature" would be something that parties to be in the contract intended. A "bug/ defect/ exploit" will be something that the parties never intended to be in the contract and needs fixing.
To say the recursive-split attack is a "feature" of the DAO is like saying (in the example I gave) paying $100,000 dollars is a "feature" of the mowing contract. It isn't. No-one would "objectively" say that the parties intended that a feature of the DAO was to allow any single person to siphon off millions of dollars of other peoples money when they split.
"The computer says yes" would hold no water in a court of law.
It could be a hidden feature but if it is a hidden feature it's a scam because it's a feature no one knew about except the programmer who wrote the code. If it's a bug or defect then even the programmer who wrote the code didn't understand what the code was doing so even the writer of the smart contract couldn't read it.
As much as I agree with you to a point and am currently taking personal losses in this matter, is this bug not a feature of the arrogance of some prominent parties involved in this project. Its one thing to create functional digital cash as in the case of bitcoin, but expecting to eliminate lawyers without an in-depth understanding of law is a bit naive.