Attempt to Reverse a $55 Million Ether Heist(bloomberg.com) |
Attempt to Reverse a $55 Million Ether Heist(bloomberg.com) |
He strictly followed the terms of a contract by people who were very clear that "code is law" and who did not want institutions were the result is decided by human judgement.
Almost the majority of Wall Street refused the bailout money. Paulson almost force them. The bailout money eventually made a profit ($15B). One could argue that the return rate was low (0.6% annualized), but still, this is far different from what most people have believed till this day: i.e., US gov just gave taxpayer's money away to the banks to cover their ass.
Paulson also almost managed to save Lehman Brothers until British Gov said no to Barclay's role in the plan. (Wall Street banks would acquire LB's "good assets" while Barclay would buy their toxic ones as its gateway to become a more influential player in US market.). But even Lehman didn't reach out to Pualson to get itself saved. It's the other way around: Paulson was trying many ways to save Lehman because he knew when Lehman went down, market would panic and then even those banks in good shape would be affected.
Same idea with the guys getting rich of off of patents in the pharma industry (e.g. EpiPen). Nothing these forms are doing is technically illegal.
But the reason some of these guys are gonna be crucified is the arrogance and lack of public contrition. They really need to take a page from the banking execs of 2008 who cried no-fault all the way to the bank.
> The California electric grid operator built a set of rules for generating, distributing and paying for electricity. Those rules were dumb and bad. If you read them carefully and greedily, you could get paid silly amounts of money for generating electricity, not because the electricity was worth that much but because you found a way to exploit the rules. JPMorgan read the rules carefully and greedily, and exploited the rules. It did this openly and honestly, in ways that were ridiculous but explicitly allowed by the rules. The Federal Energy Regulatory Commission fined it $410 million for doing this, and JPMorgan meekly paid up. What JPMorgan did was explicitly allowed by the rules, but that doesn't mean that it was allowed. Just because rules are dumb and you are smart, that doesn't always mean that you get to take advantage of them...
> The U.S. legal system has built up a pleasantly redundant system of safeguards so that investors usually get more or less what they expect. If you invest in a U.S. public company, you are in a sense signing up for a certificate of incorporation and bylaws, which are written in lawyerly language. But you also get a prospectus that explains the terms of your investment in relatively (relatively!) plain English. Also the terms of that investment -- how you vote, what duties the company owes you, what rights you have, etc. -- tend to be constrained by federal securities law, state law, stock exchange listing requirements, underwriter due diligence, public policy, custom and tradition. Even if you invest in a company whose bylaws say that the board of directors can sacrifice you to a demon on the first full moon of a leap year, it's unlikely that that term would be enforced. There is only so much leeway to depart from the standard terms.
> If you invest your Ether in a smart contract, you'd better be sure that the contract says (and does) what you think it says (and does). The contract is the thing itself, and the only thing that counts; explanations and expectations might be helpful but carry no weight. It is a world of bright lines and sharp edges; you can see why it would appeal to libertarians and techno-utopians, but it might be a bit unforgiving for a wider range of investors.
[1]: https://www.bloomberg.com/view/articles/2016-06-17/blockchai...
Code is law. The community decided/realized the "law" as written wasn't the one they wanted, so they created a fork that captured both the letter and spirit of the "law" rather than the letter of some other one they didn't want.
I don't get the holy wars over this, other than the fact that some people are obviously very motivated to pump their empty shell coin in the hopes that it beats the leading ETH one. "Code is law" and "laws are imposed upon humans against their collective will" lead to two very different things.
C-3PO: He made a perfectly legal move.
Han: Let him have it. It’s not wise to upset a Wookiee (The Ethereum founders).
C-3PO: But sir. Nobody worries about upsetting a droid (a regular contract user without influence). Han: That’s cause a droid (regular contract user) don’t pull people’s arms out of their sockets (hard fork the entire crypto currency and call you a thief) when they lose. Wookiees (The Ethereum founders) are known to do that.
C-3PO: I see your point, sir. I suggest a new strategy, R2. Let the Wookiee (Ethereum founders) win.
With Chewbacca's and the Ethereum founders' behavior, you would be a fool to play their game again thinking that they follow the rules.
This seems like a tenuous connection at best.
Unfortunately for Aviva, their contracts are actually law in contrast to Ethereum where if the devs feel like it, they can do/revert anything.
[1]: https://ftalphaville.ft.com/2015/02/27/2120422/meet-the-man-...
Can someone familiar with this explain how something financially based can have a capitalization flaw? I would expect a smart contract language to have very strict type and variable linking. Humans make many mistakes in coding but most of the time it doesn't cost $55m. A transaction language should be very strict so either the smart contract language is flawed or the author of this article is overstating something for dramatic effect.
EDIT: Found this: https://github.com/slockit/DAO/blob/v1.0/DAO.sol#L666
on a deeper dive: http://hackingdistributed.com/2016/06/18/analysis-of-the-dao...
I have no clue how they managed to fool so many people with poor and shoddy work. But they have so far. And they've fooled everyone that this is a 'hack' even after saying time and again "The code is the contract, and the contract is the code"... Unless lead devs lose money.
`Transfer` and `transfer` are two different functions, one creating an "event" (think a signal on the blockchain) and the other actually transfering tokens.
The true flaw lies in the reentrant attack on `.send()`
There are no address checksums in the Bitcoin blockchain; all contracts/scripts on the blockchain reference raw hashes. Only at the application level -- e.g. sending an address to a friend in an email -- does Bitcoin make use of checksums, since blockchain space is fairly precious/expensive.
Put simply, all code has bugs. How can Etherium ever work in practice at scale?
Aren't there a to of Bitcoin organizations with hundreds of millions of dollars flowing through them? If these companies found a way to operate safely with manageable risk, through things like cold storage and encryption schemes, than how is it much different from Ethereum?
It's fun to say things like "code is law" and imagine everything happens within this self-contained bubble but this stuff still operates in the real world and there are risks and consequences for actions as well as real world security mechanisms regardless.
Code as law is right, but laws can (and should) change, because the effect they can have can be devastating if loopholes do the opposite of the intention behind the law.
The fallacy here is that we have one immutable law that governs everything, that is set at one time and never changed - how ridiculous. This is utter nonsense.
The DAO was a beautiful experiment that went badly wrong. In the grand scheme of things, if this was a heist in the traditional sense - everyone would have lost out. But as it stands, it's probably the biggest bug bounty in history.
Hopefully no one got hurt. We learn and move on.
Ether thief remains a mystery, one year after $55m digital heist
The guy went to a bunch of people with the idea and they liked it.
The people talked about it a lot and many more people joined in.
They all pooled their money together to launch this cool money.
Some other guy came over, saw all of this, looked at the code, and used the code to transfer $55M to his wallet.
Arguments about law and contracts ensued.
At least as far as we're aware.
well, isn't the financial law against this kind of incompetence in the first place?
I don't think the thieves would be guiltier than the team behind DAO.
ps: and line 666??? who the hell keeps a single source-code file that big? no wonder bugs are around...
People don't like to get screwed over.
This is what Ethereum users actually believe.
Want it or not, Ethereum is very much led by a small group of people, and when those people lose their money, they ask the community to hard fork because really it would be a shame if the cryptocurrency they invested in lost value and became worthless. After all, it's not as if every cryptocurreency was nothing more than just a way to speculate.
Ask a thousand people if they want to lose money or win some, they'll all answer win. Even if lose is the normal (and in Etheureum's case, codified and agreed on by everyone) course of action.
By the way, the vote was at a default 'yes' and had to be explicitly disabled.
It's almost as if some recourse for actions done in bad faith is a useful tool to have as a society...
> Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.
It's not useful to have in an electronic currency. In fact, it goes against the whole idea behind ethereum.
>Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.
Had Vitalik ignored the vote and put his organization and the "canonical" chain on the non-HF side his would be the "abandoned" no-name chain, and people would now be mining some ETH derivative in line with their votes.
This is honestly just a fulfillment of "code is law", with the obvious rule above it being "humans accept or reject laws collectively". In this case, people rejected the former "law" and opted for one that captured the spirit/intent rather than the letter.
The DAO was pumped up by VCs and friends of the founder of Ethereum, which, before the launch, attracted some people who had clout from the big banks and enterprises, ergo, if the DAO failed then Ethereum failed in the eyes of the most lucrative customers & developers there.
The thing that pissed of purists so much was, that when it first came out it was marketed as this beautiful "world computer" that would be incorruptible by anyone, but the hard fork made it apparent that the values of the Ethereum community had changed to value support of banks & business over that idea.
I was at a conference this week and watched a lecture by one of the founding board members of the Enterprise Ethereum Alliance, who was getting the crowd fired up about the idea of ICO's, and then directly after his talk, David Birch from Consult Hyperion came on and said that people who are involved in the launch of new tokens in this current feverish phase are extremely likely to go to jail for fraud. Was hilarious
Edit, just to give people an idea of where he's coming from ideologically, these are some of his comments that show the kind of world he wants to see:
https://youtu.be/c8mdr8iwX20?t=6m49s
"law-abiding taxpayers like me are subsidizing criminals to use cash and not pay taxes"
https://youtu.be/c8mdr8iwX20?t=10m47s
"so getting rid of cash has some other benefits which will lead to unexpected changes. For example for economists, getting rid of cash means that you lose the zero lower bound on interest rates. You can't have interest below zero because if you drop interest rates below zero people will just draw out the cash and just hold it. If you don't have cash you can have negative real interest rates. So getting rid of cash has a lot of benefits."
https://youtu.be/c8mdr8iwX20?t=13m55s
"So if you allow us technologists to build the stuff so we build something like Bitcoin which let's pretend it's anonymous. Do you know what you get if you let us build that? You get a giant electronic Somalia. If you want to live in a society which is entirely driven by anonymous cash, where the rich aren't accountable anymore, where whoever's got the most money can be the warlord and do what they like, well that's what you're letting us build now"
His demonization of cash remind me of this:
"The cashless society – which more accurately should be called the bank-payments society – is often presented as an inevitability, an outcome of ‘natural progress’. This claim is either naïve or disingenuous. Any future cashless bank-payments society will be the outcome of a deliberate war on cash waged by an alliance of three elite groups with deep interests in seeing it emerge"
https://aeon.co/essays/if-plastic-replaces-cash-much-that-is...
This is a good discussion: https://www.bloomberg.com/view/articles/2016-06-17/blockchai...
Somebody exploited a flaw in the system and managed to grab millions of funny-money currency. It's like cheating at a game of monopoly except that many of the players think the rules of the game are "the law" in real life.
Me. SQLlite. .NET's garbage collector. CPython's eval. Lua's lexer. xinit. dwm. These are off the top of my head that I've seen
https://raw.githubusercontent.com/dotnet/coreclr/master/src/...
https://github.com/catseye/Befunge-93/blob/master/src/bef.c
https://github.com/rust-lang/rust/blob/master/src/liballoc/v...
https://github.com/oxyc/luaparse/blob/master/luaparse.js
Yep. Pretty troll comment. Felt like taking the bite today. I'm going to get back to getting my lexer past 1000 lines today: https://github.com/serprex/luwa/blob/master/rt/lex.wawa
Why would you expect there to be a relationship between source file size and bugs?
Suppose a program has 100 functions, and each function is 10 lines plus on average 4 lines of comments.
If I organize it as a single file, it will be about 1500 lines.
If I organize it as 10 files, they will each be about about 150 lines.
But when I'm actually working on the program I'll be seeing it through a window that shows the same amount regardless of whether the program is one big file or 10 smaller files.
Since I see essentially the same thing in both cases, I don't see how the bug rate will be different.
Don't get me wrong...I'm not saying it is OK to always put everything in one file. There are times when good design requires multiple files. For example if a program must use global variables and the language supports globals that can only be references within the file containing them, then organizing files around which globals functions need access to might be a good idea and help avoid bugs.
But in that case it is not the size of the files that matters. It is their data access needs.
Line 666 is an entertaining coincidence but that is really not that large a file for most languages.
Example? Or do you just mean like every financial organization ever (even beyond Wall St) that pushes back on regulatory oversight?
Attempting to regulate Ethereum with human gatekeepers sounds ridiculous to me, especially at this point, and entirely defeats the purpose of the whole system.
These people who put money into that DAO fully knew the risks of what they were doing. And none of them are calling for centralized oversight from the US gov as a result. So I'm not sure who this would be protecting or helping.
[1] http://www.proz.com/kudoz/french_to_english/insurance/625262...
For example, how does 'run exactly as programmed' rule out fraud? Fraud is as programmable as legitimate activity.
For example, if fraud is not possible, then what was the justification for the hard fork?
People who have bought into a delusion find it hard to evaluate evidence - for example "Van de Sande is eager to move on. “It was really just a blip,” he says." So what was all the fuss about? After all, it was just two lines of code, so simple in retrospect, and now it has been fixed, so there's nothing to worry about, right?
Perhaps my favorite quote is "“I’m absolutely amazed. Why has no one traced this back and found out who did it?” asks Stephan Tual, the third co-founder of Slock.it." He is amazed that in one respect, this digital currency lived up to one of their major claimed benefits?
I am also not at all surprised by the 'shoot the messenger' complaints about Sirer's involvement.
The reality is that the verification of software, especially at this scale, is a really difficult problem, and everyone who has bought into the delusion seems to think that someone else is going to do it for them - I doubt that even 1% know how to do it themselves. So much for 'trustless'.
"Without any possibility" - You'd think that'd raise a few red flags.
The probability that Ethereum will be subject to downtime, censorship, fraud, and third party interference is 1.
How can they have that on their landing page and keep a straight face?
It depends on how you calculate it but, actual costs where over 50 billion net loss. But, it was really important for politicians to point to it as a 'success' so there is more than a little creative accounting going on.
http://www.reuters.com/article/barclays-lehman-idUSLDE62B258...
You can't trust anything in Too Big To Fail, unfortunately. Shame, it reads really well.
Every official source that explains the 2008 crisis is full of lies. The big banks all engaged in massive fraud and the bailout was the cover up.
- Women are underrepresented — in STEM fields at large and in the cryptocurrency space in particular — relative to a fairer world with less sexism, outmoded notions of gender roles, etc.
- This underrepresentation self-perpetuates partly because well-meaning men in these fields don't realize it's happening: it always feels better to believe a happier story about the world being more fair, and such men have less data about what keeps women out than they would have in a fairer world where women were more present to tell their stories.
- Erring on the side of feminine or gender-neutral pronouns — against this backdrop of under-representation — is a lightweight way to signal basic awareness of these issues and avoid the appearance of reinforcing them or believing they should be reinforced. As such, it informs my general model about the writer's thoughtfulness/sensitivity, which has some bearing on how compelling I find their argument to be.
It also bears noting that while I can mostly shrug and move on if a writer is implying apathy (or worse) about this issue, it is a more acute and even threatening signal for some women whose careers/lives have been damaged by these playing fields' having never been level, and it is morally fraught to participate in and benefit from discussions/community/resources that are effectively/unfairly off-limits to under-represented groups.
tl;dr:
- default-masculine-pronouns are not neutral,
- we've all been tacitly made to think that they are,
- some work to counter that makes sense, and
- it's good to push conversations/awareness about them because the default perpetuates them.
Avoiding Sexism in Legal Writing—The Pronoun Problem
https://lawyerist.com/49433/avoiding-sexism-in-legal-writing...
It has some solid advice, but it also notes that the use of "he" in sex-indeterminate situations was codified by Ann Fisher, "an 18th-Century schoolteacher and the first woman to write an English grammar book." Now, every time I see "he," I think of her.
The problem is that Ethereum cannot live up to its intended purpose, at least not the hyped, pie-in-the-sky purpose that it is being promoted with.
>These people who put money into that DAO fully knew the risks of what they were doing.
Pretty clearly, they did not - and when it went pear-shaped, they abandoned all their principles to rescue themselves from the situation they had created. They appointed themselves as agents with more powers than any statutory regulator has.
How exactly?
By rolling back the primitive marketplace that had almost zero repercussion because the marketplace was barely beyond the first users?
I didn't see anyone calling for solutions that went outside of the control of Ethereum. To fit into your snide analysis they would have turned to state authorities for help or called for other real centralized systems of control. But that didn't happen. As far as I can tell there was zero control relinquished to central bodies as a result and it would be almost impossible for them to take the same approach now that the market is maturing. So the original decentralized concept still underpins the technology as it ever did.
Comparing the early alpha days of the system to the stated ideals of what they want the system to be in the future in not fair.
If every experimental project followed your advice by being totally risk adverse as well as was carefully controlled with red tape from the early days then we wouldnt have any innovation or the great products we have today. Just look at Japan's market, feeding off industry from the last time they allowed markets to operate freely in the 1980s, if you need proof of this.
This idea that you see nothing wrong with believing you know better than people who volunteered their time and money with this project and they need to be protected by government systems is what concerns me. Why not let them run this project and see if it fails or not? Is it really worth killing this experiment to mitigate risk so a few people don't get burned?
I personally think this project is full of snake oily hand wavy ideas that will mostly fail. But I'll endless defend their right to try it. And provide feedback and thoughtful analysis to poke holes in the bad stuff as I come across it.
>How exactly?
If I am not mistaken, the central principle of Ethereum, from which almost all of its alleged benefits arise, is that the blockchain is the sole authority and so the currency, contracts and transactions are consequently immune to meddling. Of course, one might argue that it was never true, and that all the hard fork did was to demonstrate that fact, but truth is not a necessary feature of a principle - though false principles usually turn out to be unworkable in the long run; see, for example, communism.
Your argument seems to be that the hard fork was feasible, expedient and harmless, but that is not an argument against it being a breach of their own principles. Furthermore, if you followed all the arguing at the time over whether there should be a hard fork, you would know that there are plenty of people who thought it was a terrible idea - so much so that some of them have gone to the considerable trouble of keeping Ethereum Classic running.
>Comparing the early alpha days of the system to the stated ideals of what they want the system to be in the future in not fair.
It is certainly fair to point out that they are unjustifiably claiming that it is, now, what they want it to be in the future. Furthermore, I don't recall it being described as alpha software when people were putting hundreds of millions of dollars worth of assets into the DAO.
> If every experimental project followed your advice by being totally risk adverse as well as was carefully controlled with red tape from the early days then we wouldnt have any innovation or the great products we have today.
Even if these general points were not exaggerated and simplistic, they would not refute the specific claims about the current state of Ethereum. Furthermore, you seem to think I am advocating the regulation of Ethereum, but I don't think that would save it from its fundamental contradictions.
> This idea that you see nothing wrong with believing you know better than people who volunteered their time and money with this project and they need to be protected by government systems is what concerns me. Why not let them run this project and see if it fails or not?
See my immediately previous response - though I would prefer it if Ethereum was promoted without claims that cannot currently be justified.
> Is it really worth killing this experiment to mitigate risk so a few people don't get burned?
That's what the opponents of the hard fork said - but the people who would have been burned without the hard fork would have included some of the most influential people in Ethereum. It would be interesting to know how much the pro-fork miners had at risk in the DAO.
> I personally think this project is full of snake oily hand wavy ideas that will mostly fail. But I'll endless defend their right to try it. And provide feedback and thoughtful analysis to poke holes in the bad stuff as I come across it.
You seem to be trying pretty hard to not notice some significant holes.
Given that humans are imperfect, and could even potentially act in bad faith, isn't it reasonable to have an exception clause? I get the argument to not have one; that it's impossible to have favorites and central figures manipulate the system, but nothing is perfect.
It absolutely is. Which is why you don't say "code is law". Which is why Ethereum is dumb.
https://github.com/seL4/seL4/issues/36
It might be close... for miTLS I don't have access to the issues, but let's assume it's bug free now for sake of argument; it hasn't always been bug free, that is in earlier unproven releases.
"Program testing can be used to show the presence of bugs, but never to show their absence!" - Edsger Dijkstra
They claimed again and again that the code is the contract and vice versa. That was proven not true by the VIP() function.
And seriously, if this protocol was given proper due diligence, there would be no reentrant attack on this. But that points back to amateur hour. And a lot of people here have money in ETH and can't come to understand this due to the extreme cognitive dissonance.
(The premise of Ethereum really is amazing. Too bad it wasn't given the same diligence as Satoshi gave it.)
(All right, all right, excluding Mac OS X. But it's weird.)
(And before someone says it, yes, of course performance matters for filenames. Every single stat shouldn't need to worry about case folding.)
In the UK, for the most serious (indictable-only) crimes, then no. But you can ask the judge to end the trial after the prosecution case if no reasonable jury could convict, including if as a matter of law no crime has been committed.
The DAO was created with the intention to allocate its funds according to a certain voting scheme, with everyone's power determined by the number of tokens they held. But the program did not correctly implement this intention, and the DAO hack exploited the difference to bring the funds under control of the attacker. This most likely violated the Computer Fraud and Abuse Act, and was thus illegal.
Sounds good in theory. In practice it's mob rule. We have pretty good evidence, i.e. history, that the rule of law is better.
I'd love to see a couple citations for that? Hell, I'd be fascinated to read the experimental setup.
To be truthful, it sounds like someone hooked you with some pseudoscience on poor foundations.
Without getting too abstract, even traffic lights or zebras, from the perspective of a pedesetrian, (as an example of a simple system) would be a horrendous and extremely time consuming experience if its rules were enforced by the letter. Imagine if you could >only< pass the road accross the zebras...
Human made systems need to be imperfect and the rules need to be flexible or the system will fail.
Ponzi schemes are financial frauds where, under the promise of high profits, users put their money, recovering their investment and interests only if enough users after them continue to invest money.
Further to this, its qualatively provable, as you can look at the contracts and actually class the type of Ponzi scheme they are.
* https://ftalphaville.ft.com/2017/06/01/2189634/its-not-just-... https://stratechery.com/2017/tulips-myths-and-cryptocurrenci... * https://arxiv.org/pdf/1703.03779.pdf
Bubbly sectors see irrational amounts of money thrown at things that have little underlying value, like Beanie Babies, or a token for a proposed protocol described by a two page whitepaper.
I disagree. The code must also refer to the implementation of the Ethereum clients, and the collective will of the network participants. Those are implicit provisions of the contract, specified in advance. The Ethereum Classic chain still exists, and the thief is welcome to use it. People have simply voted with their feet and prefer a world without the theft. There is no breach of contract, anyone is free to fork the Ethereum network in any way, at any time. It is up to the users to decide how much value to ascribe each fork.
If the premise is "the code is the contract, period, except we reserve the right to change the contract at any time or even to cause the contract retroactively never to have existed, based on implicit or subjective factors decided by humans and not by code", then it's a very different beast.
Given the number of people involved, it could even be juged as organized crime against one person...
There is no court of Ethereum aside from "can I convince the developers + 50% of miners to do a hard fork"
Even countries that don't have shared extradition treaties don't always ignore criminals within their borders, even if the criminal activity is occurring outside.
Instead, as others have pointed out, the hard fork demonstrated that this was not at all the case. Ethereum contracts can be voided, and the entire premise is therefore flawed. Terms and conditions would just be another way that contracts could be voided, another flaw.
All the use cases I've seen depend on external input to be even moderately useful. But once you depend on unverifiable and potentially fraudulent external input, the supposed unique value of these scripts is lost. The notion of "oracles" just moves the problem elsewhere so it can be dismissed.
When and if we see profitable uses of these block-chain scripts then I would be glad to revisit this assessment. Until then it looks to me like a classic case of a technology looking for a problem.
But the question that is to be debated is, was the intention of the DAO too follow the code of the contract EVEN IF it had a bug.
There is an argument to make that, given that "the code is law" was plastered all over the DAO, that being hacked and having all their money stolen, was explicitly allowed.
That doesn't mean that it is legally binding.
https://en.wikipedia.org/wiki/Ponzi_scheme
Most ICOs seem more like pump-and-dump by that nomenclature, than like true Ponzi schemes, in which the Ponzi operator is directly involved in all of the transactions in and out of the system.
A ponzi scheme is where people pay a fee to join a scheme where members are guaranteed a payment that comes out of the membership fees paid by members that join after them.
No token sale has given out payments, let alone guaranteed one. A speculative price gain is not a "ponzi scheme".
There's no way of framing this that preserves the philosophical purity.
It's the same thing with Communism/Socialism. Communism is the pure end state, utopia, etc.
Socialism is the ugly road there.
Now, of course we know Socialism usually does a 5 minute walk in the park then turns 90 degree at that big pine tree, and when no one's watching puts on the evil hat, and by the end of the hour it's a totalitarian state! No iteration on ideas, criticism is met with GULAG, no education, teachers and thinkers are decadent freeloaders, enemies of Communism, internment, execution, mass murder! You know the drill.
Etherum and other code is law experiments are trying to find the best expression of that "common sense" platform, they are trying to craft the best Constitution for this. "And no true Scotsman claimed that Etherum/DAO is perfect." (This is the part where semantics is fuzzy, as it really depends on who said what, when, how, why, and to whom. But realistically, anyone who claimed to get it right the first time, was too optimistic, and of course, it was "reviewed", http://piratepad.net/theDAOreview [ https://www.reddit.com/r/ethereum/comments/4hkgsz/a_summary_... ] and see .. but never audited - https://www.reddit.com/r/ethereum/comments/4ota1q/the_truth_... .)
>is a fraudulent investment operation where the operator generates returns for older investors through revenue paid by new investors, rather than from legitimate business activities.
The operator pays revenue to those who joined earlier with the fees received from those who joined later.