Introduction to Qtum Part 5

Limitations of Ethereum. Problems with Solidity Programming Language.

Another problem with the Ethereum network that Qtum is looking to solve is the problem of Solidity, the programming language of the Ethereum network.

The developers of the Ethereum network have developed Solidity in the way they did to make the language similar to JavaScript, which is one of the most popular programming languages in the world. This means that developers familiar with JavaScript will be able to start using Solidity very quickly and the learning curve would be minimal.

 

Problems with Solidity

The problem with this is that Solidity is not a restrictive language and it allows to do a lot even when a person doesn’t have a lot of experience with coding. This, for example, means that if Ethereum code wants to talk to an external contract, the language can lose its own state and program control. Joey Krug and Martin Koppelmann were the first to discover this vulnerability. They have pointed out that a developer can’t assume anything about the internal state of a contract after Solidity executes external code. This issue slightly different from reentrancy.

In simple terms, reentrancy problem can occur when function A in contract 1 calls contract B and contract B then calls function A in contract 1, and the issue described above can happen when contract A has functions 1 and 2 that share functions, A calls an external contract B and then B calls function 2 in contract A. In practical terms, this means that developers on the Ethereum platform need to be extremely vigilant and cautious when using the capability of making external calls.

Reentrancy was the reason that led to the famous hack of “The DAO” on the Ethereum platform and the appearance of the Ethereum Classic.

 

Decentralized autonomous organizations

It is important to note that there is a difference between “The DAO” and a dao. A dao is an abbreviation for a decentralized autonomous organization. A dao is an organization that runs on a blockchain network according to a set of rules programmed into the network. As such, a dao can be a fully autonomous organization that can have members, goals, committees and actions, but that doesn’t depend on a central point of authority such as a government, executive board and so on. All the voting can happen on a decentralized network, all the decisions can be made in a fully transparent manner, all the expenses can be publicly visible, open and honest.

The operations of a dao work as a series of steps. During step one, a group of people create a series of rules for organization. On a blockchain network, these rules become smart contract and it is these smart contracts that will run the organization. Step two is an initial funding period, during which the organization that will function according to a set of smart contracts collects money to fund itself. The funds can come from investors, future members and also from donations. Because cryptocurrencies are regulated very differently in different countries, there could a lot of freedom as to where the funds for a dao are coming from and how the financing happens. When this step is over and the financing period ends, the organization starts its actual operations. Finally, people make their suggestions about how they think the organization should be spending the money, the voting occurs, members approve or reject the proposals and the organization hires contractors to execute the proposals. It is important to understand that buying tokens of a dao is very different from actual ownership because a dao exists on a decentralized network and doesn’t belong to anyone. Tokens may buy someone voting rights and allow a person or an organization to play an important role in deciding the direction in which the dao will go, but this is not the same as ownership.

 

“The DAO”

“The DAO” is a name of a specific project on the Ethereum network. The goal of “The DAO” was to create a venture capital fund in which investors would be making all the decisions in a way that the structure of a dao allows it. “The DAO” wanted to create a new business model for both for-profit and non-profit organizations. The creators of “The DAO” ran a crowd sale on the Ethereum platform to collect the funds for the development of the project. The crowd sale started on April 30, 2016. It has quickly become the biggest crowd sale that has occurred on the Ethereum network up to date. By May 10, 2016, the founders have collected over USD$50 million (based on the current valuation of Ether cryptocurrency at the time). In five more days, by May 15, 2016, this number has grown to over USD$100 million, representing about 5% of all Ether tokens that were available on the platform at the time.

A paper from May of 2016 noticed several vulnerabilities in the way the creators of “The DAO” have written the code of their project and recommended that investors wait for the creators to fix the issues. The hack occurred on June 17, 2016. The attackers have exploited the code of “The DAO” and created a child DAO, to which they have diverted all the funds from the project. Just like the main “The DAO,” the child dao had a wait period during which the attackers could not access the funds. This means that the Ethereum community had very little time to decide what it wanted to do.