The following is an excerpt from Blockchain for Dummies by author Tiana Laurence and published by Wiley. This section from chapter five outlines Ethereum and how organizations can build on it. It also covers how to create your own decentralized organization and how to set up your Ethereum wallet.
Ethereum: The Open-Source World Wide Computer
Ethereum may be one of the most complex blockchains ever built. It has its own Turing-complete programming language (a full-functioning programing language that allows developers to build any type of application). The Ethereum protocol can do just about anything that your average programming languages can do, except it's built inside a blockchain and has the added benefits and security that comes with that. If you can imagine a software project, it can be built on Ethereum.
The Ethereum ecosystem is currently the best place to build decentralized applications. They have wonderful documentation and user-friendly interfaces that get you up and running quickly. Rapid development time, security for small applications, and the ability for applications to easily interact with one another are key characteristics of this system.
The Turing-complete programming language is the main feature that makes the Ethereum blockchain vastly more powerful than the Bitcoin blockchain for building new programs. Ethereum's scripting language makes things like Twitter application possible in few lines of code, and extremely secure.
Smart contracts, like the one you create in Chapter 3, can also be built on Ethereum. The Ethereum protocol has opened up a whole new genre of applications. You can take just about any business, government, or organization's processes and build a digital representation of it inside of Ethereum. Currently, Ethereum's platform is being explored to manage digital assets (a new class of asset that lives online and may represent a whole digital asset such as a Bitcoin token or a digital representation of a real-world asset such as corn commodities), financial instruments (like mortgage-backed securities), recording ownership of assets such as land, and decentralized autonomous organizations (DAOs), a new way of organizing a business, nonprofit, government, or any other body that needs to come to agreement and work together for common interest. DAOs are built primarily on the Ethereum platform.
Decentralized applications: Welcome to the future
The most revolutionary and controversial manifestation of Ethereum is the self-governing and decentralized application (DAPP). DAPPs can manage things like digital assets and DAOs.
DAPPs were created to replace centralized management of assets and organizations. This structure has a lot of appeal because many people believe that absolute power corrupts absolutely. For those who are fearful of losing control, this type of structure has massive implications.
Etheria (www.etheria.world), a Minecraft-like game, is an interesting example of this technology at work (see Figure 5-1). The game can't be censored or taken down and will exist as long as Ethereum does. When things are created within Ethereum, even if there were good cause to remove a structure or organization, it's practically impossible to do so.
The power of decentralized autonomous organizations
DAOs are a type of Ethereum application that represents a virtual entity within Ethereum. When you create a DAO, you can invite others to participate in the governance of the organization. The participants can remain anonymous and never meet, which could trigger Know Your Customer (KYC) rules (the process a business must go through to verifying the identity of its clients) and anti-money laundering (AML; the laws and regulations designed to stop the practice of generating income through illegal means) compliance issues.
DAOs have been created for raising funds for investing, but they could also be designed for civic or nonprofit purposes. Ethereum gives you a basic framework for governance. It's up to the organizers to determine what's being governed. Ethereum has created templates for you to help in the creation of DAOs.
Figure 5-2 shows a depiction of the organization of an Ethereum application.
WITH GREAT POWER COMES . . . GREAT POWER
The first Ethereum DAO ever built is called, confusingly enough, "The DAO." It's an example of some of the dangers that come with decentralized and autonomous entities. It is the largest crowdfunded project in the world -- its founders raised approximately $162 million in 26 days with more than 11,000 members. What people had thought was the greatest strength of The DAO became its greatest weakness. The immutable code within The DAO locked into place how the organization would be governed and how funds would be distributed. This allowed the members to feel secure in their investment. Although the code was well reviewed, not all the bugs had been worked out.
The first significant threat to Ethereum came from the hack of The DAO. An unexpected code path in The DAO's contract allowed any sophisticated user to withdraw funds. An unknown user managed to remove about $50 million before he could be stopped.
The Ethereum community debated bitterly about whether it could or should reclaim the ether. The DAO hacker had not technically done anything wrong or even hacked the system. Fundamentalists within the Ethereum community felt that code was law and, therefore, nothing should be done to recover the funds.
The very thing that made Ethereum strong was also its greatest weakness. Decentralization, immutability, and autonomy meant no central authority could decide what to do quickly. There was also no one to punish for the misuse of the system. It really did not have any consumer protection measures. It was a new frontier, like the software name suggested.
After spending several weeks discussing the problem, the Ethereum community decided to shut down The DAO and create a new Ethereum. This process is called hard forking. When the Ethereum community hard-forked the network, it reversed the transaction the hacker had committed. It also created a two Ethereums: Ethereum and Ethereum Classic.
Not everyone was in agreement with this decision. The community continues to use Ethereum Classic. The tokens for Ethereum Classic are still traded but have lost significant market value. The new Ethereum token still hasn't regained its old high from before the hack.
The decision to fork rocked the blockchain world. It was the first time a majority blockchain project had hard-forked to make whole an investor. It called into question many of the principles that make blockchain technology so attractive in the first place.
Here's how DAOs basically work:
- A group of people writes a smart contract to govern the organization.
- People add funds to the DAO and are given tokens that represent ownership.
This structure works kind of like stock in a company, but the members have control of the funds from day one.
- When the funds have been raised, the DAO begins to operate by having members propose how to spend the money.
- The members vote on these proposals.
- When the predetermined time has passed and the predetermined number of votes has accrued, the proposal passes or fails.
- Individuals act as contractors to service the DAO.
Unlike most traditional investment vehicles, where a central party makes decisions about investments, the members of a DAO control 100 percent of the assets. They vote on new investments and other decisions. This type of structure threatens to displace traditional financial managers.
DAOs are built with code that can't be changed on the fly. The appeal of this is that malicious hackers can't monkey with the funds in a traditional sense. Hackers can still find ways to execute the code in unexpected ways and withdraw funds. The immutable nature of a DAO's code makes it nearly impossible to fix any bugs once the DAO is live in Ethereum.
Hacking a Blockchain
Ethereum has never been hacked. The hard fork in 2016 due to the DAO hack mentioned in the "With great power comes . . . great power" sidebar was not an actual hack of the system, but confusingly is often referred to as a hack. Ethereum worked perfectly. The problem was it was too perfect. It became necessary to restart the system when a large amount of money and a majority of its users were threatened.
The only way to correct an action on a blockchain like Ethereum is to do a hard fork, which allows for a fundamental change to the protocol. A hard fork makes previously valid blocks and transactions invalid. Ethereum did this to protect the funds that were being pulled out of the first DAO by a user. The DAO hack was conceptually, one of the largest bug bounties ever.
That said, many scams and hacking attempts occur in the cryptocurrency space. Most of these attacks target centralized exchanges and applications. Many hackers want to steal cryptocurrency. It has real value and isn't protected in the same ways that regular money is protected by governments. The anonymous nature of cryptocurrency also makes it appealing to crooks. Catching and prosecuting these individuals is difficult. The cryptocurrency community is fight back, however, and creating new measures to protect themselves.
Hacking one place is significantly easier and cheaper than trying to overcome a decentralized network. When you read about hacking in the blockchain world, it's likely just a website or a cryptocurrency wallet that has been hacked, not the whole network.
Understanding smart contracts
Ethereum smart contracts are like contractual agreements, except there is no central party to enforce the contract. The Ethereum protocol "enforces" smart contracts by attaching economic pressure. They can also enforce implementation of a requirement if it lives within Ethereum, because Ethereum can prove certain conditions were or were not met. If it doesn't live within Ethereum, it's much harder to enforce.
Ethereum smart contracts are not yet legally enforceable and may never be because the perception is that you don't need outside authorities enforcing agreements. Legal systems are controlled by governments. As they stand now, governments are central authorities -- some with more or less consent and democratic principles. Within an Ethereum smart contract, each participant has an inalienable vote.
Ethereum smart contracts do not include artificial intelligence. This is a cool possibility in the near future. But for now, Ethereum is just software code that runs on a blockchain.
Ethereum smart contracts are not safe. The DAO hack is a great example of the type of dangers that can occur. It is still early days, and putting a lot of money into an unproven system isn't smart. Instead, experiment with small amounts until all the bugs have been worked out of new contracts.
Discovering the cryptocurrency Ether
Ether is the name of the cryptocurrency for the Ethereum blockchain. It was named after the substance that was believed to permeate all space and make the universe possible. In that sense, Ether is the substance that makes Ethereum possible. Ether incentivizes the network to secure itself through proof-of-work mining, like how the token Bitcoin incentivizes the Bitcoin network. Ether is needed to execute any code within the Ethereum network. When utilized to execute a contract in Ethereum, Ether is referred to as gas.
Executing the code within a smart contract also costs some amount of ether. This feature gives the token added utility. As long as individuals want to use Ethereum for applications and contracts, ether will hold a value beyond speculation.
The wild growth in the value of ether has made it a popular token to speculate on. It's widely traded on exchanges around the world. Some new hedge funds are looking at it as an investment vehicle. However, the volatile nature and low market depth make ether a risky investment.
Getting Up and Running on Ethereum
In this section, I walk you through how to get started in the Ethereum blockchain ecosystem. Before you can build anything on Ethereum, you need an Ethereum wallet.
Your wallet will hold your Ethereum tokens call ether. Ether is the cryptocurrency that allows you to create smart contracts inside Ethereum. This is sometimes referred to as gas.
Downloading the Ethereum wallet can take some time, but the interface is very intuitive and the instructions provided throughout the process are easy to follow.
Within the Ethereum wallet, you can win test ether to build your test contracts and organizations. You don't need to mine ether to learn how it works.
Mining for ether
Ethereum is kept running by a network of computers all over the world that are processing the contracts and securing the network. These computers are sometimes referred to as nodes, and they're mining crypto Ether.
In order to reward individuals for the time and cost involved in mining, there is a prize of five ethers about every 12 seconds. The prize is given to the node that was able to create the latest block in the Ethereum blockchain.
All new blocks have a list of the latest transactions. The proof-of-work consensus algorithm guarantees that prizes are won most often by nodes with the most computational power. Computers that aren't as powerful can win, too -- it just takes longer. If you want to try your hand at mining ether, you can do it with your home computer, but it will take a very long time to successfully mine a block and win ether.
Mining ether is not for the technical novice. You need to be familiar with command line. If you don't have a clue what command line is, you probably want to skip this process. Also, be sure to follow the most up-to-date instructions on the Ethereum GitHub (http://github.com/ethereum).
Setting up your Ethereum wallet
To set up your Ethereum wallet, follow these steps:
- Go to www.ethereum.org.
- Click the Download button.
You have to scroll down the page a bit to find the button.
Be sure to save the Ethereum wallet download someplace you can find it later.
- Open the Ethereum wallet.
- Click Use Test Net.
Here you get set up to mine test ether. This process is much less time-consuming then real ether mining, but it still takes some time.
- Create a strong password.
Don't forget to save your password someplace safe.
- Click through the startup menu.
The Ethereum team has a few tutorials that are interesting to review while you're waiting on your test net to download. The download may take ten minutes or so.
- Choose Develop → Start Mining.
Don't skip this step. You need the ether for later projects.
You've just set up your wallet, and you're earning test ether for your future smart contract projects.
Building Your First Decentralized Autonomous Organization
DAOs will change how the world does business in the future. They allow anyone in the world to create a new type of company online that is governed by pre-agreed upon rules that are then enforced through the blockchain network. Creating a DAO is easier than you might think. In this section, you build your first test DAO. I break this project into three sections: build, congress, and governance.
In order to successfully complete your test DAO, you need to have set up your Ethereum wallet and done some mining on the Ethereum test net (see the preceding section).
Follow these steps to create your first test DAO:
- Go to www.ethereum.org/dao.
- Scroll down the page to the Code box (shown in Figure 5-3) and copy the code.
- Open the Ethereum wallet you made earlier.
You'll develop your DAO in your Ethereum wallet.
Test net and congress
The next phase of your DAO project is setting up the framework for your DAO. Follow these steps:
- In your Ethereum wallet, choose Develop → Network → Test Net.
- Click the Contracts tab and then click Deploy Contract.
The Ethereum team has set up a few test templates for DAOs.
- Paste the code you copied in the preceding section into the Solidity code box.
- From the Contract Picker, choose Congress.
- Pick some variables when prompted to do so.
Here are your options:
- The minimum quorum for proposals is the fewest votes a proposal needs to have before it can be executed.
- The minutes for debate is the shortest amount of time, in minutes, that needs to pass before it can be executed.
- The margin of votes for a majority. Proposals pass if there are more than 50 percent of the votes plus the margin. Leave it at 0 for a simple majority.
Governance and voting
Now you're going to name and set up the governance of your DAO. You need to set up a minimum quorum for proposals (how many votes a new proposal needs to have before it is passed). You also set up the margin of votes for a majority (how many votes a plan needs to pass) and the time allotted for discussing new plans.
- Name your new DAO.
This is kind of like naming a company.
- For Debate Times, select 5 minutes.
This is how long new proposals are open for conversation.
- Leave Margin of Votes for Majority set to 0.
This sets up how the democracy of your contract works.
- Confirm the price of the DAO.
You've mined some Ether in the test net via your wallet when you first set up it up. If you skipped that step, go back and do it now. You need a little of the test net Ether to build your DAO.
- Click Deploy and type your password.
The DAO may take some time to deploy. When you arrive at your new dashboard, scroll down, and you'll be able to see your DAO being produced.
- Click the New icon.
A new unique icon will generate that represents your DAO.
Congratulations! You've created your first DAO.
Uncovering the Future of DAOs
Smart contracts and decentralized organizations hold a lot of promise. The pure democratic and hyper-rational nature of them is very appealing. However, at this point, there are more possibilities then knowns, and each contract that is created could be groundbreaking or a massive flop.
If you approach Ethereum as the new frontier that it is, you'll have more success. The Ethereum network has more benefits than drawbacks if you're careful. But expecting everything to work flawlessly and all the participants to act with integrity will open you up to greater losses. Ethereum has its share of bandits, not to mention those friendly enthusiasts who would like you to succeed.
The smart contract hacks of 2016 have highlighted the importance of security and properly reviewing contracts. It also illustrated that there are people with integrity that who fight to fix issues.
Reading this book is only the beginning. It will give you a sound bases to build your knowledge of Ethereum, but as with all new technologies, Ethereum is quickly evolving. Keep reviewing best practices and security measures.
In the following sections, I mention some things to keep in mind as you build your first few DAOs, build smart contracts, and debug your new blockchain systems.
Putting money in a DAO
Don't trust large sums of money to untested and contracts and contracts that haven't been fully vetted. Large contracts are more often targeted by hackers. The DAO hack described earlier in this chapter (see the sidebar "With great power comes . . . great power") showed that even well thought-out contracts have unexpected weaknesses.
Although, smart contracts and blockchains let you conduct business with anyone around the world, it's still the early days. You can mitigate your risk by working only with known and trusted parties.
The security landscape will constantly be evolving with new bugs. Reviewing all new best practices is imperative. Manage the amount of money you're putting at risk and roll out contracts slowly and in phases. Ethereum is a new technology, and mature solutions are not yet built.
Building smarter smart contracts
Smart contract programming requires a different mind-set than standard contract writing. There is no third party to make things right if the contract executes in a way that you didn't expect or intend. The immutable and distributed nature of blockchains makes it tough to change an unwanted outcome.
Read the entire chapter
Download the PDF of chapter five courtesy of publisher John Wiley & Sons.
Your contract will have flaws and may fail. Build safety valves into your contracts so you can respond to bugs and vulnerabilities as they come up. Smart contracts also need an off switch that let you pull the plug and pause your contract when things are going wrong.
If your contract is big enough, offer bug-hunting bounties that incentivizes the community to find vulnerabilities and flaws in your contract.
As with many things, the complexity of your contract also increases the likelihood of errors and attack vectors. Keep your contract logic simple. Build out small modules that hold each section of the contract. Creating a contract in this manner will help you compartmentalize any issues.
Finding bugs in the system
Don't reinvent the wheel by building your own tools such as random number generators. Instead, leverage the work that the community has already done and that has been well tested.
You can only control for things within your own contract. Be cautious of external contract calls. They can execute malicious code and take away your control.
The Ethereum community has an excellent known bug list and even more helpful tips on how to build secure smart contracts on its GitHub page at https://github.com/ethereum/wiki/wiki/safety.
Excerpted from Blockchain for Dummies by Tiana Laurence. Copyright © 2017, Wiley.
Tiana Laurence is a co-founder of Factom, Inc., and was an early Bitcoin enthusiast. Her passion is growing great companies. A serial entrepreneur, Tiana started her first business at 16. She loves helping young aspiring entrepreneurs learn about business and technology. Tiana has a BA in Business and Leadership from Portland State University. When Tiana is not working on her businesses or being nerdy, she can be found running or rock climbing in Austin, Texas.