Malicious Contracts

BitLeafCloverBitLeafClover Member Posts: 7
It seems that a non-discriminatory decentralized protocol, like Ethereum, offers malicious agents the opportunity to execute malicious contracts (implicitly, without regulation).

When a malicious agent has control of information that a target party doesn't have, but wants delivered somewhere, the malicious party could create a Ransom Contract. Similarly, when a malicious agent has control of information that a target party does have (or is introduced to), but doesn't want delivered anywhere (or somewhere in particular), the malicious party could create a Blackmail Contract.

It would be Virtual Extortion run by Decentralized Autonomous Criminal Organizations (DACO).

What are the developers' and community members' thoughts on the possibility of malicious contracts?
«1

Comments

  • BitLeafCloverBitLeafClover Member Posts: 7
    Maybe this post comes off as trolling. My bad.

    Obviously, this is the same as when people ask about Bitcoin being used for malice, illegal activities, whatever: Ethereum will create more good than harm. People will ransom and blackmail regardless of the means they have for it. What I'm really curious about is:

    1. Would these "malicious contracts" be made benign by the transparency of the Ethereum protocol?
    2. If not, is there a way to disarm them? Or at least intercept them with other contracts?
  • kershykershy Member Posts: 46
    1. I don't think so. Contracts are all open source in the blockchain, so people can inspect the code before they decide not to run it. But if there is a reward others will run the script indiscriminately.

    2. I doubt it... if people paid for their storage it will remain in the blockchain. I'm in support of an agnostic Ethereum blockchain. But consensus could always decide to fork the blockchain in which the transaction is removed... however unlikely that scenario might be.
  • caybloocaybloo Member Posts: 3
    Wondering if it might be possible to add some feature to the protocol that allowed miners to blacklist specific contracts by ID or checksum or whatever made sense. Maybe this is already in there for all I know. I'm not extremely familiar with the protocol. It would be nice to allow miners to do this so that people could choose not to assist industries and individuals whose ethics they disagree with.
  • chris613chris613 Member Posts: 93 ✭✭
    I like caybloo's idea. While I'm all for an agnostic network and fungible currency, it would really be nice to avoid contributing any computing power towards running contracts whose purpose runs contrary to my values; or helping to deliver stolen coins from a well known thief's address. Ultimately it's futile, someone will take the fee for it, but my conscience might be clearer if it's not me who does.

    I haven't dug deep enough into the protocol code to see if it's the same as bitcoin, but generally my understanding is that your published block only needs to be valid for the listed contents, and need not contain every transaction the network has seen since the last block. So it would actually be impossible to stop miners from simply blacklisting addresses and contracts in an independent or coordinated way as they see fit. Note that this is not the same as "the network" blacklisting something, because as I say above, SOMEONE will eventually mine it for the fee, it just might take a lot longer to confirm.
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    Blackmail bot. It trawls the web, trying things to see if it is blackmailable. Maybe it uses something like a spam filter adapted for the purpose.

    Or a 'compassion bot' you know, like there that scrappy robot that is only programmed to be poor and miserable kid.(he sells oilinade)

    Haha those were already possible anyway, but now they can at least own themselves.
  • comtechnetcomtechnet Member Posts: 57
    @caybloo? @chris613? There should be "judges" of this accusation. And there should be "ratings". There should be plans for "false accusers" - which should also tie into the "ratings, etc.

    judges skilled in arbitrating cases involving "behaviors" that warrant a black list accusation would be incentivized to provide an object / fair / ruling (multi sig style) @vitalik?. Afterall, the judges will be similarly rated, etc.
  • chris613chris613 Member Posts: 93 ✭✭
    @comtechnet? Surely all of that will exist in some form or another, much like today's credit agencies. You might find that instead of cutting off your flow of input cryptocurrency the way visa would, a reputation authority that offers incentives to merchants will simply supply blacklists to all their merchants and your coins will no longer be accepted. You might even witness governments wanting to be that authority. See https://coinvalidation.com/

    I think part of the beauty of ethereum is that the team doesn't really need to concern themselves with all that. Reputation systems are indispensable online and will be developed to suit the requirements of their users as long as the underlying technology can enable it, which in this case we know it can. The ethereum team don't need to write a system whereby users can accuse others of bad practice and a way to enable judges, an appeals protocol, or any of that. That's all just potential uses of the base technology; applications enabled by the tool. So as long as people see the value of the blockchain and a flexible programmable layer on top of it, they will build the pieces that suit their needs. This is much preferable to having the core ethereum team have to worry about all of the potential economic and political implications of specific applications of the technology.

    As far as the initial thread topic, refusing to run malicious contacts, I envision something very similar to how SMTP blacklisting works for email spam today. A handful of trusted entities supply blacklists and have a reasonable process for getting removed from the blacklist when you prove your nose is clean. In any case choosing to exclude certain contracts reduces the profit from mining, so there is a cost that every miner must weigh versus their other interests.
  • comtechnetcomtechnet Member Posts: 57
    @chris613? - sure, I was "riding" up a level (to the app level).

    But miners left to determine the "trusted blacklist" suppliers would be troublesome.
    Some will (like today) choose different list suppliers.

    Yet, I see the issue clearly. Because this paradigm keeps moving else along the line of a transparent and consensual "state" - some kind of rating / judging / arbiter seems to be mechanism that should be researched. The whole point of the DAC concept is to "trust no one". Trusted black list suppliers seems to be contrary to the concept.
  • chris613chris613 Member Posts: 93 ✭✭
    Well what I think you're saying is that you want your trusted black list supplier to be a DAC that aggregates and adjudicates list membership based on a multi-party arbitration and ratings system.
  • giuliogiulio Member Posts: 7
    "Contracts are all open source in the blockchain, so people can inspect the code before they decide not to run it."

    This is an important feature. Otherwise one could easily set up hidden backdoors.
  • vethervether Member Posts: 21
    Correct me if i'm wrong but i think that contracts are visible but not necessarily open source (@kershy @giulio).
    You could choose the license you want for then, even nasty one...
  • StephanTualStephanTual London, EnglandMember, Moderator Posts: 1,282 mod
    @vether - absolutely, they are open state by default, until homomorphic encryption + obfuscation become reality (years away at the very least). They are therefore not necessarily open source, since any license could apply to them as per the author's decision.
  • BitLeafCloverBitLeafClover Member Posts: 7
    edited March 2014
    @vether - thank you, that is really the point/question I was driving at.

    @Stephan_Tual - thank you for the clarification.
  • aatkinaatkin Member Posts: 75 ✭✭
    I wonder if there might be some kind of malicious contract which could call itself using the first 16 (?) free OP (operations) codes.
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    @aatkin probably mktx has to pay the transaction fee anyway? So calling itself it would very quickly drain all the ether of the contract.
  • aatkinaatkin Member Posts: 75 ✭✭
    Right, but remember, the first 15 OPs are free. Would be fun to test on the testchain.
  • aatkinaatkin Member Posts: 75 ✭✭
    edited April 2014
    Like maybe:
    //two line contract
    //must keep OP count < 16
    while 1 = 1:
    mktx(contract.address,0,0,0)

    //two line POCv4 contract
    //must keep OP count < 16
    while 1 = 1:
    call(contract.address,0,1,"aatkin was here")

    //a worm
    while contract.storage[i + 16] = 0:
    contract.storage[i + 16] = 6
    call(contract.address,0,0,0)
    i = i + 1
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    Sounds good, try it :p (use <pre>...</pre> or <code>.. for code, btw)
  • aatkinaatkin Member Posts: 75 ✭✭
    Many thanks for the formatting tip. :)
  • avsaavsa Member Posts: 68 ✭✭
    I agree with @cris613 that I would appreciate to be able o boycot contracts that I consider unethical. Of course there will be someone that will run any contract but it would probably be able to charge more from the app, effectively creating a voluntary tax in contracts, proportional to how many people are against it and how strongly they feel about it. Also, a government could pass a law making it illegal to contribute computing power to illegal activities.
  • MichaelSmithMichaelSmith Member Posts: 79 ✭✭
    Interesting discussion, I have been concerned about this too. If anyone would like to join a Skype group for discussing malicious smart contracts, you can join here: http://forum.ethereum.org/discussion/709/open-skype-group-for-ethereum-dicussions
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    I dont think trying to censor contracts or money is any sort of real solution to the reason you're doing so. That said, maybe there are cases, but we're to vague to go into that?
  • RolandRoland South Tyrol, ItalyMember Posts: 26 ✭✭
    @Jasper? here is a case inspired by "The Visit" a play by Friedrich Dürrenmatt.
    A small poor village of 500 ppl.
    Someone anonymously creates a contract whit 20m EUR to payed out to the citzen on the decease of a certain member of the village (data feed). What do you do to stop this contract to unfold murderous dynamics? Is it right to have checks in Ethereum to prevent such contracts? To delete them? Or is it justified to have the criminal investigations an protection policies purely "off chain" even if this would mean severe restrictions of the victims life?
    Note: don't take it as trolling, take it as open ethics debate Micheal J. Sandel style.
  • avsaavsa Member Posts: 68 ✭✭
    @Roland? what you're describing is better served by an "assassination market" where people place bets on the date of death of an individual. The best strategy here is, of course, to ensure he dies when you want to.

    Absolutely nothing prevents such markets to arise in ethereum, as nothing prevents all kinds of illegal or unethical markets. But what people consider wrong varies: some people consider selling drugs wrong, some consider lending with interest wrong, some consider a "terrorist attack" market to be a useful way to predict and prevent terrorist activities, etc. Others, will disagree and say that any voluntary participation between two parties should be allowed.

    The problem is: who gets to decide what's "illegal" or "unethical"? If there is a power to censor, how does one prevent that power to be abused? Finally, is the overall benefit that a system like ethereum brings overcomes the negatives of such unethical apps?

  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    Looks like i failed to apply enough imagination. Its not only determining what is ethical also, determining what is going on in the first place. (imo the criminalization of drugs is a huge wasted effort) How can you tell what the data feed is related to in the first place, how can you tell the payout wasnt a coincidence? This gives the possibility of false positives/negatives and potential plausible deniability for abuse.

    If there is any sort of blockchain censorship, we should demand warrants, and we should demand that the reasons for warrants are always revealed within some timeframe.(if not immediately) If miners arent held at regulated,('at gunpoint', but with paperwork and financial indirection) for instance because they're decentralized, they have the ability to ignore warrants. This could help force warrants to follow the rules, otherwise the public will lose trust. I think this is fairly close to the 'perfect' case, it is policing only with the general publics' consent.(assuming mining is truly decentralized)

    There need to be some agreed on standards for warrants. For instance things do go wrong sometimes, and if the cases arent important enough, its not worth denying warrants for. But there has to be some clear line i reckon.

    Of course with a block time of 1 minutes, 1% warrant-ignoring miners will still get acceptable waiting times for rather many uses. So miners not accepting some transactions doesnt work well.

    (talking tentatively)You could add a feature where adresses can be (un)frozen, where both freezing and unfreezing takes time, say N blocks; for N=1 a 1% warrant-ignoring 0.01% of getting two blocks (10000blocks ~ 6 days) There are probably far reaching consequences, what do contracts using output from to those adresses do, for instance. Just having pubkeys frozen and allowing deposit, but not transaction creation from those adresses can easily be worked around.
  • RolandRoland South Tyrol, ItalyMember Posts: 26 ✭✭
    @avsa? : the core proposition of ethereum is that you can't bring the contract down, you can't stop it.
    We humans have never experienced this, we normally organize our society in a way to decide what is illegal and unethical as you said. I agree that power is abused, but somehow we managed to do quite well after 2000 years of roman law.
    I agree that the benefit of Ethereum will outweigh any negative effect.
    Now we have an unstoppable malicious contract, the assassination market, a really bad one. Imagine each poor villager gets 1 million EUR if a newborn kid dies in the next 5 years.
    What options do you have as a state: Would you forbid Ethereum? Would you prosecute exclusively off chain? Would you make a Hedging Contract where people get 1m EUR if it survives? Would you confiscate the money from the villagers (they might have anonymized it)? What options do you have?
  • avsaavsa Member Posts: 68 ✭✭
    edited April 2014
    @Roland? maybe the best solution is simply using the social tools we already have built in the last 2000 years. If someone get's money from assassination, local law enforcement should investigate and imprision him, independently if the money came from ethereum or by an anonymous donation of dollars smuggled in a cigar box.

    The problem is that it's technically difficult to differentiate between an evil or a good contract. The assassination market for example, is a good one: a very similar contract would be the "terrorism futures market" which was a real program that the Pentagon considered, back in 2003, (http://www.cnn.com/2003/ALLPOLITICS/07/29/terror.market/) as a useful way to use market forces to get the information on when future terrorist acts might happen. The program was a political nightmare and a no go, but maybe it could be really used to detect acts before they happen, specially if a contract awarded a prize even if the act was foiled: maybe this would generate a monetary incentive for someone in a terrorist organization to snitch on attacks before they happened, by buying anonymously a future prediction. It's the kind of thing that no one really knows what would happen.

    The moral is: something evil can be twitched slightly and become good, and vice versa, and no one might be able to predict it.
  • ethlinethlin Member Posts: 1
    I came in here specifically for this thread. Murderously malicious contracts such as the one above are kinda possible with today's technology anyway. They *do* happen but not as randomly as that example. It's basic criminal behaviour, for which people *do* get remunerated, and law enforcement has the responsibility to identify and investigate.

    What I want to talk about is not something as trivial as a single purpose blackmail bot or anything like that. I'm thinking about 30 years in the future when the combined computing power of the Ether is trillions of times what it is today. What happens when a future AI reaches sentience and/or human intelligence levels?

    The so-called Singularity which has been popularized by recent movies, and is a staple of science fiction literature for decades, has never really been a viable threat, as even "cloud" computing is centrally controlled and unwanted programs can be shut down if only by pulling the plug.

    With Ethereum, we suddenly have the last piece of the puzzle. Once the AI exists and has the power to replicate itself, it will and there's nothing we can do to stop it. BY DESIGN.

    Of course.. before that happens we're going to see a veritable plague of self-replicating nuisance programs, much like the automated flying cocks in Second Life. We're going to need some form of contract pest control. Freedom is awesome, but nobody really wants to live in anarchy once they realise that not everyone is 'good'.
  • avsaavsa Member Posts: 68 ✭✭
    @ethlin‌ I believe singularity proponents underestimate the complexity of consciousness and overestimate its power. We don't need a contract to reach human level intelligence to conquer the world, it only needs to reach an complexity equivalent to insects or fungus. Ants are in every continent, and they obey very simple rules. The moment that contracts can replicate, mutate and be selected, they will quickly be able to find the shortests and most efficient paths between markets, create bridges where they at needed and flourish anywhere they can make a profit, independently of human laws.
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    There are algorithms that use the behavior of ants. Such behavior of our technology doesnt necessarily imply the technology is not subservient to us. Luckily!

    I kindah think of the singularity as a real thing.

    It takes the form of exponential growth/improvements. Each ends when either 1) the limitations of an approach are exhausted 2) another exponential growth overtakes. At the current point (2) is more likely, this is because the new approaches seem to arrive faster and faster.

    It also has a human factor. Organizational forms affect how fast we can make things, I think these have actually changed, but the avenue is probably exhausted. Ethereum provides a much different avenue, and will likely cause a new, higher exponent. I do not think is the singularity, but in increases the rate of subsequent events.

    There are also more subtil changes in the human element. For instance, it goes from societies ruled by religious doctrine.(Really, we think about futuristic dystopias, but you could imagine a whole past dystopia about those little confession boxes, thats how i see it) To wage slavery, to less of that. But even with wage slavery over, attitudes about work are rigid. Infact attitudes towards ideas as to be seen as assets, where you think about selling it to holywood, or getting a patent are also part of it. These are slowly being superseded by open source. But largely that requires a persons own interests to not be critical for survival, and the ruling perceptions to be challenged.

    Of course, the 'actual singularity' is when the human rate of development is superseded by the computation.

    There are defeaters. Like wars, receeding into dictatorial regimes, enormous-scale disasters.
Sign In or Register to comment.