Malicious Contracts



  • lunchtimelunchtime VancouverMember Posts: 11
    I like the idea behind this. Even though there would always be a form of work-around, such as paying a mining fee, a system that you can opt-in to that limits your contribution to inhumane transactions and benefits humane transactions is something I would love to see! Let's say an organisation is glorified for it's work in building capital and funding projects that bring people's standard of living up a level. I would gladly dedicate more of my network contribution to their cause, given they're dealing with well-reputed accounts! It supports positive growth and stunts negative cancers.

    Imagine a protocol you can enable on your miners, where you pick what kind of industries, philanthropies, ethical standings that align with you, and you generate coins for yourself, and for those industries, and are in turn rewarded for that industry's growth! A kind of profit-sharing-support system, with built in reputations! We could have a hub, a website, where companies, individuals, etc, apply to be a part of the protocol, present their goals, ambitions, and profit-sharing model. People can then vote them up or down, engage in conversation, and have them approved into the protocol's benefits. It'd be a mashup hybrid of crowdsourced funding, reddit-style approval / disapproval, futures investments, and I dare say even governance!

    We could generate coin for causes we believe in alongside our own personal generation. By contributing a % to a pool, you would also become a 'shareholder' in that pool's use later down the road. So let's say I wanted to aid in the Solar Industry. I would contribute some hashing power to that specific pool, and when it gets used as capital for a project, I become part of a profit-sharing contract automatically based on my contribution of the capital. Of course, what projects go forward would be decided upon by people, investors, contractors and government alike. Fully transparent.

    The applications are simply astounding. Governance. I'm from BC, Canada, Vancouver Area, and I just got the biggest nerd-boner from this train of thought. Imagine the government decides to ask it's people what they should spend their civil budget on this year. Someone comes up with a great presentation of a vertical farm, skyscraper aquaponics. People can pledge their computational power to the generation of coin for the project, investors can establish their contributions, and the project gains enough attention and potential that the City then assigns their resources to it. Miners contribute to a project pool, gaining coin for themselves and the project, and are rewarded continuously as the project moves forward and comes to fruition. The investors, now shareholders in the project, can take their % profits for a successful civil project, and have their reputations increased for engaging in a transaction that the government sponsored. Goodness perpetuates. If a second stage of development is proposed, money from the miner's pool can be used as venture capital. A partially funded second stage will re attract investors and contractors who want reputation in evolving a previously profitable development.

    Profit, would essentially become redefined. It wouldn't be about what has the highest ROI. It'd be about what developments benefit the people the most, working together with the most reputable benefactors. Ecological impacts could be defined as a parameter of profit calculations directly. This encourages green developments, renewables energies, and technologies that bring health to the ecosystem, and therefore the economy. Something that is traditionally profitable - let's say a giant tar sands expansion - wouldn't gain much ground due to bad reputations, and the people not dedicating hashing power to capital generation because of the environmental impact.

    Likewise, let's say a project goes through but in the end of it all, it causes pollution, some contractor ran away with some of the money, and shady people with low reputation were a part of it. All involved would have their reputation docked, and less hashing power would be driven at their transactions by those who are part of the protocol. They would either have to shape up and rebuild their reputation, or remove their accounts from this type of social-enviro-economical system, missing out on the crowdsourced funding and community of it all. It forces those with malicious intent to change their ways when it comes to currency. In retrospect, others could be part of a sub-group of the protocol that act as reputation cleaners. Contractors that clean up messes left behind by the incapable. They would gain positive reputation by restoring the ecological damage, and salvaging wasted materials. In turn, because they are part of the 'clean-up' sub-protocol, the nodes that have lost their reputation by failing to deliver can gain a little boost by being involved in this new transaction with the clean up crew. The clean up contractors would gain immunity from having their reputation dropped from interacting with groups of low reputation since they are doing them and everyone a positive service.

    I love thinking about the applications of Ethereum. It opens the whole world up to something amazing. In our current monetary system, some AMAZING things have been squandered because those in control with the big money can just stomp it out. With a system like this, if something looks good and has great potential, it is up to the people to approve of it and attract investors and the like to bring everything to fruition. Now, the wants of a few will never outweigh the needs of the many.
  • brunnibrunni Member Posts: 8
    edited November 2014
    Can we go into details? I am concerned about social dilemmas.

    What about a contract that threatens a random person/organization with a DDOS attack? If the recipient does not pay the small protection fee, the contract will use a part of its balance to attack. Any profits only serve to make further threats more intimidating (this is the really evil part). The contract cannot be controlled or changed by anyone.

    Can we stop this contract without compromising the central idea - that no one is in charge?

    It seems this contract needs help from outside in several forms:
    -A regular wake up call (ping)
    -Some kind of cloud computing service to search for victims, send mail and stage attacks

    The ping service could be another immutable contract randomly rewarding senders who ping it to release a cascade of pings to ping subcribers (the customers). I see no way to prevent the mafia contract from using this service.

    Now the cloud computing service is different: It will receive a message and can then decide to comply or not. The identity of the mafia contract, how it operates and what inside contracts it uses is well known. Will it be able to obfuscate its operation via proxy contracts so that the operator of the cloud computing service (or some blacklist service) cannot identify messages from it?

    At first, this seems manageable as the operation of Ethereum is deterministic. Even if the mafia contract uses directories and proxies with or without delay, the malicious message can be tracked automatically - as long as the involved contracts are not changed. It seems that after a change, a human would have to look at the new code to determine what happens with a message. So obfuscation works with help from "outside".

    If the whole obfuscation system is complex enough, it may require no human input discernible as fueling crime or no human input at all to work. Provided, this is not the case, do we punish humans helping the obfuscation service or is the obfuscation service so useful that we do not want to live without it?

    If there is no other way, do we punish the victims who take the selfish route out of the social dilemma and pay? Can we identify and convict enough of them (see copyright wars)?

    Or is it like in this movie? (go to 2m37s) :-)

  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    More incentive to decentralize things so you can't be DDOS-ed! :wink:

    It would seem like it needs clients to do stuff to DDOS, presumably those are controlled by humans. Question is if some system could create lack of provability, plausible deniability, or even plain unawareness of (automatic)services doing malicious actions. Or even distributing blame wide enough could be an issue.
Sign In or Register to comment.