Amy Wan

Meet the Team: Co-Founder and CTO Dan Rice

Today this blog will highlight the background and current role of Dan Rice, Sagewise’s Co-Founder and Chief Technology Officer. Dan brings a strong background in technology to the company and, working with our CEO Amy, is well-positioned to deliver Sagewise’s vision of a fully built-out platform for a smart contract safety net. His successful background and deep knowledge of and involvement in the blockchain and fintech spaces position him as one of the leading experts and a first-rate choice to lead our technical development.

Dan began his career in kernel software development. In the kernel, a single bug will crash the entire computer. This environment was great training for working with public blockchains that are generally written in the same programming language as kernel systems, and blockchain bugs similarly have catastrophic impact — the potential loss of all funds.

Since 2014, Dan has been focused on blockchain and fintech. During this time, he has acted as CTO and consulting CTO for a number of projects, including Totum Risk and Velox. He authored the vzero framework solving cryptocurrency volatility issues, which you can find here. In 2016, Dan participated in the YNext Incubator as CTO for Totum Risk. He also founded the Bitcoin Developers Los Angeles Meetup as well as the Orange County CTO Forum, where he is also the chief organizer. Dan has built more than 20 software products over the course of his career, and the apps he has worked on as an entrepreneur and/or developer have been downloaded over 5 million times globally.

Along with Amy, Dan is often invited to speak at blockchain- and fintech-focused events around California and the nation. He has spoken on topics including blockchain basics; limitation of smart contracts and online smart contract dispute resolution; governance, data management, AML/KYC, and decentralization; client risk management and analysis software for financial advisors; software development in iOS, OSX and Windows; cryptocurrency usability and mass-adoption barriers; and ways to moderate volatility in cryptocurrencies.

Dan is a hands-on CTO, taking an active role in the development of each component of the Sagewise ecosystem. He was instrumental in the recent launch of our SDK, which marks the first time a working solution for smart contract dispute resolution has been released. As we continue to grow and execute on our longer-term vision, Dan will play a key role in overseeing all of our development efforts as well as contributing to the overall roadmap. He will help to build out a best-in-class team of developers to support and implement our objectives, providing leadership and oversight for our growing office. We are very glad to have Dan on board in this key role as we move forward.

Sagewise’s Vision to Build the Safety Net for Smart Contracts

Last month, we announced the launch of the Sagewise SDK. This marks a major milestone in the development of our business and the safety of the blockchain ecosystem overall. It is a step towards achieving our long-term vision of providing an infrastructure to address the inevitable issues that will arise around smart contracts. In this post, we want to provide a little more information about this vision and and our plan to achieve it.

Although most participants in the blockchain space probably don’t realize this, many smart contracts have errors or oversights in their code bases that will lead to significant problems for their businesses and for users down the road. Even if the smart contract code is perfect, situations inevitably arise that could not have been predicted by the developers writing the contract. Since 99% of people cannot audit (much less read) a smart contract’s code for themselves, they have no way of confirming the quality of a product other than trusting the word of a developer.

This situation is bound to lead to errors and misunderstandings. Over the coming weeks, we will publish a series of blogs outlining theoretical situations that can arise from such problems. Crucially, there is currently no way to resolve disputes arising from an error in a smart contract. The fact that the contracts are “smart” and automatically execute based on pre-set requirements can actually exacerbate disputes if the contract is not correctly constructed. Because the blockchain space remains so young, many parties remain unaware of the existence or the potential magnitude of this issue.

Sagewise’s vision is to build a fully-functioning plugin solution that allows smart contract users to achieve their true transactional intent, including the ability to resolve the disputes that will inevitably arise around smart contracts as they are bound to arise from any form of human interaction. Sagewise can “freeze” a smart contract in place while disputes are mediated. It can devise a number of forms of resolution depending on the preferences of the parties involved and on whether dispute resolution was built in to the original contract. Our goal is to provide peace of mind and the expectation of an equitable outcome for blockchain transactions – a toolkit to make sure smart contracts are doing their jobs. The safety net provided by Sagewise is intended to grow into a full suite of capabilities that will be indispensable as the crypto space expands. Disputes around token offerings are a problem; disputes around smart contracts that underpin entire supply chains are a crisis. We are building a platform that addresses the enormous future of blockchain, a future in which broad mainstream adoption is a reality and the integrity of contracts is paramount.

How Parity Wallet Failure #2 Demonstrates that Smart Contracts Are Not Invulnerable

As you’ve probably heard, on Nov. 6, Parity encountered yet another failure, and the result? Some $150M-$300M dollars worth of Ether is locked down (there are conflicting reports as to the exact amount), and we’re hearing talk about an Ethereum hard fork, yet again. (How many times can Ethereum hard fork before it’s not a decentralized or immutable?)

As much as we’d like to throw shade on Parity, there’s a bigger picture problem here—Parity is not alone. Parity hack 1, Parity “accidental code deletion” 2, and The DAO hack are all part of a larger systemic issue around smart contracts and code.

An Explainer About This Latest “Accident”

Parity is a smart contract-based Ethereum wallet meant to provide improved security for Ether holders using something called multi-signature. A multi-signature wallet can be explained as a wallet that requires multiple keys turned at once to unlock funds. Parity and multi-signature are considered state of the art for protecting funds, and many high-profile projects use Parity wallet to hold a large amount of Ether.

On July 20th, after the first hack, the Parity multi-signature wallet software was upgraded. The upgrade included some structural changes to the project. Namely, the project was separated into individual contract code that would be published to the blockchain by each user, and a library of functions that would now only need to be published once by Parity. The idea was that since users must spend money to publish their wallet to the blockchain, this shared library would reduce the size of the code that each user needed to publish while their individual code could call into this shared code library that would already be published at a hardcoded address.

Here is where we get to the problem that occurred: A user on github named devops199 discovered that the shared library code was not properly secured because the owner was not yet assigned. Devops199 added themselves as the owner of the contract/shared library code and then directed the blockchain to “kill” the contract. The kill call permanently deleted the shared library from the Ethereum blockchain. This means that all the other multi-signature wallets that reference this shared code library can no longer call into it at all. Without this shared library code, there is no way to transfer funds out of the wallets. Thus, any wallet created with Parity multi-signature wallet after July 20 is currently frozen with all funds sitting visibly inside, but inaccessible.

Smart Contracts Aren’t So Smart

The term “smart contract” might be a misnomer, because oftentimes, they’re not so smart. In fact, smart contracts are full of vulnerabilities. Just as the best lawyers cannot always write perfect, indisputable traditional contracts, developers cannot always write perfect, error and vulnerability-free, disputeless smart contracts. Sure, we can use bug bounties, formal verification, and code audits to get close to perfection, but what happens when even those fail? Parity Wallet Failure 2 is just another one of many smart contract failures as of late, to add to a prominent list of other smart contract failures including The DAO hack, Parity Wallet 1.

Smart contracts have potential for a host of good. (I (Amy) personally think they present a wonderful opportunity to reduce the size of the $12.2B debt collections industry). But to truly maximize the potential of smart contracts, we must first understand their flaws and limitations (and resolve them):

  • smart contracts may contain coding errors (and many developers write code using a fail fast and iterate mentality)
  • smart contracts may contains vulnerabilities easily exploited by hackers
  • smart contracts may not accurately reflect the intent of parties
  • contracting parties may change their mind and wish to amend, modify, or terminate the contract due to misrepresentation, mistake, duress, impossibility, or a change in circumstance
  • external data sources, such as other contracts or oracles may provide incorrect data

Many industry experts, understanding these limitations, have been calling on solutions for a while. We’re experiencing the early days of a nascent industry, much like the early days of the internet. I think we’ll get there, but it’ll take a while.

Meanwhile, until smart contracts allow users confidence in their transactions, the use of smart contracts is more akin to playing roulette—you’re not quite sure what you’ll end up with. The lack of a safety net in smart contacts currently inhibits smart contract adoption, and dampens transactional certainty. Further, the logistical and cultural hurdles of even disputing a smart contract in the current traditional legal ecosystem presents several challenges. Our team at Sagecoin is developing such a solution, which involves a smart contract “freeze button” and a dispute resolution marketplace, all atop a borderless, digital jurisdiction. This solution, alongside several others—including identity verification services, security audit solutions, etc. will help to bring more stability to the smart contract ecosystem.

With regard to Party Failure #2, we believe that our solution could have been employed to stop this issue from occurring using a number of measures that our SDK offers:

1. Time Locked Dispute Resolution points could have been employed around key functions in the shared library such as functions that kill the contract — this would have provided ample notice that the contract was going to be killed before it actually happened and allowed the opportunity to disable the kill call.

2. Immediate Dispute Resolution Points could have been used as checks in the code to send the shared library to dispute as soon as it was clear that the contract had no owner or that someone had become owner that should not have been.

3. Every single wallet contract created with this shared library system could have included its own dispute resolution parameters local to that wallet using the Sagecoin Base SDK. If implemented at the lowest level, this could have been used to dispute individual wallet contracts even if the shared library was deleted. In other words, there may have been a secondary and localized way to unfreeze the funds if the shared code was deleted.

Amy Wan, Esq.CIPP/US, is a Senior Contributor to Crowdfund Insider. Amy is founder and Chief Legal Hacker at Sagecoin, a Bootstrap Legal legaltech blockchain project, and is a consultant with ICOinvestor.tv. She has authored many legal publications, including the upcoming Bloomberg Law ICO offering practice guide. Amy was previously Partner at a law firm that specialized in crowdfunding and syndication law, and was the General Counsel of a real estate crowdfunding platform. She has been named one of ten women to watch in legal technology by the American Bar Association Journal in 2014 and was Finalist for the Corporate Counsel of the Year Award 2015 by LA Business Journal. She is the founder and co-organizer of Legal Hackers LA.

Daniel Rice is a veteran software engineer, leader, speaker, and writer with expertise in blockchain and finance. Daniel’s most recent role was as CTO for Totum Risk which provides portfolio analytics software. Totum was selected for YNext incubator in 2016, which was awarded “top accelerator” honors by Finance Magazine. Daniel has helped launch over 20 products, and as an entrepreneur his personal apps have racked up over 5 million downloads. He has previously consulted on blockchain projects for a blockchain escrow company and blockchain real estate title transfer and records company. In 2014 Daniel founded Bitcoin Developers Los Angeles to focus on building a developer community around blockchain technology. He has also consulted as CTO for several early blockchain startups and published a whitepaper on managing price volatility of cryptocurrencies. Daniel is also the founder and organizer of the Orange County CTO Forum. He holds a BS degree in Computer Engineering from Cal Poly, San Luis Obispo.