Press

Meet the team: VP of Special Projects Dat Nguyen

Today we highlight Sagewise’s VP of Special Projects, Dat Nguyen. A former patent litigator, Dat’s strong technical and legal experience allows him to bridge the divide between technology and law. Having spent his career at the intersection of technology and law, Dat brings a unique set of skills to deliver Sagewise’s vision of building a platform that provides a safety net for smart contracts, governance, and transactional confidence into the blockchain.

Prior to joining Sagewise, Dat was a business consultant advising and investing in startups from a wide range of industries including hospitality, healthcare, e-commerce, retail and video gaming. Dat also counseled clients in resolving their disputes efficiently outside of courts through mediation and arbitration.

Dat started his career as a commercial and patent litigator at Orrick, Herrington & Sutcliffe, LLP and then at Milbank, Tweed, Hadley & McCloy LLP. Dat has represented numerous Fortune 100 companies in resolving their commercial — and specifically patent — disputes. In addition, he counseled numerous clients regarding patent strategy and licensing. He has experience in a wide range of technologies including: cellular, semiconductors, memory, audio and video standards, video gaming, virtual reality, graphics processing, blockchain, and data encryption.

Along with Amy and Dan, Dat is also an active member in the Southern California blockchain and legal community. He has spoken on a wide variety of topics including: blockchain basics; the limitation of smart contracts and online smart contract dispute resolution; governance, data management, and decentralization; cryptocurrency; and IP considerations in the blockchain.

From his extensive litigation experience, Dat understands firsthand the inefficiencies and expense related with litigation. He is hopeful that blockchain technology can bring numerous benefits to the business world in minimizing and making disputes more efficient. However, before such benefits can be realized, there is a lot that still needs to be done on the blockchain. Dat brings his real-world experience of contract disputes and dispute resolution to the team and works closely with both founders Amy and Dan in developing each component of the Sagewise ecosystem.

Meet the Team: Co-Founder and CTO Dan Rice

Today this blog will highlight the background and current role of Dan Rice, Sagewise’s Co-Founder and Chief Technology Officer. Dan brings a strong background in technology to the company and, working with our CEO Amy, is well-positioned to deliver Sagewise’s vision of a fully built-out platform for a smart contract safety net. His successful background and deep knowledge of and involvement in the blockchain and fintech spaces position him as one of the leading experts and a first-rate choice to lead our technical development.

Dan began his career in kernel software development. In the kernel, a single bug will crash the entire computer. This environment was great training for working with public blockchains that are generally written in the same programming language as kernel systems, and blockchain bugs similarly have catastrophic impact — the potential loss of all funds.

Since 2014, Dan has been focused on blockchain and fintech. During this time, he has acted as CTO and consulting CTO for a number of projects, including Totum Risk and Velox. He authored the vzero framework solving cryptocurrency volatility issues, which you can find here. In 2016, Dan participated in the YNext Incubator as CTO for Totum Risk. He also founded the Bitcoin Developers Los Angeles Meetup as well as the Orange County CTO Forum, where he is also the chief organizer. Dan has built more than 20 software products over the course of his career, and the apps he has worked on as an entrepreneur and/or developer have been downloaded over 5 million times globally.

Along with Amy, Dan is often invited to speak at blockchain- and fintech-focused events around California and the nation. He has spoken on topics including blockchain basics; limitation of smart contracts and online smart contract dispute resolution; governance, data management, AML/KYC, and decentralization; client risk management and analysis software for financial advisors; software development in iOS, OSX and Windows; cryptocurrency usability and mass-adoption barriers; and ways to moderate volatility in cryptocurrencies.

Dan is a hands-on CTO, taking an active role in the development of each component of the Sagewise ecosystem. He was instrumental in the recent launch of our SDK, which marks the first time a working solution for smart contract dispute resolution has been released. As we continue to grow and execute on our longer-term vision, Dan will play a key role in overseeing all of our development efforts as well as contributing to the overall roadmap. He will help to build out a best-in-class team of developers to support and implement our objectives, providing leadership and oversight for our growing office. We are very glad to have Dan on board in this key role as we move forward.

Meet the Sagewise Team: Founder Amy Wan

Amidst the many product announcements, user stories and other important milestones we will be posting here over the coming months, we want to make sure we take time to introduce the team behind Sagewise. Ultimately, the success of a project comes down to the skill and dedication of the people behind it, and Sagewise has one of the strongest teams in the blockchain space, along with particular expertise in the legal sphere. In this post, we highlight the Founder of Sagewise, Amy Wan.

Amy founded Sagewise in 2018 after realizing the potential chaos that could arise from smart contract disputes. Her interest in smart contracts stems from her legal background and her experience in the crypto space; the intersection of these two passions formed the foundation of the Sagewise concept. As an attorney, Amy has served as a Partner at a boutique securities law firm and General Counsel of a fintech company. She has also authored numerous publications, including the Bloomberg Law guide to ICOs and chapters of the LexisNexis’ Private Equity Guide. Amy was named one of the “Top 10 Women to Watch” by the ABA Journal in 2014, one of 18 millennials changing legaltech by Law.com in 2018, and recognized as a top woman in legaltech by the ABA Legal Technology Resource Center in 2018. She also co-founded Legal Hackers LA, a recurring meetup for practitioners, students, educators and entrepreneurs to explore new ideas related to legal practice and entrepreneurship.

In 2015, Los Angeles Business Journal named Amy a Finalist for Corporate Counsel of the Year. She is also a Senior Contributor to Crowdfund Insider. Prior to her legal career, she served as a Presidential Management Fellow specializing in international trade and regulatory affairs at the U.S. Department of Commerce, U.S. Department of State, and U.S. Department of Transportation. A thought leader in the space, Amy frequently speaks at conferences and events, events including SXSW, PLI, ACMA, and blockchain conferences. Topics she has discussed have included SEC regulation of ICOs and the security/utility token question; crypto self-governance; optimal structuring of token economics; flaws in current models of smart contracts; and the regulatory environment for post-ICO businesses. She received an LL.M. from the London School of Economics and her JD from the University of Southern California.

Amy is passionate about crypto and believes she can leverage her unique background to bring positive change and real solutions to the space. Blockchain remains a brand new technology, and as it grows over the coming years, smart contracts infrastructure will assume and exponentially more important role in everyday business transactions. Making sure those contracts do the jobs they are supposed to, that they fulfill their promise of making markets smoother and safer, is the mission of Sagewise and its founder.

Sagewise at Cyrpto Invest Summit

Dat Nguyen, VP of special projects, and amazing Amy Wan impersonator, speaking about IP considerations for blockchain startups (article mistakes Dat Nguyen as Amy Wan):

“And according to Wan, you should act fast when filing a patent. IP owners have one year to file a patent after disclosing a new product or technology, and Wan said white papers — a popular form of preliminary documentation in the blockchain industry — most definitely count as an IP disclosure.”

For full coverage, please visit:

Crypto Lawyers Explain How to Keep Your ICO Legal at Crypto Invest

Sagewise on Forbes: Warren Buffett Is Wrong About Bitcoin

Sagewise CTO Dan Rice provides thought leadership on Bitcoin’s future in Forbes:

“We disagree with Warren Buffet that Bitcoin is a zero-sum game,” says Rice. “While it’s true that Bitcoin acts differently from more traditional investments, this is not a negative in our view. Too often traditional investors forget Bitcoin is actually a technology infrastructure.”

For full article please visit:

https://www.forbes.com/sites/panosmourdoukoutas/2018/05/07/warren-buffett-is-wrong-about-bitcoin/#40d93e90379c

 

Sagewise’s Vision to Build the Safety Net for Smart Contracts

Last month, we announced the launch of the Sagewise SDK. This marks a major milestone in the development of our business and the safety of the blockchain ecosystem overall. It is a step towards achieving our long-term vision of providing an infrastructure to address the inevitable issues that will arise around smart contracts. In this post, we want to provide a little more information about this vision and and our plan to achieve it.

Although most participants in the blockchain space probably don’t realize this, many smart contracts have errors or oversights in their code bases that will lead to significant problems for their businesses and for users down the road. Even if the smart contract code is perfect, situations inevitably arise that could not have been predicted by the developers writing the contract. Since 99% of people cannot audit (much less read) a smart contract’s code for themselves, they have no way of confirming the quality of a product other than trusting the word of a developer.

This situation is bound to lead to errors and misunderstandings. Over the coming weeks, we will publish a series of blogs outlining theoretical situations that can arise from such problems. Crucially, there is currently no way to resolve disputes arising from an error in a smart contract. The fact that the contracts are “smart” and automatically execute based on pre-set requirements can actually exacerbate disputes if the contract is not correctly constructed. Because the blockchain space remains so young, many parties remain unaware of the existence or the potential magnitude of this issue.

Sagewise’s vision is to build a fully-functioning plugin solution that allows smart contract users to achieve their true transactional intent, including the ability to resolve the disputes that will inevitably arise around smart contracts as they are bound to arise from any form of human interaction. Sagewise can “freeze” a smart contract in place while disputes are mediated. It can devise a number of forms of resolution depending on the preferences of the parties involved and on whether dispute resolution was built in to the original contract. Our goal is to provide peace of mind and the expectation of an equitable outcome for blockchain transactions – a toolkit to make sure smart contracts are doing their jobs. The safety net provided by Sagewise is intended to grow into a full suite of capabilities that will be indispensable as the crypto space expands. Disputes around token offerings are a problem; disputes around smart contracts that underpin entire supply chains are a crisis. We are building a platform that addresses the enormous future of blockchain, a future in which broad mainstream adoption is a reality and the integrity of contracts is paramount.

Batchoverflow Bug Points to Smart Contract Challenges; Sagewise has Solutions

 

Multiple exchanges have now halted trading for a number of ERC20 tokens due to a newly discovered smart contract bug called Batchoverflow. Batchoverflow is an exploit discovered where a public function called “batch” can be maliciously used to create additional tokens on some ERC20 token contracts. A hacker recently attacked two specific ICO contracts using this approach, minting billions of unplanned ICO tokens, then attempted to transfer them to an exchange to sell them off. One such token, BeautyChain (BEC) was among the first to fall victim on Sunday when attackers generated 10^58 (that’s a one with 58 zeros after it) BEC tokens, resulting in a loss of ¥6,447,277,680.

The security researchers who first discovered and named Batchoverflow have listed a number of challenges encountered with reporting and resolution of this issue.

To understand the new challenges presented by smart contract bugs, we should first explain how security researchers generally report software exploits they discover: A researcher who discovers an exploit normally will first quietly report the issue to the company who owns and maintains the vulnerable system. The researcher will also give a time window which the company can use to fix the issue before the general public is made aware that the issue exists. The reason for this is that if the researcher immediately announces the flaw, there will be time for hackers to use the published exploit before the company can reasonably take measures to mitigate or resolve the issue.

Smart contracts present a unique challenge for security research disclosure windows because smart contracts are immutable and cannot be changed. Thus, giving notice to a smart contract creator will not enable them to patch their system since the smart contract cannot be patched at all, no matter the timeline. If and when a company is made aware that their smart contract is flawed, they may need to turn to exchanges to halt trading simply because they have no method of fixing the issue at all. Secondly, at some point the company must decide when to notify users that the smart contract is flawed, but doing so will guarantee the contract will be exploited by a multitude of hackers.

Sagewise presents a simple solution to remedy the problems presented by the immutable nature of smart contracts. Contract creators can wrap their contract using the Sagewise SDK allowing additional functionality when they need it most. In the case of Batchoverflow, over a dozen smart contracts are vulnerable. If these contracts had implemented the Sagewise SDK, contract participants could have frozen the contract as soon as they became aware of the exploit. For most of the impacted contracts, this would have meant freezing the contract prior to any exploit occurring, thus removing any chance that the contract could be exploited. The timing would also be much more favorable as the contract could be frozen quickly before the exploit was publicly disclosed leaving no time for a bad actor to exploit the contract after the announcement.

To follow Sagewise, please join out Telegram at t.me/sagewise and sign up for our newsletter at www.sagewise.io

Sagewise Announces Alpha Release of Ethereum Smart Contract SDK To Combat the More than Half a Billion Dollars Lost in Smart Contracts in 2017

Today, we are proud to announce the alpha release of the Sagewise smart contract SDK. Built on the Ethereum blockchain, the SDK is a core component of Sagewise’s toolkit for unforeseen errors and disputes in smart contracts and marks a key milestone in its overall development. Before getting into the details of today’s launch, let me start with a little background on what we hope to accomplish at Sagewise.

Modern day smart contracts started with the launch of Ethereum in 2015 and, in a lot of ways, represented the dawn of fully programmable money. From the outset, one of the biggest concerns of the community was that combining human-created code with instant money transfer could frequently and unexpectedly result in the loss of user funds. Because less than one percent of the earth’s population can program or read code, cryptocurrency-related transactions–including smart contracts do not represent an area where we can reasonably tell a person to “DYOR” (do your own research), as often stated in the cryptocurrency community. Instead, smart contracts represent something very similar to traditional paper contracts in that they cannot be adequately understood or audited by ordinary people. While anyone can attempt to read acontract, if they lack a background in programming or law, respectively, it is highly unlikely they  will be able to catch all the nuances and find all the holes. As an example, someone with no programming background cannot be expected to be aware of all the possible obfuscated bugs that may exist in a smart contract.

Which is where we find ourselves today. More than a half a billion dollars was lost to smart contract coding bugs in 2017. The initial fears and predictions are now reality, and it’s time to figure out how to fix it. Many people are working on this issue through two different approaches:

  1. Making smart contract code better through better coding, tools, and audits
  2. Resolving issues that arise through mediation and dispute resolution

At Sagewise, we are focused on the latter. We are bringing transactional confidence to smart contracts by building infrastructure that acts as a safety net for unforeseen circumstances, whether that be coding errors, security vulnerabilities, changes in circumstances, or disputes. We chose to focus on this because not all issues related to smart contracts can be foreseen–even with the most careful, thoughtful coding. Smart contracts can get bad data from an oracle, or a situation can occur that was never considered. While code is static, human situations are not–we live in a world where volcanoes can halt air travel, strikes can delay commerce, and seemingly unlikely human actions can result in situations no one thought possible. Code cannot be aware of every future possibility. The question is, how do you put a safety net around a smart contract without completely damaging the immutability and decentralization?

Our release today provides a peek at our approach and can be summarized by the following features:

  • All functions in the contract can be frozen;
  • Contracting parties do not have any special control aside from the ability to start a dispute, which freezes execution of the smart contract;
  • Dispute resolution vendors are given complete access to the contract via ‘Administrator Mode’, but this only is available when a dispute has been initiated by one of the contracting parties. This allows contracting parties to fix any issues that may have occurred.

In coming months, we plan to add several more features to the SDK to improve its robustness and usability. Alongside the Sagewise ContractCanary–a smart contract email monitoring and notification system available to licensees– the Sagewise SDK prevents unforeseen execution of a smart contract. Sagewise also  plans to release other support tools as part of its infrastructure that will help bring the entire transactional process together, from documentation of smart contract intent to dispute resolution process handling.

We welcome feedback and engagement by community members, who can sign up for updates at sagewise.io and engage via our Telegram channel at t.me/sagewise.

Our alpha SDK repository can be found here.

How Parity Wallet Failure #2 Demonstrates that Smart Contracts Are Not Invulnerable

As you’ve probably heard, on Nov. 6, Parity encountered yet another failure, and the result? Some $150M-$300M dollars worth of Ether is locked down (there are conflicting reports as to the exact amount), and we’re hearing talk about an Ethereum hard fork, yet again. (How many times can Ethereum hard fork before it’s not a decentralized or immutable?)

As much as we’d like to throw shade on Parity, there’s a bigger picture problem here—Parity is not alone. Parity hack 1, Parity “accidental code deletion” 2, and The DAO hack are all part of a larger systemic issue around smart contracts and code.

An Explainer About This Latest “Accident”

Parity is a smart contract-based Ethereum wallet meant to provide improved security for Ether holders using something called multi-signature. A multi-signature wallet can be explained as a wallet that requires multiple keys turned at once to unlock funds. Parity and multi-signature are considered state of the art for protecting funds, and many high-profile projects use Parity wallet to hold a large amount of Ether.

On July 20th, after the first hack, the Parity multi-signature wallet software was upgraded. The upgrade included some structural changes to the project. Namely, the project was separated into individual contract code that would be published to the blockchain by each user, and a library of functions that would now only need to be published once by Parity. The idea was that since users must spend money to publish their wallet to the blockchain, this shared library would reduce the size of the code that each user needed to publish while their individual code could call into this shared code library that would already be published at a hardcoded address.

Here is where we get to the problem that occurred: A user on github named devops199 discovered that the shared library code was not properly secured because the owner was not yet assigned. Devops199 added themselves as the owner of the contract/shared library code and then directed the blockchain to “kill” the contract. The kill call permanently deleted the shared library from the Ethereum blockchain. This means that all the other multi-signature wallets that reference this shared code library can no longer call into it at all. Without this shared library code, there is no way to transfer funds out of the wallets. Thus, any wallet created with Parity multi-signature wallet after July 20 is currently frozen with all funds sitting visibly inside, but inaccessible.

Smart Contracts Aren’t So Smart

The term “smart contract” might be a misnomer, because oftentimes, they’re not so smart. In fact, smart contracts are full of vulnerabilities. Just as the best lawyers cannot always write perfect, indisputable traditional contracts, developers cannot always write perfect, error and vulnerability-free, disputeless smart contracts. Sure, we can use bug bounties, formal verification, and code audits to get close to perfection, but what happens when even those fail? Parity Wallet Failure 2 is just another one of many smart contract failures as of late, to add to a prominent list of other smart contract failures including The DAO hack, Parity Wallet 1.

Smart contracts have potential for a host of good. (I (Amy) personally think they present a wonderful opportunity to reduce the size of the $12.2B debt collections industry). But to truly maximize the potential of smart contracts, we must first understand their flaws and limitations (and resolve them):

  • smart contracts may contain coding errors (and many developers write code using a fail fast and iterate mentality)
  • smart contracts may contains vulnerabilities easily exploited by hackers
  • smart contracts may not accurately reflect the intent of parties
  • contracting parties may change their mind and wish to amend, modify, or terminate the contract due to misrepresentation, mistake, duress, impossibility, or a change in circumstance
  • external data sources, such as other contracts or oracles may provide incorrect data

Many industry experts, understanding these limitations, have been calling on solutions for a while. We’re experiencing the early days of a nascent industry, much like the early days of the internet. I think we’ll get there, but it’ll take a while.

Meanwhile, until smart contracts allow users confidence in their transactions, the use of smart contracts is more akin to playing roulette—you’re not quite sure what you’ll end up with. The lack of a safety net in smart contacts currently inhibits smart contract adoption, and dampens transactional certainty. Further, the logistical and cultural hurdles of even disputing a smart contract in the current traditional legal ecosystem presents several challenges. Our team at Sagecoin is developing such a solution, which involves a smart contract “freeze button” and a dispute resolution marketplace, all atop a borderless, digital jurisdiction. This solution, alongside several others—including identity verification services, security audit solutions, etc. will help to bring more stability to the smart contract ecosystem.

With regard to Party Failure #2, we believe that our solution could have been employed to stop this issue from occurring using a number of measures that our SDK offers:

1. Time Locked Dispute Resolution points could have been employed around key functions in the shared library such as functions that kill the contract — this would have provided ample notice that the contract was going to be killed before it actually happened and allowed the opportunity to disable the kill call.

2. Immediate Dispute Resolution Points could have been used as checks in the code to send the shared library to dispute as soon as it was clear that the contract had no owner or that someone had become owner that should not have been.

3. Every single wallet contract created with this shared library system could have included its own dispute resolution parameters local to that wallet using the Sagecoin Base SDK. If implemented at the lowest level, this could have been used to dispute individual wallet contracts even if the shared library was deleted. In other words, there may have been a secondary and localized way to unfreeze the funds if the shared code was deleted.

Amy Wan, Esq.CIPP/US, is a Senior Contributor to Crowdfund Insider. Amy is founder and Chief Legal Hacker at Sagecoin, a Bootstrap Legal legaltech blockchain project, and is a consultant with ICOinvestor.tv. She has authored many legal publications, including the upcoming Bloomberg Law ICO offering practice guide. Amy was previously Partner at a law firm that specialized in crowdfunding and syndication law, and was the General Counsel of a real estate crowdfunding platform. She has been named one of ten women to watch in legal technology by the American Bar Association Journal in 2014 and was Finalist for the Corporate Counsel of the Year Award 2015 by LA Business Journal. She is the founder and co-organizer of Legal Hackers LA.

Daniel Rice is a veteran software engineer, leader, speaker, and writer with expertise in blockchain and finance. Daniel’s most recent role was as CTO for Totum Risk which provides portfolio analytics software. Totum was selected for YNext incubator in 2016, which was awarded “top accelerator” honors by Finance Magazine. Daniel has helped launch over 20 products, and as an entrepreneur his personal apps have racked up over 5 million downloads. He has previously consulted on blockchain projects for a blockchain escrow company and blockchain real estate title transfer and records company. In 2014 Daniel founded Bitcoin Developers Los Angeles to focus on building a developer community around blockchain technology. He has also consulted as CTO for several early blockchain startups and published a whitepaper on managing price volatility of cryptocurrencies. Daniel is also the founder and organizer of the Orange County CTO Forum. He holds a BS degree in Computer Engineering from Cal Poly, San Luis Obispo.