Anyone who works with code will know that bugs happen all the time. Semantic bugs can be hard to anticipate, and are sometimes not obvious even to highly knowledgeable reviewers.
The big fallacy underlying the hard fork is the idea that bugs like this will only happen this one time and so the benefit of stealing the money back and giving it to community early adopters outweighs the costs to the institutional credibility of Ethereum.
In reality, there will be many, many more bugs in smart contracts where the intent of the coder does not completely match the behavior of the smart contract in the real world.
The Ethereum community, and notably its core team who wrote the code for the hard fork while claiming to be neutral in the matter, has sent a strong message that it will meddle in the outcome of contracts in which there was no VM bug.
Human institutions are relatively vulnerable to corruption. There is all sorts of graft, favoritism, etc., throughout most human institutions. Ethereum, because of the concentration of power among early adopters, is still vulnerable to this sort of corruption. We've seen it happen with the hard fork.
Is it a big deal? Well, the invisible hand should have awarded the spoils of the theft to the talented hacker who exploited the contract. Those who lost money in the DAO are people who followed a herd mentality and did not insist that the smart contract they trusted be vetted.
Formal verification will help somewhat, as will the improvement of coding practice. I saw some code written by someone involved in the DAO that was written in a way that made it hard to understand the side-effects of various calls. I'd highlight this if doing code review for a simple e-commerce cart, and it suggests that semantic clarity and readability were ranked low on the list of priorities, favoring a denser style that is much more demanding of the reader's understanding of the subtleties of the language.
What is missing is the simple idea of insurance. Suppose investors in the DAO had been allowed to buy insurance against the DAO malfunctioning... This could have been written as a simple smart contract "future" and could have been offered by anyone. So long as there was demand for both sides of the outcome, a price would have emerged to insure one's investment.
So I think we're on a slippery slope, most notably because of the silly idea that this was the last smart contract bug that will be highly significant or controversial.
Cryptocurrencies bootstrap by appealing to speculators who don't really care about the principle of how it's supposed to work, they just want to buy it early and wait for it to get big (as many did with BTC but many more wished they had). This is fine, but we saw the same sort of greed infect a lot more people, and a hard fork (bailout) occur soon after. You can call it adaptability, you can call it a bailout, it doesn't matter. The bottom line is that at present Ethereum is still vulnerable to it and will be for a while. Let's hope Ethereum grows to the point where a small cabal of people who made a bad investment (or hold a particular political view) can't undermine the system.
The big fallacy underlying the hard fork is the idea that bugs like this will only happen this one time and so the benefit of stealing the money back and giving it to community early adopters outweighs the costs to the institutional credibility of Ethereum.
In reality, there will be many, many more bugs in smart contracts where the intent of the coder does not completely match the behavior of the smart contract in the real world.
The Ethereum community, and notably its core team who wrote the code for the hard fork while claiming to be neutral in the matter, has sent a strong message that it will meddle in the outcome of contracts in which there was no VM bug.
Human institutions are relatively vulnerable to corruption. There is all sorts of graft, favoritism, etc., throughout most human institutions. Ethereum, because of the concentration of power among early adopters, is still vulnerable to this sort of corruption. We've seen it happen with the hard fork.
Is it a big deal? Well, the invisible hand should have awarded the spoils of the theft to the talented hacker who exploited the contract. Those who lost money in the DAO are people who followed a herd mentality and did not insist that the smart contract they trusted be vetted.
Formal verification will help somewhat, as will the improvement of coding practice. I saw some code written by someone involved in the DAO that was written in a way that made it hard to understand the side-effects of various calls. I'd highlight this if doing code review for a simple e-commerce cart, and it suggests that semantic clarity and readability were ranked low on the list of priorities, favoring a denser style that is much more demanding of the reader's understanding of the subtleties of the language.
What is missing is the simple idea of insurance. Suppose investors in the DAO had been allowed to buy insurance against the DAO malfunctioning... This could have been written as a simple smart contract "future" and could have been offered by anyone. So long as there was demand for both sides of the outcome, a price would have emerged to insure one's investment.
So I think we're on a slippery slope, most notably because of the silly idea that this was the last smart contract bug that will be highly significant or controversial.
Cryptocurrencies bootstrap by appealing to speculators who don't really care about the principle of how it's supposed to work, they just want to buy it early and wait for it to get big (as many did with BTC but many more wished they had). This is fine, but we saw the same sort of greed infect a lot more people, and a hard fork (bailout) occur soon after. You can call it adaptability, you can call it a bailout, it doesn't matter. The bottom line is that at present Ethereum is still vulnerable to it and will be for a while. Let's hope Ethereum grows to the point where a small cabal of people who made a bad investment (or hold a particular political view) can't undermine the system.