Dan Connolly's tinkering lab notebook

## Etherium and DAO tokens: an experience report

Tada! I own 227.27 DAO tokens. Why? As a student of capability security and computer-supported collaboration in general, I'm naturally interested in smart contracts. When an autonomous smart-contract platform raises $100M+ in a week, I figure I should know how it works. The buzzwords run thick and fast: • The DAO is Code. • The DAO is Autonomous. • The DAO is Revolutionary. • The DAO is Rewarding. Which of these do I believe? • Code: Check. The evidence is clear and compelling. The bytes are 0x60606040523615... and a straightforward verification process establishes that the source code compiles to this output. • Autonomous: It autonomously does something (inasmuch as miners keep the Etherium distributed VM going). An audit has vouched that the contract is "secure" and, I gather, faithful to the DAO whitepaper. I haven't digested the argument that what it does is fair and not controlled by any one or few actors. I'm still digesting basics such as patricia trees, actually. • Revolutionary: Perhaps$100M in a week constitutes a revolution. But whether there will be any lasting effect is unclear to me. The argument from BitShares experience that voter apathy and mis-aligned incentives will result in failure is more substantive than any argument I found in favor of the DAO.
• Rewarding: Finding any substance behind this claim was quite a challenge. I looked for a simple 3-point argument that there's some ROI in here... Is that too much to ask? Apparently so. The whitepaper didn't elucidate much for me; it started with a bit of history of smart contracts (citing Szabo 1997 and Miller 1997 was good to see) and then immediately dove into details of the values of various constants in the contract algorithm. Buried several layers into the web site, I found that proposal 1 includes for a sort of generalized, automated airbnb. Ok, that's at least somewhat plausible. Follow-the-money seems to lead to slock.it. I'm sure it's rewarding for them.

I get anxious reading the code: too many of the security properties seem to rely on programmer dilligence:

function transfer(address _to, uint256 _amount) noEther returns (bool success) {
if (balances[msg.sender] >= _amount && _amount > 0) {
balances[msg.sender] -= _amount;
balances[_to] += _amount;
Transfer(msg.sender, _to, _amount);
return true;
}


Compare the above from Token.sol to the elegant simplicity of simple money in E:

            to deposit(amount :int, src) :void {
unsealer.unseal(src.getDecr())(amount)
balance += amount
}


OK... so how do I do it?

To obtain DAO tokens, ... send ETH from your Ethereum Wallet ... to The DAO’s address below. 0xbb9bc244d798123fde783fcc1c72d3bb8c189413

... and there's a wizard... it recommends paying eith ETH. But I don't have any. So I choose USD, at which point they refer me to bity.

• The register button wouldn't light up when I used a password manager to enter a password
• I eventually found a work-around: manually type a character and then delete it.
• After filling in all the info to order some ETH, they gave me international bank transfer instructions. I have no idea how to execute such a transfer, but I'm quite sure it's not something I can do now, when my bank is closed.

So I back-track and try the recommended wallet. Mist is an node+webkit style app. When I start it up, it says it has to sync with the blockchain and stays like that for longer than my attention span. How about some advanced notice that this is going to take hours and GB of disk space? I guess one should not expect good road signs in the wild west.

Back-track again... Searching turned up a How do I buy Ethereum with USD? answer Mar 8 at 5:38 by niksmac:

1. Buy BTC with a debit card at coinbase.
• The experience is much more what I expected. I did the SMS callback verification dance and exchanged \$30 for BTC using a debit card within 10 or 15 minutes. I switched the 2FA on my account from SMS to TOTP (google authenticator) in the process.
2. Exchange BTC for ETH using shapeshift.
• This presumes I have an ETH address. EtheriumWallet by Krypokit lets you make one right in your browser in a minute or so. While I'm sure a full blockchain sync is more secure, I'm only risking a few dollars here and "more" is probably a difference between getting struck by lighting once and getting struck twice. Do I really care?
• shapeshift result: receipt for 2.55384881 Ether
3. Send ETH to the DAO contract address.
• I got plenty of confirmations on transaction 0x1be4715b..., so I thought I was all set. But the last step of the DAO wizard was to confirm on the creation page, but I kept getting 0 tokens for my address there.
• Eventually I learned the out of gas warning really matters. That Krypokit wallet worked fine for sending ETH around, but it didn't add any gas, so non-trivial contracts didn't work.
• I back-tracked to MyEtherWallet, which added sufficient gas to run the contract. Bingo! I did a smaller transaction to be sure I had enough for gas and then another for the rest:

I eventually did a full blockchain sync. I kept starting over thinking I was doing something wrong. But no, it really iterates through all 1.5M blocks on the blockchain twice, which takes a few hours and uses about 2GB using geth --fast.