Nostr Web Client

Yes I agree with what I read there, I found myself musing along similar lines: just the ability to *update* the contract shouldn't logically be interpreted as "money transmission" .. although, you could choose to.

Compare with non-blockchain software that's just an open source project - there, updates are made and users can *choose* to download and run the update, so there's even less centralized control, but it's still the same basic type of thing - the developer can at least influence, *very* strongly, what the user runs.

In other words, while we as open source bitcoin software developers can *hope* that the fine distinction between 'update the smart contract' and 'update the software' might make the latter remain legal, it's pretty thin gruel ... I would not trust that line to hold.

waxwing 2y ago

Hmm I'm not sure whether I completely buy what I just wrote there 😆

Take this passage from the coincenter article:

"We’re still researching but to our knowledge the only control that the defendants ever had over the smart contracts was the ability to change aspects of cryptography related to Tornado Cash’s privacy features and never had any ability to actually access, move, or direct the user funds in the contract. If that technical analysis is accurate then it does not seem likely the defendants ever had the sort of “independent control” over the transmitted value that FinCEN describes in its guidance, and, accordingly it seems that this alleged activity would also not constitute unlicensed money transmission."

If the ability to update the contract exists, one naturally assumes that it means ability to update *anything*, so one can sort of claim they have custody of funds.

And then on the other hand, these updates are always going to be 100% public (even if code is obfuscated), so "in theory" people can just not send funds to it when it changes in a way they don't want.

I honestly have no idea at this point 😆

Reply to this note

Please Login to reply.

Discussion

Sjors Provoost 2y ago

Not necessarily. You can specify which functions can be upgraded and which can't. For example some functions could be hard-code in the main smart contract, whereas others delegate to another smart contract, the address of which is stored in a variable. Ideally then those variables can only be changed by token vote, but my guess is that initially there was an admin who could do that.

However if "aspects of cryptography" could be changed, then most likely it would have been possible to brick the contract. But that would be destroying the company entirely, and so may not be an reasonable thing to demand. Plus it's rather pedantic, which itself doesn't always go well in court.

But imo the admin override doesn't matter. If it was a pure DAO then you just say "criminal conspiracy" and now all the token holders and developer are liable for the whole thing. Then all you need to do is *not* arrest the token holders (including the VC) and only arrest the developers and presto.

Sjors Provoost 2y ago

That said, the DAO didn't control the core contract. So to the extend that the core contract was used *without* any of the ancillary tools (website, DAO controlled smart contracts) then you COULD still maintain you had no control over that activity.

Unfortunately the DoJ probably just needs to prove *one* money launderer using the UI (based on CloudFlare records or something) for the money laundering charge to hold.

So then the defense in the US would have to fall back on the non-custodial side of things. At minimum they didn't need a license.

Sjors Provoost 2y ago

And it's worse. IIUC the money laundering charge is *conspiracy*. So they needed to have the intention of someone using the UI to launder money, and take one concrete step towards it (like writing the code). If such a charge survives, even if a license wasn't needed, that's a problem.

The Netherlands doesn't even have a license system for this, so it's really just about the question whether or not this was (actual, not conspiracy to) money laundering.

Sjors Provoost 2y ago

(where "intention" is a bar perhaps as low as "disregard for the risk of")