[btrask]

This argument can be made for most/all software vulnerabilities.

[zby]

Most software does not constitute a contract. If I run an internet connected computer I don't enter into an agreement with anyone on the internet to use my machine even if its OS has security holes enabling this. The DAO was supposed to be a contract specifying and enforcing in a formal and automatic way what the participants can do.

[sznurek]

I am not sure. I believe that in many cases similar activity would illegal or at least forbidden by Terms and Conditions.

I the DAO case I am not aware of any regulations or laws that the "attacker" has broken.

[joosters]

The DAO's 'terms and conditions' were the contract code itself. During the crowd sale, it was often said that 'investors' need to look at the code because that is the only binding agreement. I guess it turns out that's a lie too.

[malka]

Could the attacker then attack DAO for breach of contract ? That would be the ultimate plot twist.

[viraptor]

I expect the attacker either found a contract allowing them to short ether, or made some similar arrangement. Unless it's an attack on tech itself for personal reasons, someone's getting a lot of real money today...

[dragonwriter]

> During the crowd sale, it was often said that 'investors' need to look at the code because that is the only binding agreement. I guess it turns out that's a lie too.

No, it turns out that that's completely true, and that's the problem.

[BillinghamJ]

And as such, the contract would include clauses to protect against that. If the contract did not, one of the parties likely can take advantage as they wish.

It is the same with Ethereum. If the DAO 'contract' does not include the terms, the 'lawyer' who wrote it just didn't do a very good job and it is open to taking advantage.