Actually... the account model is much easier to use to get an accurate view of all balances than the UTXO model. As for rollbacks, Bitcoin had one in 2010 (https://en.bitcoin.it/wiki/Value_overflow_incident) and a chain fork in 2013 (https://bitcoin.org/en/alert/2013-03-11-chain-fork) both decided by those who could make the decision... and accepted by a majority of nodes, same as with the ETH hard fork
I'm not so sure about understandability at protocol level, I do believe Ethereum to be straightforward but then again I've followed its progress over the years
Finally looked at both of those bitcoin events that you are attempting to equate to the DAO fork. I commented about the first one elsewhere here. The second one was indeed a chain fork, which is actually a normal and expected event in Bitcoin when miners disagree (for whatever reason) about which blocks are valid or not.
In this case the disagreement happened because of a backwards incompatible change that was accidentally made to the mining software. Nodes running the old software rejected blocks generated by the new software. The bug was fixed and miners happily stopped using the buggy version of code and the chain fork was resolved, just as designed by the Bitcoin protocol. Nodes that never ran the buggy version didn't have to do a thing.
Like my discussion of the other bitcoin fork, this to me looks like an entirely different category of event than the DAO. Bitcoin fixed a broken promise in both cases. Ethereum broke a promise in the DAO fork.
The traceability of very much part of design of most blockchains, starting with Bitcoin. The whitepaper makes this clear in section "10) Privacy" and the article quotes half of the relevant text.
The remaining half states: "As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner"
Unlike Bitcoin, account based blockchains make this extra measure of privacy harder as the receiving and sending address is one and the same, however there's no limit to how many accounts one can have, so anonymity is still possible as long as acquiring the coins doesn't reveal your identity.
Those who sign up for cryptocurrency service providers (who are required by law to perform AML/KYC checks - and do so with the consent of their customers) trade away the privacy (of some of their) transactions for the benefits (most commonly, yield and ease of use) said services offer. This is not different from use cases of cash money, where getting cash money from an ATM or most money transmitters will reveal your identity, and while one is free to make in person transactions and remain "anonymous", if one wants to have a bank account or invest legally, then some level of KYC will be in place.
The article indeed asks the wrong question. DeFi can't operate legally without KYC/AML and customers know it. Your comment on the other hand seems to me to be making an error in believing DeFi users don't know this.
The "bug" is that some developers think of matching function signatures as some form of authN / authZ.
A few years back I wrote https://medium.com/coinmonks/lashing-out-at-a-spank-channel-... about a similar hack where a contract "trusted" a given (user input) contract based on nothing other than verifying a function signature. This latest hack was smarter but ultimately it still exploited a 4 bytes hash "security" feature...
>Another aspect of this is 51% attacks are recoverable for PoW, but are a permanent takeover condition for PoS networks. If a single entity ever accumulates more than half the tokens on a PoS network, they are unassailable.
This is not true. PoS has many design flavours and the one Ethereum is planning on implementing includes random selection of validators and the amount staked has no influence on the inclusion or the vote "weight".
Also with PoS an attacker will always incur economic losses similar to having your mining rig burning down if you were to try to foce a bad block through. In PoW networks attackers can keep on mixing attacks with producing normal blocks and remain profitable
If amount staked has no influence on inclusion or vote weight then what’s to stop a large ETH holder from splitting their wallet into several smaller wallets with the minimum staking balance and just gaining vote weight that way?
IIRC they have written blog posts in the past saying just as much.
Without losing their stake to slashing penalties, though, the worst kind of attack 66% (not 51% iirc) can do anyways is a censorship or denial of service attack. Which is bad, but at least they can't revert transactions or double-spend like in a PoW model.
