Analysis of the consequences of the DAO attack

Rage Comment : Last Friday, DAO was hacked. Due to a vulnerability in the DAO smart contract itself, $60 million was lost from the account. There are three solutions: a "soft fork" in the code can blacklist 3.6 million problematic Ethereum addresses; a "hard fork" can return the funds to the state before the attack; or do nothing and let the system handle it automatically. Both hard forks and soft forks can protect the interests of anonymous token holders. However, this incident should make us learn from our mistakes and learn from them. If we make the same mistake again, it will have a huge negative impact on all other blockchains.

Translation: Nicole

After The DAO was hacked by unknown hackers last Friday, the startup lost tens of millions of dollars and its ambitious vision of a fully decentralized, anonymous ecosystem was shattered.

Ethereum, a token with voting functions, was publicly sold and raised $150 million worth of Ethereum through crowdfunding. However, when the attacker discovered a vulnerability in the smart contract, about $60 million worth of Ethereum was taken out.

Originally intended to incentivize innovation within the Ethereum community, The DAO would allow voting members to choose which Ethereum projects they wanted to invest in, but the current plan is to return the digital currency to its original holders, with the project on hold.

While not everyone agrees this is the right move — nor can it be — yesterday’s events leave the future of Proposition 52 hanging in the balance.

Some people believe that this attack took advantage of the way smart contracts were written and should not be characterized as a hacker attack. The discovery of vulnerabilities is crucial to improving the shortcomings of a healthy ecosystem.

The once bright future built on distributed ledger technology and the promise of changing the way we govern ourselves has also been shattered.

Discovery period

Before the sun rose yesterday, Reddit and industry forums were abuzz with news that someone had removed funds worth $162 million from an account before the token sale was stopped.

Ethereum’s founder “halted” transactions in Ether, the digital currency that powers the Ethereum network. The DAO’s tokens were meant to digitize shareholder voting rights. In one fell swoop yesterday, a total of 3.6 million Ether, or $60 million, was removed from the account.

When funds stop being transferred out, the nascent system is left with the command promised by a code-based governance model with built-in consensus mechanisms for digital democracy.

Reasons for concern

Prior to this week, The DAO had already experienced a number of problems, which are common to any young startup in its early stages, but most of them were due to the nature of a completely new business model.

The Cornell research team noted that the problem found in the governance model is known as “bias,” which discourages token holders from voting, leading to “no” votes.

When money began to flow into a rogue account called “ChildDAO,” a whole new sub-industry of selective governance leveraging prediction markets, called Futarchy, began to emerge.

Until last week, most of us watching the development of this healthy young ecosystem had strong evidence of more than just management problems emerging in the largely untested code.

More than just a lesson for growth

Members of the Ethereum community discovered a vulnerability in the implementation of an Ethereum-based smart contract called a "recursive call." After some investigation, the problem that caused funds to be drained from the account through the current contract structure was identified as a problem with The DAO itself.

The DAO, created by a German startup called Slock.it, posted a “solution” on its GitHub account, asking ethereum community members to respond within two weeks if they had objections.

According to a post published on the company’s blog, no DAO funds were at risk due to this “bug.”

But in the meantime, someone, or a group of people, found a way to exploit the vulnerability by creating a so-called “child DAO,” using a separation mechanism that had a dual purpose: to disrupt the DAO to prevent suspicious token holders from continuing to control The DAO; and to encourage the creation of new DAOs.

Finally, three paths emerged.

A “soft fork” in the code could blacklist 3.6 million problematic Ethereum addresses; a “hard fork” could return funds to the state before the attack; or do nothing and let the system handle it automatically.

DAOs Failed Due to Rapid Growth

Did The DAO fail because it grew too fast?

Both hard forks and soft forks can protect the interests of anonymous token holders, but the potential conflict of interest that arises is that those who have the power to reverse funds are also the ones whose funds are at risk.

Such an idea has sparked concerns among members of Ethereum on various social media networks.

Even if the interests of The DAO token holders were taken into account to the greatest extent possible, the impact on the reputation of the system is irreversible - but transactions that have already been made can be cleared by approving smart contracts - this result is undesirable.

Taylor Gerring

In our report published last week, we analyzed the potential consequences of an event similar to the collapse of The DAO, similar to Mt Gox. In the article, Ethereum Foundation member Taylor Gerring said that he believes it is important to learn from past mistakes.

Given the resources at stake and the many projects awaiting scrutiny from The DAO — and the potential impact of smart contracts — he told CoinDesk that he would be in more detail:

“We should try to compare and make sure the same mistake doesn’t happen again. If we make the same mistake, it will eventually have a negative impact on all blockchains.”