“I can fly I believe, touch the sky I believe I can” – Master Yoda May 13 The DAO is History… or is it? Not many understand what happened with the DAO hack . This should not come as a surprise considering an average crypto holder does not have the necessary technical background to understand it. And NO, Ethereum network did not reverse any transactions, what they did is much worse. To understand the situation it is important to have a picture of the system as a whole.
For that reason I’ll start by explaining the main blockchain concepts in layman terms — the details are left out as they are not needed to understand the DAO case. Blockchain A Blockchain is just an ordered sequence of transactions. One slightly odd thing is that transactions don’t get added individually but rather a set of them is packed together in something we call a Block .
Users around the world submit transactions to be included in the blockchain and once a new block gets added to the chain so do their transactions. So a blockchain is nothing more than a timeline of transactions with some really cool properties: It is a distributed network meaning that it’s really hard to shut it down or hack it because there is no single point of failure/attack Nobody is in charge. You don’t have to trust an intermediate actor to handle your transactions, it is done by the whole network together, so you only have to trust that the majority of the network is not acting bad For the purpose of understanding the DAO fork you don’t need to understand how blocks get created.
Transaction By now we know that people can submit transactions to be included in a block so lets define what a transaction is. Transaction is a transfer of value ‘X’ from wallet ‘A’ to wallet ‘B’.
We now have to ask ourselves who can submit such transactions? If anyone can submit any transaction then I’m able to submit one that takes money from your wallet and transfers it to mine. Such a world resembles a kindergarten far more than a mature financial system. We need a system around this to prevent living in such chaos. Enter cryptography magic Each wallet comes with a special pen that is unique to that wallet. The transaction is only valid if it is signed with the sender’s wallet(A) unique pen, thus confirming the funds can be moved to the receiver’s wallet(B). If the signature is valid then the transaction gets processed.
This is the only thing that keeps us separated from the world that is broken and useless. Robotized Wallets aka Smart Contracts Compared to Bitcoin where a wallet can only be controlled by a user (not entirely true), Ethereum network has ability for a wallet to be controlled by computer code — we call the uploaded code a Smart Contract — that is publicly available on the blockchain for anyone to read. When the code is written and submitted to the blockchain anyone is able to interact with it and it is guaranteed that the code will be executed exactly as specified in the contract because in this world the CODE IS LAW and the network doesn’t care about human interpretation of its execution.
There are many contracts written on the Ethereum blockchain but one played a huge role in Ethereum history — The DAO contract. The contract was written by a company named Slock.it started by a former Ethereum CCO Stephan Tual. For the purpose of understanding the issue, it doesn’t really matter what the code did, the important take away is that it was just one of the many contracts deployed on the Ethereum network.
The DAO Hack https://www.
reddit.com/r/ethereum/comments/4oi2ta/i_think_thedao_is_getting_drained_right_now/ Around 4 million Ether was drained from the DAO contract due to a recursive call bug in the contract code which amounted to roughly 150M$. It is important to keep in mind that the bug was not a part of the Ethereum network itself but rather a badly written contract that was deployed on the network, so the network itself was functioning normally. One could argue that the hacker did nothing wrong — someone claiming to be the DAO hacker made such argument in a public pastebin note I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of “child DAOs”. I am disappointed by those who are characterizing the use of this intentional feature as “theft”.
I am making use of this explicitly coded feature as per the smart contract terms Ethereum was sold as a code is law networkso nobody would ever think of forking to return the funds from a badly written contract because this breaks the code is law principle, right? After all many contracts have been hacked and nobody ever thought of forking to save people’s money — Why are we even discussing this? Nevertheless a fork was considered by the Ethereum Foundation. Rescuing DAO Funds — Hard Fork Implementation A lot of people say that Ethereum reversed transactions but this is not true. So if they didn’t reverse them, what did they do? Lets take a look at the actual hard fork implementation in go-ethereum aka Geth client . Call a function for custom state changes if the block is the DAO hard fork block — https://github.com/ethereum/go-ethereum/blob/master/params/dao.
go Takes the money from predefined addresses and moves it to some other account — https://github.com/ethereum/go-ethereum/blob/master/consensus/misc/dao.go The code takes money from a list of predefined wallets and moves it to another wallet. And it does all by skipping the special pens.
By altering the state directly it is possible to move money around arbitrarily without any signatures meaning the money can be moved without the owner’s consent.
This is what worries me, because it puts us to the state we talked about before, a world of chaos where money can be moved without the owner’s approval. Reversing a transaction is a horrible idea but this is just so much worse because when you reverse a transaction you can at least be sure the transaction happened in the past and was signed with the sender’s special pen. This puts a limit to what you can do — you can’t reverse something that never happened, you can only reverse actions that were already done and were approved by the network. If you allow to bypass the cryptographic security layer it takes you back to the world where it is possible to transfer any amount from any address to any address. The ability to change the state directly is much more powerful than a simple reverse and the Ethereum Foundation showed they are capable of doing this based on a very poorly executed voting — and they knew it.
Carbon Vote Carbon Vote was an unofficial way to express your opinion regarding the DAO fork. Each vote was weighted by the amount of Ether the address owned. Such voting needs a timestamped freeze of some sort or it can be vulnerable to the ‘move attack’ meaning a single user could vote multiple times by moving the Ether to another address. I might be wrong, but I think that the Carbon Vote was vulnerable to this attack at that point in time. Although at first it was said the vote is unofficial it was later used to come to a conclusion that ‘The community clearly decided to hard fork’. No .
This was not a community decision and here is why 72 million Ether was premined and at the time of the DAO hack there was around 82 million in circulation. Both Ethereum Foundation and Slock.it had a lot of ether to vote and considering the possible legal consequences it is almost expected of them to vote for forking The distribution of coins was so bad that it makes little sense to call any voting result a community decision — the DAO fork votes confirm this as 25% of votes came from a single address People that invested in the DAO had a higher incentive to vote compared to those that didn’t. It is somewhat safe to assume that most of people who invested in the DAO contract voted for forking — its kind of a self bailout that should not be allowed Less than 6% of ether holders took part in voting — many didn’t know the voting took place or didn’t know how to vote The results of the vote can be seen here along with the addresses that voted
Leave a Reply
You must be logged in to post a comment.