| Status | ||||
|---|---|---|---|---|
|
...
“The contract is the code, it's unstoppable code, it's unbreakable, it's self-executing and autonomous — right up until everything goes wrong. And then, 'No no no no, that's theft!' Which is some social norm that we've attached to it that's not based in the code, and then we're going to stop the whole system and basically bail it out. Is this something we're going to do every time a smart contract fails? Or is this just because there are a lot of [Ethereum] insiders in The DAO?"
Study case: the 2016-06-
...
17 attack
...
An attacker (the hacker) has stolen more than 3.5mm ether (around $45mm) from the DAO on June 17. The attack is very well described here. The vulnerability was the Race To Empty or Recursive Call attack. The evening of the attack, the Ethereum Foundation has asked the community, essentially the miners, to decide on whether they want to soft-fork to freeze the funds of the hacker. An upgrade of both widely used Ethereum clients geth and parity will give the miners the power to support or not a soft-fork.
A soft-fork to freeze the hacker’s child DAO would buy the community more time to decide on a more permanent course of action, whether it is to hard-fork to return the funds, to freeze the funds indefinitely, to “negotiate” or extort the hacker to return most of the funds, or to let the hacker keep the funds. But such an action undermines the stated premise of Ethereum. As stated in its status, “Ethereum is a decentralized platform for applications that run exactly as programmed without any chance of fraud, censorship, or third-party influence” - ethereum.org. Obviously going for a fork, even a soft one, is a difficult decision.