...
Study case: the 2016-06-17 attack
...
The attack
An attacker (the hacker) has stolen more than 3.5mm ether (around $45mm) from the DAO on June 17. In short, the attacker found a loophole in the regular splitDAO function so that they could reuse the same DAO tokens over and over again. The attacker managed to combine 2 exploits. The attack is very well described herefirst exploit was to call the split DAO function recursively. That means the first regular call would trigger a second (irregular) call of the function and the second call would trigger another call and so on. This allowed the attacker to split 20 times (have to look up the exact number) per transaction. He could not do more - otherwise the transactions would have gotten too big and eventually would have reached the block limite. Then, the attacker managed to replicate this attack from the same two addresses with the same tokens over and over again (roughly 250 times from 2 addresses each). So the attacker found a second exploit that allowed to split without destroying the tokens in the main DAO.The vulnerability was the Race To Empty or Recursive Call attack. In case you want to read more in the details, the attack is very well described here.
The soft-fork
The evening of the attack, the Ethereum Foundation has asked the community, essentially the miners, to decide on whether they want to soft-fork to , or freeze, the funds of the hacker. An upgrade of both widely used Ethereum clients geth and parity will give the miners the power to support or not a soft-fork. A soft-fork to freeze the hacker’s child DAO would buy the community more time to decide on a more permanent course of action, whether it is to hard-fork to return the funds, to freeze the funds indefinitely, to “negotiate” or extort the hacker to return most of the funds, or to let the hacker keep the funds. But .
An upgrade of both widely used Ethereum clients geth and parity will give the miners the power to support or not the soft-fork. Specifically, the upgrade would make it so that miners running the new software won’t be able to accept transactions from blacklisted addresses affiliated with the troubled fund.
The proposed patch works by giving miners the opportunity to flag that they support the soft fork, and then use their clients to lower a metric called the 'block gas limit', which puts a cap on the amount of gas (an element of ethereum transactions) that can be included in a block.
But such an action undermines the stated premise of Ethereum. As stated in its status, “Ethereum is a decentralized platform for applications that run exactly as programmed without any chance of fraud, censorship, or third-party influence” - ethereum.org. Obviously going for a fork, even a soft one, is a difficult decision.
...