Status | ||||
---|---|---|---|---|
|
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
Potential attacks
...
Recursive call
...
colour | Yellow |
---|---|
title | INCOMPLETE |
...
The process is draining the ether contained in the DAO into a child DAO.
The dao exploit followed this pattern: propose a split. Execute the split. When the DAO goes to withdraw your reward, call the function to execute a split before that withdrawal finishes. The source code, TokenCreation.sol, transfers tokens from the parent DAO to the child DAO. Basically the attacker is using this to transfer more tokens than they should be able to into their child DAO.
In essence, a call that looks like a regular call can easily be turned into a recursive call, and unless the application is coded very carefully, it can be used to make multiple withdrawals when only one should be allowed.
Callstack depth limit
Send with throw
Race to empty
Unchecked send
Re-entrancy
Loss of state
Copycat
Solutions
...
Soft fork
...
The evening of the attack, the Ethereum Foundation has asked the community, essentially the miners, to decide on whether they want to soft-fork, or freeze, the funds of the hacker. A soft-fork to freeze the hacker’s child DAO would buy the community more time to decide on a more permanent course of action, whether it is to hard-fork to return the funds, to freeze the funds indefinitely, to “negotiate” or extort the hacker to return most of the funds, or to let the hacker keep the funds. . If the majority of miners decides to do so it would be impossible for everyone to move ETH from every "theDAO" version. So it would affect the main "theDAO" and all the splits - including the regular and the malicious one.
An upgrade of both widely used Ethereum clients geth and parity will give the miners the power to support or not the soft-fork. Specifically, the upgrade would make it so that miners running the new software won’t be able to accept transactions from blacklisted addresses affiliated with the troubled fund.
The proposed patch works by giving miners the opportunity to flag that they support the soft fork, and then use their clients to lower a metric called the 'block gas limit', which puts a cap on the amount of gas (an element of ethereum transactions) that can be included in a block.
Miners, which compete to add new transaction blocks to the network, can already change their own block gas limits, but in this specific case, the mechanism allows for a form of miner-based voting to be held on ethereum. Once the network reaches block 1,800,000, if the overall network is below a threshold of 4m gas per block, the soft fork will activate.
A few days before the soft-fork was supposed to happen, it became obvious that there was a potential DoS attack vector which could have proved a significant issue for the ethereum network as a whole. The mining community reacted quickly and we saw an almost immediate swing in the gas limit to above the 4 million limit (equal to or below which would have triggered the soft fork); so June 30th has been and gone with no soft fork activation.
The hard-fork
The proposed hard fork solution will replace the code of The DAO and any child DAOs with a simple withdraw only contract; allowing DAO token holders to withdraw their relative portion of the ether held by The DAO into their ethereum address.
Drawbacks
But such an action undermines the stated premise of Ethereum. As stated in its status, “Ethereum is a decentralized platform for applications that run exactly as programmed without any chance of fraud, censorship, or third-party influence” - ethereum.org. Obviously going for a fork, even a soft one, is a difficult decision.
Robin Hood group
See also
...
- frozeman blog: confusion on the dao attack
- Analyse of the dao exploit
- Peter Borah: strategies for fault-tolerant smart contracts
- Contract security and design patterns
- medium.com: the attack story