...
Potential attacks
...
Recursive call
Recursive calling vulnerability or race to empty is is the kind of attack seen on Friday 2016-06-17. Here is what happens:
...
The process is draining the ether contained in the DAO into a child DAO.
The dao exploit followed this pattern: propose a split. Execute the split. When the DAO goes to withdraw your reward, call the function to execute a split before that withdrawal finishes. The source code, TokenCreation.sol, transfers tokens from the parent DAO to the child DAO. Basically the attacker is using this to transfer more tokens than they should be able to into their child DAO.
In essence, a call that looks like a regular call can easily be turned into a recursive call, and unless the application is coded very carefully, it can be used to make multiple withdrawals when only one should be allowed.
Callstack depth limit
Send with throw
Race to empty
Unchecked send
Re-entrancy
Loss of state
Copycat
Solutions
...
Soft fork
...
Miners, which compete to add new transaction blocks to the network, can already change their own block gas limits, but in this specific case, the mechanism allows for a form of miner-based voting to be held on ethereum. Once the network reaches block 1,800,000, if the overall network is below a threshold of 4m gas per block, the soft fork will activate.
A few days before the soft-fork was supposed to happen, it became obvious that there was a potential DoS attack vector which could have proved a significant issue for the ethereum network as a whole. The mining community reacted quickly and we saw an almost immediate swing in the gas limit to above the 4 million limit (equal to or below which would have triggered the soft fork); so June 30th has been and gone with no soft fork activation.
The hard-fork
The proposed hard fork solution will replace the code of The DAO and any child DAOs with a simple withdraw only contract; allowing DAO token holders to withdraw their relative portion of the ether held by The DAO into their ethereum address.
Drawbacks
But such an action undermines the stated premise of Ethereum. As stated in its status, “Ethereum is a decentralized platform for applications that run exactly as programmed without any chance of fraud, censorship, or third-party influence” - ethereum.org. Obviously going for a fork, even a soft one, is a difficult decision.
Robin Hood group
See also
...
- frozeman blog: confusion on the dao attack
- Analyse of the dao exploit
- Peter Borah: strategies for fault-tolerant smart contracts
- Contract security and design patterns
- medium.com: the attack story