Skip to end of banner Go to start of banner

Attack

Skip to end of metadata

Created by TheTradingHall, last modified on Jun 27, 2016

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

TO WRITE

Potential attacks

Recursive call

INCOMPLETE

Recursive calling vulnerability or race to empty is is the kind of attack seen on Friday 2016-06-17. Here is what happens:

The attacker exploits the fact that when a contract sends ether to another contract it also executes the code in the destination contract. If the destination contract is malicious, it could try to ask the first contract to send the money again. If the first contract does not update the balances before sending, the attacker is allowed to withdraw several times a single amount

The process is draining the ether contained in the DAO into a child DAO.

The dao exploit followed this pattern: propose a split. Execute the split. When the DAO goes to withdraw your reward, call the function to execute a split before that withdrawal finishes. The source code, TokenCreation.sol, transfers tokens from the parent DAO to the child DAO. Basically the attacker is using this to transfer more tokens than they should be able to into their child DAO.

In essence, a call that looks like a regular call can easily be turned into a recursive call, and unless the application is coded very carefully, it can be used to make multiple withdrawals when only one should be allowed.

Callstack

Copycat

Solutions

Soft fork

A Softfork is a minor, temporary alteration to the protocol wherein only previously valid blocks/transactions are made invalid. Since old nodes will recognize the new blocks as valid, a softfork is backward-compatible

Basically, it requires only the acquiescence of implementors and miners and need have no long-term repercussions, neither in terms of the code-bases nor in terms of the protocol spec.

In case of the 06-17 attack, this would freeze all ether in The DAO. The attacker, as well as anybody else, would not be able to withdraw any funds from any DAO.

Hard fork

The hard fork would mean rolling all the transactions back to a point before the theft.

Move all funds from contracts with the code hash 7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba to a new contract “RefundDAO”, replace the contract at the main DAO with a simple refund contract with only one function. But, as Patrick Murck, a lawyer and researcher at Harvard University’s Berkman Center says:

“The contract is the code, it's unstoppable code, it's unbreakable, it's self-executing and autonomous — right up until everything goes wrong. And then, 'No no no no, that's theft!' Which is some social norm that we've attached to it that's not based in the code, and then we're going to stop the whole system and basically bail it out. Is this something we're going to do every time a smart contract fails? Or is this just because there are a lot of [Ethereum] insiders in The DAO?"

No labels