the dao attack - ethereum
TRANSCRIPT
The DAO Attack
Pablo Fernández BurgueñoAbanlex
@Pablofb_en
The DAO attack
‘The DAO’ has been hacked.
The code of The DAO was the only contract
The code has a vulnerability.
The hacker has drained more than 3 millions ethers.
The amount is between $45-60 millions.
@Pablofb_en
Ethereum & Smart Contracts Ethereum Network
6,000 computers running ethereum blockchain It allows people:
To exchange tokens of value (ethers) To write an published Smart Contracts
Smart Contracts Where are they? In the network How to put them there? Writing the code in the
“data” space of a specific transaction How to execute them? By sending ethers to
them
@Pablofb_en
DAO Decentralised Autonomous Organization Non hierarchical For profit vehicle Based on a smart contract
Code = Contract law “The code is the law” Stands alone Self-executing Subject to no human interference
@Pablofb_en
How a DAO works
Smart contract (software) Can run an organization It has to be uploaded to the blockchain
Initial funding period (Crowdsale or ICO): People purchase tokens Each token represent ownership
The DAO begins to operate: People can make proposals to the DAO on how to
spend the money Members can vote to approve these proposals
@Pablofb_en
Tokens – Share capital
Tokens are not equity shares Tokens are contributions to the DAO Tokens give people voting rights
Each token can be exchange into ethers Ether cryptocurrency from the Ethereum
Network 1 Ether similar to 1 bitcoin 1 Ether = $21
@Pablofb_en
The DAO
The DAO Name of a particular DAO Conceived of and programmed by Slock.it Launched on 30th April, 2016
Society binding rules (contract) code Code based on Ethereum’s rules Code can work only on the Ethereum Network Code Program = Possible vulnerabilities
Funded: $150MM (more than 11,000 members)
@Pablofb_en
The DAO’s vulnerabilities
Code vulnerable, as every software Secure code X % Unsecure code (or weakness) Y %
Known vulnerabilities Some of them were published on forums Vulnerability: "recursive call bug"
12th June Stephan Tual one of The DAO’s creators "no DAO funds at risk“, said Stephan Tual.
@Pablofb_en
The Weakness
Weakness: Function Split proposal = reward + update Purpose of this function: split because someone
doesn’t agree with a proposal wishes to withdraw funds
This part of the code wasn’t prepared for a race condition: 2 or more simultaneously operations
Some of the code was audited, some not: Some code review happened on github. The problematic code wasn't audited. Consequence: Distrust in the smart contract code
@Pablofb_en
The Attack
The attack started by Saturday, 18th June The attacker creates a split proposal loop Reward + no update + reward + no update + …
The attacker drained more than 3.6MM ether into a “child DAO” stopped voluntarily
FAIL: All the ether was in a single DAO’s address That attack, or another, could continue at any time.
@Pablofb_en
Solutions to the hack
Possible solutions to the hack: Hard-fork of Ethereum: to rollback the Ethereum
Blockchain to a time before the attack. Soft-fork: By censoring or ignoring instances of the
address of ‘the attacker,’ a soft-fork could be used to reclaim the lost funds.
Nothing: The funds could remain lost.
Two legal problems 1st Problem Is the code a legal contract? 2nd problem no law can be easily applied
@Pablofb_en
Was an attack or an intelligent hack? Attack (or intelligent hack?)
The attacker explode the weakness He drained ETH 3.6 MM (millions) $45-60MM
Is this against law? Which law? Remember that The DAO:
is based in a freedom idea is constituted on ethers (international
cryptocurrencies) Has, as partners, thousands of unidentified
members The partners are from all over the world
@Pablofb_en
Which law rules The DAO
Law and jurisdiction for the case of an attack: Iraq law? US law? Spanish law? French law? Terms & Conditions
Predefined law (ab initio) Possibly against Ethereum’s freedom
standards Free of cost clause creator 3rd private (anonymous or not) decision
from an arbitrator DAO members decisions legal uncertainty
@Pablofb_en
@Pablofb_en
Lets think about the solutions Solution to DAO attack
Not to do anything To call Vitalik and to ask him to fix it
How to fix the weakness: Soft fork freeze assets
Freeze contract with specific hash code Blacklist transactions to the eyes of the minors
Vote: majority consensus Not to do anything Hard fork forfeit assets (not a bailout but a
seizure)@Pablofb_en
Attacker answer*
Attacker answer: The attacker published a note* on Twitter about
the attack. Hard fork
He could not use what he legally has He will pursue the case and demand his rights in
courts No to do anything decision:
He will reward miners with ETH 1 MM ($12m)
* It is not sure yet that it was the actual attacker the one who published the note.
@Pablofb_en
The attacker letter
===== BEGIN SIGNED MESSAGE =====To the DAO and the Ethereum community,
I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of "child DAOs".
@Pablofb_en
The attacker letter
I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:
"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413.
@Pablofb_en
The attacker letter
Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain;
@Pablofb_en
The attacker letter
to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."
@Pablofb_en
The attacker letter
A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. Such fork would permanently and irrevocably ruin all confidence in not only Ethereum but also the in the field of smart contracts and blockchain technology. Many large Ethereum holders will dump their ether, and developers, researchers, and companies will leave Ethereum. Make no mistake: any fork, soft or hard, will further damage Ethereum and destroy its reputation and appeal.
@Pablofb_en
The attacker letter
I reserve all rights to take any and all legal action against any accomplices of illegitimate theft, freezing, or seizure of my legitimate ether, and am actively working with my law firm. Those accomplices will be receiving Cease and Desist notices in the mail shortly.
I hope this event becomes an valuable learning experience for the Ethereum community and wish you all the best of luck.
Yours truly,"The Attacker"===== END SIGNED MESSAGE =====
@Pablofb_en
Who’s the bad guy?
The attacker (Is he/she a good or bad hacker?) He analysed the back door or weakness He verified that exploding the weakness
wasn’t against the code. Wasn’t against the private law.
Who is liable for any problems that may occur? The DAO creators for the bug? The token holders for accepting the risk? The exploder fulfill the contract?
What do you think about the forks? Is it fair to go against the one who fulfil the contract?
@Pablofb_en
Pablo Fernández Burgueño@Pablofb_en
www.pablofb.com
Abanlexwww.Abanlex.com
@Pablofb_en