Recursive Call: The DAO on the Brink of Death and Ethereum To Be Hardforked

Ethereum Foundation headed by Vitalik Buterin opted to save the DAO funds for investors. However, the latter will only have an option of withdrawing funds. The DAO, as it may seem, is no more.

Buterin noted that mitigating the attack’s aftermath would require a softfork and a hardfork sequentially:

“The development community is proposing a soft fork, (with NO ROLLBACK; no transactions or blocks will be “reversed”) which will make any transactions that make any calls/callcodes/delegatecalls that execute code with code hash 0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba (ie. the DAO and children) lead to the transaction (not just the call, the transaction) being invalid, starting from block 1760000 (precise block number subject to change up until the point the code is released), preventing the ether from being withdrawn by the attacker past the 27-day window. This will later be followed up by a hard fork which will give token holders the ability to recover their ether.” 

The Crisis Timeline

Friday, June 17, The DAO, the first Ethereum-based decentralized venture fund, was attacked. The project announced it in its official blog, the community’s Slack channel, and in social media. For the next few hours, the events took a dramatic turn.

The DAO’s official blog proposed a possible roadmap to mitigate the attack’s consequences. In particular, the team offered to spam the project’s Ethereum address to slow down the drainage.

ETH tokens kept on flowing to the attacker’s address with majesty and grace. At the moment of writing, the contract’s balance counts 3,641,694 ETH tokens, which is worth around $64 million. However, the attacker won’t be able to withdraw the tokens from the child DAO for the next 27 days, which is the creation window for a child DAO.

https://etherscan.io/address/0x304a554a310C7e546dfe434669C62820b7D83490

The Market Reacts

The DAO tokens have rapidly cheapened by nearly 60%, and stood at 0.000071 BTC against 1 DAO.

Ethereum also was responsive of the attack, and the cryptocurrency’s price dropped below 0.02 BTC at a moment.

Vitalik Buterin urged crypto-exchanges to halt depositing and withdrawing amounts and to suspend the trade. The reaction was prompt, and shortly afterwards Kraken’s official Twitter read:

The End of the Attack and the DAO

Later on, Buterin published a detailed report on the attack featuring the description of the exploit used by the attacker, and shared the community’s further plans.

Currently, Buterin believes, the attack has been successfully identified. In fact it is still ongoing, and it uses a kind of ‘recursive call’, which enables the attacker to withdraw The DAO’s assets endlessly and transfer them to a child DAO via multiple division of the DAO and recurred collection of ethers within a single transaction. However, the target child DAO’s address is already identified, so the community has 27 days to rectify the problem. After that, the window will close.

The image below shows the splitting proposal used by the attacker.

Buterin claims that currently miners may continue confirming transactions as usual. After the softfork is released, they may install it as long as they agree with the solution.

He stressed that the exploited vulterability is specific for The DAO only.

“This is an issue that affects the DAO specifically; Ethereum itself is perfectly safe,” Buterin wrote.

Ethereum leader urged DAO holders to remain calm, and exchanges to continue selling ethers (without any reference to the DAO, though).

Buterin also warned Ethereum contract creators from creating contracts for more than $10 million, and noted that the development shall be careful so that bugs allowing recursive calls won’t find their way to the code. The developers will soon propose some recommendations as to creation of smart contracts so that they could avoid such bugs in the future. The recommendations are said to be released over a week’s course. Buterin also reminded that creators of convenient tools for safe contracts’ development are the preferrable candidates for the project’s grants.

Notably, the vulnerability was first identified a few days ago, and the developers have already reported they mitigated it. Back then, Stephan Tual of Slock.it described the vulnerability in great detail, and announced that updates to fix it would be released on June 13, 2016. Apparently, something went terribly wrong.

“The DAO should have spent more time to testing and woking in a testnet, but everything’s happening too fast, and the community always expects blockchain products to come out tomorrow. Stephan [Tual] is a great guy anyway. The DAO became the second most important organization to tell what decentralized autonomous organizations are, and created a market of DAO models for Ethereum and similar platforms,” commented Sergei Lonshakov, leader of development project Aira.

As the recursive attack proved extremely successful, the project’s creators opted to close the DAO and return the invested ETH coins to users. The DAO will be rearranged as a regular contract so that the investors could have their money back.

Even though The DAO experiment has apparently ended, the use of ‘too big to fail’ principle relieved the organization’s participants, as one might see from the title of the relevant entry in the official blog:

“TL;DR #theDAO attack: forks and coordination with the Foundation will help retrieve all stolen funds from the attacker. Same forks will make it possible for DAO ETH to be transferred to a smart contract which only contains a withdraw function. Since no money in the DAO was ever spent, and nothing was stolen, nothing was lost,” Stephan Tual commented to ForkLog.

Notwithstanding the current situation, Slock.it’s representatives deem it a temporary obstacle on the DAO concept’s path to success. However, they obviously are not ready to speak about their further plans.

Expert Opinion

ForkLog talked with experts to find out what they think about the recent developments.

Daniel A. Nagy, Ethereum developer:

“The bug is in the fact that simultaneity (atomicity) of withdrawal and deletion of vote rights was violated, and a smart initiation of division created a gap where one could put a launch of another division. Therefore, attackers may withdraw all funds from the DAO, slowly but steadily. This particular DAO contract is dead, all ethers invested therein are lost, and the attacker is the one who will own them. However, they will be able to spend them only in three weeks. Those who didn’t invest in the DAO didn’t suffer from the problem directly, they could only suffer from ether’s cheapening. So, there are only two questions left. Who dunnit? And what happens now?”

Sergey Lonshakov, development team lead at Aira:

“This attack is a great test for the community, and should bring those believing that creating a DAO is easy down to earth. The DAO was the first one to make on Ethereum what had been only talked about earlier, they created an organization with programmed rules. But you can’t ensure everything when you’re the first. You should be a Satoshi to do that, I think. They will find a solution, I’m confident about that. Not everyone would be comfortable with it, but it will be there anyway. It’s too early to deep-six the DAO, the precedent will most likely pave the way for other teams, that could show their DAO vision against the background of those problems. So, all in all, I think, it’s for the better.”

Andrey Khavryuchenko, hacking distributed systems since 1998:

“The best and yet disastrous solution here is Ethereum’s hardfork. The problem isn’t with Ethereum, but with the DAO’s code. An attempt to hardfork would kill Ethereum faster than any catastrophe with the DAO. Halting ETH and DAO trade was a mistake as well. It’s panic selling now, and many coins will be stolen over its course.”

Panic in the community causes investors to get nervous and sell their coins, however, it also opens a wide speculation window. ETH trading will most likely be very stormy these days. Recently, ETH beat another price record by surpassing $21 against one token.

Konstantin Lomashuk, co-founder of Cyber.Fund

“We invested in this project, as well as in Ethereum, and we understood the risks of something like that happening, but we were interested in the investment as an experiment in decentralized management. It’s a pity it was so short-living. As for the investment, all ethers invested in the DAO will be reimursed — we’ll be able to exchange the DAO tokens for ETH. Now Poliniex offers a 20% risk bonus in case anything goes wrong. So ether holders may earn a bit. As for Ethereum itself, the DAO’s liquidation will affect its price negatively as the project accumulated 14% of all ethers, and they will enter the market again. May investors will be selling their ETH, as they will exchange the DAO tokens for ETH again thus increasing the ETH share in their portfolio. The negative background will also affect the price as investors would be less optimistic. However, the long term recommendation for Ethereum is buy and hold.”

A few hours after the exploit was launched, the team used a softfork to rectify the vulnerability. Vitalik Buterin stated that no transactions or blocks would be rolled back, mainly because such rollback would make all evidences to identify the attacker futile.

ForkLog monitors the development of affairs.

by Toly Kaplan and Eugene Muratov