I’ll keep this in bullet points for the sake of brevity and limiting the moral/philosophical diatribe that’s bubbling up in this debate. I’ll also stay away from messy analogies
All in all, this is a shitty but equally fascinating event which will ultimately shape the rapidly maturing Ethereum ecosystem — for better or worse.
So, what the f*ck happened here?
- The widely covered and lauded Ethereum smart contract known as The DAO, which raised USD equivalent amounts of over $150 million in ETH was hacked.
- The hacker identified and exploited a vulnerability in The DAO that allowed them to repeatedly drain it of ETH into a child DAO.
- According to Vitalik himself:
The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.
- In total, the hacker ran away with 3,641,694 ETH (US ~$51mm at time of writing). Hacker contract link is here
- Due to the nature of the contract code, it is locked away for 27 days.
- This leaves the community 27 days to discuss what to do about said contract.
Welcome to a massive social experiment mixing vested interest, social consensus and decentralised blockchain platforms.
The Options:
Incredibly important point to keep in mind: any fork of the system would require consensus from miners. It cannot be forced onto the network.
Soft-fork
- A soft-fork will make any transaction that makes any call to the DAO and children invalid from a specific block onwards, preventing the ether from being withdrawn by the attacked past the 27-day window.
- It would have No Rollback — no transactions or blocks will be ‘reversed’
What it achieves:
- Freezes the attacker’s account, and buys the community additional time past the 27-day window to figure out what to do about it.
- Upside: more time to debate.
- Downside: more time to debate.
Hard fork
- Details are light, but the hard fork would essentially refund most, if not all of the stolen ETH by moving the DAO and its children into a new contract where owners can simply withdraw their ETH.
What it achieves
- DAO token holder get their ETH back
- Potential slippery slope: the integrity of the system is compromised by subjective consensus, not objective code.
This is where we land ourselves in a world of fiery debate. From where I stand it’s boils down to this — do we want to sacrifice the integrity of the system, because a contract ran exactly as programmed, but not as intended? even though it is at the great expense of a lot people?
No Fork
- The community doesn’t fork, and tries everything possible to recover the funds within 27 days.
- Most likely that the ~$50mm USD will be lost forever in the hands of an unknown hacker
- System is known for its emotionless integrity, serves as a tough lesson in smart contracts and cryptocurrency in general.
What I think could happen:
Let’s not forget that there is already a difficulty bomb built into the current version of the code that will force a hard-fork. It was initially intended to bring about the transition to the Proof-Of-Stake consensus mechanism.
Given that there is a point in time where the entire ecosystem needs to hard fork anyway, I think that a soft-fork to freeze the hacker account and extend the time for debate and potential recovery until the difficulty bomb and then provide two options for the community to adopt:
- ETH-VERSION-FOR-HARD-FORK.zip
- ETH-VERSION-AGAINST-HARD-FORK.zip
Let’s keep it civil
The Ethereum community up until this point has established itself as an incredibly welcoming and open minded group of people working towards a common goal. The r/ethereum subreddit is uncharacteristically kind and informative and it’s been a reason for such high developer engagement and adoption. Let’s keep our heads and live up to that as we deal with this, we’ll all be better for it.
Onwards and upwards.
— —
P.S. Massive shout out to Vitalik and the wider foundation team for pushing on and keeping cool heads amongst all of the trolls and jabs from around the web.
