A $50 million heist calls a new virtual currency into question. What should Ethereum do about it?
Jessi Hempel

I’d say the code is tamper proof, almost to the point of being too tamper proof. By this I mean it’s very difficult to update code on Ethereum. Key to point out is this specific issue was not a flaw in Ethereum itself (although certainly a flaw in the documentation/ease of writing secure smart contracts) but a flaw in code written on top of Ethereum. It’s a wake up call that writing secure contracts is hard, I certainly don’t think it’s impossible though.

An analogy would be if someone wrote a python program that had a vulnerability, and that likely could’ve been prevented if the python documentation had more clearly specified how something worked. In Ethereum’s case with the DAO that’d be solidity and its documentation. Call.value should’ve clearly stated that it sent along all remaining gas as opposed to say a tiny amount/not specifying at all [one of these is generally safe, the other is dangerous if not used carefully].

As far as fixing it, there are really four main approaches I see:

1) Do nothing

2) “Soft fork” and freeze the attacker’s funds and safely withdraw the rest (now that the attacker has joined the white hat daos this is more complicated)

3) “Soft fork” and use a complicated scheme to get all the money back involving whitelisting specific addresses

4) “Hard fork” and just revert the attacker’s split transaction

It’s all gotten very messy now due to there being child daos including the attacker’s, two white hat ones, and 3–4 other small copycat attackers with decent chunks of ether in them.

Given the complexities of _just_ soft forking to return the money, and the relative simplicities of hard forking, and that they both end up with the same end result I’m inclined toward the hard fork side of the argument.

I think the community should try to (and has been) fix(ing) it. I see the foundation’s role as offering different options in the Ethereum code base for miners and nodes to choose (as they’ve already begun to do). Any decentralized Blockchain is essentially a democracy with a simple majority, which is actually quite healthy and the most practical way to view things in my opinion.