A Hacker’s View of the Ethereum Fork

Published in

Decentralize.Today

7 min readJul 19, 2016

Short Background on Ethereum and theDAO Hack

[Warning: Very basic. Skip ahead if you have any clue what is going on.]

Ethereum is a crypto-ledger much like bitcoin, but it is designed for ‘smart contracts’ which execute complex transactions on the ledger as a part of the mining process. One such smart contract was ‘theDAO’, which managed the exchange of cryptographic tokens that designated ownership of an asset, such as the baseline example which was the right to open a door lock when renting a room. TheDAO was not the first such smart contract running on Ethereum, but there was a very strong marketing campaign touting its security over rivals, and thus attracted $150M in investment by the purchase of Ether (Ethereum’s base currency, of which there is ~$1B total) and the exchange of those Ether for DAO tokens, which essentially give voting rights for accepting new sub-contracts on theDAO, but specifically do not confer financial ownership of any assets.

TheDAO had a non-atomic transaction vulnerability in the code that moved Ethereum into a sub-contract, and this was exploited to extract most of theDAO’s Ethereum into a new sub-DAO of which the exploiteer is the only voting member. By the original rules of theDAO, this sub-contract has its funds frozen for 28 days, after which, the owner will presumably move it out of the contract and hide it so that it may be sold off slowly through the exchanges. Of note, there was an immediate drop in the value of Ethereum , which was accompanied by a $3M short which took $1M profit. Consider also that currently theDAO tokens still give holders exactly the same voting rights that they had before the hack, although the market value of the tokens has fallen to zero due to the vulnerability and lack of Ethereum for liquidation.

In response, the Ethereum core developers first suggested a software update that blacklisted the funds with a ‘soft fork’, but this was generally not met with a positive response. There were crypto-purists that generally oppose intervention, and some security concerns that there was no way to blacklist the funds without opening up a denial-of-service attack vector. More importantly, it didn’t get a lot of support because it didn’t return the money to those that lost it. Now the Ethereum developers are pushing a software update which will cause a ‘hard fork’, that is, a divergence of the blockchain, one side continuing as-is with the exploiteer getting the Ether, and the other refunding the Ether to the investors.

Although a straw poll showed support, there are strong arguments against. For the most part, discussion of this topic has been around the ethics of social action to rectify structural failure. It should be noted that the vast majority of the people that became interested in bitcoin (possibly somewhat less so for Ethereum), did so out of a fundamental distrust of systems controlled by social action. I link to Ian Worrall’s statement for this perspective: https://www.linkedin.com/pulse/my-official-statement-re-ethereum-hard-fork-ian-m-worrall?trk=hp-feed-article-title-publish

Links to more details:

https://www.reddit.com/r/ethereum/comments/4os7l5/the_big_thedao_heist_faq/
http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/
http://ethereum.stackexchange.com/questions/6176/what-is-a-recursive-calling-vulnerability

Inside the mind of the Pirate

With the fork set for deployment, the Ethereum core developers have declared war on this exploiteer, and perhaps rightfully so. I’m sure that they feel that the exploiteer attacked them, but I don’t think it’s reasonable to assume that this was an attack on Ethereum as a whole. In fact, at this point, the exploiteer is the largest owner of Ether, and has more incentive than anybody to make it successful. It’s important to understand whether you are dealing with a pirate or a terrorist, and to me it looks like a pirate.

Moreover, this is somebody that knows a lot about Ethereum, has a very good grip on Solidity (the programming language), and follows open source commits very closely (where the bug was revealed). My guess is that s/he’s one of Ethereum’s biggest fans.

Their goal is probably to keep the existing chain alive and launder out the Ethereum to make it untraceable, but leave it in the system both as an investment, and to prevent the matter from going into the jurisdiction of law enforcement by turning it into money, or even converting to another asset. Furthermore, Ethereum is moving to proof-of-stake, which means that this huge share is a compounding asset.

51% Top-Off

I just got an email from Kraken that there will be a trading moratorium for the two hours before the fork, and then during the fork, they will trade on the chain that has the most proof-of-work, basically GPU compute cycles. Miners may decide to put their proof-of-work on either chain, but will waste their money if they mine on the losing chain. Miners need liquidity through the exchanges to pay for their electricity, so the exchanges are critical.

If the miners follow the exchanges and the exchanges follow the miners, all they need to do is make sure that the old chain retains 51% of the mining power. If it is close, then it is a negligible expense to top it off. Worst-case scenario is that it requires matching the full power of the Ethereum network for a few hours.

Clearly the exploiteer has the incentive to purchase this capacity. Only theDAO token holders have any incentive to purchase opposing capacity. On the other hand, it may be financially difficult, or legally precarious for the exploiteer to purchase this capacity lest they are exposed by it.

Mining Rewards

In the Ethereum protocol, there is a ‘gas reward’ for the miners to execute a contract. By setting a high ‘gas price’, you can make any contract a lot more attractive to mine. Obviously you might put out some very lucrative gas prices on the chain you want mined.

Smart Contract Bitcoin Peg

Ether volatility is going to be extremely high leading up to and in the wake of the fork. A smart contract that sets a price floor for old fork Ethereum in terms of bitcoin could maintain the price above the price for new Ethereum. Not only does this nearly guarantee victory if their funding is sufficient, it also increases their Ethereum holdings. They would have to be careful to make sure that the Ethereum from these transactions is sufficiently laundered.

Smart Contract Mining Booster

In this contract, there would be a substantial reward for any new blocks won, either as a forward contract on the Ethereum currently locked up, or as bitcoin. The contract would take a pointer to a block won after the fork along with a proof of public key ownership, and publish a bitcoin transaction to that key. Note that it’s not even necessary to use Ethereum to do this.

Network Sharding

This is more of an offensive maneuver. As the networks are splitting and re-forming, there will be some handshaking instability that can be exploited to create additional forks in the new chain. All that is necessary here is a lot of low-cpu clients running the Ethereum client that wait until a branch is detected and then amplify by selective forwarding.

Brute-Forking

In addition to the selective forwarding scheme, the process can be accelerated by creating branches, that is, mining on many unique transaction sets and fowarding to the bifurcated network only when both have been discovered. If a legitimate node gets both, the one with the lowest nonce wins, but if you then concentrate your GPU power on the block with the higher nonce and create a new winning block, then you have a fairly good shot at forking the network.

90% Refund

This was probably his best chance, but it’s a little too late for it. The exploiteer now has a DAO that can be cashed out to the ‘shareholders’ by popular vote at the expiration of the holding period. Given that a fork might take out a lot more than 10% of the Ether price, and assuming there is some low probability that the fork will fail, it’s in everybody’s best interest to settle by essentially taking shares in the renegade DAO and voting for a contract that launders out the Ether on the 28th day. There may be additional protection offered by a contract that is secured by bitcoin so that the Ethereum fork cannot possibly reverse it.

Is any of this going to happen?

I have no stake, no opinion, and no idea what to expect. So far we’ve seen nothing but the letter from “The Attacker” which decried the fork in legal and ethical terms wth a whiny and pusillanimous tone; not the sort of thing that inspires one to believe we’re dealing with a mastermind, and hardly convincing any miners to stay on his chain. On the other hand, the cryptographic signature didn’t match the transaction, so the letter holds about as much credibility as Craig Wright.

What about the miners?

Given that this will be decided by the miners, it seems to me that they would only be primarily motivated to switch forks if they bought into theDAO, which is entirely likely for many of them. Other than that, the game theory solution is a hedging of their bets by splitting between both. If they are even awake at the time, they might also try to look at premarket orders on the exchange. There is also a question of Ethics. Are the miners crypto-libertarians that want to keep the chain pure from social action, or are they followers of the Ethereum core devs? Mostly I’d expect no changes at all to whatever they are currently doing.

What about the exchanges?

Directly following the fork, there will be a lot of folks that want to sell their Ethereum that they just got refunded to them. On both forks, there may be an absolutely massive dump from believers in each chain who figure they might as well sell for a small profit because they get to keep their Ethereum on their chain anyway. What is uncertain is whether there will be enough demand to keep the price of the new fork high. A lot of people expect an upward bump in the price, but I’m not sure that the supply/demand fundamentals support it.

Why Write This?

It’s too late now for the exploiteer to plan any of the things I’ve written here, but it’s a good time for the community to start thinking about what to expect from a capable adversary rather than waxing poetic about blockchain philosophy. In this case, the core developers, for better or worse, made a decision that was in the very least unexpected, and the burden is upon the community at large to prepare themselves for the consequences.