There’s a great deal of misunderstanding about the forks being discussed in relation to the DAO failure, as well as what may happen without a fork. I’ll try and provide a concise explanation as I understand it. Please report any misunderstandings and I’ll update this post.
A soft fork is an optional flag that miners can elect to run on their node. The suggested fork is to allow breathing room only (to quote Jeff) to prevent any DAO contract, including child DAOs, from reducing their ether balance. This buys time for a real solution before more damage can be done by this or other exploits.
- DAO tokens can still be transferred and traded
- No ether can be withdrawn from any DAO contract
- DAO functions that don’t effect the ether balance should still operate
- No funds are rescued but all funds in any DAOs are frozen, including the attacker’s.
- A future soft fork is likely to be able to return at least the remaining funds.
- A majority of miners must choose to set a flag in the mining software for it to work
- Only miners’ upgrade the software. The current go implementation is here but isn’t finalised at the time of writing.
- Does not directly affect non DAO holders
- I have yet to see if it’s possible to recover the attacked funds with a soft fork but I believe all the other funds can be recovered with a subsequent soft fork.
- There is no one for an attacker to sue. It’s optional software miners can run (humour!)
A hard fork suggested by EthCore will replace the previously immutable contract known as TheDAO and perhaps any other attacked contracts. It will also directly transfer ether from attacker contracts back to the original DAO.
- There is no general blockchain roll back and no transactions are lost. This is a very common misconception.
- The DAO is closed
- All ether returned 100% to token holders at the time of the soft fork and no ether is lost
- Anyone who no longer holds tokens cannot participate. However, those who bought tokens and retain them can do so.
- There’s no financial bail out, although there is a trust one
- All native client software must be upgraded (Mist, Geth)
- Miners would be required to upgrade for the fork to succeed.
- It’s a consensus based upgrade. If a majority of miners refused then the hard fork would not go ahead.
- Does not directly affect non DAO holders other than an upgrade for native client software users.
- Rolling out a hard fork in Ethereum is currently relatively painless, as these things go. This won’t be true in future. Bitcoin hard forks are more problematic due to its relative maturity as well as a lot of politics.
- I am unsure what the plan is for extraBalance — perhaps paid as a bounty to miners?
- There is no one for an attacker to sue. It’s optional software miners can run.
No one yet knows if a soft fork can recover all of the funds or only some of them. A hard fork is definitely not required with any urgency but a soft fork is. Following the soft fork, solutions can be debated (thanks Nikolai for pointing out I hadn’t been clear about this).
There are knock on effects which will be bad news for any ethereum holders, companies, and even the wider crypto space should all the money not be recovered:
- Many of Ethereum’s biggest original funders and entrepreneurs backing many businesses are involved. Regardless of views on ‘bailing them out’, they are the ones who had funded/are funding ethereum and projects being built on it. They’re not being bailed out at anyone’s cost, there being returned their money so it can be reinvested in etherum projects Otherwise this categorically removes significant investment from the Ethereum ecosystem.
- A loss of even the current amount, $50m (at one point), is easily enough for the SEC et al to clamp down permanently on all tokens and crowd sales. That would affect all ethereum holders, traders, investors, miners and the wider ecosystem, including Bitcoin (and yes, the same would have happened on a Rootstock). Conversely, ‘no one lost anything, try better next time’ is neither news worthy nor problematic (or at least less so, there may still be implications). Quite simply, no more token sales to the public, no more buying and selling them on exchanges unless you’re an accredited investor. At least, not if any real world identities are known. Ethereum wasn’t designed to fight the system, it’s a technology and not a political statement.
The rest of my post is my opinion on why I think a hard fork may still be a suitable fix but I’m prepared to change my mind. There are others who coherently argue against a hard fork and none of us should be stick in the muds over such a decision. I don’t see any reason (yet) not to soft fork, however, and this seems to have strong support in the developer community.
EDIT: A hard fork should only be done if all other efforts to refund fail.
Counterarguments include defeating the immutable nature of a blockchain or the law of code. However, this was the first DAPP and has revealed many security considerations that need to be understood better in future. It’s ok for it to fail, but surely we can allow it to fail without such great loss given that it’s the first major DAPP. The code was not written with this intent, it was an exploit, and it is a great lesson for everyone to heed. Unfortunately, exploits can be deliberately programmed in and Ethereum simply isn’t going to work if it becomes like the Wild West we saw in Bitcoin.
Code cannot be immutable until mathematically proven correct, so build for upgrades and emergencies, perhaps through consensus based lockdowns in the contract rather than falling back to the Ethereum community.
Although it wasn’t a protocol flaw it was also a result of the protocol that this happened. There aren’t sufficient standards yet and this problem has already lead to serious discussion of if a related protocol change could aid DAPP security.
Neither a soft fork or a hard fork are a disaster. They won’t kill ethereum, they’re still consensus based, and people will move on very quickly. That’s the nature of the crypto world — massive highs and the deepest lows then on to the next thing. When the Ethereum Foundation or EthCore propose forks it’s not centralised control any more than future Ethereum upgrades are centralised control. They are offering options and (strongly) suggesting direction. Let’s at least ensure everyone is informed.
Besides, Ethereum is being somewhat centrally lead still, just as Bitcoin used to be, although anyone can contribute. Those that don’t like that don’t need to be part of the ecosystem or can be found sniping from the sidelines anyway. Ethereum’s strength has been in having a direction and ambition. That needs to continue until the technology and ecosystem are much more mature.
The community can turn this into a positive. Let’s make that happen by refunding the money and pushing for safer contracts. My guess is The DAO is far from the only one with serious issues.
To use gaming parlance, this should be one life lost and not game over.