MultiversX Tracker is Live!

The DAO Hack that Changed Ethereum's Destiny

Etherum Reddit

More / Etherum Reddit 103 Views

The DAO Hack that Changed Ethereum's Destiny

Setting the Mood

Ethereum went live on July 30th, 2015. The network promised applications built on top of blockchain, but for a while very few actual applications emerged. Many recognized Ethereum had potential, but applying that potential was more difficult. Few applications existed, some of which were Gnosis which started as a prediction market (place to make bets), another was by a team called Slock.it who made tech that allows physical things to be rented by interfacing physical locks with smart contracts.

Applications were basic, but teams had ambition. Slock.it, the team behind using smart contracts for physical rentals, wanted to do something big; create something that could fund their project, and then other projects too. This application was, infamously, The DAO. Since it was the first of its kind, that’s the name it took.

What was The DAO?

The DAO would be a VC fund that invested in projects - in a decentralized way. The idea was that all members of The DAO could vote on projects that may need funding, deciding whether or not they should be given money from The DAO. If a minimum number voted yes (not a majority), then the project would get funding and the returns from the investment would go back to The DAO.

https://preview.redd.it/a1cq8rs6rt7b1.png?534&format=png&auto=webp&s=457173250a5730361cacf5f4c906b0b91b5a4bb4

As The DAO invested in more projects, everyone involved would make increasing returns - that was the plan at least. Even the non-active members who didn’t vote made money, letting others vote for what to do instead. Nonetheless, a way out was given for these folks, a way to disagree with funds being released for a specific purpose. That disagreement would happen through “splitting” into a Child DAO where they controlled the funds, ensuring they didn’t go towards the undesired purpose.

How was The DAO Formed?

Anyone on Ethereum in May of 2016 was able to join The DAO, and since it was the first application of such a large size, many who were around did exactly that. On April 30th, 2016, a crowdsale was launched for The DAO’s governance token, wherein 1 ETH would be worth 1 DAO Token. When the crowdsale ended 28 days later, The DAO controlled almost 15% of Ethereum’s supply, or 11.5 million ETH.

This may have already seemed like a recipe for a disaster; having all that ETH in one place was too attractive a target. To put numbers into perspective, the amount of ETH raised by The DAO was equivalent to about $160 million. At that time, this crowdfund was the biggest in history! Mainstream media was beginning to recognize the still-young Ethereum. Meanwhile, all that ETH sat in a single smart contract until disaster struck in June, the following month.

How was The DAO Attacked?

On June 17th, 2016, an attacker launched their plan to take The DAO’s ETH. The plan was simple enough, they had found a bug in the smart contract’s code that made launching the attack pretty easy. It’s called a re-entrancy attack, and it happens when you withdraw money from a smart contract, but prevent it from updating its own balance afterwards. The contract just releases money without realizing it has less of it.

https://preview.redd.it/2dprvnk8rt7b1.png?666&format=png&auto=webp&s=6566fec6a73f8d8bcdc4130af09c8b18b2e64b62

In The DAO’s case, the ability to “split” into a Child DAO set the stage for the attack. The attacker split his (very small) piece of The DAO, representing his own funds, but then prevented The DAO’s smart contract from realizing it had sent that ETH. Then he repeated the process again, and again, until he’d drained millions upon millions of ETH.

The way The DAO’s contracts were written made this possible. The smart contract would first send the money to a contract, then update its own balance. This flaw made a re-enmtrancy attack possible. If those two lines of code were switched, this whole disaster may have been prevented. The attacker realized this bug as an opportunity to attack, specifically because of how fallback functions work.

In a smart contract, a fallback function is like a Plan B for a contract to execute when they’re not told exactly what to do. If they receive ETH with no instructions, they execute the fallback function. The attacker set up a smart contract to receive the money from The DAO that had a fallback function: it would stop The DAO smart contract from updating it’s balance, causing it too loop.

What Happened in Response

Very quickly after the attack began, a group of “white hat hackers” got involved, using the same method to drain funds to keep them safe from the attacker. When the dust settled, the attacker had about 3.5 million ETH, and the white hats had the remaining 8 million. There was one asterisk though, the attacker couldn’t take the funds out of the Child DAO until 27 days after the split had passed, and neither could the white hats.

In those 27 days, the Ethereum community debated several responses. The discussions were extremely controversial, and landed on 3 major options:

  • Do nothing. The attacker read the contract carefully and discovered a way to take those funds. Code is law, and the attacker did not steal; he took something available to him.
  • Prevent the attacker from withdrawing the funds. Ethereum could launch a soft fork which would prevent any ETH from being withdrawn from the attacker’s contract, locking away the 3.5 million ETH from everyone.
  • Change blockchain history. The attacker stole money that wasn’t theirs, and that money should be returned to it’s rightful owners; the attack should be undone by changing the balances on the blockchain directly, using a hard fork to take the money from the attacker.

https://preview.redd.it/e0f8e3j3rt7b1.png?717&format=png&auto=webp&s=cef8472adf2ce882a027341f59707fa89b54caa0

Deciding on which route to take was one of the greatest challenges Ethereum has ever faced. The attacker made claims that if a hard fork ever happened, he would bribe miners that voted for him and would sue those that voted against him. His case was that the money was rightfully his.

A vote was offered to ETH holders, where 1 ETH was equivalent to 1 vote, and two options were offered: do nothing or do a hard fork. The community gathered and voted, and the decision was made to perform a hard fork and return the funds to their rightful owners. Many still believed in “code is law,” and were on the other side of the hard fork. The blockchain that became is the one today called Ethereum Classic.

If you liked this write-up, please consider signing up to my free newsletter!

No ads, shills, or affiliations.

Stay kind. Stay curious. ????‍????️

https://ramiwrites.substack.com/p/the-dao-hack-that-changed-ethereums?sd=pf

submitted by /u/phillistine
[link] [comments]

Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.



Comments