The DAO: An Analysis of the Fallout

shutterstock_134410376
18 June 2016

First aid kit

An entire ecosystem of decentralized autonomous ambitions was diverted yesterday following an attack on The DAO that sent millions of dollars worth of ether destined for startups to the account of an unknown attacker or group of attackers.

Of the more than $150m worth of ether raised from the sale of voting tokens, about $60m worth was withdrawn when an attacker exploited a vulnerability in the way the smart contracts distribute resources.

Originally meant to stimulate innovation in the ethereum community by giving the voting members a say in which ethereum-based projects they wanted to fund, plans are currently underway to return the digital currency to the original owners and shelve the project.

While not everyone agrees that this is the right course of action — or even possible — the events of yesterda leave 52 proposals awaiting review with an uncertain future.

There are those who argue that the attack, which took advantage of the way the smart contracts were written, should not be considered hack, and that the exposure of such a vulnerability is a fundamental part of a healthy ecosystem discovering its own weaknesses and improving.

But there’s something also of an effect that the air has been sucked out of the room. The once bright future of a technology built on a distributed ledger, with its promise to redefine even the way we govern ourselves has been sucker-punched.

The discovery period

As the sun came up yesterday morning news was already spreading on Reddit and in industry forums that someone appeared to be removing funds from the account valued at $162m at the time the token sale stopped.

Ethereum’s creator, Vitalk Buterin called for a “pause” of trading of both ether, the digital currency that powers the Ethereum network, and The DAO tokens that were meant to symbolize the voting power of the stake holders. In total, 3.6m ether valued at $60m at one point yesterday were moved to the account before the dust settled.

What was left of the nascent ecosystem by the time the funds stopped being redirected was the antithesis of the order promised by a code-based governance model with a built-in consensus mechanism designed to function as a young, digital democracy.

Reason for concern

Prior to this week, The DAO had already experienced a trove of problems that had the appearance of typical growing pains experienced by any young startup, but on a larger scale due to the exciting nature of an entirely new business model.

Problems with the governance model were found to lead to what is called a “yes bias” that discouraged token holders from casting a “no” vote, along with other issues pointed out by a team of researchers at Cornell University.

By the time the funds began moving into the rogue account, called a “child DAO”, an entire niche industry of alternative governance models taking advantage of prediction markets and something called Futarchy, had risen to prominence.

It wasn’t until earlier this week that most of us watching the development of what appeared to be a healthy young ecosystem got the first strong evidence that there might be more than just governance issues at play in the largely untested code.

More than growing pains

Members of the ethereum community discovered a vulnerability in the way some developers were implementing ethereum-based smart contracts, called a “recursive call”. After a bit of sleuthing, the problem, which let funds be drained from an account using the existing contract composition, was identified in the way The DAO itself had been created.

The makers of The DAO, a Germany-based startup called Slock.it, released a “fix” on their GitHub account in the form of a pull request and asked that the community respond with objections within two weeks.

No DAO funds were at risk as a result of the “bug”, according to a post on the company’s blog.

But in the interim period someone, or a group of people, discovered how to exploit the vulnerability by creating what is called a “child DAO” using a splitting mechanism with the two-fold purpose of helping create a break-off DAO in case that a malicious token holder tried to gain control over The DAO, and to encourage the creation of new DAOs.

In the fallout, three paths forward emerged.

A “soft fork” in the code that would essentially blacklist the address with the 3.6m ether in question; a “hard fork” that would actually return the funds to their state prior to the attack; or do nothing and let the system sort itself out.

Too big to learn?

At stake here is essentially whether The DAO is too big to fail.

Both the soft fork option and the hard fork option would help preserve the interests of the anonymous token-holders. But the potential conflict of interest that arises is that those with the power to do the rollback of funds might also be those whose funds are at stake.

The perception has caused concern among some members of the ethereum community across social media networks.

Even if the best interests of all token owners of The DAO are being considered, the future reputation of a system designed to be immutable — but that can erase transactions conducted via approved smart contracts — isn’t one some find attractive.

In a report we published last week, we analyzed the potential side-effects of a Mt Gox-style collapse of The DAO. In that article, Ethereum Foundation member Taylor Gerring said he believes it is important for the community to learn from past mistakes in order to ensure they aren’t repeated.

In light of the resources at stake to so many projects still awaiting review from The DAO — and the potential implications for smart contracts generally speaking— what he told CoinDesk then is even more prescient now:

“We should try to draw the comparison and try to ensure we’re not making the same mistakes from the past. If we make the same mistakes we could end up in a situation where there’s negative implications to all blockchains.”

First aid kit image via Shutterstock