traders_free custom_top_html:no
default debug random = 1 / type = READ / detected = READ
2016-06-20 21:32:41

A DAO counter attack

 

Slock.it Blog
Follow
39
6
Go to the profile of Lefteris Karapetsas

A DAO Counter-Attack

Friday the 17th of June was a dark day for The DAO. As many of you may have deduced, The DAO was attacked using the recursive call exploit inside the splitDAO() function. The attacker stole 3,641,694 ether which are currently located in a child DAO as can be seenhere.

There is a lot of debate around this attack, what it means for Ethereum, and most importantly what the potential suggested solutions will mean for Ethereum. This post has nothing to do with any of this. This post is here to empower you, the DAO Token Holders (DTHs) to do something about this attack while we wait for a hard fork.

Plan of Action for the DAO Token Holders

What can we do from here on out? There are currently soft forks being implemented in the major Ethereumclients that would prevent any and all value transactions from going through via any contract that is either “The DAO” or a child DAO. This would prevent the attacker and any other DTH from moving any ether out of any v1.0 DAO. The choice of whether or not to implement this fork lies with the community.

But even if this fork is not implemented, the community can stop the attacker from ever withdrawing their ether, even after the 27-day period expires, by buying into the attacker’s DAO. This is not a complete solution and will probably never result in getting the stolen ether back to the original DTHs but at least it will prevent the attacker from seeing windfall profits.

Rationale and Aftermath

Why do this if there is a soft-fork?

The soft-fork is the better option, but it also depends on the wider Ethereum community to implement it. This counter-attack is something that you, the DAO Token Holders can start right now in case the soft fork is not implemented.

What do we gain by doing this?

One thing is for certain. This move can ensure that the attacker does not ever get any money out of this. From that point on, negotiations can continue with the attacker or a hard fork can happen to reimburse all the DAO Token Holders.

Timing is everything. As of now, Sunday the 19th of June we have about 25 days until the attacker’s child DAO creation phase closes. (14-Jul-2016 05:34:48). All of the steps outlined below have to be completed until then. The steps to achieve this would be the following:

Whitelist

The Curators would have to immediately whitelist the attacker’s child DAO: 0x304a554a310c7e546dfe434669c62820b7d83490.

New Proposal Creation

There is one nice detail in the DAO code which the DAO Token Holders can take advantage of. After the debating period of a split proposal is over, the original DAO is the private creation address for all child DAOs. What this means is that The DAO is the only entity that can create tokens in a child DAO without voting yes on the split proposal thanks tothis line of code.

So the DAO should make a new proposal with the recipient being the attacker’s child DAO and the transaction data should be a call to createTokenProxy(), creating new tokens in the attacker’s child DAO with the beneficiary address being an address that the DAO trusts to perform the recursive split attack against the attacker.

The attacker’s child DAO has The DAO as its privateCreation address

The amount of ether that needs to be given to the child DAO can be relatively minimal since we can simply run the recursive split attack on them once we have tokens for their child DAO. We know that no one else has voted yes in the attacker’s split proposal so nobody besides the DAO can mount this attack.

Only 2 people voted yes in the attacker’s split proposal. Both smart contracts.

Voting

A large proportion of the DTHs need to vote for the proposal to reach quorum within the 2-week debating period in order to pass it and be able to execute the attack. Reminder: If DTHs vote on a proposal they can not transfer/sell tokens, this may be a challenge but is required for The DAO to do anything.

Execution

Fourteen days later we execute the proposal and The DAO will create tokens for the attacker’s child DAO. Note that in a case of a soft fork the proposal execution will fail here. At that point we can run the recursive attack on their DAO (which we have recreated) and potentially negotiate with the attacker. They can defend against our attack by joining the split. And then we can repeat this process again and again… ad infinitum. This is why this is not a “perfect” solution but just a way to prevent them from ever seeing any of the money. A hard fork is still the only clear solution.

Other Attackers?

Someone may ask the very legitimate question … what about other attackers? What if someone else tries to pull the recursive split attack on The DAO again and the soft fork is not deployed or accepted by the community? The exploit is out there and many people can probably recreate it. But what people need to remember is that such an exploit drains ether from The DAO into a child DAO. An attacker will still have to go through the 27-day creation phase to try and access the stolen ether.

A solution to prevent this attack from happening again is for as many DTHs as possible to vote yes on all open split proposals so that if someone tries to pull this again we can follow them and pull the same attack back on their child DAO making sure they can never access their ether.

Endgame

Unfortunately each child DAO is an identical copy of the original DAO containing the same attack vector. They are all vulnerable to the recursive split exploit and as such there is no real way to safely get the funds out since the attacker can and will react.

What this blog post wants to show is that there exists a way to stop the attacker from getting the money out even after the 27 days period has passed, but it relies on many moving parts and has several potential failure mechanisms.

Is this an Alternative to a Hard Fork?

Using this attack in conjunction with a soft fork 2.0 which could selectively target the attacker’s child DAO, preventing them from counter attacking when we perform our recursive split attack could allow us to successfully recover the stolen ether. However this is much easier said than done. It would be a very complicated soft fork that could have implications on the Ethereum Network if done improperly, and it would take a long time to accomplish. Specifically we would need:

  • 25 days until the attack on the attacker’s child DAO could start (many things have go right during this period)
  • 7 days for the split proposal debating period (during this time a soft fork 2.0 would have to be implemented and adopted by the community)
  • 27 days for the creation phase of the new DAO. During this period we would recursive split attack the child DAO to drain it into our own child DAO. Thanks to the soft fork 2.0 the attacker would be unable to react.
  • 14 days to pass a new contract proposal to move the ether to a refund contract.
  • Assuming no setbacks, and perfect coordination with all relevant parties the refund process of the stolen ETH could begin 73 days from now.

The attacker can prevent this by draining the original DAO into any other random child DAO. We know their attack contracts have already voted in many other split proposals. Since they are not the Curator in those proposals they can have no direct financial gain. But by doing so they could render a soft fork that would specifically target their child DAO moot by draining The DAO into multiple child DAOs.

How can we defend against this? This is why the soft fork 2.0 has to be a complicated one. The DAO can pull the counter-attack described in this post to all of the drained child DAOs. A soft fork 2.0 has to be able to identify and block all such child DAOs from reacting to the DAO’s counter-attack while allowing The DAO to perform this attack.

If that can happen successfully then after a long period of time we could end up with many child DAOs under friendly control. At that point the friendly drained DAOs can push their ether into a refund contract for the DTHs to claim their portion back.

What we described above is a very lengthy process with too many points of failure. It might be a possible alternative solution to performing a hard fork of the Ethereum network, but it is a much more complicated solution. The more complicated the soft-fork solution is, the more pitfalls implementing the fork in the clients could have. Such pitfalls could lead to unintentional loss of consensus between clients due to minor mistakes in the implementation of one client. In the end the hard fork is the simple solution that will be guaranteed to solve the problem.

What is the Solution?

Soft fork, hard fork, counter-attack, doing nothing and multiple combinations of these options are all possible ways to follow from here on out. Many people have stepped up in the last few days to put their own projects and holidays on hold to discuss all of these potential scenarios and their implications. The coordination and calm discussions between seemingly competing developers, mining pools and exchanges that make up the Ethereum network has been nothing short of inspiring!

It seems evident that this community understands we are all on the same team and all want what is best for the future of the Ethereum network. I am confident that a consensus will be reached once all of the options have been fully discussed.


About the Author

Lefteris Karapetsas is the Technical Lead of slock.it

After graduating from the University of Tokyo, Lefteris has been developing backend software for various companies including Oracle and Acmepacket. He is an all-around tinkerer who loves to takes things apart and put them back together learning how they work in the process.

He has been part of Ethereum as a C++ core developer since November 2014, having worked on Solidity, the ethash algorithm, the core client and the CI system and is now leading the technical side of things towards revolutionizing the IoT world with the use of blockchains at Slock.it

Twitter: @lefterisjp
contact: lefteris@slock.it

1
댓글 5
  • ?
    슬락잇 블로그 글입니다. 순조롭게 진행되면 하드포크없이 70여일 뒤에 리펀드가능하다고하는데..얼마나 현실성이 있을까요? @stardust 님 의견부탁드립니다.
  • 생각이 있다면 보안으로 유명한 몇몇 솔루션 회사들이 있습니다. 차라리 그런쪽에 자문을 구하는게 맞는 방향일거 같은데...
    아무래도 이 개발자도 잘 모르다 보니 어택에 어택으로 대응하자.....제가 보았을때 크게 가치는 없는것 같습니다.
    방향성으로 보았을때는 포킹 말고는 최선의 대안이 잘 보이지가 않습니다. 만약에 유출을 더이상 막기 위한다면 차라리 노드들을 집중화 시켜서 중간에 해커의 transaction을 필터링 시키는 기술적 방법이 얼핏 생각이 나는데 오픈소스 기반의 프로젝트 특성상 실행하기가 힘들어 보이긴 합니다.
  • @stardust
    지금 말씀하신 필터링이 비탈릭이 제안한 소프트포크의 내용입니다.
  • @atomrigs
    예 제가 말한것은 소프트포크 없이 기술적 관점에서 Layer 7 에서 content 를 필터링 하는 방법을 말한것입니다.

    해킹이 일어난 노드의 정보가 다른 곳으로 전달될시에 필터링 하기가 가장 좋은것은 노드로 들어오는 방화벽이나 Proxy 같은것이 추가적인 정보를 아예 차단해 버리면 가장 좋겠죠.

    그런데 일반 사용자들이 이런 설정과 구현을 하기가 힘들죠.
  • @stardust
    그래서 생각한게 필터링이 되는 노드들(Proxy) 을 만들어 peering 을 그쪽으로 유도 시키면 어떨까라는 생각을 해봤습니다.
default debug random = 0 / type = READ / detected = READ

List of Articles
번호 제목 추천 수 조회 수 글쓴이 날짜
7195 거래소들의 움직임으로 예상해 보는 BCC의 가치 *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 6 4 4118
walkholic
2017.07.28
7194 bitpay 거래중단 없다 *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 0 1644
bceo
2017.07.28
7193 이더리움은 어디로 튈지... 요즘 이더리움 움직임을 보면 영 감이 안잡히네요. 미국에서  ico사태 관련해서 이더리움을 증권법으로 규제한다고 하는걸 보니 더더욱 감이 안오는군요. 단기적으로는 상당한 악재라 생각되고 계속 하락할거 같은데.... 11 0 4898
아이넷
2017.07.28
7192 폴로닉스 이메일 주소 알고 계신분 계실까요? *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 2 0 896
로우앤하이
2017.07.28
7191 07-28 현재 각 거래소별 비트코인 하드포크 대응 공지사항 모음 *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 20 16 6854
walkholic
2017.07.28
7190 bcc받으려 했는데 폴로닉스 출금이 안되네요. *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 2 0 1819
유우
2017.07.28
7189 Bitfinex도 bcc런칭하는군요 Announcements > Bitcoin Cash (BCH) Token Distribution July 27, 2017   A minority of Bitcoin miners will be forking on August 1st, 2017 to create a new chain called Bitcoin Cash. The fork does not impac... 0 1423
길가매시
2017.07.28
7188 이더리움 가격 조정 *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 2 0 5238
zerocooling
2017.07.28
7187 ㅎ 빗코인 8월 1일 전후 변동 ?;;   8월 1일 전후 어떤 변동이 있을지 궁금합니다;; ㅡ.ㅡ; ㅠ;;   회원분들의 고견이 듣고싶어영 ㅠ 4 0 3377
쳐키라웃
2017.07.28
7186 비트코인을 달러로 바꿔 국내송금가능한 방법없나요? 페이팔 수수료 4% *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 8 0 2966
킹보스
2017.07.27
7185 이더리움 지갑과 미스트 다운 되나요? 몇 개월 전 부터 이더리움 지갑과 미스트가 다운이 안되네요.   브라우저 문제인가 해서 크롬, 익스플로어, 엣지 변경해 가면서 해봐도 안됩니다. 일정용량 다운 받다가 다운을 할 수 없다고 나오네요.   혹시 저만 ... 2 0 1235
오리사냥
2017.07.27
7184 [긴급] viaBTC 통수시전 인것같습니다. 꼭봐주세요 *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 6 file 0 5347
하루.
2017.07.27
7183 8월 1일 코인원 입장입니다. 안녕하세요, 코인원입니다.   비트코인 블록 사이즈를 조정하기 위한 방안(Bitcoin ABC)에 따른 비트코인 하드포크가 8월 1일 예정되어 있으며, 이에대한 코인원의 정책을 안내드립니다.   (*하드포크(Hard-Fork) : ... 18 3 4218
오리사냥
2017.07.27
7182 CoinKorea 7월 4주차 암호화폐 뉴스입니다.   CoinKorea는 가상화폐 정보 트위터로 활동을 시작하여 국내 암호화폐 커뮤니티를 위해 개인이 진행하고 있는 비영리 활동입니다. CoinKorea 커뮤니티와 위키 런칭합니다. 많은 참여와 지지 부탁드리겠습니다. 제 ... 3 file 10 5069
강함
2017.07.27
7181 자동매매 프로그램을 만들어 줄 분 없나요? *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 10 0 7450
존버코인
2017.07.27
7180 이번 BTC-e 사태를 보니 다른 거래소들도 걱정이 됩니다. *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 1 2 2715
walkholic
2017.07.27
7179 폴로랜더 지금 랜딩 오퍼가 안되네요 *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 2 0 1178
헉후
2017.07.27
7178 Z 캐쉬 어디에서 거래할 수 있나요? *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 9 1 2349
독수리발톱
2017.07.27
7177 이더리움은 23만원 근처에서 찍어 누르네요 ㅡㅡ 어제 자정 정도 부터 23만원 근처에서 더 못올라가게 찍어 누르는것 같네요?..   봇 인지 세력인지... 8/1 까지 현 시세 유지 시킬려는 의도 아닐까요?   1 0 3535
새벽바다
2017.07.27
7176 자금세탁 ㄷㄷㄷㄷ 마운트 곡스 ㄷㄷㄷ *** 답변 댓글이 있을 때 글 내용 삭제시 경고 없이 계정이 정지됩니다. *** *** 개인정보가 포함된 경우 혹은 불법적인 요소의 수정은 가능합니다.*** -----------------------------------------------------------... 2 2 3645
다크핑거
2017.07.27
목록
Board Pagination Prev 1 ... 799 800 801 802 803 804 805 806 807 808 ... 1163 Next
/ 1163
default debug random = 0 / type = READ / detected = READ