{"id":39,"date":"2017-04-22T14:55:38","date_gmt":"2017-04-22T14:55:38","guid":{"rendered":"https:\/\/davidgerard.co.uk\/blockchain\/?page_id=39"},"modified":"2017-11-18T16:46:11","modified_gmt":"2017-11-18T16:46:11","slug":"the-dao","status":"publish","type":"page","link":"https:\/\/davidgerard.co.uk\/blockchain\/the-dao\/","title":{"rendered":"The DAO: the steadfast iron will of unstoppable code"},"content":{"rendered":"

Excerpt from chapter 10<\/a> of Attack of the 50 Foot Blockchain<\/a> by David Gerard<\/i><\/p>\n

You just learned chemistry and the first thing you built was a giant bomb and you can’t understand why it blew up in your face.<\/p>\n

\u2013 brockchainbrockshize, \/r\/ethereum1<\/sup><\/a><\/p>\n<\/blockquote>\n

Not content with their existing sales of Internet fairy gold, some Ethereum developers at German blockchain startup Slock.it came up with an even more complicated scheme: The DAO \u2013 a Decentralized Autonomous Organization, with \u201cThe\u201d as part of the name. This was a smart contract on Ethereum which would take people\u2019s money and give it to projects voted on by the contributors as worth funding: a distributed venture capital firm.<\/p>\n

The DAO\u2019s Mission: To blaze a new path in business organization for the betterment of its members, existing simultaneously nowhere and everywhere and operating solely with the steadfast iron will of unstoppable code<\/b>.2<\/sup><\/a><\/p><\/blockquote>\n

Bold in original. I\u2019m sure there are no obvious problems there that jump right out at you.<\/p>\n

The DAO launched on 30 April 2016, got massive publicity and became the biggest crowdfunding in history<\/em> up to that time, with over $150 million in ETH from 11,000 investors in DAO tokens. Fourteen per cent<\/i> of all Ether was in The DAO. It was also the most prominent smart contract of all time, achieving much mainstream press coverage. It proceeded to illustrate just about every potential issue that has ever been raised with smart contracts.<\/p>\n

The DAO\u2019s legal footing was uncertain, and widely questioned. Selling tokens in The DAO closely resembled trading in unregistered securities \u2013 particularly when DAO tokens themselves hit cryptocurrency exchanges \u2013 and the SEC had come down on similar schemes in the past. There was no corporate entity, so it would default in most legal systems to being a general partnership, with the investors having unlimited personal liability, and the creators and the designated \u201ccurators\u201d of the scheme likely also being liable.<\/p>\n

Shortly before the go-live date, researchers flagged several mechanisms in the design of The DAO that would almost certainly lead to losses for investors, and called for a moratorium on The DAO until they could be fixed.3<\/sup><\/a><\/p>\n

Worse, on 9 June a bug was found in multiple smart contracts written in Solidity, including The DAO: if a balance function was called recursively in the right way, you could withdraw money repeatedly at no cost. \u201cYour smart contract is probably vulnerable to being emptied if you keep track of any sort of user balances and were not very, very careful.\u201d4<\/sup><\/a> This was not technically a bug in Solidity, but the language design had made it fatally easy to leave yourself wide open.<\/p>\n

The principals decided to proceed anyway, Stephen Tual of Slock.it confidently declaring on 12 June \u201cNo DAO funds at risk following the Ethereum smart contract \u2018recursive call\u2019 bug discovery\u201d5<\/sup><\/a> \u2026 and on 17 June, a hacker used this recursive call bug to drain $50 million from The DAO. And nobody could stop this happening, because the smart contract code couldn\u2019t be altered without two weeks\u2019 consensus from participants. The price of ETH promptly dropped from $21.50 to $15.<\/p>\n

(Tual posted on 9 July a hopeful list of reasons why the attacker might give all the <\/i>ether<\/i> back<\/i>, just like that. Because it would be in their rational self-interest.6<\/sup><\/a> This didn\u2019t happen, oddly enough.)<\/p>\n

Ethereum Foundation principals discussed options including a soft fork or a hard fork of the code or even of the blockchain itself, or a rollback of the blockchain. The community wrangled with the philosophical issues: this contract had been advertised as \u201cthe steadfast iron will of unstoppable code<\/b>,\u201d but it appeared only the hacker had read the contract\u2019s fine print in sufficient detail.7<\/sup><\/a> Some seriously debated whether this should even be regarded as a \u201ctheft\u201d, because code is law and intent doesn\u2019t matter (unlike in real-world contracts operating in a legal system, or indeed in fraud law). Others argued that the market integrity of the Ethereum smart contract system required that incompetent contracts, which The DAO certainly was, had to be allowed to fail.<\/p>\n

(The proposed soft fork solution was to blacklist transactions whose result<\/i> interacted with the \u201cdark DAO\u201d the attacker had poured the funds into. This would have been an avenue for a fairly obvious denial-of-service attack: flood Ethereum with costly computations that end at the dark DAO. In computer science terms, this approach could only have worked by first solving the halting problem:<\/em> you would need to be able to determine the outcome of any possible Ethereum program without actually running it and observing the result.8<\/sup><\/a>)<\/p>\n

The DAO was shut down soon after, and on 20 July the Ethereum Foundation \u2014 several of whose principals were curators of The DAO9<\/sup><\/a> and\/or heavily invested in it \u2014 changed how the actual code of Ethereum<\/i> interpreted their blockchain (the \u201cimmutable\u201d ledger) so as to wind back the hack and take back their money. The blockchain was \u201cimmutable,\u201d so they changed how it was interpreted. The \u201cimpossible\u201d bailout had happened.<\/p>\n

This illustrated the final major problem with smart contracts: CODE IS LAW<\/b> until the whales are in danger of losing money.<\/p>\n

Ethereum promptly split into two separate blockchains, each with its own currency \u2013 Ethereum (ETH), the wound-back version, supported by the Ethereum Foundation, and Ethereum Classic (ETC), the original code and blockchain \u2013 because this was too greedy even for crypto fans to put up with. Both blockchains and currencies operate today. Well done, all.<\/p>\n

Apologists note that The DAO was just an experiment<\/i> (a $150 million experiment) to answer the question: can we have a workable decentralized autonomous organization, running on smart contracts, with no human intervention? And it answered it: no, probably not.<\/p>\n

\n

<\/a>1 brockchainbrockshize. Comment<\/a> on \u201cAttacker has withdrawn all ETC from DarkDAO on the unforked chain\u201d. Reddit \/r\/ethereum, 25 July 2016.<\/small><\/p>\n

<\/a>2 The DAO front page, archive of 22 June 2016<\/a>. Yes, that\u2019s after<\/i> the hack. The page doesn\u2019t say that any more.<\/small><\/p>\n

<\/a>3 Dino Mark, Vlad Zamfir, Emin G\u00fcn Sirer. \u201cA Call for a Temporary Moratorium on The DAO\u201d<\/a>. Hacking, Distributed<\/i> (blog), 27 May 2016.<\/small><\/p>\n

<\/a>4 Peter Vessenes. \u201cMore Ethereum Attacks: Race-To-Empty is the Real Deal\u201d<\/a>. Blockchain, Bitcoin and Business<\/i> (blog), 9 June 2016.<\/small><\/p>\n

<\/a>5 Stephen Tual. \u201cNo DAO funds at risk following the Ethereum smart contract \u2018recursive call\u2019 bug discovery\u201d<\/a>. blog.slock.it, 12 June 2016. (archive<\/a>)<\/small><\/p>\n

<\/a>6 Stephen Tual. \u201cWhy the DAO robber could very well return the ETH on July 14th\u201d. Ursium<\/i> (blog), 9 July 2016. (archive<\/a>)<\/small><\/p>\n

<\/a>7 There\u2019s an amusing (if probably just trolling) open letter purportedly from the attacker posted to Pastebin<\/a> (archive<\/a>) that makes this claim explicitly.<\/small><\/p>\n

<\/a>8 Tjaden Hess, River Keefer, Emin G\u00fcn Sirer. \u201cEthereum’s DAO Wars Soft Fork is a Potential DoS Vector\u201d<\/a>. Hacking, Distributed<\/i> (blog), 28 June 2016.<\/small><\/p>\n

<\/a>9 Stephen Tual. \u201cVitalik Buterin, Gavin Wood, Alex van De Sande, Vlad Zamfir announced amongst exceptional DAO Curators\u201d<\/a>. blog.slock.it, 25 April 2016.<\/small><\/p>\n

 <\/p>\n

\"Become<\/a>

Your subscriptions keep this site going. Sign up today!<\/a><\/i><\/p><\/div>","protected":false},"excerpt":{"rendered":"

The most famous Smart Contract to date. “You just learned chemistry and the first thing you built was a giant bomb and you can’t understand why it blew up in your face.”<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"footnotes":""},"class_list":["post-39","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/pages\/39","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/comments?post=39"}],"version-history":[{"count":12,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/pages\/39\/revisions"}],"predecessor-version":[{"id":2369,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/pages\/39\/revisions\/2369"}],"wp:attachment":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/media?parent=39"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}