The DAO has been hacked leading to market volatility and consternation in the ethereum community as to how to proceed going forward
The Hack - That the attacker used a key exploit in conjunction with the DAO splitting function. The exploit allowed the attacker to withdraw funds from the DAO with a recursive call into a new DAO. An issue with the ethereum smart contract recursive call vulnerability. That means if he had 100 tokens in the DAO he could withdraw the underlying ether multiple times into his own DAO alongside the tokens. The contract code would then be called again before the balance was updated. Taylor Gerring a DAO curator said:
"This is a problem that could definitely happen in any sort of programming language. The network has only been in existence for about a year and the tools are still a bit raw."
Philip Daian a researcher form Cornell University's Initiative for CrypotCurrencies and Contracts said:
"I would lay at least 50% of the blame for this exploit squarely at the feet of the design of the Solidity language. This may bolster the case for certain types of corrective action. I refuse to lay the blame exclusively on a poorly coded contract when the contract, even if coded using best practices and the following language documentation exactly, would have remained vulnerable to attack."
The Solutions - Multiple solutions are on the table ranging using a variety of tools but the key is a soft fork to black list transactions from the DAO by the hacker followed by a hard fork to return the ether to the DAO token holders. Andreas Antonopoulos said:
"This is not a bailout. No new ether is being created. It's simply undoing a specific 'theft'. But whether it's a bailout or not, it's asset seizure; it's asset forfeiture – done through a majority vote consensus mechanism."
At present though the community is split by fundamental beliefs in how to proceed - with hard fork options leaving a bad taste with some due to its interventive means.
"There are probably about four or five different proposals about what to do in this situation depending on where in the party lines you fall, ranging from holding lots of tokens to holding no Ethereum. We need to find some common middle ground. While there may be no perfect kind of result there are some possibilities. One of the things that give us a little time is the soft fork proposal."
The Attacker - People purporting to be the attacker are claiming that their attack is legal and any attempt to seize the assets by the community would be in breach of US law - another claim via CryptoCoinsNews is that the hacker is willing to pay miners a bounty to ignore the fork and continue to process transactions.
Read more here
https://www.cryptocompare.com/
Topic: Bitcoin Economy | News, opinions, price, rumors, big players | PRESS REVIEW (Read 92327 times)