All about the DAO hack - #CryptoTrading

Published in Reports · Labeled as ·

A summary of what is going on with DAO's and ETH

Image: DAOs have a critical vulnerability that can probably be removed only by a hard fork.

The DAO hack simplified

Great summary can be found on erratasec blog.

It starts with an explanation of what are smart contracts (the main purpose of the Ethereum platform) actually good for.

Let’s say that we want to organize a small conference. We need 100 people to sign up and pay/deposit money, so we can rent a hotel and such. But if not enough people sign up by a certain date, then the deposits need to be refunded. With Ethereum, we can write in a JavaScript-like language to code up this contract. It’ll guarantee that everyone will get a ticket to the conference, or everyone will get their money refunded, depending on how many sign up.

The main point is, this whole redistribution of payments that, depending on a condition, might or might not be returned to the people who paid them, is supposed to be made automatic. There is supposed to be no human overseeing it or interpreting the circumstances to help someone in power decide.

Then the DAOs are explained, specifically how you leave a DAO (not just TheDAO but any DAO). The issue here is to leave you need to create your own DAO if you have invested in a project that is still ongoing. Your child DAO will receive the payout of your investment once the project is over.

When you want to leave the fund, you split from it. This includes your share of unspent Ethereum coins, but also tokens representing returns on investments you were part of, but which haven’t yet paid out. That’s why you “split” rather than “cash out”, you need your own DAO shard to track those investments until they pay out.

This DAO splitting is exactly where the hack occured

When a member exits the investment scheme, they call the function name splitDAO(). (…) The member will supply some of their own code with the transaction. Among the things that code will do is tell the DAO code how to transfer Ethereum coin. (…) [Another] issue is that Ethereum code is recursive. That means when a function is running, it may call itself a second time. The bug is that when splitDAO() is called, it will then call the recipients code to transfer Ethereum coin, after which the recipients code will call splitDAO() again before finishing. This causes the process to repeat itself, transferring more Ethereum coin, then calling splitDAO() again, which calls the hacker’s code, which calls splitDAO(), which calls the hacker’s code, and so on. The process will continue endlessly, until it drains all of TheDAO’s coin.

You can see that the bug is inherent to DAO codebase and closely related to how Ethereum platform works. If this very basic code is not altered, all future DAOs are subject to this bug.

Stolen money recovery

The only way to undo this is to rewind the blockchain to the state before the attack occured which has been seriously considered and which spooked all the non-ETH fanbois. It would undo not only the hack but also all the other transactions that occured in the meantime which means screwing over the few for the sake of an organization that is too big to fail, as the ErrataSec article points out. We know that from centralized banking.

Currently the ongoing solution to this issue implemented by the developers was one that avoids the rewind: New child whitehat DAO attacks were created with the purpose to attack the malicious DAO. The whitehad DAOs rolled out on the 21st of June while developers kept reassuring everybody the attacker cannot access the stolen funds for 27 days which is enough time to come up with a solution.

This attempt to shake off the hacker failed. Since the whitehat DAOs needed capital to run, they started accepting donations. The person behind the initial hack also donated some ETH to the whitehat DAOs and is hence a shareholder, possibly planning to drain the whitehat DAOs as well.

Meanwhile, a Cornell professor found 10 other vulnerabilities in DAO and calls for a DAO 2.0 movement.

Current Ethereum Sentiment

People on ETH trading subreddits feel that the dev team looks after them and have more confidence in ETH now than in BTC (with notoriously indecisive governance) - in spite of the fact ETH is fundamentally flawed and DAOs are subject to future fund drainings.

This goes hand in hand with the sentiment that is being created by the community voices, and that is that the DAO hack is good for Ethereum since it is only pruning, similar to the shaking out of the weak hands during a run-up, where only the most faithful will prevail.

For clarification, traders say that the weak hands are being shaken off when there is a bullish market that retraces significantly after a profit taking on a local top, forcing highly leveraged longs to market sell at a loss. That results in some more price drop where winners take it all, i.e. people with enough capital will take the advantage of - pardon my French - cheap coins and drive the price up.

It has nothing to do with pseudo-Christian faith in a leader/savior and putting money into a platform where they might be irreversibly lost while there are plenty of alternatives without this downside.

Consequently careful speculations occurred on /r/bitcoinmarkets considering manipulations from the side of wealthy ETH holders that need the ETH price to hike up to $30 once again before they cash out for good.

It is probably worth mentioning that some people are just in for the penny stock chance.

Meanwhile, officials are concerned.

####Some more reading

Category: Reports · Label: · Author: (contact author)


Last added to Crypto Airdrops, Bounties & Opportunities
Airdropped Token or Opportunity Airdrop Date About the airdrop Link
$DOT Polka Drop NFT Raffle Live Polka City is a contract-based Polkadot, DeFİ and, NFT cryptocurrency investment platform. They are running a raffle now where purchasing a ticket gets you chance to win an NFT art gallery that pays weekly yield and other commission-generating prizes. Cost of the ticket is 1000 POLC, the main prize generates 1041 POLC per week (50% APY). join
Searching for PIZZA MAN on Phemex Until 22 May (The BTC Pizza Day) To promote their new asset management service, Phemex is opening a quest to search for the og guy who spent 10K BTC on a pizza (Laszlo Hanyecz). They are going to offer him, and 100 winners, to get 1 day of interests on 10k BTC in the Phemex Earn Crypto asset management program. Earn Crypto promises up to 10% APY. Yearly compound rate of 10% translates to about 0.03% daily rate, which could earn up to 3 BTC during that single day. make account on phemex and submit gleam form
Binance to launch NFT marketplace June 2021 If you have not already, join Binance with referral code atnet10perc for 10% lifetime kickback. join
CoinBurp NFT Airdrop Until 7 May Coinburp drops BURP NFT tokens for easy social media follows. It is a governance and utility token and non-custodial NFT app. You gain 10 $BURP tokens for joining our community. gleam form
$ARN token airdrop Until 9 May ARN tokens up for grabs for a set of 8 easy social media tasks. join
$XYM Token giveaway on Latoken Until 10 May Complete simple social media tasks and get a chance to win 1000 XYM tokens ($230) in the giveaway on LATOKEN. join
SafeCovid huge marketing bounty Live SafeCovid is running a vast campaign for all types of content marketing. Blogs, videos, social media - there are categories for all types of content. Submissions need to be posted in bitcointalk thread and recorded into Google Spreadsheets. bitcointalk
Trade tokenized shares of Coinbase on FTX Open The FTX crypto derivative exchange, quickly gaining recognition in the crypto community, added tokenized trading of Coinbase IPO. Loads of other tokenized legacy assets already available. FTX does not require KYC until your total lifetime withdrawals reach 1000 USD. (More about FTX here). see the markets
PYR social media campaign March 14, 2021 for 6 Months till August 14 2021. PYR runs a long social media campaign. You need to engage in various social media channels without mentioning the bounty. Rules in the sign up form. form
Opportunity: Zero fees on DeFi tokens on Bitstamp Until end of May 2021 You can now trade ZRX, MKR, KNC, DAI and GUSD at Bitstamp. Aa a bonus this DeFi-focused batch of cryptocurrencies comes with zero trading fees until the end of May. If you have an old Bitstamp account laying about, might be worth a shot to trade or arbitrage there for a few weeks now. Bitstamp
Blockchain Space Telegram Bounty Until June 2021 Blockchain Space runs a Telegram activity bounty. The most active users will be paid 50 USDT every 15 days. info