David Siegel is a blockchain strategist and speaker, founder of Kryptodesign.com and curator of DecentralStation.com, a place to learn about blockchain.
In this piece, Siegal attempts to help journalists understand what happened when The DAO collapsed and why he believes it's important for the press to get the story right.
The article will be updated on Medium as the situation develops. Disclaimer: Siegal owns a small number of DAO tokens.
The basics
The ethereum network is a network of computers all running the ethereum blockchain. The blockchain allows people to exchange tokens of value, called ether, which is currently the second most popular cryptocurrency behind bitcoin. ethereum also allows people to write and put on the network smart contracts – general-purpose code that executes on every computer in the network (currently over 6,000 computers). People then execute these programs by sending ether to them.
A DAO is a Decentralized Autonomous Organization. Its goal is to codify the rules and decisionmaking apparatus of an organization, eliminating the need for documents and people in governing, creating a structure with decentralized control.
Here’s how it works:
- A group of people writes the smart contracts (programs) that will run the organization
- There is an initial funding period, in which people add funds to the DAO by purchasing tokens that represent ownership – this is called a crowdsale, or an initial coin offering (ICO) – to give it the resources it needs.
- When the funding period is over, the DAO begins to operate.
- People then can make proposals to the DAO on how to spend the money, and the members who have bought in can vote to approve these proposals.
It’s important to understand that great care has been taken not to make these tokens into equity shares – they are more like contributions that give people voting rights but not ownership. In most cases, a DAO is not owned by anyone – it’s just software running on the ethereum network.
The very first DAO is bitcoin itself, which is governed by consensus among its core team and its mining network. All other DAOs have been launched on the ethereum platform.
“The DAO” is the name of a particular DAO, conceived of and programmed by the team behind German startup Slock.it – a company building “smart locks” that let people share their things (cars, boats, apartments) in a decentralized version of Airbnb.
The DAO launched on 30th April, 2016, with a 28-day funding window.
For whatever reason, The DAO was popular, raising over $100m by 15th May, and by the end of the funding period, The DAO was the largest crowdfunding in history, having raised over $150m from more than 11,000 enthusiastic members. The DAO raised far more money than its creators expected.
It can be said that the marketing was better than the execution, for during the crowdsale, several people expressed concerns that the code was vulnerable to attack.
Once the crowdsale was over, there was much discussion of first addressing the vulnerabilities before starting to fund proposals. In particular, Stephan Tual, one of The DAO’s creators, announced on 12th June that a "recursive call bug" had been found in the software but that "no DAO funds [were] at risk".
At the time, more than 50 project proposals were waiting for The DAO’s token holders to vote on them.
It’s important to reiterate that the ethereum network has no such bugs and has been working perfectly the entire time. All networked systems are vulnerable to various kinds of attacks. The ethereum network, which supports (depending on the price) around $1bn worth of ether, has not been hacked and is continuously executing many other smart contracts.
Everyone who writes a smart contract knows that if it can move a large amount of cash it will be subject to attack. This particular vulnerability was discovered recently in another system, called Maker DAO, and was neutralized quickly because that DAO was still in testing.
Many people feel that testing and certifying smart contracts will be an important part of keeping the ethereum ecosystem safe. You’ll find several smart-contract validation services listed at DecentralStation.com.
The Hack
Unfortunately, while programmers were working on fixing this and other problems, an unknown attacker began using this approach to start draining The DAO of ether collected from the sale of its tokens.
By Saturday, 18th June, the attacker managed to drain more than 3.6m ether into a “child DAO” that has the same structure as The DAO. The price of ether dropped from over $20 to under $13.
Several people made attempts to split The DAO to prevent more ether from being taken, but they couldn’t get the votes necessary in such a short time. Because the designers didn’t expect this much money, all the ether was in a single address (bad idea), and we believe the attacker stopped voluntarily after hearing about the fork proposal (see below). In fact, that attack, or another similar one, could continue at any time.
Smart contracts are meant to be stand-alone agreements – not subject to interpretation by outside entities or jurisdictions. The code itself is meant to be the ultimate arbiter of "the deal" it represents. But of course, that’s an idealist (crypto-anarchist) perspective.
Even before the attack, several lawyers raised concerns that The DAO overstepped its crowdfunding mandate and ran afoul of securities laws in several countries. Lawyers also pointed to its creators as potentially liable for any problems that may occur, and several expressed concern that token holders of The DAO were accepting responsibility they were likely unaware of. The DAO exists in a gray area of law and regulation.
Because the child DAO has the same structure, limitations, and vulnerabilities as the parent DAO, the ether in this newly created child DAO can’t be accessed for 28 days, as that is the initial funding period.
Everyone can see the ether in this child DAO – any attempts to cash it in will trigger alarms and investigations. It could be that the attacker will never get to cash or spend a single ether of it.
It’s entirely possible that the attacker had a large short position on ether at the time of the attack, which he or she then cashed out after ether had been cut roughly in half. The attacker may already have made his money, regardless of the ether sitting in the child DAO.
There are things the Ethereum Foundation could do that may be able to nullify the ether in this DAO. That’s where things get complicated.
The Soft-Fork Proposal
The DAO contains roughly 15% of all ether, so a failure of The DAO has a negative impact on the ethereum network and its cryptocurrency.
It’s worth noting that dozens of startups are working on DAO or governance products, many smart contracts have similar vulnerabilities and building complex software using smart contracts is still in its infancy. Everyone involved has a stake in what happens next.
All eyes are on The DAO and the Ethereum Foundation, hoping for a resolution that allows the ecosystem to continue to develop as it was before.
To understand what happens next, you will need to understand blockchain basics: A network of nodes puts transactions into blocks and blocks into a single chain that represents the "truth" of what has happened. If two competing transactions happen at about the same time, the network resolves this conflict by choosing one and rejecting the other, so all nodes have the exact same copy of the distributed ledger.
The only way to "rewrite history" would be to have at least 51% of all nodes agree to such a collusion – something that has never happened in the history of bitcoin or ethereum. The goal of a decentralized network is that no one has the power to do that, or the network itself becomes untrustworthy.
On 17th June, Vitalik Buterin of the Ethereum Foundation issued a critical update, saying that the DAO was under attack and that he had worked out a solution:
In this, Buterin specifically states that he isn’t proposing to rewrite any blocks, but just to install a “switch” in the basic ethereum code that prevents moving any ether out of the DAO or its children.
Effectively, this is a one-time fix (called a “fork”) for a one-time event that seals those ether into that address for all time.
Buterin continued: