|
Title: Did DAO post its own downfall 4 days ago? Post by: thegreenone on June 17, 2016, 03:03:06 PM Seems they have published their own security flaw and didn't close it
https://github.com/slockit/DAO/pull/247/commits/b7038eacdc3b8bb07cfb6cb8bcc98dba9e2c9302 They had 2 Pull Requests that attempted to address issue. Here is other one https://github.com/slockit/DAO/pull/248 Seems that one was never merged as well. Title: Re: Did DAO post its own downfall 4 days ago? Post by: shyliar on June 17, 2016, 03:06:16 PM Seems they have published their own security flaw and didn't close it https://github.com/slockit/DAO/pull/247/commits/b7038eacdc3b8bb07cfb6cb8bcc98dba9e2c9302 They had 2 Pull Requests that attempted to address issue. Here is other one https://github.com/slockit/DAO/pull/248 Seems that one was never merged as well. It's been a known problem publically since June 9th. If I can find the link I'll edit this post. Additionally (I could be wrong on this) the DAO requires two weeks of voting to correct such flaws. Title: Re: Did DAO post its own downfall 4 days ago? Post by: jjacob on June 17, 2016, 03:09:01 PM It's been a known problem publically since June 9th. If I can find the link I'll edit this post. Additionally (I could be wrong on this) the DAO requires two weeks of voting to correct such flaws. Two weeks is a recipe for disaster. It will give somebody trying to exploit flaws enough time to prepare and execute his plans flawlessly. Title: Re: Did DAO post its own downfall 4 days ago? Post by: thegreenone on June 17, 2016, 03:15:15 PM It's been a known problem publically since June 9th. If I can find the link I'll edit this post. Additionally (I could be wrong on this) the DAO requires two weeks of voting to correct such flaws. Two weeks is a recipe for disaster. It will give somebody trying to exploit flaws enough time to prepare and execute his plans flawlessly. My thoughts exactly. Without a locking mechanism it seems hard to avoid. I don't think the 20% quorum was going to be hit for some time regardless. Not until a massive consolidation of DAO tokens, would have ruined the whole concept. Title: Re: Did DAO post its own downfall 4 days ago? Post by: alyssa85 on June 17, 2016, 03:19:35 PM Seems they have published their own security flaw and didn't close it https://github.com/slockit/DAO/pull/247/commits/b7038eacdc3b8bb07cfb6cb8bcc98dba9e2c9302 They had 2 Pull Requests that attempted to address issue. Here is other one https://github.com/slockit/DAO/pull/248 Seems that one was never merged as well. It's been a known problem publically since June 9th. If I can find the link I'll edit this post. Additionally (I could be wrong on this) the DAO requires two weeks of voting to correct such flaws. On another thread they said this was a known issue since 2015. Which means they had months to sort it out and didn't bother. Shoddy, shoddy, shoddy. |