Tusk (OP)
|
|
June 17, 2016, 11:15:23 AM |
|
Posted by Vitalik Buterin on June 17th, 2016. An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction. The leaked ether is in a child DAO at https://etherchain.org/account/0x304a554a310c7e546dfe434669c62820b7d83490; even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for the child DAO). This is an issue that affects the DAO specifically; Ethereum itself is perfectly safe. The development community is proposing a soft fork, (with NO ROLLBACK; no transactions or blocks will be “reversed”) which will make any transactions that make any calls/callcodes/delegatecalls that execute code with code hash 0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba (ie. the DAO and children) lead to the transaction (not just the call, the transaction) being invalid, starting from block 1760000 (precise block number subject to change up until the point the code is released), preventing the ether from being withdrawn by the attacker past the 27-day window. This will later be followed up by a hard fork which will give token holders the ability to recover their ether. Miners and mining pools should resume allowing transactions as normal, wait for the soft fork code and stand ready to download and run it if they agree with this path forward for the Ethereum ecosystem. DAO token holders and ethereum users should sit tight and remain calm. Exchanges should feel safe in resuming trading ETH. Contract authors should take care to (1) be very careful about recursive call bugs, and listen to advice from the Ethereum contract programming community that will likely be forthcoming in the next week on mitigating such bugs, and (2) avoid creating contracts that contain more than ~$10m worth of value, with the exception of sub-token contracts and other systems whose value is itself defined by social consensus outside of the Ethereum platform, and which can be easily “hard forked” via community consensus if a bug emerges (eg. MKR), at least until the community gains more experience with bug mitigation and/or better tools are developed. Developers, cryptographers and computer scientists should note that any high-level tools (including IDEs, formal verification, debuggers, symbolic execution) that make it easy to write safe smart contracts on Ethereum are prime candidates for DevGrants, Blockchain Labs grants and String’s autonomous finance grants. https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability/
|
From the ashes rises the Phoenix. Viva the block chain, Viva BitCoin!
|
|
|
iamnotback
|
|
June 17, 2016, 12:05:52 PM |
|
So the hard fork to recover the ETH means Ethereum is not decentralized. It is a top-down controlled fiat system.
|
|
|
|
ATA Group
|
|
June 17, 2016, 12:07:53 PM |
|
If a government wants to shut it down, thats the way how to do it!
|
|
|
|
misterbigg
Legendary
Offline
Activity: 1064
Merit: 1001
|
|
June 17, 2016, 12:08:36 PM |
|
So the hard fork to recover the ETH means Ethereum is not decentralized. It is a top-down controlled fiat system.
I don't know if "top-down controlled" is the right description, its more like a democracy where the majority can vote to strip the minority of its rights.
|
|
|
|
glerant
|
|
June 17, 2016, 12:08:36 PM |
|
The development community is proposing a soft fork, (with NO ROLLBACK; no transactions or blocks will be “reversed”) which will make any transactions that make any calls/callcodes/delegatecalls that execute code with code hash 0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba (ie. the DAO and children) lead to the transaction (not just the call, the transaction) being invalid, starting from block 1760000 (precise block number subject to change up until the point the code is released), preventing the ether from being withdrawn by the attacker past the 27-day window. This will later be followed up by a hard fork which will give token holders the ability to recover their ether.
No upside for any non-DAO involved ETH holders. Considerable potential downsides for ETH. Shouldn't the hardfork distribute some of the recovered funds as free ETHs to bagholders by way of compensation for this? Otherwise we will start to see effects of 'Moral Hazard' in blockchain technology.
|
|
|
|
ATA Group
|
|
June 17, 2016, 12:10:05 PM |
|
So the hard fork to recover the ETH means Ethereum is not decentralized. It is a top-down controlled fiat system.
I don't know if "top-down controlled" is the right description, its more like a democracy where the majority can vote to strip the minority of its rights. Yes it's called communism, where the piss poor try to steal the money from the rich ones.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
June 17, 2016, 12:11:03 PM |
|
And in the meantime Automated Transactions (AT) is working on two blockchains without issue (and has been doing so for over a year now).
|
|
|
|
misterbigg
Legendary
Offline
Activity: 1064
Merit: 1001
|
|
June 17, 2016, 12:15:01 PM |
|
And in the meantime Automated Transactions (AT) is working on two blockchains without issue (and has been doing so for over a year now). And in the meantime, Ripple has been successfully operating a distributed ledger for over five years now. A ledger that has supported an unlimited block size and five second confirmation times from the beginning: https://ripple.com/
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
June 17, 2016, 12:17:32 PM |
|
And in the meantime, Ripple has been successfully operating a distributed ledger for over five years now. A ledger that has supported an unlimited block size and five second confirmation times from the beginning: https://ripple.com/AT isn't a ledger - I was comparing smart contract systems (i.e. "apples and apples"). (but if you want to add AT to Ripple then you are welcome to do so)
|
|
|
|
ol92
|
|
June 17, 2016, 12:23:19 PM |
|
And in the meantime, Ripple has been successfully operating a distributed ledger for over five years now. A ledger that has supported an unlimited block size and five second confirmation times from the beginning: https://ripple.com/AT isn't a ledger - I was comparing smart contract systems (i.e. "apples and apples"). (but if you want to add AT to Ripple then you are welcome to do so) The amount of money involved in the DAO/ETH has attracted high level hackers. The same can't be said for NXT/Burst : therefore, we can't conclude easily their smart contract features are more safe.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
June 17, 2016, 12:25:03 PM Last edit: June 17, 2016, 12:51:17 PM by CIYAM |
|
The amount of money involved in the DAO/ETH has attracted high level hackers. The same can't be said for NXT/Burst : therefore, we can't conclude easily their smart contract features are more safe.
AT doesn't run on Nxt (it runs on Qora and Burst), and sure I do accept your point, but I am pretty confident that the design (being much simpler) does not have any similar flaws (the Crowdfund AT is about as minimal as such a thing could ever get). I would also be happy to take a "bet" in regards to being able to hack one of the existing ATs that have been created by the CIYAM team (we literally spent months testing each one we created).
|
|
|
|
misterbigg
Legendary
Offline
Activity: 1064
Merit: 1001
|
|
June 17, 2016, 12:25:32 PM |
|
AT isn't a ledger - I was comparing smart contract systems (i.e. "apples and apples"). That's true
|
|
|
|
w0t4n
Member
Offline
Activity: 63
Merit: 10
|
|
June 17, 2016, 12:34:17 PM |
|
Sorry, but this has nothing to do with decentralization. It's like saying: "We could, if we wanted to... but we are going to ask the community first to see if they agree"
|
♝POW/HiPOS ♟CHESSCOIN ♞ICO OPEN ♜
|
|
|
Attack.of.the.Clones
|
|
June 17, 2016, 12:39:22 PM |
|
So the hard fork to recover the ETH means Ethereum is not decentralized. It is a top-down controlled fiat system.
that's what it looks like, disappointing moment for crypto, vitalik is making a big mistake with this one ...
|
|
|
|
Attack.of.the.Clones
|
|
June 17, 2016, 12:43:06 PM |
|
So the hard fork to recover the ETH means Ethereum is not decentralized. It is a top-down controlled fiat system.
I don't know if "top-down controlled" is the right description, its more like a democracy where the majority can vote to strip the minority of its rights. nobody voted, VB just decided this around his Cabinet Politburo table ... dictatorship, not a democracy
|
|
|
|
Attack.of.the.Clones
|
|
June 17, 2016, 12:46:07 PM |
|
So the hard fork to recover the ETH means Ethereum is not decentralized. It is a top-down controlled fiat system.
that's what it looks like, disappointing moment for crypto, vitalik is making a big mistake with this one ... Let him do it, because after that ETH will be worth not even 1 sathoshi. 1 Billion USD down the toilet isn't good for marketing crypto
|
|
|
|
Attack.of.the.Clones
|
|
June 17, 2016, 12:50:01 PM |
|
So the hard fork to recover the ETH means Ethereum is not decentralized. It is a top-down controlled fiat system.
that's what it looks like, disappointing moment for crypto, vitalik is making a big mistake with this one ... Let him do it, because after that ETH will be worth not even 1 sathoshi. 1 Billion USD down the toilet isn't good for marketing crypto Don't be a moron.. somebody who hacked ETH hates it and loves Bitcoin... the hacker loves money ... Vitalik shouldn't play like a dictator here, let the code chips fall where they may, you CAN'T have a decentralised crypto if one guy and his buddies can do a hard fork & roll back when they deem it ok.
|
|
|
|
asdalani
|
|
June 17, 2016, 12:56:24 PM |
|
So the hard fork to recover the ETH means Ethereum is not decentralized. It is a top-down controlled fiat system.
I don't know if "top-down controlled" is the right description, its more like a democracy where the majority can vote to strip the minority of its rights. nobody voted, VB just decided this around his Cabinet Politburo table ... dictatorship, not a democracy If you do not agree with him, you do not download/run the new code and use the old code to validate the hacked eth.
|
|
|
|
iamnotback
|
|
June 17, 2016, 01:09:22 PM |
|
So the hard fork to recover the ETH means Ethereum is not decentralized. It is a top-down controlled fiat system.
I don't know if "top-down controlled" is the right description, its more like a democracy where the majority can vote to strip the minority of its rights. Democracy is a top-down structure because it is a winner-take-all power vacuum.
|
|
|
|
pufuletz
Member
Offline
Activity: 91
Merit: 10
|
|
June 17, 2016, 01:35:27 PM Last edit: June 17, 2016, 02:19:54 PM by pufuletz |
|
So the hard fork to recover the ETH means Ethereum is not decentralized. It is a top-down controlled fiat system.
that's what it looks like, disappointing moment for crypto, vitalik is making a big mistake with this one ... Well, what was he supposed to do - that was a massive amount of dumpable ETH that DAO thief was (still is!) accumulating
|
|
|
|
|