Ethereum will clean up bitcoin's image by ending blockchain theft and ransom forever

in #crypto-news9 years ago (edited)


www.i.imgur.com/Wc1NgcS.png

How many bitcoin theft and ransom stories have tarnished bitcoin's reputation over the years?

Now Ethereum comes to the rescue. In the post Ethereum world, nobody will have their funds stolen, and no criminals will be able to hold people for ransom, because the chain will be forked to thwart these criminals.

Bitcoin is for criminals and Ethereum is for the "good guys"

The masses have spoken, and they vote to trade freedom for security. You my friend are a minority.

http://www.coindesk.com/dao-attack-good-thing-ethereum/

So now tell me that this was not a publicity stunt to show the masses that:

Etherum - "Crypto is not just for criminals anymore"

Just when you thought Ethereum had peaked, they hit another home run with main stream consumer resonation.

Vitalik is a crypto superhero saving the world from criminals and thieves.

What happened? 3,641,694 ETH where splitted out of theDAO. The attacker found a loophole in the regular splitDAO function so that they could reuse the same DAO tokens over and over again.

How did the attack worked exactly? The attacker managed to combine 2 exploits. The first exploit was to call the split DAO function recursively. That means the first regular call would trigger a second (irregular) call of the function and the second call would trigger another call and so on. The following calls are done in a state before the balance of the attacker is set back to 0. This allowed the attacker to split 20 times (have to look up the exact number) per transaction. He could not do more - otherwise the transactions would have gotten too big and eventually would have reached the block limite. This attack would already have been painful. However - what made it really painful is that the attacked managed to replicate this attack from the same two addresses with the same tokens over and over again (roughly 250 times from 2 addresses each). So the attacker found a second exploit that allowed to split without destroying the tokens in the main DAO. They managed to transfer the tokens away before they get sent to address 0x0 and only after this they are sent back) The combination of both attacks multiplied the effect. Attack one on its one would have been very capital intensive (you need to bring up 1/20 of the stolen amount upfront) - the attack two would have taken a long time.

Is the remaining Ether in theDAO safe? No - it is most likely that this exploit could have been used to drain all Ether out of theDAO. The attacker stopped draining ETH when Vitalik wrote his first blog response that mentioned the plan for soft and hard forks. We can assume that the hacker stopped for strategic reasons to make a community decision for a fork less likely. However - the attacked voted in other fork proposals as well - for more details have a look here

Since the Ether of the attacker is in a copy of a theDAO contract - can the ETH be stolen the same way? This would have been possible if at least one honest actor would have voted for this split. Since the attacker is most likely the only shareholder and the curator of this DAO the same attack can not be done.

How would the proposed soft fork work? The soft fork would be an immediate action to mainly buy time. Miners could modify the Ethereum client that it would ignore all transactions where as a result of the transaction ETH is deducted from an address that has the code of theDAO. Miners would also ignore blocks of other miners that would include such a transaction. If the majority of miners decides to do so it would be impossible for everyone to move ETH from every "theDAO" version. So it would affect the main "theDAO" and all the splits - including the regular and the malicious one.

Is a software version of ETH with this modification already available? Yes - Parity and GETH have released proper versions.

What needs to happen to activate the soft fork? It would require a coordinated effort of the majority of the miners. Coordination is important otherwise a miner would likely lose his ETH. If you for example solo mine you should NOT switch to the patched version unless you are convinced that a majority of the miners did because otherwise your software will ignore the longest chain since it would see it as invalid.

Miners need to communicate with each other and define a block in the future that should be used to switch over to the new version. As soon as the majority accepts a new version it is dangerous for a miner not to use the new version.

If the soft fork succeeds - what is a path forward The softfork will most likely only a temporary solution. If it would be the final solution it would mean that basically all ETH on all theDAO contracts is frozen forever. There are two more likely paths forward. First a hard fork - with a hard fork literally everything is possible - we will discuss likely paths later. The second path from the freez softfork is to allow only certain kind of transactions. Under the assumption that no more ETH is drained from theDAO a more specific softfork 2 could allow every DTH to receive its share of the remaining ETH.

If the soft fork does not succeed - what will happen? A very big mess of attacks and counter attacks. White and black heat hacker will start exploiting this bug. However since every split will be public everyone can join every split. The right strategy would be to split you tokens up to have a very small number of tokens in every split. So if someone is performing the attack others will also have shares in the splitted DAO - that will allow them later to perform this attack again in the newDAO after the creation period is over. This could result in endless splitting. It would create incentives to spam the network or to bribe miners to censor transactions. In addition it is very likely that other bugs will be found and exploited. If we would end up in this stage it is very likely that all non technical DTH would lose everything.

What are the arguments for and against the soft fork? The biggest argument for the soft fork is the prevention of the huge mess that would occur without one. There are philosophical arguments against it - essentially the softfork would be a form of censorship. However - most affected by this censorship would highly welcome it (all DAO token holder) expect the attacker. However - there is a small group of people also affected by this who not might want it - everyone who spitted in a regular manner and is confident that no one of the other shareholder in this splitted DAO will atack them (e.g. because they are the only one).

When and how is a hard fork possible? A hard fork would require longer discussion and consensus finding. To execute a hard fork miners are less important. More important are exchanges and key player in the ecosystem. (Ethereum foundation, core developers, leading companies in the ecosystem). If all those players agree to a hard fork even a small minority of miners would be enough but more importantly - miners would join under those conditions almost for sure. With a hard fork in principal ALL rule changes are possible. New Ether can be created, legit ETH can be destroyed and so on. However - chances are 0 that the community would agree on such a fork. So we can narrow the expected range down. On the upper end (on a scale of ETH value per DAO-token) would be a complete reversion of all illegitimate splits. That would mean that DAO tokens could again be redeemable of 0.01ETH each. The lower end would be the ratio of ETH that is left in theDAO contract - currently 0.006857 ETH (without extra balance) . However - for such a solution no hard fork would be required, it could be done with a soft fork. So a consensus solution might also be that only parts are restored. Others could be either destroyed or be used for some form of common good (e.g. Ethereum foundation, decentralized fund that will subsidize future security audits, )

Additional information:

What is the difference between a hard and a soft fork. A soft fork means that a state/block that used to to be valid is not valid any more in the new version. In this case a state that would result in spending ETH from any contract with the code of theDAO would be considered invalid. A hard fork makes a state valid that was not valid before. The big advantage of a soft fork is that only miners need to update their software. Although eventually everyone should - if everyone waits for enough confirmations they will only accept states that are valid under the new rules. In a hard fork however everyone (consumers, exchanges, ...) need to update their software. Otherwise they are in danger of losing their ETH and other assets on Ethereum. For this reason the period between agreement on the fork and execution of the fork should be much bigger than it can be in a soft fork.

Can we track down the identity of the attacker. This is an open question. There is a decent likelihood that the attack was not planned long in advance so the hacker might have done mistakes as using addresses that are linkable to their identity. Here is an excellent overview of the accounts involved. The hacker was careful and used only ETH from a transaction from shapeshift.

When did the hacker started to plan this attack? The two key contracts that held the tokens and had the logic in that allowed the recursive split where created 2 days before the attack. So at least two days. However - a split was initiated 7 days before the attack. However - it is not yet 100% clear if the attacker and the initiator of that split are the same. It likely but not necessary. The attacker could have used any split proposal. But even if the attacker was the initiator of the split it does not mean that they were preparing the attack already back then. Under the assumption that theDAO was bug free there has been an arbitrage opportunity of buying DAO tokens for less than 0.01ETH and converting them to 0.01ETH with a split.

If the soft fork is implemented - can I still transfer DAO Tokens? Yes - every transaction that does not affect the ETH balance of a contract with the code of theDAO is still possible.