The current issues with The DAO have taken the world by storm, and not in a good manner. After information leaked about a critical bug that is draining The DAO’s Ethereum balances, a lot of traders panicked. But in the end, things are not as dire as they first appeared.
First of all, it is important to note The DAO developers were aware of this bug that allowed Ethereum funds to be drained. They also pointed out this would not be a significant issue a handful of days ago, yet chaos still ensued. At things stand, all of the leaked funds is held in a Child DAO. This also means the funds cannot be withdrawn for another 27-ish days.
The DAO Incident Explained
The exploit itself is a recursive calling vulnerability, containing the “split” function. As the attacker called this function recursively inside the split, they can collect Ether multiple times with one transaction. At the date of writing, that amount was still increasing at regular intervals.
What is most important is how this is an issue with The DAO itself, and not Ethereum. Once the news broke about this incident, both DAO tokens and ETH started dropping in value as traders looked to get out. But the DAO team confirmed that “Ethereum itself is perfectly safe”.
To solve this problem, a proposal is on the table:
“The development community is proposing a soft fork, (with NO ROLLBACK; no transactions or blocks will be “reversed”) which will make any transactions that make any calls/callcodes/delegatecalls that execute code with code hash 0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba (ie. the DAO and children) lead to the transaction (not just the call, the transaction) being invalid, starting from block 1760000 (precise block number subject to change up until the point the code is released), preventing the ether from being withdrawn by the attacker past the 27-day window. This will later be followed up by a hard fork which will give token holders the ability to recover their ether.”
Interestingly enough, The DAO team mentioned how miners and pools should allow transactions as normal. However, they are also advised to keep an eye out for the soft fork update and download it as soon as possible. Holders of the tokens and Ether should remain calm, and exchanges have nothing to worry about by resuming Ethereum trading. It appears as if there will be no dumping ETH across exchanges by the assailant.
Overall, the Ethereum community seems to be in favor of this approach. Performing a rollback should never be an option to be considered, and The DAO team is taking a rightful course of action by doing things differently. That being said, it remains to be seen how The DAO will fare over time as this incident will harm their reputation.
Header image courtesy of Shutterstock