Details Of The DAO Hacking In Ethereum In 2016

The DAO hack that threatened everything and affected Ethereum

Do you remember how a decentralized autonomous organization can create with the use of Ethereum? In the year 2016, there was a downfall. A startup was working on a DOA project named DAO hack.

Dao was a model which is programmed and initiated by a start-up firm called Slock it. The primary purpose of this project is to make no person venture capital firm that would allow investors to make decisions through smart contracts.

AD-Blockchain-Council-01

It’s the DAO that got hacked

The DAO is a DENCENTRALIZED AUTONOMOUS ORGANIZATION – this is an organization where rules by computer programs generate Smart Contracts. Specifically, the DAO was built to be an investment vehicle that funds proposals. It does this by allowing its investors, who hold The DAO Tokens. Let’s call them TDT from this point to vote on proposals. Voting limits future actions so if a TDT holder votes yes or no. They can’t change their vote until the period is has ended.

When it made its 27-day crowd sale, the DAO raised 11.5 million Ether. This had a value of over US 150 million at the time and 16% of the total supply of Ether. Not only is that a lot of money but it was the largest crowdfund in history.

If the proposal on which a TDT holder voted succeeds, the owner can only withdraw their share of Ether balance that is left after the winning project once funded. In contrast, token holders that do not vote can remove from the DAO by initiating a split. Splits take seven days to fork off the funds. Consequently, a division launched by a user seven days ahead of a proposal’s voting deadline can operate without any risk that her funds will spend on that project. The DAO does not permit funds to be withdrawn as Ether directly. Instead, token holders can take their TDT out by a process known as a ‘split’. This is a process that takes 34 days in total to complete and involves creating a new DAO.

One of these flaws is how the DAO acts as a factory for creating child ‘smart contracts’ that ‘split’ off from the main DAO to create a ‘child-DAO.’

Recall that splitting is the only method of extracting one’s Ether holdings from the main DAO contract. This is where the user who splits from the DAO initiates a new DAO contract. In this contract, they will initially be the sole investor and curator. The idea here is that a user can extract her funds by whitelisting a proposal to pay herself the entire contents of her contract, voting on it with 100% support and the obtaining the resources by executing the approved plan.

Even if no action is taken, the attacker will not be able to withdraw any Ether at least for another ~27 days (the creation window for the child DAO).

One solution is a soft fork which will make any operations that make any calls/call codes/delegate calls that reduce the balance of an account with the system.

With the hard fork, a typical Ethereum user will not feel anything from that hard fork, besides a minor client update.

If you are a TDH holder, you can vote ‘yes’ on those split above proposals.

One way you can help mitigate the attack is by spamming the Ethereum network using your Ethereum client. You can use this to spam the chain.