In-depth Analysis: DAO Hack and the splitting of Ethereum
In June 2016 the Ethereum DAO was hacked and $55 million worth of the cryptocurrency Ether began draining from its account holders. In the days that followed the attack frantic efforts were made to save the tens of millions of dollars at risk. Different options were offered, arguments took place…. tensions within the Ethereum community ran high.
When everything was over, what had been one cryptocurrency was split into two. More than that, the ‘fix’ implemented to get round this attack divided the cryptocurrency community – and the debate around that fix carries on today.
So before we look at what happened let’s orientate ourselves:
Ethereum is a blockchain in its own right – in the same way that bitcoin is a blockchain in its own right. The Ethereum blockchain generates its own cryptocurrency called Ether.
A distinctive feature of the Ethereum blockchain is its ability to handle something called smart contracts. Smart contracts are simply pieces of code that act on a if-this-then-that basis. In other words, if this thing happens the code (contract) carries out this task, if that thing happens then it carries out a different task. The smart contract reacts to events that take place in its sphere of interest.
In fact, it’s a smart contract that is the basis of the Ethereum DAO.
What’s a DAO?
Well, the initials stand for Distributed Autonomous Organisation.
A DAO is a business organisation that uses smart contracts to do away with – completely – the need for human decision-makers. The Ethereum DAO’s founders wrote the smart contracts (really just code or programmes) that ran the DAO. And then, before the DAO got started, there was an initial funding period whereby people bought into the DAO by buying tokens. Once this funding period (known more usually as an Initial Coin Offering or ICO) was over the DAO started to do its thing.
And what was the DAO’s thing?
The Ethereum DAO was the first of its kind and is known as The DAO. Specifically, the Ethereum DAO allowed people to make business proposals – “let’s invest $1000 making t-shirts that we can then sell for $1500” – and the DAO’s investors considered the proposal before voting on whether to fund it. It’s a bit like a crowdfunding set-up or a venture-capital firm – except the smart contract runs the process.
So what happened?
It started with a bit of a shock. On the 18th June 2016 members of the Ethereum community noticed funds were being rapidly withdrawn from the DAO. In fact – using the language used that day – the DAO was being ‘drained’… In the first hours over 3 million Ethers – valued then at over $50 million were withdrawn.
As the day wore on it became clear how the attacker was getting this currency. He (although it could have been a ‘she’ or a ‘they’ – we don’t know) had exploited a weakness in the code – specifically in the part of the code that allowed an investor to withdraw his funds.
The attacker realised he could ask to withdraw his own funds over and over and over again. And each time he asked he received a fresh payment. Essentially he was being repeatedly paid his original amount. How come?
The weakness he had discovered was that the ‘withdraw’ code could be called multiple times before the smart contract updated its own balance. Which meant that when the DAO received a withdrawal request from the attacker it didn’t know it had already paid him because its balance was as it was before… so it paid him again.
And again. And again. And so on.
At a day-to-day level there was nothing anybody could do to stop him. There’s no central authority as such with a blockchain or, with a blockchain-hosted service like the DAO. There’s no central person who can shut the thing down, install a fix and then start it up again. The smart contract isn’t a one-off event kind of deal. Once it’s set up it runs. Forever.
What was quickly realised was that if this attack was going to be (a) stopped and (b) if possible, reversed then only a fundamental intervention in the Ethereum blockchain itself would do the trick. And that intervention would have to be voted on by all nodes on the Ethereum blockchain.
When time is on your side
The Ethereum community had one thing on their side – time. Not lots of it but they had some. Because the attacker wasn’t receiving the funds as soon as he asked for them. Within the smart contract code is an inbuilt rule that you cannot move your funds until 27 days after requesting them. So in fact the funds that were rapidly draining out of the DAO weren’t technically out of the DAO – yet. They were in a half-way house – a child DAO – watching the clock tick by until they could be withdrawn. Until then they were, in fact, still within the grasp of the DAO.
What were the options?
So the funds are now in the attacker’s child DAO and he’s waiting for the 27 day limit to expire so he can move them out and into a place of his own.
The options facing the Ethereum team are as follows:
- Do nothing – and that, literally, was a seriously considered option. You let the attacker get away with it. There were people who insisted this be the choice.
- Soft fork the blockchain
- Hard fork the blockchain
Let’s take a quick look at all three.
- Do nothing
Here’s the thing: the ‘attacker’ actually didn’t ‘attack’. However else we might describe his activities what he actually did as make use of a loophole in the smart contract. He didn’t create the loophole, it was already there. The programmers made a mistake.
The argument put forward by people is that the code that created the DAO – the smart contract – is the DAO’s law. The attacker didn’t break the law so how can you justify relieving him of the proceeds of his lawful activity?
Added to that were the ‘slippery slope’ arguments – essentially that, once you accept that you will modify or tamper with code for this reason why not do it for other reasons too? Where does it actually stop?
- Soft fork the blockchain
A soft fork is a relatively uncontroversial code update that is compatible with the software on all the nodes on the blockchain – whether they updated to the new update or not. In other words, the changes are backwards compatible and all nodes – whether they upgraded or not – will recognise new blocks. Consensus will be maintained.
- Hard fork the blockchain
A hard fork occurs when a code update is not backwards compatible. If all nodes accept the update then the blockchain remains whole and new blocks are validated by all nodes using the new rules.
A hard fork can lead to complications though. If some nodes do accept the update whilst others do not then you end up with two versions of the blockchain. Each version of the blockchain validate blocks differently – and those blocks aren’t compatible with each other.
What was once a single blockchain now becomes two – one of them continues with the original cryptocurrency but the other chain gives rise to a brand new currency.
And the winner is…..
Do nothing was rejected. The majority felt the ‘code is law’ mantra was too extreme and that decisions should ultimately be made by thinking human via social consensus. Not only that, the desire to keep the authorities out of the blockchain was strong. By returning funds the community showed the regulators that they could sort out their own mess.
The soft fork version was actually in play until a couple of days before its implementation date. But for several technical reasons it was concluded that a soft fork wasn’t going to work here and so the idea was abandoned.
The team chose a hard fork to resolve the problem.
Their hard fork was a code-change that effectively created a rollback – like a ‘restore’ on a computer. By taking your computer back to the state it was in say, 7 days ago you undo every change that took place on your machine since that date.
This is what the hard fork did to the Ethereum blockchain. On 20th July 2016 the fix was applied and it undid the attacker’s withdrawals. They had rewritten the past and undone the theft.
Except it wasn’t all quite as cut-and-dried as that.
Unexpectedly, the original blockchain carried on growing. Any expectations that that blockchain – which enjoyed perhaps 10 – 15% support amongst the nodes – would wither and die were confounded.
A portion of users had rejected the update and were still updating and approving blocks on the original chain – and were still being rewarded with the original Ether currency.
Incredibly, this old part of the chain – having been kept alive essentially by rebels against the fix – still possessed some of the stolen Ether…. which meant the attacker was still sitting on 3.6 million Ether coins.
Today, we still have two Ether cryptocurrencies: the original pre-fork currency which is now called Ethereum Classic (ETC) and the currency produced by the new fork – called Ethereum (ETH). ETC retained some 10 – 15% of the original users – ETH has the rest.
And ETH is the more credible currency. It’s market capitalisation is roughly ten times greater than that of ETC but importantly, its community sees its blockchain as a value-add software and it has attracted the support of some big name firms – Accenture, JP Morgan, Microsoft, and UBS in particular.
But the debate over the rights and wrongs of the fork rumble on.
Even today a number of blockchain enthusiasts believe that the rollback was akin to a bank bailout – and as such was contrary to everything the blockchain was about. They argue that if things that happen today can simply be undone tomorrow if enough people with a personal interest vote for it… what does that say for the certainty and reliability of blockchain applications?
The counter argument is that the Ethereum blockchain was still a development chain and that as it grows more robust such hard forks will be much harder to perform. Ethereum’s founder, Vitalik Buterin, says that the way things were done in 2016 aren’t anything like the way they’re done now. Investors in Initial Coin Offerings will hope he’s right…