In the last 36 hours we have witnessed an attack on The DAO. An attacker utilized the “Recursive Call Exploit” in the `splitDAO()` function to withdraw 3.5M ETH while burning only a small amount of DAO tokens.
Luckily, the funds are not under his control. They are locked in a childDAO.
We Slock.it are fully supporting the solution as outlined in Vitalik’s post .
The Soft Fork:
A stated in the blog post: “ A software fork has been proposed, (with NO ROLLBACK; no transactions or blocks will be “reversed”) which will make any transactions that make any calls/callcodes/delegatecalls that reduce the balance of an account with code hash0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba (ie. the DAO and children) lead to the transaction (not just the call, the transaction) being invalid, starting from block 1760000 (precise block number subject to change up until the point the code is released), preventing the ether from being withdrawn by the attacker past the 27-day window. ”
In other words, this would freeze all ether in all DAOs using our DAO framework. The attacker, as well as anybody else, would not be able to withdraw any funds from any DAO.
This only solves the first half of the problem, as it forbids the attacker to withdraw his stolen funds, but the same is true for actual token holders in the main DAO.
As stated by Vitalik: “ This will provide plenty of time for discussion of potential further steps including to give token holders the ability to recover their ether. ”
We suggest the second step:
2 — The Hard Fork
- Move all funds from contracts with the code hash 7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba to a new contract “RefundDAO” (we can loop through the proposal list in the main DAO to find all split DAOs)
- replace the contract at the main DAO with a simple refund contract with only one function. This function takes one parameter (address of childDAO), to determine a combined balance of mainDAO and childDAO and then pays back ether accordingly (in order to also pay back DAO token holders who did already split)
With this solution, 100% of the funds can be refunded, because not a single wei has been going out of the DAOs yet. No rollback of blocks or transactions is required.
This is important: Usually when people think about hard forks, they imagine about rollbacks of entire blocks, undoing unrelated transactions (similar to bitcoin hard forks). But in this case,the hard fork is far more elegant and easier to implement, as there is no need to roll any blocks back, or to undo any transactions that have nothing to do with the DAO.
In fact, a typical ethereum user will not feel anything from that hardfork, besides a minor client update.
For these reasons, we think hard forking is the way to go forward.
It is part of the ethereum protocol that a majority of the miners/community can do an upgrade/split if they think something isn’t working as intended. This does not take anything away from decentralization, since no one can decide about the fork except of the miners and the community themselves — and *no one else*. We as software developers can only suggest forks by providing code listings.
Thanks for your support so far, and we look forward to progress on this matter rapidly!