Dao Hack

I’ve mentioned The Dao before. Called it a kind of digital distributed democratic dragons den, and noted that 10% of all Etherum, a hundred million dollars, was now controlled by a software contract.

And an exploit was found in that software contract, practically as soon as transactions were allowed, and money started draining from it into a hacker’s account.

Where it will be frozen for a couple of weeks at least.

Meanwhile those who wrote and continue to update the software that runs Etherum, the currency which the DAO was written on, have posted patches to make that freeze longer, and maybe return all the money back to the original investors.

Whether the giant loose-knit collection of server-maintainers who are running that code to keep the currency running will accept that patch and allow the effective roll-back is still unknown. The tokens that represent an interest in the DAO are trading for about .6 of their original value, so presumably that market thinks there’s only about a 60% chance that the patches will be accepted by the miners.

So that’s how it stands. Either the miners decide the software contract is the arbitrator of what’s allowed and the hacker gets to keep 10% of all the Eth, or they decide to roll it back and it turns out that software-defined money-contracts aren’t quite as immutable as was assumed.

Can’t be good for Eth either way I don’t think.

I’m re-invested in Bitcoin, despite the approaching halving, at least for now. Hopefully can pick up some Eth at a tenth the price in a few weeks when it’s all blown over.

There’s a letter claiming to be from the Hacker asserting his right to the cash too.

The whole thing is hilarious, certainly.

One thought on “Dao Hack

  1. You see the whole thing about Etherum, it’s point, it’s promise, was that you could write a contract in machine language, and the contract would automatically enforce itself. No need for judges, no need for a tribunal, no need for guns or beefy security. Breaking contracts is just mathematically impossible. That’s the the aim of it. You can’t renegue on this contract any more than you can prove 1+2 = 42.

    ’till someone drains up to ten percent of the whole currency through a bug in a contract that was so popular one in ten of every Etherum was invested in it.

    I’m not sure I understand how you roll that back without destroying the promise of it, it’s entire value. The code is the contract, that’s the point, right? If you can roll-back the contract just coz it ripped off 10% of all the coin in the system, then that’s not a 51%-of-hashing-power vulnerability, that’s a 10%-of-total-stake vulnerability.

    In a coin thinking of moving to proof-of-stake instead of hashing anyway!

    It paints a different picture of Etherum than the one I thought of until this weekend. No longer an immutable cloud machine that will enforce contracts with mathematical rigour, but a community of system-administrators running servers who determine how enforceable contracts should be based on consensus and broad-agreement.

    Which is still probably better than a bank. Maybe?

    I look forward to buying more Etherum when it’s price has adjusted to reflect that it’s just democracy rather than machine-like mathematical precision.

Comments are closed.