In this part of the course we’ll be looking at the history of DAOs, the first ever DAO was the DAO, literally, in as much as it didn’t end well. It kicked the swing the right way and kickstarted what we have now. Here’s everything you need to know about “The DAO”.
The original theory underlying the DAO was that by removing delegated power from directors and placing it directly in the hands of owners, the DAO removed the ability of directors and fund managers to misdirect and waste investor funds.
As a blockchain-enabled organization, The DAO claimed to be completely transparent: everything was done by the code, which anyone could see and audit. However, the complexity of the code base and the rapid deployment of the DAO meant that the intended behavior of the organization and its actual behavior differed in serious ways that weren’t apparent until after the attack occurred.
The DAO was intended to operate as “a hub that disperses funds (in Ethereum) to projects”. Investors received voting rights by means of a digital share token (what we call governance token now) , they vote on proposals that are submitted by “contractors” and a group of volunteers called “curators” check the identity of people submitting proposals and make sure the projects are legal before “whitelisting” them. The profits from the investments will then flow back to its stakeholders.
The DAO did not hold the money of investors; instead, the investors owned DAO tokens that gave them rights to vote on potential projects. Anyone could pull out their funds until the time they first voted.
The DAO’s reliance on Ether allowed people to send their money to it from anywhere in the world without providing any identifying information.
In order to provide an interface with real-world legal structures, the founders of The DAO established a Swiss-based company, registered as a société à responsabilité limitée (SARL) in Switzerland, apparently co-founded by Slock.it and Neuchatel-based digital currency exchange Bity SA. According to Jentzsch, The DAO was in Switzerland because Swiss law allowed it to “take money from an unknown source as long as you know where it’s going.
Once the crowdsale was over, there was much discussion of first addressing the vulnerabilities before starting to fund proposals. In particular, Stephan Tual, one of The DAO’s creators, announced on 12th June that a “recursive call bug” had been found in the software but that “no DAO funds [were] at risk”.
At the time, more than 50 project proposals were waiting for The DAO’s token holders to vote on them.
Unfortunately, while programmers were working on fixing this and other problems, an unknown attacker began using this approach to start draining The DAO of ether collected from the sale of its tokens.
By Saturday, 18th June, the attacker managed to drain more than 3.6m ether into a “child DAO” that has the same structure as The DAO. The price of ether dropped from over $20 to under $13.
Several people made attempts to split The DAO to prevent more ether from being taken, but they couldn’t get the votes necessary in such a short time. Because the designers didn’t expect this much money, all the ether was in a single address (bad idea), and we believe the attacker stopped voluntarily after hearing about the fork proposal (see below). In fact, that attack, or another similar one, could continue at any time.
Even before the attack, several lawyers raised concerns that The DAO overstepped its crowdfunding mandate and ran afoul of securities laws in several countries. Lawyers also pointed to its creators as potentially liable for any problems that may occur, and several expressed concern that token holders of The DAO were accepting responsibility they were likely unaware of. The DAO exists in a gray area of law and regulation.
Because the child DAO has the same structure, limitations, and vulnerabilities as the parent DAO, the ether in this newly created child DAO can’t be accessed for 28 days, as that is the initial funding period.
Everyone can see the ether in this child DAO — any attempts to cash it in will trigger alarms and investigations. It could be that the attacker will never get to cash or spend a single ether of it.
It’s entirely possible that the attacker had a large short position on ether at the time of the attack, which he or she then cashed out after ether had been cut roughly in half. The attacker may already have made his money, regardless of the ether sitting in the child DAO.
There are things the Ethereum Foundation could do that may be able to nullify the ether in this DAO. That’s where things get complicated.
All eyes are on The DAO and the Ethereum Foundation, hoping for a resolution that allows the ecosystem to continue to develop as it was before.
To understand what happens next, you will need to understand blockchain basics: A network of nodes puts transactions into blocks and blocks into a single chain that represents the “truth” of what has happened. If two competing transactions happen at about the same time, the network resolves this conflict by choosing one and rejecting the other, so all nodes have the exact same copy of the distributed ledger.
The only way to “rewrite history” would be to have at least 51% of all nodes agree to such a collusion — something that has never happened in the history of bitcoin or ethereum. The goal of a decentralized network is that no one has the power to do that, or the network itself becomes untrustworthy.
On 17th June, Vitalik Buterin of the Ethereum Foundation issued a critical update, saying that the DAO was under attack and that he had worked out a solution:
A software fork has been proposed, (with NO ROLLBACK; no transactions or blocks will be “reversed”) which will make any transactions that make any calls/callcodes/delegatecalls that reduce the balance of an account with code hash0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba (ie. the DAO and children) lead to the transaction (not just the call, the transaction) being invalid …
In this, Buterin specifically states that he isn’t proposing to rewrite any blocks, but just to install a “switch” in the basic ethereum code that prevents moving any ether out of the DAO or its children.
Effectively, this is a one-time fix (called a “fork”) for a one-time event that seals those ether into that address for all time.
“Miners and mining pools should resume allowing transactions as normal, wait for the soft fork code and stand ready to download and run it if they agree with this path forward for the Ethereum ecosystem. DAO token holders and ethereum users should sit tight and remain calm. Exchanges should feel safe in resuming trading ETH.”
In other words, a blacklist will be built into the ethereum code to keep the bad guy from claiming his prize. In this “freezing of assets” scenario, Buterin calls for a discussion of how to help DAO token holders recover their initial investment.
This seemingly innocuous and well-meaning “Deus ex machina” proposal — which must still be adopted by a majority of ethereum network nodes to take effect — has opened a huge can of worms.
The Attacker Responds
In an open letter to The DAO and ethereum Community, the attacker supposedly claimed that his “reward” was legal and threatened to take legal action against anyone who tried to invalidate his work. Several people pointed out that the cryptographic signature in this message wasn’t valid — it could be fake.
But it’s well written, and from a certain point of view, well reasoned: The premise of smart contracts is that they are their own arbiters and that nothing outside the code can “change the rules” of the transaction.
Later, through an intermediary, the attacker claimed that he would put a stop to the organized “theft” of his property by rewarding miners (nodes) who don’t go along with the proposed soft fork, saying:
“[S]oon we will have a smart contract to reward miners who oppose the soft fork and mines the transaction. 1m ETH + 100 BTC will be shared with miners.”