- Researchers found critical vulnerabilities in the Slockit DAO smart contract
- There were nine critical areas highlighted as points that should be addressed to prevent exploitation of the vulnerabilities
- The researchers requested that a moratorium be placed on the smart contract to allow for upgrades to be made while also protecting those invested from being exploited
- D. Mark, E. G. Sirer, and V. Zamfir, “A Call for a Temporary Moratorium on The DAO,” 27-May-2016. [Online]. Available: https://hackingdistributed.com/2016/05/27/dao-call-for-moratorium/. [Accessed: 28-Nov-2020].
Core Research Proposal
- This paper put forth nine suggestions to prevent the exploitation of the DAO protocol after highlighting structural and philosophical vulnerabilities during a smart contract audit.
This research paper was written approximately a month before the original DAO smart contract as known by the cryptocurrency community at large was exploited, resulting in an ideological and literal split in the Ethereum community, creating Ethereum Classic as the community/chain that wanted to enforce “code as law”;. In contrast, the Ethereum chain rolled back the DAO hack and attempted to undo the damage from the attack on the smart contract. The paper being examined demonstrated vulnerabilities, offered solutions, and attempted to move the community towards preventing the DAO exploit that ultimately split the Ethereum community.
The researchers suggested that while the DAO was a revolutionary opportunity to attempt decentralized crowdfunding and project management, the DAO was iterated in a manner that created vulnerabilities in the smart contract’s language in addition to implementing a mechanism design that incentivized exploitation instead of honest behavior. The researchers highlight the following attacks as potential points of vulnerability:
Affirmative Bias: As the voting protocol locked in the vote without giving the option to change, this approach reinforced the notion that voting against a project being funded would only be beneficial if many people were voting against the project, thus creating an inherent bias to vote for projects to be funded.
Stalking: A contract that split from the DAO created a vulnerability that allowed a sole investor and curator to whitelist a proposal which would permit funds to be withdrawn to the contract owner. This would not necessarily result in theft, but created the potential for ransom and involuntarily locked funds.
Ambush: The voting structure incentivized last-minute votes by whales to sway votes to release funds to attackers. Whales had enough weight in the voting structure to need very little cooperation to execute an attack on a contract and withdraw funds.
Token Raid: In this scenario an attacker purchases a large amount of targeted DAO tokens to then run a stalker attack or dump the token on an exchange in an attempt to drive the value lower only to then accumulate more tokens at a lowered value.
extraBalance: This attack was used to scare TDT holders into splitting from the DAO to increase the book value of the token. Attacking whales would create a self-serving proposal with a negative return to immediately vote YES using their weight due to holding large amounts of TDT.
Split Majority Takeover: A majority of 53% or more would have been able to vote to allocate 100% of the funds to a recipient that solely benefits those voting in that bloc.
Reward Dilution: This is an abstracted attack that comes in the form of creating new tokens as rewards to payout unsuspecting investors that had agreed to different terms. This attack effectively uses maintenance and operating costs to mask theft through dilution of dividends.
Risk-Free Voting: A voter could run the operation ‘unblockMe’ to decouple their funds from a voting bloc before the vote was final.
Concurrent Tie-down: In this context, proposals that have long voting blocs have the potential to be undercut by someone to come make the same proposal with a shorter voting bloc window thus creating more incentive for investors to participate.
Independence Assumption: There was an assumption that all the projects operating within the DAO had no dependence on each other or necessarily on the success of the DAO itself.
- The researchers outlined the historical context of the DAO’s emergence to establish the necessary information that would be needed to understand the potential attacks and vulnerabilities they put forth.
- In outlining nine vulnerabilities, the researchers gave a substantial list of potential problems that could arise if there was no moratorium on the DAO.
- The researchers performed a smart contract audit of the Slockit DAO contract
- The researchers suggested there were partial and complete remedies to some of the attacks that were outlined including:
- Supporting Withdrawals
- Post-voting Grace Periods
- Shorter Voting Periods
- Vote “No” and Withdraw on an Affirmative Decision
- Waiting for Quiet
- Commit/Reveal Voting
- Vote Delegation
- Reward Accounting
- Curator-enforced Proposal Independence.
The researchers suggested that the DAO (1.0) potentially use the “newContract” call which would allow the funds to be moved to a newly written DAO contract (1.1).
Discussion & Key Takeaways
- This paper examined many aspects of the DAO contract that incentivized nefarious attacks against the DAO funds. This paper used examples of security vulnerabilities that were discovered in the smart contract to prod the community to halt usage of this specific smart contract.
Implications & Follow-ups
- As this paper was put out a month before the attack on the DAO, there is the obvious retroactive perspective that the researchers were correct. In that framework, there is the larger discussion that surrounds the speed of the current pace of peer-review in academia not being able to keep up with real-world vulnerabilities to permit an article like this to be published in an academic research journal. This paper was published on a website dedicated to hacking news, and in that confinement the community did not take the paper seriously. This lack of proper reception is ultimately the source of the now infamous $50 million DAO hack that could have been prevented had the researchers’ suggestions been followed.
- This research paper and resulting hack on the DAO is a prime example for the rationale that academic research should be more utilized during deployment of theoretical frameworks. As the DAO was heavily exploited by nefarious actors, the warnings and prevention mechanisms that were put forth by researchers gave the industry a month of warning before the very vulnerabilities outlined in the paper were exploited.