TheDAO Theft:The Story of the Ethereum Hard Fork Explained

2022-03-09, 03:17


Summary



1. As a decentralized investment fund on the Ethereum platform, TheDAO is also by far the largest crowdfunding project in the world.
2. TheDAO was hacked on June 17, 2016. Attackers hijacked over 3.6 million ether by exploiting a recursive vulnerability in TheDAO smart contracts.
3. Ethereum officially launched a hard fork on July 20, 2016. Community members who did not support the fork would still mine on the original chain, and the name was renamed Ethereum Classic.
4. Compared to normal program development, the development of smart contracts is more special, for that the development programs must be highly precise.


Fill in the form to receive 5 reward points→


Having just been hit hard by the theft of TheDAO, the Ethereum community made a prompt and resolute decision in July 2016. Ethereum not only recovered after that setback but also grew stronger, becoming the king of blockchains that drove the trends like the IC0, DeFi, and NFT...


What is TheDAO



As a decentralized investment fund on the Ethereum platform, TheDAO was also by far the largest crowdfunding project in the world. DAO is short for Decentralized Autonomous Organization. TheDAO was designed to raise ETH from investors and offers a certain amount of $DAO in return. For users, holding $DAO also means having the corresponding weight of voting rights. With the rights, they can vote to decide on the operation of the fund.

Without a leader in the traditional sense, but operating strictly according to code rules under the control of smart contracts, TheDAO looks like a new form of investment firm. Its members obtain decision-making power corresponding to their contribution to the organization (quantified as the number of DAO tokens they hold) and jointly operate the organization in a decentralized manner. Thanks to its ground-breaking concept, TheDAO completed the crowdfunding smoothly. It raised over 12 million Ethereum within 28 days, accounting for 14% of the total market circulation at that time. The current price then reached $150 million.

On June 17, TheDAO was attacked by hackers only 20 days after TheDAO completed its crowdfunding and just started operating on May 27, 2016. Attackers took advantage of a recursive vulnerability in TheDAO smart contract and hijacked over 3.6 million ethers (about 4% of the total circulation). They transferred the vast majority of these ethers to the "Child DAO" created by the hackers themselves. According to the smart contract rules, these transferred ethers could only be withdrawn after 27 days. That’s to say, the community had only four weeks to deal with the stolen funds.


But the Hard Fork…



Then, the Ethereum core team represented by Vitalik proposed three solutions. The first was to do nothing to maintain the independence of the smart contract and the blockchain, which, however, could never help take back the losses caused by the hackers; the second was to carry out a forward-compatible soft fork, which would modify the consensus agreement temporarily in order to restrict the hacker from transferring the stolen funds; and the third was to launch a hard fork. This was also the last resort. It would forcibly roll back the transaction and restore Ethereum to the state before the theft.

Initially, the majority of community members supported the soft fork. Therefore, the soft fork upgrade was carried out step by step. But when the upgrade was about to be completed, it was discovered that the entire Ethereum network would collapse if any transaction related to TheDAO and Child DAO was invalidated. As a result, the hard fork was the only way to insist on recovering the losses.

The blockchain has been regarded to be a decentralized network resistant to supervision and tampering. However, it was also possible for the big blockchain, Ethereum, to modify the records in order to recover the losses, which undoubtedly had impacted the beliefs of some community members. Subsequently, Ethereum officially implemented a hard fork on July 20, as the voting results showed that most of the community members supported the rollback of transactions. The rest community members who did not support the fork would still mine on the original chain, and the name of the new chain was changed into Ethereum Classic (ETC).

After the completion of the hard fork, the two new blockchains had been forked several times to avoid possible replay attacks.


Code? Or Law?



The TheDAO theft incident has exerted a profound influence. It forced Ethereum, which almost collapsed, to fork. Fortunately, Ethereum has gradually recovered and grown into the first blockchain we see now as time goes by. The Ethereum hard fork could also be a vivid case for ETC and ETH, that’s, the fork is a final solution to disputes between large communities. The two subsequent forks of Bitcoin also mirrored the fork of Ethereum. Although TheDAO itself is gone, the concept of distributed organization has become famous because of this incident. As Web 3.0 is approaching, various DAOs have sprung up, providing a new and effective paradigm for cooperation.

Furthermore, TheDAO theft has left a lot more for us to reflect on.

First, the nature of blockchain. Essentially, the blockchain is decentralized. However, does it violate the original intention of the blockchain to modify the records at will only based on the consensus of the community? Recovering losses through hard forks does maintain the wanted result of community members, but does it violate the "procedural foundation” of the blockchain? Or from another perspective, once someone deliberately guides and takes advantage of this consensus to do evil in the future, is this another abuse of community power?

Second, should the code or the law be obeyed? There is a famous saying in the world of DAO: Code is Law. But the code itself has not prohibited the behavior of hackers. It is difficult to judge whether the behavior of hackers is pure evil or just exploiting the mechanism of the contract. But from a legal point of view, the hacker's behavior undoubtedly violates the rights and interests of other users. Thus, we have to reflect on the relationship between smart contracts and law.

Third, the security of smart contracts. The official report issued by Ethereum showed that Ethereum itself has no security vulnerability, but the problem lies in the application. Slock.it, the code provider of TheDAO, was inescapably responsible for the TheDAO theft. The development of smart contracts is more advanced than that of usual programs. Smart contract programs are often very short. For example, TheDAO's smart contract is only a few hundred lines of code in length, but it plays an exceedingly crucial role. Therefore, the development of smart contract programs must be extremely precise. It should undergo multiple rounds of careful code audits in an attempt to exclude harmful vulnerabilities.



Author: Gate.io Researcher: Edward H.; Translator: Cedar W.
* This article represents only the views of the observers and does not constitute any investment suggestions.
*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.



Gate.io Featured Articles

Will the “Demon Coin” Cardano _ADA_ Be an “Ethereum Killer” with the Alonzo Hard Fork Live?
Could Ethereum Have A Larger Market Than Bitcoin?
Why are Ethereum fees so high?
Share
gate logo
Credit Ranking
Complete Gate Post tasks to upgrade your rank