848 views 0 comments

The DAO Loses Ethereum Funds Through Smart Contract Vulnerability

by on June 18, 2016
 

Software-based solutions are far from perfect, and Ethereum-based project The DAO found that out the hard way. For all of the promise smart contracts hold, the technology needs to be put through the wringer first. After the project started losing funds all of a sudden due to a code exploit, calamity ensued across cryptocurrency exchanges.

Granted, it is horrible to see what happened to The DAO, a project that has become the world’s most successful crowdfunding project. This leaderless organization exists solely on the Ethereum blockchain. With no one in charge, and many shareholders eligible to vote, there was a lot of excitement regarding this concept.

The DAO Faces A Setback

Unfortunately, that enthusiasm was curbed yesterday afternoon. Various sources indicate a loss of Ethereum funds belonging to The DAO, due to an issue with their smart contract technology. An assailant managed to drain the Ether funds and transfer it to a different address. Recursive calling vulnerability, as this attack is called, lets an attacker remove funds over and over again through one single transaction.

It is important to note this vulnerability has nothing to do with Ethereum itself. The code used by The DAO developers is at fault here, and they were aware of this potential issue. After assuring it would not be a significant problem, somebody went ahead to take advantage of this vulnerability. Albeit the assailant managed to drain a lot of funds, cashing it out is a different story. The obtained Ether sits in a child DAO, where it remains locked for nearly four weeks.

This is quite positive news, in a way, as it gives the developers nearly four weeks to find a solution. A software fork has been proposed to make transactions from the child DAO invalid. Do keep in mind this is only a temporary solution, though. The primary objective is getting the stolen funds back. At the time of writing, developers and community members were still debating on which course of action to take.

Looking At The Bigger Picture

Issues like these always spawn great discussions among cryptocurrency enthusiasts. However, a lot of people seem to lose track of the bigger picture. What is happening to The DAO affects everybody in the cryptocurrency community. There is a lot of disappointment, anger, and frustration during these difficult times. But at the same time, there are valuable lessons to be learned from this setback.

Synereo’s Dor Konforty shares his take on the situation as follows:

“if the position is – control is entirely in the hands of smart contracts, not smart people – that’s foolish. We must have both. Ethereum is now learning a lesson that Synereo took to heart from the beginning. A rollback will set a precedent. This is a decision that is crucial to the growth of the decentralization movement and to the trust in the decentralization community. We should own up to the results of our experiment, and learn from them.“

This is quite an interesting statement that holds a lot of truth. Smart contracts on their own are nothing without the people who create them. The world needs a combination of passionate individuals with a proper understanding of smart technology. Synereo’s business model, which integrates measures of compassion into its code, is an alternative solution worth looking into.

Header image courtesy of The DAO

If you liked this article, sign up for the newsletter on the main page, and make sure to follow Fintechist on Twitter and Facebook.

Enjoyed this article?

If you liked this article, sign up for the newsletter on the main page, and make sure to follow Fintechist on Twitter! and Facebook

Be the first to comment!
 
Leave a reply »

 

Leave a Response