
Another successful DAO attack recursive split - wslh
https://www.reddit.com/r/ethtrader/comments/4ot3vi/warning_another_successful_attack_recursive_split/
======
Animats
Well, this is a mess. Remember, there's a clock ticking - there are, what, 25
more days before the funds from the first exploit become liquid. With more
exploits being found, the original proposed patch, which just blocks a
specific destination address, won't work.

The price of Etherium has fallen about 35% since this started. The Etherium
market cap has dropped from $1.5bn to under $1bn. Volume hit an all time high,
and the price is still in a screaming dive as people try to get out.[1]

I wouldn't be surprised if the person behind the exploit turns out to be an
insider. That would be in keeping with cryptocurrency tradition. In the
Bitcoin world, most of the major "hacks" turned out to be insider theft.

[1]
[http://coinmarketcap.com/currencies/ethereum/](http://coinmarketcap.com/currencies/ethereum/)

~~~
vegabook
I am not convinced that this is actually theft. The "exploit" was simply code.
And code rules, in the "The DAO"/ethereum world.

Indeed, isn't it arguable that said insider(s) (and I agree it's probably an
inseder) should identify themselves and challenge the leadership who are
damaging their own credibility and that of ethereum generally? All these
rollbacks -> they are the ones which are arguably illegal as they override the
code. In my view, the so-called thieves have a legitimate claim on the ETH
they have made and the investors in the DAO should respect the old caveat-
emptor idea which is axiomatic to _all_ investments, both inside and outside
the blockchain world. They invested in a dog, and they should lose all their
money. This is efficient markets at work.

~~~
jsmeaton
It's more like they invested in a VC firm which then siphoned off all the
money into a Swiss account. You'd have recourse through the court system.

~~~
vegabook
no, because the VC is ruled by law, and The DAO was ruled only by code, even
if it contained exploits. As such the rules of the code - the law of The DAO -
were followed.

The correct analogy is that the exploiters shorted the investment after
performing thorough due diligence, and made a profit doing so, at the expense
of more ignorant investors. That those more ignorant investors included the
founders of ethereum and the authors of the code, is deliciously ironic
especially considering (perhaps even because of) their own self-importance[1],
but it is ultimately immaterial.

[1] [https://daohub.org/curator.html](https://daohub.org/curator.html)

~~~
kahnpro
The DAO, ultimately, is a human construct and subject to human laws. Just
because you write a something in code and do a bit of hand waving, it doesn't
mean that contract law, etc, magically ceases to exist.

~~~
vegabook
it is ironic that The DAO will then rely on something which they were trying
to supplant.

~~~
antisthenes
Yes, an irony most likely lost on the libertarian populace.

~~~
johnzim
Think you might have Libertarian and Anarchist conflated there.

------
amix
The major problem of Solidity (Ethereum’s language) is the Turning
completeness. This makes it incredibly hard to reason about any property of
the contracts (since everything is undecidable due to Rice’s theorem).

I don’t know why they didn’t reduce the computing power, so it becomes much
easier to reason and automate the reasoning about contracts.

Do they really need Turing completeness?

This could be one of the better things about Bitcoin's blockchain: it's
simpler and easier to reason about.

~~~
lordnacho
It was very ambitious. I guess they could have just hard coded some simple
contracts mimicking existing financial instruments: an equity that pays out
variable profits from a certain address to owners, a credit that periodically
pays out a fixed amount, options, packages such as convertibles, indices, and
so forth.

About the Turing completeness, is there any limit to what you can calculate?
What's to stop me from doing a contract that eats up an unreasonable number of
calculations? That could easily be something that works fine when n is small
but explodes when a bunch of different people are involved. Something that
might be hard to check beforehand.

~~~
halter73
Ethereum uses "gas" to quantify the computational resources a contract
consumes. There is a slowly growing limit to the amount of gas a contract is
allowed to consume in order to execute.

As for being hard to check beforehand, you're absolutely right. You can read
about the consequence of this in one case on this reddit thread:
[https://www.reddit.com/r/ethereum/comments/4ghzhv/government...](https://www.reddit.com/r/ethereum/comments/4ghzhv/governmentals_1100_eth_jackpot_payout_is_stuck/)

------
kovek
There is an incentive to exploit contracts. Contracts that stand unexploited
mean that they probably cannot be exploited. More complex contracts should re-
use smaller, proven contracts.

This model should work in the long term. Just make sure not to invest too much
on too complicated contracts that do not re-use smaller proven contracts.

~~~
naasking
> More complex contracts should re-use smaller, proven contracts.

This assumes that compositions of unexploitable contracts are themselves not
exploitable, which isn't true in general.

~~~
kovek
Only composed contracts which stood unexploited for longer amounts of time
should have a lot of money involved.

I'm not saying that there will not be flaws, but this dynamic where there is
an incentive to exploit the contracts (be it composed or not) makes contracts
which stood longer more interesting.

------
niftich
Not sure if this is exploiting the same bug as the first split. But commenters
on yesterday's thread have noted [1] that the DAO code currently executing
seems to be several days older, and out of sync with the newer github repo
[2][3].

This is one way to get a free code review /s

There was an issue raised on their repo to make exploitable bugs private [4].
So far it doesn't appear to have gained traction but I wonder, what will it
say about decentralized communities, and the focus on the sanctity of their
code as a contract, if it's accepted.

[1]
[https://news.ycombinator.com/item?id=11928936](https://news.ycombinator.com/item?id=11928936)

[2] [https://github.com/slockit/DAO](https://github.com/slockit/DAO)

[3] [https://github.com/TheDAO/DAO-1.0](https://github.com/TheDAO/DAO-1.0)

[4]
[https://github.com/slockit/DAO/issues/264](https://github.com/slockit/DAO/issues/264)

~~~
jsprogrammer
Are you saying the running code is not open, or even available? How does that
work in a decentralized system?

~~~
niftich
No, I'm saying the running code is older. The repo has been updated since, so
there are updates/fixes/pull requests in the repo that haven't been deployed
to the running code yet.

The most recent bugs that appear to have been fixed are still present in the
running instance of the DAO.

(Prompted by your post, I have since edited my previous post to clarify the
intended wording.)

~~~
xorcist
How do you deploy new code in a decentralized system?

Could such a possibility not be used to change smart contracts post-facto?

~~~
gcr
That's a great question: how is new code deployed on a smart contract?

If this is even possible, what prevents the holders of The DAO's account keys
from deploying a new "Send all outstanding balance to this wizard" version of
the code?

If it's not possible to change the running version of a smart contract, how
does the community plan to deal with these sorts of problems?

~~~
cjbprime
By voting to change the code.

~~~
niftich
Is voting an in-band activity (i.e. inside the Ethereum VM), or something out-
of-band and external?

~~~
EdHominem
It could be either, depending on the way the contract was written.

Out-of-band would be something like m-of-n control of a secret 'update' key
where any properly signed update-to-script-X message is accepted. You'd vote
by providing your segment of the key, or not.

In-band would be something like the DAO but where there was a special "update
self" proposal with some set of quorum and rules all enforced in-script.

Both have their place. In-band is more transparent, and can have a lot of
complexity modeling the intended domain. (Classes of shares with more voting
power, auditors with vetoes, etc.) Out-of-band is more likely to work in cases
where the script has major bugs.

------
mentos
Heh feels like we're living in the Eve:Online universe now

~~~
SkyMarshal
That's pretty much exactly what it is, just text-based not graphical.

~~~
Snowdax
I dunno, the trade part of Eve is fairly numbers and text heavy

------
Aelinsaar
I'm struggling to understand how even the most optimistic cryptocurrency fan
could think this is going to end well.

~~~
cloudjacker
Libertalia's self destruction

~~~
jrockway
[http://www.newyorker.com/humor/daily-shouts/l-p-d-
libertaria...](http://www.newyorker.com/humor/daily-shouts/l-p-d-libertarian-
police-department)

~~~
cloudjacker
lol we've come full circle, most of my hackernews karma is from posting that
article

~~~
jrockway
Yeah, I think I originally saw it when you posted it. I read it from time to
time and it makes me laugh, especially the bit about the sidewalks and
intentionally shooting the mailbox.

My libertarian-leaning friends were not so amused.

------
olh
We are watching the killer app for decentralization of governance getting
centralized governance because the stakeholders made bad investments.

This is hard-tech sitcom.

~~~
empath75
I'm struggling to understand why anyone would want to bail the DAO investors
out of their stupid investment by forking. They told everyone that the code is
the final word, someone used the code to empty their bank accounts. Either you
believe in what the ethereum block chain espouses or you don't.

~~~
eterm
Because almost everyone involved in Ethereum also invested in "the DAO", so
they're taking a mulligan.

"oops, just a practice!"

~~~
mjfl
It's really annoying to think that they are going to get this bailout now
though, while in the future they are surely going to thumb their noses at
anyone who makes similar contract mistakes. The ability to see a contract
through to it's full intent should not depend on your social proximity to the
Ethereum development team.

~~~
beachstartup
> _The ability to see a contract through to it 's full intent should not
> depend on your social proximity to the Ethereum development team._

i don't think it's any coincidence that's how it works in the 'real world'
either, with big banks and governments.

at the end of the day, it's about people. money isn't real.

------
eterm
Watching Ethereum discover why there are lawyers is similar to watching the
Bitcoin community find out why there are (central) banks.

The bitcoin world now has "consensus" meetings which from an outsiders'
perspective look a lot like the kind of meetings at Davos that bitcoin was
supposed to be against, only without regulation, consumer protection and any
recourse against bad actors within the upper spheres of influence.

In future of ethereum there'll have to be "arbitration committees" which will
look a lot like courts. Self-appointed, unregulated courts of course.

~~~
empath75
I think ethereum will mostly be useful for people who don't have access to a
real court system. Which is to say 'criminal enterprises'.

~~~
Klinky
I think Bitcoin will mostly be useful for people who don't have access to a
real banking system. Which is to say 'criminal enterprises'.

Basically what is the point you're trying to make?

~~~
Fej
That is actually relatively accurate.

~~~
Klinky
Yes, accurate for __all __cryptocurrencies. Pointing to one and suggesting it
'll be used mainly by criminals is silly.

------
squizzel
Hopefully they take it all so we can stop hearing about it.

------
paavokoya
It's incredibly satisfying to watch this unfold after getting downvoted to
death and told "bitcoin is inherently flawed, BlockChain Technology is muh
future" in other threads.

After spending 4 years in bitcoin and having watched all the copy+pastecoins
fail similarly to alternative internets I can say that any new blockchain
isn't revolutionary or innovative in the way most people shallowly believe in
the hopes of finding "the next bitcoin". It's already here just accept it.

~~~
street
You could make the same claim about bitcoin not being needed, given that we
have money and a working banking system. Your POV is just as invested in
bitcoin as others are in Ethereum.

~~~
paavokoya
No. Bitcoin IS different. Its network is vastly larger. Newspapers became
obsolete when the internet came to fruition. Bitcoin is doing the same to fiat
currency. There are many intranets but we all know which one we are talking
about when someone says "the internet".

~~~
Trundle
>Bitcoin is doing the same to fiat currency

Oh really? Please do explain why a government would ever allow bitcoin to
challenge its currency.

~~~
jsprogrammer
Governments don't need to allow anything; people are free transact and
associate as they wish.

~~~
jasode
It's one thing to have a _tiny_ transaction-volume virtual currency like
bitcoin circulating without any explicit government laws allowing it or not
allowing it.

It's quite another thing for paavokoya to make the bold claim that bitcoin
will _replace_ government fiat currencies. _That won 't happen._ Government
currencies like USA dollars and Euros are backed by courts and police. Bitcoin
doesn't have that. Bitcoin usage beyond the trivial can always be suppressed
by the government. All it takes is for the government to pass a law that says,
_" property purchased with bitcoin is null and void"._

Any non-government crypto-currency exists at the pleasure and amusement of the
government.

Government has the ultimate power and infuses that power into the fiat
currency. That power is spread across tax collectors, courts, and law
enforcement. On the other hand, bitcoin can't create its own "Bitcoin
Sovereign Island" with its own sympathetic government. Alt-coin enthusiasts
overestimate the ability of bitcoin to overthrow government sponsored money.

~~~
jsprogrammer
Look, maybe in some places what you describe could happen. Not in the US.

USA dollars are not "backed by courts and police" (what does that even mean?).

Property cannot be null or void, so a government decree as such would be
meaningless.

>Government has the ultimate power

Maybe under some theories, but again, not in the US. In the US, government
power is derived exclusively from the people, by the people.

~~~
jasode
_> USA dollars are not "backed by courts and police" (what does that even
mean?).

>Property cannot be null or void, so a government decree as such would be
meaningless._

Sorry for writing in shorthand and not making the meaning clearer. It's not
the _property_ that's nullified but the _transaction_ of that property.

Ok, you agree to buy a car or domain name from a seller for 100 bitcoins.
After you pay the 100, the seller keeps the keys/title/domain. You go to court
to help recover your "money" \-- aka bitcoins, because it was a fraudulent
transaction. The court doesn't _recognize_ the transaction because it doesn't
recognize bitcoin as legal consideration. Case closed. You then try to go to
the police/sheriff to seize "your" property. The police ask for the court
order. You don't have one.

If the government wants to pass a law stating that bitcoin transactions are
not recognized, it can do so. It doesn't have to pass such a law at the
moment, because bitcoin transaction volume is trivial.

 _> In the US, government power is derived exclusively from the people, by the
people._

Did the "power of the people" stop FDR from confiscating gold?[1] Gold was
even more entrenched than bitcoin is today. Did the "power of the people"
direct the government to take their 1980 dollars and reduce its purchasing
power to 1/3rd in 2016?[2]

There's a difference between repeating the ideals of _" government of the
people, by the people, for the people"_ from Lincoln's Gettysburg Address and
the reality of how _government actually exercises its power _against_ the
people._

If Bitcoin activity got so large that it threatened the USA government's power
to manipulate its Federal Reserve Notes to pay debt obligations (at least in
nominal terms) or inflate the money supply to pay for Social Security &
Medicare, it will make all bitcoin transactions null and void by decree.

Therefore, I disagree with paavokoya that Bitcoin will make fiat currencies
like US Dollars and Euros "obsolete". Bitcoin doesn't have that power because
Bitcoin doesn't come with its own courts, police, aircraft carriers, etc --
a.k.a. all the apparatus of government. It's the backing of government that
enabled the US Dollar to become a global reserve currency.

[1][https://en.wikipedia.org/wiki/Executive_Order_6102](https://en.wikipedia.org/wiki/Executive_Order_6102)

[2][http://data.bls.gov/cgi-
bin/cpicalc.pl?cost1=1000&year1=1980...](http://data.bls.gov/cgi-
bin/cpicalc.pl?cost1=1000&year1=1980&year2=2016)

~~~
naasking
> You go to court to help recover your "money" \-- aka bitcoins, because it
> was a fraudulent transaction.

I don't understand what this means. Courts don't only consider cases where you
pay ordinary money for an exhcange of goods. Contracts exist for purely
material exchanges, so I don't see "give me bitcoin for X" wouldn't count.

------
Animats
The "attacker" has been heard from.[1]

"I am disappointed by those who are characterizing the use of this intentional
feature as "theft". I am making use of this explicitly coded feature as per
the smart contract terms and my law firm has advised me that my action is
fully compliant with United States criminal and tort law."

There's much argument over whether this is a hoax.

There's a good writeup in American Banker.[2] They question whether the rules
should be changed.

Patrick Murck, a lawyer and researcher at Harvard University's Berkman Center:

"The contract is the code, it's unstoppable code, it's unbreakable, it's self-
executing and autonomous — right up until everything goes wrong. And then, 'No
no no no, that's theft!' Which is some social norm that we've attached to it
that's not based in the code, and then we're going to stop the whole system
and basically bail it out," he said. "Is this something we're going to do
every time a smart contract fails? Or is this just because there are a lot of
[Ethereum] insiders in the DAO?"

[1] [http://pastebin.com/CcGUBgDG](http://pastebin.com/CcGUBgDG) [2]
[http://www.americanbanker.com/news/bank-technology/what-
the-...](http://www.americanbanker.com/news/bank-technology/what-the-attack-
on-the-dao-means-for-banks-1081575-1.html?zkPrintable=1&nopagination=1)

~~~
zenogais
The word from the attacker is absolutely a hoax [1]

[1]:
[https://www.reddit.com/r/ethereum/comments/4oo1io/an_open_le...](https://www.reddit.com/r/ethereum/comments/4oo1io/an_open_letter_from_the_hacker/d4e7efq)

