New Vulnerability May Prevent Ethereum Soft Fork
One possible solution to the attack that led to the draining of funds from The DAO is now believed to include an exploit of its own.
The number of options available to the ethereum development community as it searches for a way to recover investor funds lost when The DAO was compromised is dwindling with news that a vulnerability in one of the more prominent solutions has been discovered.
As it turns out, a soft fork that would have sought to blacklist the ether address that holds the confiscated funds, preventing it from conducting any transactions, actually exposes a previously undetected attack vector.
In a post on the Ethereum Foundation blog, developer Felix Lange explains that the exploit would slow down mining and prevent the completion of legitimate transactions.
Launched earlier this year, The DAO was the first large-scale distributed autonomous organization (DAO) designed with a leaderless governance structure and with the intent to distribute ether donated by contributors to new ethereum projects.
After raising more than $150m worth of ether, a flaw in the software was exploited, letting a malicious member move a portion of the funds into another DAO under their control.
Due to the way The DAO was coded, it is widely believed that the siphoned funds won’t be accessible to the perpetrator until 14th July. But in Lange’s post today, he added that "there is no immediate urgency to block transactions while further proposals are being worked out".
The development comes as ethereum miners, or those validating transactions and competing to create blocks on the platform, have until this Thursday to vote for the soft fork patch, thus implementing the soft fork.
The fork in the road
While Lange proposed two temporary workarounds to the vulernabilty, lead distributed application developer at ethereum, Fabian Vogelsteller, was less optimistic on Twitter.
The hard fork option, which would essentially roll back the ethereum blockchain to erase the transactions, has been controversial to some members of the community who worry it might undermine future faith in the reliability of the network.
Doing nothing has also been controversial, as it would give the person who used The DAO’s code to move funds to a separate account the ability to profit at the expense of the 23,000 token-holding members of the organization.
Bent fork image via Shutterstock
Correction: This article has been updated to correct a misspelled surname.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.