The DAO Eliminates Vulnerability That Allowed Endless Withdrawals from Some Accounts
The very need for amending mistakes in a code isn’t a shocker. However, in The DAO’s case, the situation is somewhat unique, as the organization lacks any formal leader or a security team that could have identified and eliminated possible threats. So, the full responsibility for that is born by the community of members who had bought their right to vote during the crowdsale.
Considering the identities of investors aren’t always known, the way the vulnerability had been detected and eliminated may be considered the first serious test for the DAO’s entire ecosystem.
According to CoinDesk, the problem became known last week when GitHub user chriseth noted the possibility of an attack on wallet contracts resulting from the implementation of smart contracts written in Solidity.
Peter Vessens, founder of Bitcoin Foundation, also spoke about the matter in his blog, thus drawing attention from a Reddit user associated with Maker DAO, a DAO based on Ethereum blockchain.
The vulnerability allowing attackers to withdraw everything from a particular kind of account was later successfully tested by Maker DAO developers. The entry on that subject was noticed by eththrowa, a The DAO forum user.
The latter has confirmed that the vulnerability was present in the implementation used by The DAO at the moment. As the software was written by Slock.it, the startup’s founder joined the search for the solution. The next day after the vulnerability had been detected, he posted a link to the fix.
However, Tual went even further announcing a series of software upgrades aimed at tackling the vulnerability in question now referred to as ‘recursive call’, as well as some other possible attack directions.
In particular, Tual wrote:
“We extend our gratitude to the community and in particular Eththrowa who once again proved that an open development process leads to the rapid identification, isolation and resolution of potential vulnerabilities, and in this case, the overall improvement of design patterns as part of programming languages.”
According to an entry in Slock.it blog, the DAO assets weren’t subject to any danger at the time.
The DAO launched earlier this year by a group of unknown individuals is an open code allowing users to collectively vote on investment they deem worthy and receive dividends should those projects succeed.
In this case, the vulnerability could have allowed the receiver of the dividends to repeatedly receive the due payment by recursively calling the contract. Peter Vessens, however, noted that recursive call is not about just The DAO, but a more extended problem of how some developers implement smart contracts written in Solidity.
Taylor Gerring, the member of Ethereum Foundation, confirmed that Vessens was right. He stressed that the vulnerability would not entail any changes in Ethereum’s code.
Recently, Stephan Tual told ForkLog about the degree of investment protection in The DAO.
Subscribe to our Newsletter
<Subscribe
Related posts
- Whales Transfer Over 700K ETH in ‘Pre-Pump Positioning’
- Report: Hackers Took Advantage of ETH Mempool Congestion to Steal $8.3M MakerDAO
- Creating Token In 5 Minutes. Enecuum Example
- Will Bitcoin Always Be #1?
- Quantum Computers Pose Threat to Email Safety, But Solution Is on the Way
- Cybercriminals Change Focus From Individual Servers to Enterprise Networks
- Zoom Users Fall Victim to Personal Data Stealing Malware, Research Says
- Hackers Can Impersonate Bluetooth Devices to Steal Users’ Personal Data: Is This a Threat to You?