What was the DAO incident?
In this guide we attempt to cover: how and why The DAO was created, how The DAO was exploited, how the soft fork failed miserably, and why everyone was relieved it did so, and how the hard fork led to a split community and the creation of Ethereum Classic.
The Decentralized Autonomous Organization (known as The DAO) was meant to operate like a venture capital fund for the crypto and blockchain space. The lack of a centralized authority reduced costs and in theory provided more control and access to the investors.
At the beginning of May 2016, a few members of the Ethereum community announced the inception of The DAO, which was also known as Genesis DAO. It was built as a smart contract on the Ethereum blockchain. The coding framework was developed open source by the Slock.it team but it was deployed under “The DAO” name by members of the Ethereum community. The DAO had a creation period during which anyone was allowed to send Ether to a special wallet address in exchange for DAO tokens on a 1-100 scale. The creation period was an unforeseen success as it managed to gather 12.7 Ether (worth around $150M at the time), making it the biggest crowdfund ever. At some point, when Ether was trading at $20, the total Ether from The DAO was worth over $250 million.
The DAO was a complex Smart Contract with many features and should have allowed companies to make proposals for funding. Once a proposal was whitelisted by one of the curators, the DAO token holders (aka DAO investors) would then need to vote on the proposal. If the proposal received a 20% quorum – the requested funds would be released into the whitelisted contractor’s wallet address. The team of curators that could whitelist addresses was put in place in order to avoid spam proposals and so as to have some human oversight in the automated process. Most of the curators were notable members of the Ethereum community.
In order to allow investors to leave the organization, in case a proposal that they saw as damaging or of poor quality was accepted, The DAO was created with an “exit door” known as the “split function”. This function allowed users to reverse the process and to get back the Ether they sent to the DAO. If somebody decided to split from The DAO, they would create their own “Child DAOs” and approve their proposal to send Ether to an address after a period of 28 days. You could also split with multiple DAO token holders and start accepting proposals to the new “Child DAO”.
The DAO launch went smoothly and proposals were created and voted on, security issues were raised during the coming weeks, there was a big community call for a moratorium, but it was not implemented and most of the security issues we not addressed fast enough.
On the 18th of June, members of the Ethereum community noticed that funds were being drained from The DAO and the overall ETH balance of the smart contract was going down. A total of 3.6m Ether (worth around $70M at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attacker/s withdrew Ether from The DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to “ask” the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It’s important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for The DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the internet and any application based on Ethereum to a website: if a website is not working, it doesn’t mean that the internet is not working, it simply means that one website has a problem.
The hacker stopped draining The DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit.
In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from The DAO.
A more conclusive solution was then put up for vote: the hard fork. This hard fork had the sole function of returning all the Ether taken from the DAO to a refund smart contract. The new contract would have only one function: withdraw. The DAO token holders could request to be sent 1 ETH for every 100 DAO. The investors that had paid more than 1 ETH for 100 DAO could request the difference from the original address. This proposal generated a lot of controversy among the Ethereum community, which was split into 2 groups: hard fork supporters and non-supporters.
The anti hard-fork group had the following arguments:
Users that supported the hard fork argued that:
In order to reach a quick consensus, the hard fork proposal was voted on and approved by Ether holders, who had to send a transaction to a voting platform. A super majority of people (89%) voted for the Hard-Fork and it took place during the 1920000th block (20th July 2016).
This was when Ethereum Classic was born.
This website is only provided for your general information and is not intended to be relied upon by you in making any
investment decisions. You should always combine multiple sources of information and analysis before making an
investment and seek independent expert financial advice.
Where we list or describe different products and services, we try to give you the information you need to help you
compare them and choose the right product or service for you. We may also have tips and more information to help you
Some providers pay us for advertisements or promotions on our website or in emails we may send you.
Any commercial agreement we have in place with a provider does not affect how we describe them or their
products and services. Sponsored companies are clearly labelled.
The Astra Protocol team points out that high-profile money laundering cases across multiple financial platforms have led to regulators paying close attention to the nascent decentralized finance (DeFi) space.
The native token of popular cryptocurrency exchange aggregation platform TabTrader, TTT, has launched on cryptocurrency trading platform Gate.io as well as on decentralized platforms on the Solana blockchain.
DecimalChain has been in the cryptocurrency market for only one year, but over time it already developed and launched a number of innovative products that helped the project get to the level of major blockchain firms.
Medieval games are an exciting genre where the world of magic, folklore and history are interwoven together. This exciting prospect is taken to the next level by TaleCraft, a gaming metaverse that has successfully built a medieval game on the blockch…
Blockchain gaming metaverse Polker has announced the listing of its utility token PKR on crypto exchange platform Bittrex. This latest development one day after the successful launch of the Polker ‘Testnet’ Closed Beta Game.
Once you install Good Crypto on your iOS or Android device or open the Web App, it offers real-time market data and analytics, automated portfolio tracking, and advanced trading terminal supporting 30 leading crypto exchanges.