The DAO attack - Ethereum

Abanlex
AbanlexProfesor de Derecho at Abanlex
The DAO Attack Pablo Fernández Burgueño Abanlex @Pablofb_en
The DAO attack  ‘The DAO’ has been hacked.  The code of The DAO was the only contract  The code has a vulnerability.  The hacker has drained more than 3 millions ethers.  The amount is between $45-60 millions. @Pablofb_en
Ethereum & Smart Contracts  Ethereum  Network  6,000 computers running ethereum blockchain  It allows people:  To exchange tokens of value (ethers)  To write an published Smart Contracts  Smart Contracts  Where are they? In the network  How to put them there? Writing the code in the “data” space of a specific transaction  How to execute them? By sending ethers to them @Pablofb_en
DAO  Decentralised Autonomous Organization  Non hierarchical  For profit vehicle  Based on a smart contract  Code = Contract law  “The code is the law”  Stands alone  Self-executing  Subject to no human interference @Pablofb_en
How a DAO works  Smart contract (software)  Can run an organization  It has to be uploaded to the blockchain  Initial funding period (Crowdsale or ICO):  People purchase tokens  Each token represent ownership  The DAO begins to operate:  People can make proposals to the DAO on how to spend the money  Members can vote to approve these proposals @Pablofb_en
Tokens – Share capital  Tokens are not equity shares  Tokens are contributions to the DAO  Tokens give people voting rights  Each token can be exchange into ethers  Ether  cryptocurrency from the Ethereum Network  1 Ether similar to 1 bitcoin  1 Ether = $21 @Pablofb_en
The DAO  The DAO  Name of a particular DAO  Conceived of and programmed by Slock.it  Launched on 30th April, 2016  Society binding rules (contract)  code  Code based on Ethereum’s rules  Code can work only on the Ethereum Network  Code  Program = Possible vulnerabilities  Funded: $150MM (more than 11,000 members) @Pablofb_en
The DAO’s vulnerabilities  Code vulnerable, as every software  Secure code  X %  Unsecure code (or weakness)  Y %  Known vulnerabilities  Some of them were published on forums  Vulnerability: "recursive call bug" 12th June Stephan Tual one of The DAO’s creators "no DAO funds at risk“, said Stephan Tual. @Pablofb_en
The Weakness  Weakness:  Function Split proposal = reward + update  Purpose of this function: split because someone  doesn’t agree with a proposal  wishes to withdraw funds  This part of the code wasn’t prepared for a race condition: 2 or more simultaneously operations  Some of the code was audited, some not:  Some code review happened on github.  The problematic code wasn't audited.  Consequence: Distrust in the smart contract code @Pablofb_en
The Attack  The attack started by Saturday, 18th June  The attacker creates a split proposal loop  Reward + no update + reward + no update + …  The attacker  drained more than 3.6MM ether into a “child DAO”  stopped voluntarily  FAIL: All the ether was in a single DAO’s address  That attack, or another, could continue at any time. @Pablofb_en
Solutions to the hack  Possible solutions to the hack:  Hard-fork of Ethereum: to rollback the Ethereum Blockchain to a time before the attack.  Soft-fork: By censoring or ignoring instances of the address of ‘the attacker,’ a soft-fork could be used to reclaim the lost funds.  Nothing: The funds could remain lost.  Two legal problems  1st Problem  Is the code a legal contract?  2nd problem  no law can be easily applied @Pablofb_en
Was an attack or an intelligent hack?  Attack (or intelligent hack?)  The attacker explode the weakness  He drained ETH 3.6 MM (millions) $45-60MM  Is this against law?  Which law?  Remember that The DAO:  is based in a freedom idea  is constituted on ethers (international cryptocurrencies)  Has, as partners, thousands of unidentified members  The partners are from all over the world @Pablofb_en
Which law rules The DAO  Law and jurisdiction for the case of an attack:  Iraq law? US law? Spanish law? French law?  Terms & Conditions Predefined law (ab initio) Possibly against Ethereum’s freedom standards  Free of cost clause creator  3rd private (anonymous or not) decision from an arbitrator  DAO members decisions  legal uncertainty @Pablofb_en
@Pablofb_en
Lets think about the solutions  Solution to DAO attack  Not to do anything  To call Vitalik and to ask him to fix it  How to fix the weakness:  Soft fork  freeze assets Freeze contract with specific hash code Blacklist transactions to the eyes of the minors  Vote: majority consensus Not to do anything Hard fork  forfeit assets (not a bailout but a seizure) @Pablofb_en
Attacker answer*  Attacker answer:  The attacker published a note* on Twitter about the attack.  Hard fork  He could not use what he legally has  He will pursue the case and demand his rights in courts  No to do anything decision:  He will reward miners with ETH 1 MM ($12m) * It is not sure yet that it was the actual attacker the one who published the note. @Pablofb_en
The attacker letter  ===== BEGIN SIGNED MESSAGE ===== To the DAO and the Ethereum community,  I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of "child DAOs". @Pablofb_en
The attacker letter  I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:  "The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. @Pablofb_en
The attacker letter  Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; @Pablofb_en
The attacker letter  to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation." @Pablofb_en
The attacker letter  A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. Such fork would permanently and irrevocably ruin all confidence in not only Ethereum but also the in the field of smart contracts and blockchain technology. Many large Ethereum holders will dump their ether, and developers, researchers, and companies will leave Ethereum. Make no mistake: any fork, soft or hard, will further damage Ethereum and destroy its reputation and appeal. @Pablofb_en
The attacker letter  I reserve all rights to take any and all legal action against any accomplices of illegitimate theft, freezing, or seizure of my legitimate ether, and am actively working with my law firm. Those accomplices will be receiving Cease and Desist notices in the mail shortly.  I hope this event becomes an valuable learning experience for the Ethereum community and wish you all the best of luck.  Yours truly, "The Attacker" ===== END SIGNED MESSAGE ===== @Pablofb_en
Who’s the bad guy?  The attacker (Is he/she a good or bad hacker?)  He analysed the back door or weakness  He verified that exploding the weakness  wasn’t against the code.  Wasn’t against the private law.  Who is liable for any problems that may occur?  The DAO creators for the bug?  The token holders for accepting the risk?  The exploder fulfill the contract?  What do you think about the forks? Is it fair to go against the one who fulfil the contract? @Pablofb_en
Pablo Fernández Burgueño @Pablofb_en www.pablofb.com Abanlex www.Abanlex.com @Pablofb_en
1 of 24

The DAO attack - Ethereum

Download to read offline
Law

Description of The DAO Attack from a technical and a legal perspective. What a DAO is, Smart contracts, transactions, the attack and more.

Abanlex
AbanlexProfesor de Derecho at Abanlex

Recommended

Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms by
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsGautam Anand
2.5K views14 slides
ERC20 Step-by-Step - Creating Your First Ethereum Token by
ERC20 Step-by-Step - Creating Your First Ethereum TokenERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenCodeOps Technologies LLP
990 views24 slides
Ethereum by
EthereumEthereum
EthereumNexThoughts Technologies
1.4K views24 slides
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain... by
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Simplilearn
2.1K views89 slides
Attacks on Smart Contracts by
Attacks on Smart ContractsAttacks on Smart Contracts
Attacks on Smart ContractsMarcin Majchrzak
446 views80 slides
What is Erc20 token? How it Works/ by
What is Erc20 token? How it Works/What is Erc20 token? How it Works/
What is Erc20 token? How it Works/Developcoins
265 views9 slides

More Related Content

What's hot

ERC20 Token Contract by
ERC20 Token ContractERC20 Token Contract
ERC20 Token ContractKC Tam
188 views22 slides
Bitcoin and Ethereum by
Bitcoin and EthereumBitcoin and Ethereum
Bitcoin and EthereumJongseok Choi
1.3K views32 slides
Bitcoin, Ethereum, Smart Contract & Blockchain by
Bitcoin, Ethereum, Smart Contract & BlockchainBitcoin, Ethereum, Smart Contract & Blockchain
Bitcoin, Ethereum, Smart Contract & BlockchainJitendra Chittoda
1.6K views28 slides
Ethereum Smart contract by
Ethereum Smart contractEthereum Smart contract
Ethereum Smart contractGeorge Theofilis
1.5K views7 slides
Intro to Web3 by
Intro to Web3Intro to Web3
Intro to Web3asasdasd5
195 views57 slides
Cryptography - Block cipher & stream cipher by
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
1.6K views12 slides

What's hot(20)

ERC20 Token Contract by KC Tam
ERC20 Token ContractERC20 Token Contract
ERC20 Token Contract
KC Tam188 views
Bitcoin and Ethereum by Jongseok Choi
Bitcoin and EthereumBitcoin and Ethereum
Bitcoin and Ethereum
Jongseok Choi1.3K views
Bitcoin, Ethereum, Smart Contract & Blockchain by Jitendra Chittoda
Bitcoin, Ethereum, Smart Contract & BlockchainBitcoin, Ethereum, Smart Contract & Blockchain
Bitcoin, Ethereum, Smart Contract & Blockchain
Jitendra Chittoda1.6K views
Ethereum Smart contract by George Theofilis
Ethereum Smart contractEthereum Smart contract
Ethereum Smart contract
George Theofilis1.5K views
Intro to Web3 by asasdasd5
Intro to Web3Intro to Web3
Intro to Web3
asasdasd5195 views
Cryptography - Block cipher & stream cipher by Niloy Biswas
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas1.6K views
Adversary Emulation - Red Team Village - Mayhem 2020 by Jorge Orchilles
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020
Jorge Orchilles748 views
Second line of defense for cybersecurity : Blockchain by Ahmed Banafa
Second line of defense for cybersecurity : BlockchainSecond line of defense for cybersecurity : Blockchain
Second line of defense for cybersecurity : Blockchain
Ahmed Banafa584 views
Ethereum in a nutshell by Daniel Chan
Ethereum in a nutshellEthereum in a nutshell
Ethereum in a nutshell
Daniel Chan7K views
Blockchain and Cryptocurrency for Dummies by Narudom Roongsiriwong, CISSP
Blockchain and Cryptocurrency for DummiesBlockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for Dummies
Narudom Roongsiriwong, CISSP5.7K views
Decentralized Autonomous Organizations: Concept & Practical Examples by Jan Brejcha
Decentralized Autonomous Organizations: Concept & Practical ExamplesDecentralized Autonomous Organizations: Concept & Practical Examples
Decentralized Autonomous Organizations: Concept & Practical Examples
Jan Brejcha2.6K views
Bitcoin & Bitcoin Mining by Abdullah Khan Zehady
Bitcoin & Bitcoin MiningBitcoin & Bitcoin Mining
Bitcoin & Bitcoin Mining
Abdullah Khan Zehady5.8K views
Smart contracts by Philippe Camacho, Ph.D.
Smart contractsSmart contracts
Smart contracts
Philippe Camacho, Ph.D.21.5K views
Blockchain Technology Explained | Blockchain Technology Tutorial | Blockchain... by Simplilearn
Blockchain Technology Explained | Blockchain Technology Tutorial | Blockchain...Blockchain Technology Explained | Blockchain Technology Tutorial | Blockchain...
Blockchain Technology Explained | Blockchain Technology Tutorial | Blockchain...
Simplilearn2.3K views
Blockchain, cryptography, and consensus by ITU
Blockchain, cryptography, and consensusBlockchain, cryptography, and consensus
Blockchain, cryptography, and consensus
ITU8.4K views
Altcoins by Vagelis Antoniadis
AltcoinsAltcoins
Altcoins
Vagelis Antoniadis683 views
Blockchain ppt by abhi sharma
Blockchain pptBlockchain ppt
Blockchain ppt
abhi sharma3.3K views
System hacking by CAS
System hackingSystem hacking
System hacking
CAS2.6K views
Basics of Bitcoin & Mining by Akhilesh Arora
Basics of Bitcoin & MiningBasics of Bitcoin & Mining
Basics of Bitcoin & Mining
Akhilesh Arora8.1K views
Ethical hacking : Its methodologies and tools by chrizjohn896
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896622 views

Similar to The DAO attack - Ethereum

Kriptovaluták, hashbányászat és okoscicák by
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákhackersuli
66 views57 slides
Ransomware hostage rescue manual by
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
604 views20 slides
$100 Million Blockchain Hack by
$100 Million Blockchain Hack$100 Million Blockchain Hack
$100 Million Blockchain HackInvestingTips
5 views20 slides
Top 5 Cryptocurrency Scam Risk Factors by
Top 5 Cryptocurrency Scam Risk FactorsTop 5 Cryptocurrency Scam Risk Factors
Top 5 Cryptocurrency Scam Risk FactorsMaxim Kozlovsky
223 views10 slides
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency app by
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency appDylan Butler & Oliver Hager - Building a cross platform cryptocurrency app
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency appDevCamp Campinas
596 views162 slides
Ny crypto investors may meetup by
Ny crypto investors may meetupNy crypto investors may meetup
Ny crypto investors may meetupfarazq
96 views18 slides

Similar to The DAO attack - Ethereum(20)

Kriptovaluták, hashbányászat és okoscicák by hackersuli
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicák
hackersuli66 views
Ransomware hostage rescue manual by Roel Palmaers
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
Roel Palmaers604 views
$100 Million Blockchain Hack by InvestingTips
$100 Million Blockchain Hack$100 Million Blockchain Hack
$100 Million Blockchain Hack
InvestingTips5 views
Top 5 Cryptocurrency Scam Risk Factors by Maxim Kozlovsky
Top 5 Cryptocurrency Scam Risk FactorsTop 5 Cryptocurrency Scam Risk Factors
Top 5 Cryptocurrency Scam Risk Factors
Maxim Kozlovsky223 views
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency app by DevCamp Campinas
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency appDylan Butler & Oliver Hager - Building a cross platform cryptocurrency app
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency app
DevCamp Campinas596 views
Ny crypto investors may meetup by farazq
Ny crypto investors may meetupNy crypto investors may meetup
Ny crypto investors may meetup
farazq96 views
BlockChain for the Banker by Bohdan Szymanik
BlockChain for the BankerBlockChain for the Banker
BlockChain for the Banker
Bohdan Szymanik1.4K views
Restribute ~ Wealth re-distirbution by blockchain hardfork ~ by Tomoaki Sato
Restribute ~ Wealth re-distirbution by blockchain hardfork ~ Restribute ~ Wealth re-distirbution by blockchain hardfork ~
Restribute ~ Wealth re-distirbution by blockchain hardfork ~
Tomoaki Sato790 views
fbc final ppt.pptx by ssuser1ecf25
fbc final ppt.pptxfbc final ppt.pptx
fbc final ppt.pptx
ssuser1ecf2512 views
Cryptomania! The Past and Future of Digital Distributed Consensus by Dallas Kennedy
Cryptomania! The Past and Future of Digital Distributed ConsensusCryptomania! The Past and Future of Digital Distributed Consensus
Cryptomania! The Past and Future of Digital Distributed Consensus
Dallas Kennedy120 views
Hacking and Cyber Security. by Kalpesh Doru
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
Kalpesh Doru10.7K views
The book of Web3 jargon.pdf by ssuser143578
The book of Web3 jargon.pdfThe book of Web3 jargon.pdf
The book of Web3 jargon.pdf
ssuser143578273 views
Blockchain analysis: 2016-11-23 MeetUp FinTech Marketpay.io - LemonPay.me by Juan Ignacio Pérez Sacristán
Blockchain analysis: 2016-11-23 MeetUp FinTech Marketpay.io - LemonPay.meBlockchain analysis: 2016-11-23 MeetUp FinTech Marketpay.io - LemonPay.me
Blockchain analysis: 2016-11-23 MeetUp FinTech Marketpay.io - LemonPay.me
Juan Ignacio Pérez Sacristán548 views
blockchain bootcamp @WCNJ by Ash Yadav
blockchain bootcamp @WCNJblockchain bootcamp @WCNJ
blockchain bootcamp @WCNJ
Ash Yadav256 views
Smart contract honeypots for profit (and fun) - bha by PolySwarm
Smart contract honeypots for profit (and fun) - bhaSmart contract honeypots for profit (and fun) - bha
Smart contract honeypots for profit (and fun) - bha
PolySwarm1.8K views
Get Rich with Blockchain & Cryptocurrency by keerthi678722
Get Rich with Blockchain & CryptocurrencyGet Rich with Blockchain & Cryptocurrency
Get Rich with Blockchain & Cryptocurrency
keerthi67872267 views
The taxonomy of blockchain and cryptocurrency by Blockchain and CryptoAsset (K) Ltd.
The taxonomy of blockchain and cryptocurrencyThe taxonomy of blockchain and cryptocurrency
The taxonomy of blockchain and cryptocurrency
Blockchain and CryptoAsset (K) Ltd.291 views
How does ethereum work, anyway? by philrussell001
How does ethereum work, anyway?How does ethereum work, anyway?
How does ethereum work, anyway?
philrussell001112 views
BlockChain Public by Marie-Paule Odini
BlockChain PublicBlockChain Public
BlockChain Public
Marie-Paule Odini2.8K views
Javascript toolset for Ethereum Smart Contract development by BugSense
Javascript toolset for Ethereum Smart Contract developmentJavascript toolset for Ethereum Smart Contract development
Javascript toolset for Ethereum Smart Contract development
BugSense357 views

More from Abanlex

Realidad Virtual y sus reglas legales by
Realidad Virtual y sus reglas legalesRealidad Virtual y sus reglas legales
Realidad Virtual y sus reglas legalesAbanlex
1.7K views19 slides
Sentencia del caso Anonymous - Stc. 224/2016 Penal nº 3 Gijón by
Sentencia del caso Anonymous - Stc. 224/2016 Penal nº 3 GijónSentencia del caso Anonymous - Stc. 224/2016 Penal nº 3 Gijón
Sentencia del caso Anonymous - Stc. 224/2016 Penal nº 3 GijónAbanlex
2.9K views52 slides
Responsabilidad legal de las entidades ante fraudes by
Responsabilidad legal de las entidades ante fraudesResponsabilidad legal de las entidades ante fraudes
Responsabilidad legal de las entidades ante fraudesAbanlex
439 views20 slides
Dominios personales y onion by
Dominios personales y onion Dominios personales y onion
Dominios personales y onion Abanlex
1.6K views33 slides
Normativa sobre vuelo de drones en España by
Normativa sobre vuelo de drones en EspañaNormativa sobre vuelo de drones en España
Normativa sobre vuelo de drones en EspañaAbanlex
768 views16 slides
Los contratos sobre obras preexistentes - 2016 by
Los contratos sobre obras preexistentes - 2016Los contratos sobre obras preexistentes - 2016
Los contratos sobre obras preexistentes - 2016Abanlex
867 views43 slides

More from Abanlex(20)

Realidad Virtual y sus reglas legales by Abanlex
Realidad Virtual y sus reglas legalesRealidad Virtual y sus reglas legales
Realidad Virtual y sus reglas legales
Abanlex1.7K views
Sentencia del caso Anonymous - Stc. 224/2016 Penal nº 3 Gijón by Abanlex
Sentencia del caso Anonymous - Stc. 224/2016 Penal nº 3 GijónSentencia del caso Anonymous - Stc. 224/2016 Penal nº 3 Gijón
Sentencia del caso Anonymous - Stc. 224/2016 Penal nº 3 Gijón
Abanlex2.9K views
Responsabilidad legal de las entidades ante fraudes by Abanlex
Responsabilidad legal de las entidades ante fraudesResponsabilidad legal de las entidades ante fraudes
Responsabilidad legal de las entidades ante fraudes
Abanlex439 views
Dominios personales y onion by Abanlex
Dominios personales y onion Dominios personales y onion
Dominios personales y onion
Abanlex1.6K views
Normativa sobre vuelo de drones en España by Abanlex
Normativa sobre vuelo de drones en EspañaNormativa sobre vuelo de drones en España
Normativa sobre vuelo de drones en España
Abanlex768 views
Los contratos sobre obras preexistentes - 2016 by Abanlex
Los contratos sobre obras preexistentes - 2016Los contratos sobre obras preexistentes - 2016
Los contratos sobre obras preexistentes - 2016
Abanlex867 views
Aplicación de las garantías legales y comerciales a los bienes comprados online by Abanlex
Aplicación de las garantías legales y comerciales a los bienes comprados online Aplicación de las garantías legales y comerciales a los bienes comprados online
Aplicación de las garantías legales y comerciales a los bienes comprados online
Abanlex278 views
Rastreo y monitorización de usuarios. Aspectos legales by Abanlex
Rastreo y monitorización de usuarios. Aspectos legalesRastreo y monitorización de usuarios. Aspectos legales
Rastreo y monitorización de usuarios. Aspectos legales
Abanlex582 views
Aspectos jurídicos de los negocios digitales by Abanlex
Aspectos jurídicos de los negocios digitalesAspectos jurídicos de los negocios digitales
Aspectos jurídicos de los negocios digitales
Abanlex383 views
Propiedad intelectual y protección de obras en Internet by Abanlex
Propiedad intelectual y protección de obras en InternetPropiedad intelectual y protección de obras en Internet
Propiedad intelectual y protección de obras en Internet
Abanlex505 views
II Informe sobre la necesidad legal de cifrar información y datos personales by Abanlex
II Informe sobre la necesidad legal de cifrar información y datos personalesII Informe sobre la necesidad legal de cifrar información y datos personales
II Informe sobre la necesidad legal de cifrar información y datos personales
Abanlex422 views
Identidad digital de la persona física by Abanlex
Identidad digital de la persona físicaIdentidad digital de la persona física
Identidad digital de la persona física
Abanlex453 views
(Si) mi empresa sufre ataques informáticos, ¿a qué me obliga la ley? by Abanlex
(Si) mi empresa sufre ataques informáticos, ¿a qué me obliga la ley?(Si) mi empresa sufre ataques informáticos, ¿a qué me obliga la ley?
(Si) mi empresa sufre ataques informáticos, ¿a qué me obliga la ley?
Abanlex408 views
Aspectos legales en la comunicación by Abanlex
Aspectos legales en la comunicaciónAspectos legales en la comunicación
Aspectos legales en la comunicación
Abanlex1.7K views
Cómo hackear legalmente by Abanlex
Cómo hackear legalmenteCómo hackear legalmente
Cómo hackear legalmente
Abanlex1.4K views
Estas son las 71 ONG que acepta bitcoins u otras criptomonedas by Abanlex
Estas son las 71 ONG que acepta bitcoins u otras criptomonedasEstas son las 71 ONG que acepta bitcoins u otras criptomonedas
Estas son las 71 ONG que acepta bitcoins u otras criptomonedas
Abanlex716 views
Derecho videojuegos en europa by Abanlex
Derecho videojuegos en europaDerecho videojuegos en europa
Derecho videojuegos en europa
Abanlex525 views
Consultas realizadas en España sobre el Bitcoin y algún experimento con cript... by Abanlex
Consultas realizadas en España sobre el Bitcoin y algún experimento con cript...Consultas realizadas en España sobre el Bitcoin y algún experimento con cript...
Consultas realizadas en España sobre el Bitcoin y algún experimento con cript...
Abanlex660 views
Sentencia Derecho al Olvido - Audiencia Nacional [España] by Abanlex
Sentencia Derecho al Olvido - Audiencia Nacional [España]Sentencia Derecho al Olvido - Audiencia Nacional [España]
Sentencia Derecho al Olvido - Audiencia Nacional [España]
Abanlex328 views
Uso de drones por los estados para garantizar la seguridad ciudadana by Abanlex
Uso de drones por los estados para garantizar la seguridad ciudadanaUso de drones por los estados para garantizar la seguridad ciudadana
Uso de drones por los estados para garantizar la seguridad ciudadana
Abanlex5.3K views

Recently uploaded

Sangyun Lee, 'Criminal Enforcement of the MRFTA against ASBP in Korea' (Kyoto... by
Sangyun Lee, 'Criminal Enforcement of the MRFTA against ASBP in Korea' (Kyoto...Sangyun Lee, 'Criminal Enforcement of the MRFTA against ASBP in Korea' (Kyoto...
Sangyun Lee, 'Criminal Enforcement of the MRFTA against ASBP in Korea' (Kyoto...Sangyun Lee
7 views16 slides
H1B 2025 Predictions: Will There Be A H-1B Lottery Again? by
H1B 2025 Predictions: Will There Be A H-1B Lottery Again?H1B 2025 Predictions: Will There Be A H-1B Lottery Again?
H1B 2025 Predictions: Will There Be A H-1B Lottery Again?VisaPro Immigration Services LLC
31 views20 slides
Indonesia Green Taxonomy: Towards a More Sustainable Financial System by
Indonesia Green Taxonomy: Towards a More Sustainable Financial SystemIndonesia Green Taxonomy: Towards a More Sustainable Financial System
Indonesia Green Taxonomy: Towards a More Sustainable Financial SystemAHRP Law Firm
6 views10 slides
How is the Inheritance Divided in Italy? by
How is the Inheritance Divided in Italy?How is the Inheritance Divided in Italy?
How is the Inheritance Divided in Italy?BridgeWest.eu
5 views10 slides
Women in Law and Politics Journal.pdf Danielle Mikaelian by
Women in Law and Politics Journal.pdf Danielle MikaelianWomen in Law and Politics Journal.pdf Danielle Mikaelian
Women in Law and Politics Journal.pdf Danielle MikaelianDanielleMikaelian
10 views105 slides
5 Common H-1B Cap 2025 Filing Mistakes: How To Overcome Them? by
5 Common H-1B Cap 2025 Filing Mistakes: How To Overcome Them?5 Common H-1B Cap 2025 Filing Mistakes: How To Overcome Them?
5 Common H-1B Cap 2025 Filing Mistakes: How To Overcome Them?VisaPro Immigration Services LLC
15 views22 slides

Recently uploaded(14)

Sangyun Lee, 'Criminal Enforcement of the MRFTA against ASBP in Korea' (Kyoto... by Sangyun Lee
Sangyun Lee, 'Criminal Enforcement of the MRFTA against ASBP in Korea' (Kyoto...Sangyun Lee, 'Criminal Enforcement of the MRFTA against ASBP in Korea' (Kyoto...
Sangyun Lee, 'Criminal Enforcement of the MRFTA against ASBP in Korea' (Kyoto...
Sangyun Lee7 views
H1B 2025 Predictions: Will There Be A H-1B Lottery Again? by VisaPro Immigration Services LLC
H1B 2025 Predictions: Will There Be A H-1B Lottery Again?H1B 2025 Predictions: Will There Be A H-1B Lottery Again?
H1B 2025 Predictions: Will There Be A H-1B Lottery Again?
VisaPro Immigration Services LLC31 views
Indonesia Green Taxonomy: Towards a More Sustainable Financial System by AHRP Law Firm
Indonesia Green Taxonomy: Towards a More Sustainable Financial SystemIndonesia Green Taxonomy: Towards a More Sustainable Financial System
Indonesia Green Taxonomy: Towards a More Sustainable Financial System
AHRP Law Firm 6 views
How is the Inheritance Divided in Italy? by BridgeWest.eu
How is the Inheritance Divided in Italy?How is the Inheritance Divided in Italy?
How is the Inheritance Divided in Italy?
BridgeWest.eu5 views
Women in Law and Politics Journal.pdf Danielle Mikaelian by DanielleMikaelian
Women in Law and Politics Journal.pdf Danielle MikaelianWomen in Law and Politics Journal.pdf Danielle Mikaelian
Women in Law and Politics Journal.pdf Danielle Mikaelian
DanielleMikaelian10 views
5 Common H-1B Cap 2025 Filing Mistakes: How To Overcome Them? by VisaPro Immigration Services LLC
5 Common H-1B Cap 2025 Filing Mistakes: How To Overcome Them?5 Common H-1B Cap 2025 Filing Mistakes: How To Overcome Them?
5 Common H-1B Cap 2025 Filing Mistakes: How To Overcome Them?
VisaPro Immigration Services LLC15 views
Criminology- Disparity in Sentencing Policy by ashishjadhav567998
Criminology- Disparity in Sentencing PolicyCriminology- Disparity in Sentencing Policy
Criminology- Disparity in Sentencing Policy
ashishjadhav56799817 views
Religious Freedom, Registration Issues and the Colonial Legacy of State Recog... by Cometan
Religious Freedom, Registration Issues and the Colonial Legacy of State Recog...Religious Freedom, Registration Issues and the Colonial Legacy of State Recog...
Religious Freedom, Registration Issues and the Colonial Legacy of State Recog...
Cometan7 views
Trademark-Case Study.pdf by HetviJoshi4
Trademark-Case Study.pdfTrademark-Case Study.pdf
Trademark-Case Study.pdf
HetviJoshi46 views
Baromètre Women's Forum 2023 by Ipsos France
Baromètre Women's Forum 2023Baromètre Women's Forum 2023
Baromètre Women's Forum 2023
Ipsos France135 views
Jackpocket v. Lottomatrix fee petition order.pdf by Mike Keyes
Jackpocket v. Lottomatrix fee petition order.pdfJackpocket v. Lottomatrix fee petition order.pdf
Jackpocket v. Lottomatrix fee petition order.pdf
Mike Keyes16 views
Navigating Divorce Law in Ontario: A Practical Guide by BTL Law P.C.
Navigating Divorce Law in Ontario: A Practical GuideNavigating Divorce Law in Ontario: A Practical Guide
Navigating Divorce Law in Ontario: A Practical Guide
BTL Law P.C.7 views
Deron Freeman_ A Legal Journey Marked by Excellence and Dedication.docx by DeronFreeman
Deron Freeman_ A Legal Journey Marked by Excellence and Dedication.docxDeron Freeman_ A Legal Journey Marked by Excellence and Dedication.docx
Deron Freeman_ A Legal Journey Marked by Excellence and Dedication.docx
DeronFreeman18 views
RIGHT TO FREEDOM UNDER ARTICLE 19 OF THE CONSTITUTION OF INDIA AND NEW CHALLE... by DeepakTongli2
RIGHT TO FREEDOM UNDER ARTICLE 19 OF THE CONSTITUTION OF INDIA AND NEW CHALLE...RIGHT TO FREEDOM UNDER ARTICLE 19 OF THE CONSTITUTION OF INDIA AND NEW CHALLE...
RIGHT TO FREEDOM UNDER ARTICLE 19 OF THE CONSTITUTION OF INDIA AND NEW CHALLE...
DeepakTongli25 views

The DAO attack - Ethereum

  • 1. The DAO Attack Pablo Fernández Burgueño Abanlex @Pablofb_en
  • 2. The DAO attack  ‘The DAO’ has been hacked.  The code of The DAO was the only contract  The code has a vulnerability.  The hacker has drained more than 3 millions ethers.  The amount is between $45-60 millions. @Pablofb_en
  • 3. Ethereum & Smart Contracts  Ethereum  Network  6,000 computers running ethereum blockchain  It allows people:  To exchange tokens of value (ethers)  To write an published Smart Contracts  Smart Contracts  Where are they? In the network  How to put them there? Writing the code in the “data” space of a specific transaction  How to execute them? By sending ethers to them @Pablofb_en
  • 4. DAO  Decentralised Autonomous Organization  Non hierarchical  For profit vehicle  Based on a smart contract  Code = Contract law  “The code is the law”  Stands alone  Self-executing  Subject to no human interference @Pablofb_en
  • 5. How a DAO works  Smart contract (software)  Can run an organization  It has to be uploaded to the blockchain  Initial funding period (Crowdsale or ICO):  People purchase tokens  Each token represent ownership  The DAO begins to operate:  People can make proposals to the DAO on how to spend the money  Members can vote to approve these proposals @Pablofb_en
  • 6. Tokens – Share capital  Tokens are not equity shares  Tokens are contributions to the DAO  Tokens give people voting rights  Each token can be exchange into ethers  Ether  cryptocurrency from the Ethereum Network  1 Ether similar to 1 bitcoin  1 Ether = $21 @Pablofb_en
  • 7. The DAO  The DAO  Name of a particular DAO  Conceived of and programmed by Slock.it  Launched on 30th April, 2016  Society binding rules (contract)  code  Code based on Ethereum’s rules  Code can work only on the Ethereum Network  Code  Program = Possible vulnerabilities  Funded: $150MM (more than 11,000 members) @Pablofb_en
  • 8. The DAO’s vulnerabilities  Code vulnerable, as every software  Secure code  X %  Unsecure code (or weakness)  Y %  Known vulnerabilities  Some of them were published on forums  Vulnerability: "recursive call bug" 12th June Stephan Tual one of The DAO’s creators "no DAO funds at risk“, said Stephan Tual. @Pablofb_en
  • 9. The Weakness  Weakness:  Function Split proposal = reward + update  Purpose of this function: split because someone  doesn’t agree with a proposal  wishes to withdraw funds  This part of the code wasn’t prepared for a race condition: 2 or more simultaneously operations  Some of the code was audited, some not:  Some code review happened on github.  The problematic code wasn't audited.  Consequence: Distrust in the smart contract code @Pablofb_en
  • 10. The Attack  The attack started by Saturday, 18th June  The attacker creates a split proposal loop  Reward + no update + reward + no update + …  The attacker  drained more than 3.6MM ether into a “child DAO”  stopped voluntarily  FAIL: All the ether was in a single DAO’s address  That attack, or another, could continue at any time. @Pablofb_en
  • 11. Solutions to the hack  Possible solutions to the hack:  Hard-fork of Ethereum: to rollback the Ethereum Blockchain to a time before the attack.  Soft-fork: By censoring or ignoring instances of the address of ‘the attacker,’ a soft-fork could be used to reclaim the lost funds.  Nothing: The funds could remain lost.  Two legal problems  1st Problem  Is the code a legal contract?  2nd problem  no law can be easily applied @Pablofb_en
  • 12. Was an attack or an intelligent hack?  Attack (or intelligent hack?)  The attacker explode the weakness  He drained ETH 3.6 MM (millions) $45-60MM  Is this against law?  Which law?  Remember that The DAO:  is based in a freedom idea  is constituted on ethers (international cryptocurrencies)  Has, as partners, thousands of unidentified members  The partners are from all over the world @Pablofb_en
  • 13. Which law rules The DAO  Law and jurisdiction for the case of an attack:  Iraq law? US law? Spanish law? French law?  Terms & Conditions Predefined law (ab initio) Possibly against Ethereum’s freedom standards  Free of cost clause creator  3rd private (anonymous or not) decision from an arbitrator  DAO members decisions  legal uncertainty @Pablofb_en
  • 15. Lets think about the solutions  Solution to DAO attack  Not to do anything  To call Vitalik and to ask him to fix it  How to fix the weakness:  Soft fork  freeze assets Freeze contract with specific hash code Blacklist transactions to the eyes of the minors  Vote: majority consensus Not to do anything Hard fork  forfeit assets (not a bailout but a seizure) @Pablofb_en
  • 16. Attacker answer*  Attacker answer:  The attacker published a note* on Twitter about the attack.  Hard fork  He could not use what he legally has  He will pursue the case and demand his rights in courts  No to do anything decision:  He will reward miners with ETH 1 MM ($12m) * It is not sure yet that it was the actual attacker the one who published the note. @Pablofb_en
  • 17. The attacker letter  ===== BEGIN SIGNED MESSAGE ===== To the DAO and the Ethereum community,  I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of "child DAOs". @Pablofb_en
  • 18. The attacker letter  I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:  "The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. @Pablofb_en
  • 19. The attacker letter  Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; @Pablofb_en
  • 20. The attacker letter  to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation." @Pablofb_en
  • 21. The attacker letter  A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. Such fork would permanently and irrevocably ruin all confidence in not only Ethereum but also the in the field of smart contracts and blockchain technology. Many large Ethereum holders will dump their ether, and developers, researchers, and companies will leave Ethereum. Make no mistake: any fork, soft or hard, will further damage Ethereum and destroy its reputation and appeal. @Pablofb_en
  • 22. The attacker letter  I reserve all rights to take any and all legal action against any accomplices of illegitimate theft, freezing, or seizure of my legitimate ether, and am actively working with my law firm. Those accomplices will be receiving Cease and Desist notices in the mail shortly.  I hope this event becomes an valuable learning experience for the Ethereum community and wish you all the best of luck.  Yours truly, "The Attacker" ===== END SIGNED MESSAGE ===== @Pablofb_en
  • 23. Who’s the bad guy?  The attacker (Is he/she a good or bad hacker?)  He analysed the back door or weakness  He verified that exploding the weakness  wasn’t against the code.  Wasn’t against the private law.  Who is liable for any problems that may occur?  The DAO creators for the bug?  The token holders for accepting the risk?  The exploder fulfill the contract?  What do you think about the forks? Is it fair to go against the one who fulfil the contract? @Pablofb_en