Among the hype surrounding the possibilities of blockchain-based applications is the promise of so-called smart contracts, applications that execute and verify complex transactions such as the shifting of digital currencies or the sale of a piece of property.
But a vulnerability in a smart contract has created a crisis for thousands of investors in a $150 million blockchain-based crowd-sourced investment project.
It’s also giving the C-suite a lesson in the potential pitfalls of blockchain, and the need for smart contract developers to toughen their scrutiny of code.
The problem is that a smart contract isn’t like most software where a bug is fixed with an update. Like any other contract, it can’t be changed without consent of the parties. So, as one expert says “any bug will live forever.”
The investors in the project, called the Decentralized Autonomous Organization (DAO), have until July 21 to make a tough decision: Watch a thief make off with about one-third of their investment, or create a hard-fork in the supposedly immutable blockchain to save most of their funds.
How bad a hit the DAO will take is debatable. Stephan Tual, founder and chief operating officer of, German-based Slock.it, which developed the DAO framework, said the crisis will “definitely going to cool down a lot of the hype and the nonsense that’s been written about blockchain.”
Philip Daian, a first year doctoral computer science student at Cornell University who has written extensively on the DAO hack said “definately this attack is going to make people trust these things less, but I think it’s a good thing, because I think you shouldn’t trust them a lot without verifying yourself or getting an expert to verify that it actually is for you.”
Peter Vessenes, a blockchain consultant in Seattle, believes when the dust settles investors will cash out and the DAO will be dead. “We can hope so,” he said. “The problem is the code is not safe.”
Like any software effort there can be vulnerabilities in code. In this case the developers of the DAO’s smart contract weren’t smart enough. Simply put, a mistake in logic has allowed at least one investor to divert roughly US$40 million of funds into a split off the DAO’s blockchain. The goal is to develop solutions on top of a blockchain and digital currency from a Swiss company called Ethereum Foundation. Its cryptocurrency is called Ether.
The idea of the DAO is that investors buy its digital tokens using Ether, then vote on using their tokenized funds to finance startups. Slock.it created the project’s smart contract using Ethereum’s Solidity computer language.
Launched in April, the DAO quickly amassed a pool of US$150 million. But in June blockchain and security researchers publicized a flaw in the smart contract. Whether it was wise to give a potential attacker ideas is hotly-debated – one we spoke to insisted the potential flaw had been pointed out years ago in an obscure journal so wasn’t new – but most agree it was no coincidence that within days the DAO had been victimized.
First, the attacker created their own DAO branch in the chain where he/she could send their own tokens. That was provided for by the project creators in case an investor disagreed with partners on where investments should go. The ability to create a mini-DAO ensures investors don’t pull their money out quickly, because there’s a provision against immediately cashing out.
As to how the attacker got hold of millions of dollars worth of tokens, Philip Daian said a “recursive send exploit” in the smart contract was used. Simply put, there’s a way a person can repeatedly ask for a token(s) before each request is fulfilled. It wasn’t supposed to happen. If you ask to move your token from one digital place to another, the contract should only move your one token. But using the exploit there’s a way to repeatedly for tokens in the middle of the transaction, so one token can become hundreds or thousands.
A group of investors saw what was happening and created their own split to prevent the DAO from being drained further. This so-called “white-hat DAO” has 70 per cent of the funds. The “black-hat DAO” has the rest.
Meanwhile, the cooling-off period in the black-hat DAO expires July 21, after which the attacker can try to cash in the tokens through creating a split, which takes effect on July 28 or Aug. 30.
The permanent solution isn’t appealing: The investors – who make all DAO decisions – decide to be part of a hard fork in the blockchain and essentially roll back transactions to before the attack. Theoretically hard forks aren’t supposed to happen – the whole idea of a blockchain is it shouldn’t be changed – but it is allowed in Ethereum. Stephan Tual notes hard forks aren’t unheard of.
Tual — who insists there hasn’t been a theft or heist because the attacker doesn’t have their money yet — is confident 99 per cent of funds will be recovered, although as a result of the crisis the market price of Ether has dropped. (UPDATE: On July 19 Tual said in an email he now expects all of the funds will be recovered. Enough investors have already decided to joint the hard fork that it is now underway, he said)
But who takes the blame for the troubled smart contract isn’t clear. Tual fingers the young computer language it was written in. The problem was “two lines of code that could have been inverted but were not,” he said.
The DAO’s code was thoroughly gone over before the project went live, he said, but the flaw was still missed.
Daian acknowledges that “this type of problem wasn’t well understood and people weren’t looking for it actively.” He admits even he missed it.
One lesson, he said, is that developers and software reviewers have to stop looking at one piece of code at a time and assume the other pieces are OK. In the DAO the code had two problems that needed to be put together in the right way for an attacker to use them. Still, Daian noted that “even the most high assurance programs we have running our planes and our cars and the space shuttle occasionally have errors in them.”
Although the code for smart contracts is often published openly, lawyers and software developers are still grappling with the concept of an unchangeable application. “If there’s SkyNet – the network of interlocked computers that decide to take over the world in the Terminator movies – “we’ll get it off something like this,” Peter Vessenses jokes.
More seriously, he says technology has jumped ahead of people them in terms of best practices for creating safe smart contracts. “That will come through hard lessons like this.”
He believes the majority of DAO investors will eventually withdraw their money, shaken by the experience. Sixty per cent of them will swear off DAO-like applications for five years, he predicts, but the rest will say ‘What’s the next DAO we’re going to do?’ … And there will be a spate of lawsuits, no doubt.”
Taul is more optimistic. “The fact that these people (behind the DAO) are not idiots will make people think to an extent ‘Nobody’s perfect… these things can and do happen… So I think it will make people think more about this … but I don’t think it will necessarily destroy confidence. I think in two year’s time this will be forgotten.”