Ethereum

Important Update Re: DAO Vulnerability

adminFebruary 5, 2024

The attack was discovered and exploited in: Dao, the attacker is currently in the process of leaking the Ethereum contained in the DAO to the subordinate DAO. The attack is Recursive call vulnerability, Here, the attacker calls a “split” function and then repeatedly calls the split function inside the split to collect ether multiple times in a single transaction.

The leaked ether is in the child DAO. https://etherchain.org/account/0x304a554a310c7e546dfe434669c62820b7d83490; Even if no action is taken, the attacker will not be able to withdraw Ethereum for up to the next 27 days (the period of child DAO creation).. This is an issue that particularly affects DAOs. Ethereum itself is completely secure..

A software fork has been proposed. (NO ROLLBACK used, no transactions or blocks are “reversed”) Perform any transaction that makes a call/call code/delegate call that reduces your account balance by code hash. 0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba (i.e. DAO and its children) Starting at block 1760000 (the exact block number may change by the time the code is released), transactions (as well as calls, transactions) become invalid. Prevents attackers from withdrawing Ether beyond the 27-day period..This will provide sufficient time to discuss potential further steps, including providing token holders with the ability to recover their ether.

Miners and mining pools must resume accepting transactions as normal, wait for the soft fork code, and be ready to download and run the code if they agree to this path for the Ethereum ecosystem. DAO token holders and Ethereum users must remain calm and collected. Exchanges must feel safe to resume ETH trading.

Contract writers should (1) be very careful about recursive call bugs and listen to the advice of the Ethereum contract programming community that will come out next week to mitigate these bugs, and (2) be careful not to create contracts that contain: Values ​​greater than $10 million (e.g. MKR), excluding sub-token contracts and other systems whose value is self-defined by social consensus outside of the Ethereum platform and can be easily “hard forked” through community consensus if bugs arise; At least until the community gains more experience in mitigating bugs and/or better tools are developed.

Developers, cryptographers, and computer scientists should note that any advanced tool that makes it easy to write secure smart contracts on Ethereum (including IDEs, formal verification, debuggers, and symbolic execution) is a prime candidate. DevGrants, Blockchain Lab Grant and String’s Autonomous Financial Grant.

This post will continue to be updated.

adminFebruary 5, 2024

Related Articles

Bitcoin Cash Price Rises 11% After Halving Rollercoaster

April 4, 2024

Is it getting cheaper or higher? Ethereum Dencun Upgrade and ETH Likely to Rise Above $4,000

March 13, 2024

The Bitcoin ETF was pressured by Grayscale, losing ground for the first time in weeks.

March 20, 2024

Iggy Azalea goes full Solana with Mad Lads PFP as MOTHER approaches $90 million market cap.

June 4, 2024
Back to top button