- Advanced Blockchain Development
- Imran Bashir Narayan Prusty
- 360字
- 2021-06-24 14:04:48
The DAO
The DAO is one of the highest crowdfunded projects, and it started in April 2016. This was a set of smart contracts written to provide a platform for investment. Due to a bug in the code, this was hacked in June 2016, and an equivalent of 50 million dollars was siphoned out of the DAO into another account.
Even though the term hacked is used above, it was not really hacked, the smart contract simply did what it was asked to do. It was just an unintentional behavior that programmers of the DAO did not foresee. This incident resulted in a hard fork on Ethereum to recover from the attack. It should be noted that the notion of code is the law or unstoppable smart contracts should be viewed with some skepticism as the implementation of these concepts is not mature enough to merit full and unquestionable trust. This is evident from the recent events where the Ethereum foundation was able to stop and change the execution of The DAO by introducing a hard fork. Though this hard fork was introduced for genuine reasons, it goes against the true spirit of decentralization, and the notion of code is law. On the other hand, resistance against this hard fork and some miners who decided to keep mining on the original chain resulted in the creation of Ethereum Classic. This chain is the original, non-forked Ethereum blockchain where the code is still the law.
This attack highlights the dangers of not formally and thoroughly testing smart contracts. It also highlights the absolute need to develop a formal language for development and verification of smart contracts. The attack also highlighted the importance of thorough testing to avoid the issues that the DAO experienced. There have been various vulnerabilities discovered in Ethereum recently around the smart contract development language. Therefore, it is of utmost importance that a standard framework is developed to address all these issues. Some work has already begun, for example, an online service at https://securify.ch, which provides tools to formally verify smart contract. However, this area is ripe for more research to address limitations in smart contract languages.