Lore[edit]
The DAO was launched in 2016 by Christoph Jentzsch and his brother Simon Jentzsch, who had previously founded Slock.it, an IOT company that aimed to build smart locks using Ethereum contracts. With the DAO, the aim was to build an investor-directed venture capital fund. The goal was to allocate DAO tokens to the investors and use them to vote on porposals to arrive at collective decisions. These decisions would lead the dispersal of funds to potential projects from which the profits are rewarded back to the investors. The DAO crowdsale had caught the eyes of more than 11,000 investors and collected more than US$150 million, accounting for 14% of the circulating supply of Ether then.
As the sale was happening, a computer scientist at Cornell pointed out a "recursive call" bug in the contract. This meant that an attacker could drain tokens out of the DAO contract into a "child DAO" endlessly. Meanwhile, the concerns over the vulnerabilities in the DAO contract were being discussed on GitHub by Ethereum developers. On June 17, 2016, while some were working on fixing the bug, the contract was attacked and a third of the contract's Ether was drained out to an unknown address. The huge loss suffered by the investors put Ethereum in an existential threat as the belief in the promising blockchain technology started to dwindle.
The Ethereum community debated how to make amends. While many believed that the hack was not ethically right, it was still legal by the rules of the contract. The initial idea was to create a soft fork blacklisting the hacker's address. But this was discarded as it induced new vulnerabilities. On July 20, 2016, Ethereum hard forked, to move the funds back to a different contract. This ensured that the hacked tokens could be redeemed by the original owners. However, the debate over the ethics of the fork remained. The hard fork went against the philosophies of a blockchain being censorhsip-resistant and immutable. This led to some members of the community continuing to run the original chain under the name "Ethereum Classic".
This was a critical point in the history of Ethereum and blockchain applications. The vulnerability came from the contract code and not the Ethereum chain itself. Though the DAO project shut down right after, Ethereum houses more than 4,200 DAOs today, which goes to say that we've effectively learnt a lesson on what not to do. In retrospect one could say that the hard fork was crucial to Ethereum's survival in the long run.
Lessons[edit]
Start small. The scale at which the DAO's crowdsale happened was unexpected, even by the founders. Starting small and running throught the testnet phases is always the safer way to launch applications on blockchain.
Smart contract audits are important. Smart contracts are irreversible and the chain is immutable. Security audits are offered by firms to eliminate security vulnerabilities in contracts. While it may not ensure all vulnerabilities being caught, relying on a team of experts can minimize potentially fatal flaws.
Public goods thrive on the strength of the community. While many skeptics believed the hack to be the end of Ethereum, the community has evolved since then and attracted a high volume of developers. This holds Ethereum as the most popular smart contract platform.
Links[edit]
- Website (archive, May 2016)
- Whitepaper
- Hard fork announcement
- DAOs today