Fixing DAO Will Take Months, Community’s Response Is Crucial
One of the greater experiments of the decade finds itself in limbo as the DAO token holders weigh solutions to a number of attack vectors exposed by Emin Gün Sirer, Vlad Zamfir and others.
Attacks against the DAO
“There are so many attacks against the DAO that some of them cancel each other out,” said Sirer in a recent interview. Such as the stalker attack which may allow an attacker to steal your money when you try to withdraw DAO tokens through a split function.”
“It’s a race condition,” says Sirer, comparing it to Microsoft’s blue screen of death, “it’s just not good system design.”
“Building a solution to this is very, very easy,” says Zamfir. “Having a withdraw function would be a very elegant fix.” Other attack vectors may take months, but “unlikely to take more than a year” according to Sirer.
Moratorium to freeze the DAO’s activities
The DAO functions through token holders voting for proposals with a minimum quorum of 20%, but there is a bias towards voting yes, say researchers, as a ‘no’ vote may aid in reaching the quorum.
Out of 59 proposals the most popular is a moratorium to freeze the DAO’s activities until solutions are implemented. With only three days to go it has 7.24% of the quorum, despite receiving wide publicity. Most have voted in favour by a wide margin, but there are proposals where the ‘no’ vote has far more support, such as almost 85% voting against a proposal for curators to hire contractors to fix the DAO for 5,000 Ether. Few seem to suggest that a ‘yes’ bias does not exist with other more direct flaws such as the inability to withdraw funds after voting even if you are against the proposal.
“There are techniques from game theory for how to solve [the attack vectors], but evolving from where we are now to all of those is not a two-week patch – there is some thought to be given,” says Sirer in an Epicenter Bitcoin interview.
Key solutions and Slock.it
One method may be to upgrade the code, but that would require a 53% quorum which may not be reached. Another solution suggested by Alex van de Sande, one of the DAO curators, is creating a set of guidelines and a smart contract template for business proposals to address the attack vectors as a temporary solution until the DAO is upgraded.
The proposals guideline suggestion is supported by Slock.it, the creator of the DAO, and therefore may find wide agreement, but ironing out the details may prove a tricky task and may take some time. Token holders are, however, growing impatient. On the DAO slack channel there are numerous complaints about what some perceive as a limbo, with Griff Green, a spokesman for Slock.it, stating that they were waiting for the curators.
The future of DAO depends on the community’s response
The uncertainty is reflected on DAO’s price which stands below parity at around 0.9 ether per 100 tokens even though some bought at 1.5 ether during the ‘creation’ period. However, a shaky start is to be expected as the DAO’s wild success in raising 12 million ether took everyone by surprise, bringing in far more scrutiny and careful analysis of its many aspects.
The current difficulties, therefore, may just be the start, but the real test lies in the community’s response. Specifically, whether they will stand up to the challenges, or turn against each other as they vie for the money.