Curators, researchers, and original coders of the DAO held a Skype meeting to discuss the recent events pertaining the security of The DAO, and how to move things forward. Two viable solutions were disclosed.
The software developer Alex Van de Sande, one of The DAO curators, announced today that a skype meeting between curators, the original researchers who published the attack vector paper, and the original coders of the DAO took place, the topics of the meeting revolved around: the role of the curators, the attack vectors mentioned in this paper, and the possible solutions for these problems.
According to Alex Van de Sande’s reddit post, the participants of the meeting discussed in great depth all the attack vectors outlined by the researchers, in his own words:
We talked at length about all the attack vectors and how bad they really were. The paper discusses many, but I believe my biggest fear was the fact that there are many disincentives for voting against a proposal
Described in my previous post, The Affirmative Bias, and the Disincentive to Vote No is one of the biggest vulnerabilities of the current DAO smart contract, as it forbids a user to initiate a DAO split (to withdraw the ether) once they vote on a proposal, having to wait until the voting process is over, this effectively means that preferences of the positive voters will be visible early on, but the negative sentiment will be suppressed during the voting process. Alex Van de Said explained:
You can’t split if you vote, and voting No might help the Yes side with quorum. This coupled with the chance of a last minute massive voting campaign for Yes, could lead to an impopular proposal being passed (but at no point the DAO is at risk of being drained by scammy proposals).
The developer said that there are currently two ways to move forward, the first one is to update the DAO contract framework, taking advantage of one of the inbuilt mechanisms that allow making changes to the code, however, this method requires a 53.3% quorum and a simple majority vote. Taking this approach will require a great effort, granted, the code will need to be thoroughly tested and audited, making sure that no new attack vectors could surface, this upgrade will need weeks (maybe even months) to be completed.
The second approach suggests the creation of a ‘proposal guideline’, this tackles the security problems of The DAO by making specific changes to the proposal’s source code, minimizing the risks exposed by the researchers in their paper. Several of the guidelines proposed by Alex Van de Sande include:
- A customizable grace period in which either The DAO, the Token Holders (voting directly on the contract) or even the curators could cancel a proposal that was approved and return all the funds to the DAO. This would allow a second phase to cancel a bad proposal that went through.
- The proposal could check if the just YES votes had at least 75% of the quorum, if not it could throw and not allow the proposal to be executed.
- The proposal could keep a daily track of the current state of votes and prevent it from being executed if the YES votes were only able to win in the last 24 or 48 hours (an incentive for large token holders to vote early).
The community is encouraged to participate in these discussions, as only The DAO Token Holders (DTH) have the final decision in their hands.
Apple users can now download the app of The Merkle in the App Store!
If you liked this article follow us on twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.
