Categories: CryptoNews

A Group of Researchers Call For a Temporary Moratorium On DAO Proposals

Dino Mark, Vlad Zamfir, and Emin Gün Sirer asked DAO Token holders to abstain from voting on any proposals until several security flaws in The DAO contract code are solved. The trio released a paper detailing all the attack vectors, along with an extensive blog post.

A Group of Researchers Calls For a Temporary Moratorium On DAO Proposals

The DAO crowdsale officially ended yesterday, with more than 12 Million ETH locked in the contract, so it’s only natural for the public to be concerned about the safety of their funds. The researchers Dino Mark, Vlad Zamfir, and Emin Gün Sirer released a paper detailing all the attack vectors they were able to find.

An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network servers, in this case, it refers to the route a malicious entity could pursue in attacking the DAO smart contract or the DAO token holders themselves. In a blog post, the trio of researchers stated:

We have identified seven causes for concern that can cause DAO participants to engage in strategic behaviors. Some of these behaviors can cause honest DAO investors to have their investments hijacked or committed to proposals against their interest and intent.

The paper describes a wide variety of attacks, one of them is The Affirmative Bias, and the Disincentive to Vote No, in its current state, the DAO smart contract forbids a user to initiate a DAO split (to withdraw the ether) once they vote on a proposal, having to wait until that period is over. A user who negatively perceives a proposal can decide to inmediatly split from the DAO at no risk, or else they can vote NO.

Preferences of the positive voters will be visible early on, but the negative sentiment will be suppressed during the voting process — a problematic outcome for a crowd-funding organization based on measuring the sentiment of the crowd through votes

Another of the vulnerabilities described by the researches and the community is the one denominated The Stalking Attack, in this scenario, a malicious actor could stalk a user wanting to split from the DAO, preventing them to withdraw their funds through a series of votings in the victim’s split proposals. This vector is very costly for the attacker because he needs to monitor their victim 24 hours a day, additionally, the attacker has the potential to lose all their funds to the victim.

Related Post

The paper was endorsed by Vitalik Buterin himself, Alex Van de Sande, another member of the curator team said:

I do not support a curator-led moratorium because I don’t believe our job is to lead but to follow the token holders. If you are a token holder, please start a self proposal tomorrow asking about the moratorium or vote in one if it’s there. Whatever the token holders decide, I will support.

Slock.it decided to go against this decisition by issuing a new security proposal to the DAO to fix its vulneralibities at no cost, and deploying a full-time security expert for 1 year to help mitigate further risks, the proposal has a cost of 8,000 ETH, and was succesfully validated by the curators, who are now deciding wheter to whitelist it or no. Stephan Tual, co-founder of Slock.it said:

This Proposal addresses all current governance issues (and yes, this includes the much talked about ‘Vlad attacks’), it also includes extensive testing, all of which will be delivered at no cost.

DAO token holders will have to decide wheter to abstein from voting on any proposals, or to vote on the one presented by Slock.it, alternatevely, they can activate the split function to recover their ether. The Merkle recommends to all our readers to excert caution, and to keep tabs on any develpments that may occur.

Apple users can now download the app of The Merkle in the App Store!

If you liked this article follow us on twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

Eduardo Gómez

Eduardo Gómez is a Computer Science Major from Venezuela, a country with a loyal Bitcoin user base. He discovered Bitcoin in 2012 and now he use it to escape the triple-digit inflation that Venezuela suffers, he is focusing on developing a writing career, and he tries to keep up with the news in FinTech and Blockchain Technologies.

Share
Published by
Eduardo Gómez

Recent Posts

Decentralized Wallets: Plus Wallet, Zengo, Ledger, Bybit & SafePal

Best 5 Crypto Wallets Every Crypto Enthusiast Should Consider: Plus Wallet, Zengo Wallet, Ledger Stax,…

1 hour ago

MetaMask, Ledger Nano X, & Plus Wallet: Leading Wallets for Security & Growth

The Ultimate Guide to Crypto Wallets in 2024: Focusing on Security & Rewards: Plus Wallet,…

2 hours ago

Cardano’s $250K Payoff Puts Spotlight on BlockDAG’s 2240% Price Jump-Would BlockDAG Be the Next?

Cryptocurrencies have dramatically altered numerous lives by turning modest sums into vast fortunes. Chris, a…

2 hours ago

Experts List Down 3 Hottest Altcoins for December’s Rally: DTX Exchange Tops Charts Alongside Cardano and SUI

When December’s rally starts, the altcoin market will be as active as ever. Leading analysts…

2 hours ago

Ethereum (ETH) on Track to Flip $4K – Ripple (XRP) Hits $2 but Traders Bet More on This New AI Crypto With 50x Upside Potential 

The bulls continue their charge, pushing prices upward. Ethereum (ETH), the leading altcoin, surpasses $3,600…

3 hours ago

SUI, XLM, and Emerging Altcoin Expected to Surpass Traders’ Expectations in December! 

December could be a game-changing month for cryptocurrencies like Sui (SUI), Stellar (XLM), and Rollblock…

3 hours ago