We Haven’t Seen the Last of the Bug That Killed the DAO


More than two years after the collapse of The DAO thrust the Ethereum community into civil war, one of the bugs that caused that caused that black swan event continues to lurk in many smart contracts, waiting to be exploited by hackers.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="That’s according to Emin Gün Sirer‏, a computer science professor at Cornell and the co-director of cryptocurrency research initiative IC3, who said that he has seen a variety of smart contracts that may be vulnerable to a “reentrancy” attack that allows a malicious user to drain ETH from a payment channel.” data-reactid=”43″>That’s according to Emin Gün Sirer‏, a computer science professor at Cornell and the co-director of cryptocurrency research initiative IC3, who said that he has seen a variety of smart contracts that may be vulnerable to a “reentrancy” attack that allows a malicious user to drain ETH from a payment channel.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="“BTW, I’ve seen other contracts like this one that implicitly trust the erc-20 tokens issued on top of their platform to not perform reentrant calls. I’m sure this isn’t the last episode of this bug,” he wrote on Twitter.” data-reactid=”44″>“BTW, I’ve seen other contracts like this one that implicitly trust the erc-20 tokens issued on top of their platform to not perform reentrant calls. I’m sure this isn’t the last episode of this bug,” he wrote on Twitter.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Sirer was commenting on the news that SpankChain, an adult entertainment startup whose platform runs partially on Ethereum smart contracts, had been hacked for nearly $40,000 worth of cryptocurrency over the weekend.” data-reactid=”45″>Sirer was commenting on the news that SpankChain, an adult entertainment startup whose platform runs partially on Ethereum smart contracts, had been hacked for nearly $40,000 worth of cryptocurrency over the weekend.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="As CCN reported, the company said that the hacker used a reentrancy attack to siphon 1165.38 ETH out of the smart contract over a series of transactions. In short, the attacker used a malicious smart contract to trick the SpankChain contract into believing that the attacker could withdraw funds from the payment channel.” data-reactid=”46″>As CCN reported, the company said that the hacker used a reentrancy attack to siphon 1165.38 ETH out of the smart contract over a series of transactions. In short, the attacker used a malicious smart contract to trick the SpankChain contract into believing that the attacker could withdraw funds from the payment channel.

The firm explained:

“The attacker created a malicious contract masquerading as an ERC20 token, where the ‘transfer’ function called back into the payment channel contract multiple times, draining some ETH each time.”

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="As both Spankchain and Sirer noted, the attack was similar to the one that crippled The DAO, a decentralized venture capital fund that long held the record for most funds raised by an initial coin offering (ICO).” data-reactid=”63″>As both Spankchain and Sirer noted, the attack was similar to the one that crippled The DAO, a decentralized venture capital fund that long held the record for most funds raised by an initial coin offering (ICO).

Worth as much as $150 million at a time when the total market cap of ethereum was still far below $2 billion, The DAO held nearly 15 percent of the total ETH supply on June 17, 2016, when an attacker stole 3.6 million ETH — today worth nearly $815 million — by exploiting its vulnerable smart contract.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="We all know what happened next: a series of futile attempts to recover the funds, the infamous chat room conversation, and the contentious hard fork that resulted in the creation of Ethereum Classic.” data-reactid=”65″>We all know what happened next: a series of futile attempts to recover the funds, the infamous chat room conversation, and the contentious hard fork that resulted in the creation of Ethereum Classic.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Now, more than two years later, Ethereum has largely put The DAO hack in its rearview mirror. The ethereum price, which plunged as low as $6 in the months following the hack, now stands at $230. Hundreds of blockchain startups have used Ethereum to raise billions of dollars through ICOs, and thousands of developers are building decentralized applications (dApps) that run on the platform.” data-reactid=”66″>Now, more than two years later, Ethereum has largely put The DAO hack in its rearview mirror. The ethereum price, which plunged as low as $6 in the months following the hack, now stands at $230. Hundreds of blockchain startups have used Ethereum to raise billions of dollars through ICOs, and thousands of developers are building decentralized applications (dApps) that run on the platform.

However, though the consequences may not always be quite as serious as they were on that infamous morning in June 2016, the bug that permanently altered the cryptocurrency landscape appears determined to continue to rear its ugly head.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Images from Shutterstock” data-reactid=”68″>Images from Shutterstock

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="
The post Ethereum: We Haven’t Seen the Last of the Bug That Killed the DAO appeared first on CCN.
” data-reactid=”69″>The post Ethereum: We Haven’t Seen the Last of the Bug That Killed the DAO appeared first on CCN.

Let’s block ads! (Why?)


Source link

Previous A Solution to Crypto’s 51% Attack? Fine Miners Before It Happens
Next China Should Consider Launching its Own Stablecoin, Central Bank Expert Says in Op-Ed

No Comment

Leave a reply

Your email address will not be published. Required fields are marked *