An attack was found and exploited in The DaoAnd the attacker is currently emptying the ether contained in the Dao in a Dao child. The attack is a recursive vulnerability of calls,, When an attacker called the “divided” function, then calls the divided function recursively inside the split, thus collecting the ether several times in a single transaction.
The disclosed ether is in a Dao child to https://etherchain.org/account/0x304a554a310c7e546dfe434669c62820b7d83490; Even if no measure is taken, the attacker will not be able to withdraw any ether at least for about 27 days (the creation window for the Dao child). This is a problem that specifically affects the DAO; Ethereum himself is perfectly safe.
A software fork has been proposed, (without retro-return; no transaction or blocks will be “reversed”) which will make all transactions that will make all calls / call codes / delegation that reduce the balance of an account with code hash 0x7278d050619a624f84f51987149ddb439cdaadfba596f7cfaea7ad44340a4ba (ie Dao and children) lead to the transaction (not only at the call, the transaction) invalid, from the block 1760000 (precise block number subject to change to the point that the code is published), Prevent the ether from being removed by the attacker in front of the 27 -day window. This will give you a lot of time for the discussion on the potential steps, especially to give tokens to chip the ability to recover their ether.
Minors and mining pools should resume transactions as normal, wait for the flexible fork code and stand ready to download and execute it if they agree with this path to go for the Ethereum ecosystem. Dao tokens and Ethereum users must sit down and stay calm. Exchanges should feel safe in the resumption of ETH.
Contract authors must take care to (1) pay very attention to recursive calls of calls, and listen to the advice of the Ethereum contracts programming community which will probably be to come in next week to mitigate these bugs, and (2) avoid creating contracts which contribute more than $ 10 million, with the exception of subsoken contracts and other systems whose value is itself defined by the value PRECONSUS Social Consensus Community If a bug emerges (for example MKR), at least until the community acquires more experience with the attenuation of insects and / or better tools.
Developers, cryptographers and computer scientists should note that all high -level tools (including FDI, formal verification, debugers, symbolic execution) which facilitate the writing of safe smart contracts on Ethereum are main candidates for Devugrants,, Blockchain laboratories And Autonomous thong financial grants.
This message will continue to be updated.
