The number of options available to the ethereum development community as it searches for a way to recover investor funds lost when The DAO was compromised is dwindling with news that a vulnerability in one of the more prominent solutions has been discovered.
As it turns out, a soft fork that would have sought to blacklist the ether address that holds the confiscated funds, preventing it from conducting any transactions, actually exposes a previously undetected attack vector.
In a post on the Ethereum Foundation blog, developer Felix Lange explains that the exploit would slow down mining and prevent the completion of legitimate transactions.
Lange wrote:
Launched earlier this year, The DAO was the first large-scale distributed autonomous organization (DAO) designed with a leaderless governance structure and with the intent to distribute ether donated by contributors to new ethereum projects.
After raising more than $150m worth of ether, a flaw in the software was exploited, letting a malicious member move a portion of the funds into another DAO under their control.
Due to the way The DAO was coded, it is widely believed that the siphoned funds won’t be accessible to the perpetrator until 14th July. But in Lange’s post today, he added that "there is no immediate urgency to block transactions while further proposals are being worked out".
The development comes as ethereum miners, or those validating transactions and competing to create blocks on the platform, have until this Thursday to vote for the soft fork patch, thus implementing the soft fork.
The fork in the road
While Lange proposed two temporary workarounds to the vulernabilty, lead distributed application developer at ethereum, Fabian Vogelsteller, was less optimistic on Twitter.
Vogelsteller wrote:
The hard fork option, which would essentially roll back the ethereum blockchain to erase the transactions, has been controversial to some members of the community who worry it might undermine future faith in the reliability of the network.
Doing nothing has also been controversial, as it would give the person who used The DAO’s code to move funds to a separate account the ability to profit at the expense of the 23,000 token-holding members of the organization.
Bent fork image via Shutterstock
Correction: This article has been updated to correct a misspelled surname.