TheDAO attack / Ethereum is a Weird Machine
(some ethereum historica. formative, circa 02016)
- “ I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward” http://pastebin.com/CcGUBgDG
- analysis of the exploit. http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/
- end of the DAO
- imperative programming for contracts?!
- distributed governance
- ethereum foundation's request for halt of trading, request to spam theDAO with transactions. http://pastebin.com/aMKwQcHR
- soft fork vs “libertarians in a crisis”
- emergent regulation
- intent and code (i.e. difference between assumed meaning of contract and behaviour enabled, specifically the recursive call split draining as computationally valid and thus (or not) contractually valid.)
- bugs & vunerabilities in immutable contracts
- ethereum promises to favour the 'letter' of the law (i.e. “code”) over the 'spirit' (i.e. intention of contract authors) yet the response to the attack shows one way a partially decentralised group can favour the 'spirit' over the 'letter' (i.e. softfork/hardfork)
- “DAO is CoreWar meets Nomic.”
- smart contracts and smart humans
- TauChain
- various thoughts
“The descriptions didn't matter; only the code did. The descriptions didn't allow for today's hack, but the code did. (By definition! If the code could be hacked, the code allowed for the hack.)” in http://www.bloomberg.com/view/articles/2016-06-17/blockchain-company-s-smart-contracts-were-dumb
“Now that it has turned out that The DAO was also a huge multi-million bug bounty program”
- “We have witnessed the first notable failure of a smart contract. In the wake of this disaster, something profound happened: the nascent flame of a decentralized legal system has materialized” https://www.reddit.com/r/ethereum/comments/4on8ot/did_the_death_of_the_dao_accidentally_give_birth/
- proposed forks, soft & hard & implications https://medium.com/@Alex_Amsel/understanding-proposed-ethereum-forks-6abd63a478fc
- thinking about smart contract security. https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security/
- language design & formal specification. https://www.reddit.com/r/ethereum/comments/4opjov/the_bug_which_the_dao_hacker_exploited_was_not/
- Solar-storm: A serious security exploit with Ethereum, not just the DAO https://blog.blockstack.org/solar-storm-a-serious-security-exploit-with-ethereum-not-just-the-dao-a03d797d98fa#.qke8vi4ao
- “There are also a class of total languages (Coq, Agda, Idris) that are guaranteed to terminate but admit (polymorphic) recursion. This is stronger than FOL but weaker than turing-completeness, and certainly sufficient to implement any feasible contract.” https://news.ycombinator.com/item?id=11941758
- Solidity language design problems. https://www.reddit.com/r/ethereum/comments/4p8cft/this_online_exchange_i_recently_had_shows_the/
- Notes on the DAO re-entrancy bug and behavioral types (draft) https://docs.google.com/document/d/1sGlObhGhoEizBXC30Ww4h1KHKGkmcy4NiCKitIBqiUg/edit?pref=2&pli=1#heading=h.gm4egb3ql9ps
- counter attack
- fault tolerant smart contracts https://medium.com/@peterborah/we-need-fault-tolerant-smart-contracts-ec1b56596dbc
- etc…