Blockchain Assignment

Case Study: The DAO Hack

Submitted by: Group 3

Name PRN
Anindya Vinayak Gopal 19030241056
Ashis Behera 19030241060
Vijaya Bhaskar Kondaveety 19030241072
Narender Reddy 19030241077
Antarjyami Panda 19030241079
Prathmesh Shahapurkar 19030241089
Mani Karthik Suhas 19030241096

1|Page
Contents

1: Who are the actors? What are their Motivations/ objectives?.............................................................3

2. What is a THE DAO? How does it work?.................................................................................................4
3. How is the DAO different from a traditional organization/ a traditional venture capital fund?..........7
4. From the point of view of slock.it / the Jentzsch brothers, elaborate on the risks of THE DAO and
potential mitigants?....................................................................................................................................7
5. Please explain the DAO hack? What happened, and why?...................................................................8
6. What options were available to resolve the hack? How would you evaluate those options from the
point of view of the different stakeholders?..............................................................................................9
7. How was the hack resolved? Do you agree with the hard-fork solution?...........................................10
8. What are the bigger (governance) issues raised by the DAO hack and its resolution?.......................11
REFERENCES:.............................................................................................................................................12

2|Page
1: Who are the actors? What are their Motivations/ objectives?

Slock.it:

It is a German start-up company. The original purpose of Slock.it was to allow individuals to connect
devices to the Ethereum blockchain. They developed a decentralized framework for sharing these
devices by linking smart locks, vehicles, and electricity systems to the blockchain. Slock.it established the
DAO to raise capital. In May 2016, a white paper called "DAO" was published to create a Decentralized
Autonomous Organization.

The DAO:

In order to fund Slock.it and other ventures, it is an independent decentralized entity operating as an
investment fund. Although the DAO's initial scope was to raise money for Slock.it, it grew in scope to
become a decentralized venture capital framework over time. The only condition was that participants
needed to purchase Ether tokens, and anyone interested could participate. Each token reflected a right
to vote on whether the fund should spend its money on investment proposals.

Investors:

These are the individuals who have been investing in the DAO to finance Slock.it. The voting rights on
the open Ethereum platform were accessible to investors. Those investors with voting rights could even
float their own ideas for funding. Not only did Blockchain enthusiasts gain a lot of coverage from the
DAO project, but also from the media, making it the biggest crowdfunding project.

Attacker:

On 16th June 2016, the DAO heist took place. If it was a single person or a group of individuals is still not
understood. By moving it to a different wallet, the attacker used a split feature to withdraw money from
the DAO. The hacker found an error in the code and called the split function repeatedly. Through this,
the hacker withdrew Ether worth US$50 million.

Ethereum Community:

In proposing and reviewing the solutions suggested for the DAO heist, the Ethereum community was
actively involved. But also, from the community participants, the involvement of the Ethereum
Foundation faced criticism. Despite this chaos, within a short period of time, the group stayed calm and
balanced the pros and cons of all possible solutions, succeeding in building a consensus and
implementing the solution chosen.

Miners:

Miners on a blockchain are a single entity or group of individuals who verify and add the transactions to
the ledger. In the form of a transaction fee, the first miner to find the answer earns a reward. Miners

3|Page
were the ones in the DAO heist who carried the hard fork out and transferred the funds back to their
original holders.

Media:

The concept was captured not only with blockchain enthusiasts but also received a strong media echo
from the moment DAO was created, making it the largest crowdfunding project ever. A number of
popular newspapers, which reported the news with a range of technical information, have covered the
heist, mainly highlighting the dangers inherent in dealing with digital currencies. As a consequence of
the heist, the ETH value also plummeted.

2. What is a THE DAO? How does it work? 

The network Ethereum is a computer network that operates the blockchain Ethereum. The blockchain
enables people to exchange value tokens called ether, the second most common cryptocurrency behind
Bitcoin at present. Ethereum also allows users to write and put smart contracts into the network—
general code that runs in all network computers (actually over 6,000 computers). These programs are
then carried out by sending ether.

A DAO is a Decentralized Autonomous Organization. Its purpose is to enforce organization rules and
decision-making systems, eliminate the need for records and regulating individuals, and establish a
decentralized control scheme.

The DAOs resolve an age-old governance issue, which is referred to by policy-makers and economists as
the major player. This happens when a firm's representative has the ability to determine for or influence
the principal – another individual or agency of the institution. For example, managers acting on behalf of
stakeholders or politicians acting on behalf of the people may be examples of this. Moral hazard arises
in such installations when someone bears further risks than usual, because other people bear the cost of
such risks. More commonly, it happens when the agent acts for his own gain rather than for the
principal's benefit as its principal cannot completely control the activities of the agent. Typically, this
problem expands when information asymmetry is at stake.

Traditional Organization Vs DAO Organization:

4|Page
 TRADITIONAL ARCHITECTURE

All representatives of an enterprise hold employment contracts in conventional enterprises, which

govern their ties with and with the corporation. Their rights and duties are controlled by legal contracts
and enacted by the laws that are governed by the laws of the country wherein they reside. When
something goes wrong or if nobody sticks to their end, the legal agreement stipulates who can be
charged for something in a court of law.

On the other hand, DAOs include a group of individuals communicating under an open-source self-
implementing protocol. The native tokens are rewarded for maintaining the network secure and
executing other network tasks. By lowering processing costs of administration at greater transparency,
blockchains and smart contracts balance the interests of all stakeholders with the consensus
algorithms tying to the indigenous token. Person action is motivated by a sign to lead to a shared
purpose collectively. The DAO members are not compelled by either a jurisprudential body or enter into
any formal legal agreement.21 They are instead directed by networking rewards and entirely explicit
laws made into a sound product, implemented by computer consensus. The DAO members are not
bound by the legal entity. Bilateral arrangements are not in effect. The action of all network members is
regulated by one rule – the protocols or smart contract.

In comparison to conventional, top down, management-based, multi-layer DAOs provide a system of

operations for individuals and organizations not competent, reliable and capable of working in separate
regions, speaking different languages and thus subject to various authorities. All agreements take the
form of an open-source code in the Bitcoin Network rather than legal contracts that manage people's
connections, and that is backed by a plurality consensus of all entities. DAOs, excluding code, do not
even have a meritocratic structure. This system once implemented is autonomous of its founder and is
not censored by a singular body, but by a pre-determined majority of its members.

5|Page
 DECENTRALIZED ARCHITECTURE

DAOs are open source and thus clear and incorruptible in principle. The business tracks and manages all
payments on a blockchain. If constructed correctly, the needs of the members of the association are
matched with reward rules linked to the local token. Applications are the key road to decision-making
inside the DAO, which has the overwhelming agreement of the system people involved. As such, DAOs
can be viewed as dispersed or decentralized Internet communities that operate on the Web and operate
self-sufficiently but also depend exclusively on specialists or small firms to carry out those tasks that can
be replaced by automation.

HOW IT WORKS?

6|Page
 DAO FUNCTIONING

 A team of individuals writes the intelligent contracts (programs) that run the business
 There is an initial phase wherein people contribute funds to the DAO through the purchase of
possession tokens – a crowdsale or an initial coin offer (ICO) – in order to provide capital to the
DAO.
 The DAO continues working when the support period has expired.
 People will then bring forward ideas to the DAO about how the money can be invested and the
members who purchased the money will decide on them.

3. How is the DAO different from a traditional organization/ a

traditional venture capital fund?

DAO Traditional organizations

DAOs do not follow a hierarchical structure. A Traditional organizations follow a hierarchical
DAO’s stakeholders generally decide on its rules structure with centralized authority and
by votes managerial roles
DAO, no one entity makes and enforces Traditional organization typically operates as
decisions. Instead, governed by its participants. one legal entity
Members of a DAO are not tied together by a Traditional organizations maintain legal
formal contract. contracts with their employees
DAO has no physical offices Traditional organization have physical
presence.
No proper legal frameworks in place as of yet. Proper legal frameworks in place to govern

4. From the point of view of slock.it / the Jentzsch brothers, elaborate on the
risks of THE DAO and potential mitigants?

Risks of the DAO and ways to mitigate – From the Point of View of Slock.it

As the Founders of Slock.it, Christoph Jentzsch and Simon Jentzsch have understood the risk about
decentralization learned to be much more careful about it.

 They have understood that DAOs need to be rolled out very carefully and, most importantly,
gradually.
 All similar projects underway should consider starting in a partially centralised manner with
training wheels being phased out step by step.

7|Page
  The Jentzsch brothers were confident that they did a good job of rapidly scaling the DAO
community, but they were inclined to say that Ethereum is not yet ready for the masses and
non-technical individuals, despite very clear disclaimers and warnings about the risks involved
with the projects.
 However, they believe that they will get there pretty soon with improved tools and experience.
 Governance and voting mechanisms adapted to decentralized systems:
o Another, non-technical risk was generally around governance.
o Many people in the community were looking for leadership on governance rules, the
proposal framework, the soft / hard forks and other contentious topics from the
beginning of the DAO to its sunset.
 Throughout the history of the DAO, the lack of centralised authority needed to make quick
decisions has been strongly felt.
 However, this is the nature of decentralised systems, and it is a blessing as well as a curse.
 The Jentzsch brothers believe that no difference would have been made by more security audits
or more tests.
 The primary issue was that reviewers were unaware of what to look for.
 Their team and the group both knew about issues like the Call Stack Depth attack, the unbound
loop issues, and many other particular vectors, but at the time the DAO Code was written, the
re-entry hack was clearly something no one was aware of and also it is just in the early days,
smart contract security will increase over time through experience.

5. Please explain the DAO hack? What happened, and why?

On 18 June, participants of the Ethereum group found that the DAO had depleted funds and also that
the smart contract's ETH reserve went down overall. During the first few hours a hacker extracted a
total of 3.6 m Ether (about $70 million at the time). This attack was triggered by a breakdown feature
vulnerability. Ether is withdrawn numerous times that use the same DAO tokens from the DAO smart
contract. This was possible because of the so-called recursive call function.

8|Page
 DAO HACK

It is crucial to realize that such a bug did not derive from Ethereum alone, but was based on Ethereum.
There were several bugs in the DAO code, and one of these was the repetitive call hack. Another aspect
to arrive at this scenario is to equate Ethereum and every Ethereum-based framework to a website. If a
site does not really run, it doesn't mean that the network is not running.

The hacker avoided extracting the DAO, even if it could have done so for unexplained reasons.

The group and teams from Ethereum took over the problem immediately and submitted various
suggestions for the exploit.

6. What options were available to resolve the hack? How would you evaluate
those options from the point of view of the different stakeholders?

The community had 27 days to decide what to do before the attacker could initiate a proposal to move
the funds. There were three options on the table:

 Doing nothing and leaving the state as it is.

 Exercising a soft work on the Ethereum blockchain with the help of miners to destroy the child
DAO with stolen ethers in it by adding a rule that is declaring all transactions making calls to
reduce the fund in the child DAO invalid. This would not affect the validity of transactions took
place until the fork.
 Exercising a hard fork on the Ethereum blockchain to overwrite the history and restore the
stolen ethers. This would reverse the all transactions happened after the starting point of the
work.

9|Page
All these options find some support from different groups. People supporting the first option, those who
argued against any fork, mainly relied on the philosophical foundations of the Ethereum blockchain.
They argued that the code was the law and everything the code allowed was legitimate. Additionally,
specifically against the hard fork option, they claimed that the data on the blockchain was immutable, it
should be kept that way, and doing the contrary would harm the Ethereum blockchain in the long
term. These arguments were similar to those made by the attacker in the open letter.

On the other hand, the majority of the community was of the opinion that something must be done. The
development community proposed the soft fork. The hard work remained as the contested option for a
while as it would destroy the so-called immutability and integrity of the Ethereum blockchain. The
development community’s proposal was to conduct a follow-up hard fork after the completion of the
first work to recover the stolen ether. However, even this type of hard fork was contested by some
participants and other options not involving any hard fork were developed.

7. How was the hack resolved? Do you agree with the hard-fork solution?

The hack was resolved by using the hard-fork technique. A hard-fork is achieved when nodes of the
newest version of a blockchain no longer accept the older version of the blockchain. This creates
a permanent divergence from the previous version of the blockchain. Adding a new rule to the code
essentially creates a fork in the blockchain, i.e., one path follows the new, upgraded blockchain, and the
other path continues along the old path. Generally, after a short time, those on the old chain will realize
that their version of the blockchain is outdated or irrelevant and quickly upgrade to the latest version.

The hard-fork implementation on the Ethereum blockchain was able to overwrite the history and
restore the stolen ethers. This reversed all transactions happened after the starting point of the work.
The hard-fork transferred all Ether in the DAO, the child DAOs, and the “darkDAO” into a new smart
contract. The original holders then were able to use this contract to exchange their DAO tokens for Ether
at a pre-defined exchange rate of 100 DAO tokens for 1 Ether. But to be able to do so, all users had to
update their software to a new version which included this feature. As a result, all funds were
transferred to the withdrawal contract and the original DAO token holders started to withdraw their
Ether.

The hard-fork, though riskier, was still the most effective solution among all the available options in this
situation. It did raise the question of compromised integrity and immutability of Ethereum. Hence, the
decision to implement it sent a signal that projects like the DAO can influence the underlying foundation
to their own advantage that upset some of the community participants.

Nevertheless, the majority of the community was of the opinion that something must be done. The
stolen funds were frozen in a childDAO that a hard-fork was able to undo the theft cleanly. It is due to
this failsafe in the DAO code, the attacker was unable to transfer the funds out of their child DAO until a
certain period of time had expired. Otherwise, the funds would have already made their way to the

10 | P a g e
exchanges and a hard-fork would have become unfeasible. This in turn created a huge time pressure to
execute on the hard-fork, which in this case did prove effective in terms of recovery of the stolen Ether.

8. What are the bigger (governance) issues raised by the DAO hack and its
resolution?

As mentioned till now DAO was a stateless and decentralized network when every token holder has
voting rights for investment and the relationship between the investors and around the organization is
governed by smart contracts of Ethereum.

But when the hack happened and the coding vulnerability is exploited by the hacker resulted in
55million $ loss and a loss of reputation to the whole blockchain community and this showed the world
that this technology is much deeper and we cannot jump in without proper understanding.

So, this raises another question to us what is governance and why does it matter so to answer that
governance is an overview or control over process and structure overall. So, coming to why does it
matter, it is necessary not just in cryptocurrencies but everywhere for smooth execution of tasks and
compliance with regulations and standards.

Equity markets have clearly defined stakeholder structures for investor recourse. These structures have
resulted in governance systems that protect investor interests and prevent rogue executives from
running amok with the company. But cryptocurrencies have largely been shielded from similar
oversight. The DAO hack is just one example of governance gone wrong within cryptocurrencies. Similar
situations abound.

Besides investor protection, governance systems can also streamline internal change management
processes. In practical terms, this means that they can be used to implement a decentralized ethos. This
far, changes in cryptocurrency protocol have been hijacked by a select group of stakeholders. For
example, investors won the day when Ethereum’s protocol was bifurcated into two branches. The
bitcoin core team, which resisted code changes to enable longer block sizes, was responsible for the
creation of bitcoin cash. By establishing voting systems and multiplying the number of stakeholders
involved in the process, governance systems can help.

Governance Resolution

It is also worth noting that most members of The DAO likely did not possess the necessary expertise to
understand the source code underlying the smart contract. The alternative would be that they did
possess the expertise, but neglected to read the contract before agreeing to it, which is less likely given
the amount of money involved. This may have legal implications, which will be discussed later.

Depending on the governance rules, there are different levels of decentralization. While the network
might be geographically decentralized and have many independent but equal network actors, the
governance rules written in the smart contract or blockchain protocol will always be a point of

11 | P a g e
centralization and loss of direct autonomy. DAOs can be architecturally decentralized (independent
actors run different nodes) and are geographically decentralized (subject to different jurisdictions), but
they are logically centralized (the protocol). The question of how to upgrade the code—when and if
necessary—is very often delegated to a set of experts who understand the techno-legal intricacies of the
code, and therefore represent a point of centralization.

REFERENCES:

1. https://jipel.law.nyu.edu/vol-9-no-1-5-minn/#III
2. https://www.frontiersin.org/articles/10.3389/fbloc.2020.00025/full
3. https://www.coindesk.com/deutsche-bank-says-investors-increasingly-prefer-bitcoin-over-gold-
as-inflation-hedge
4. https://www.investopedia.com/tech/governance-why-crypto-investors-should-care/
5. https://medium.com/@ogucluturk/the-dao-hack-explained-unfortunate-take-off-of-smart-
contracts-2bd8c8db3562
6. https://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/
7. https://softwareengineeringdaily.com/2018/03/23/dao-reflections-and-slock-it-with-christoph-
jentzsch
8. https://academy.binance.com/en/articles/decentralized-autonomous-organizations-daos-
explained
9. https://blog.slock.it/the-history-of-the-dao-and-lessons-learned-d06740f8cfa5
10. https://www.coindesk.com/understanding-dao-hack-journalists
11. https://medium.com/@ogucluturk/the-dao-hack-explained-unfortunate-take-off-of-smart-
contracts-2bd8c8db3562
12. https://www.investopedia.com/terms/h/hard-fork.asp#:~:text=A%20hard%20fork%20(or
%20hardfork,version%20of%20the%20protocol%20software.

12 | P a g e