DAO Wars Soft Fork Makes Ethereum Blockchain Vulnerable
The Ethereum community has a lot to decide lately as the network has been preparing for an upcoming soft fork expected to start roughly around June 30. According to Etherchain.org pools who have implemented the soft fork are showing consensus for the procedure. With the Ethereum community planning on the next step another revelation from Hacking, Distributed shows the soft fork may be vulnerable to DoSing.
Is a Blacklisting Soft Fork a Good Idea? Some Say No.
In an editorial written by Tjaden Hess and additional research done by River Keefer, and Emin Gün Sirer the Hacking, Distributed team believes the latest “DAO Wars” soft fork may provide more attack vectors. The current implementation of the soft fork is aimed to blacklist what is now called the “Dark DAO” account held by the attacker. However if integrated Tjaden Hess believes the Ethereum network will be susceptible to DDoS attacks if exploited either naturally or with malicious intent. Hacking, Distributed’s author Tjaden Hess explains:
“The soft fork creates a denial of service attack vector which, if exploited, would prevent the network from processing valid transactions at negligible expense to the attacker. Specifically, an attacker can flood the network with transactions that execute difficult computation, and end by performing an operation on the DAO contract. Miners running the soft fork would end up having to execute, and then subsequently discard, such contracts without collecting any fees. — And it gets worse: miners typically prioritize transactions by gas price. Because malicious transactions don’t actually pay gas, an attacker could set an extraordinarily high gas price to trick miners into wasting all their computation. This could result in blocks entirely empty of any valid transactions.”
Tjaden Hess believes this leaves the Ethereum community just a few options to help fix the issue which includes, no fork implementations, a soft Fork with a stiff upper lip, or a hard fork. The stiff upper lip soft integration of the code would have the community “fully cognizant that there is an opportunity for DoS attacks.” A hard fork implementation would be the “cleanest, simplest, and most secure” option for the Ethereum blockchain says, Tjaden Hess. The researcher also notes the soft fork will also restrict some of the abilities the “White Hat DAO” has as well. The Hacking, Distributed team of programmers state:
“The current soft fork deployed in Ethereum poses a DoS vector. If the soft fork activation goes ahead as planned, the community should be prepared for potential DoS attacks, which would lead to diminished performance for the network. We urge the community to come to consensus on the ultimate resolution of The DAO saga as quickly as possible.”
The Geth “DAO Wars” soft fork release is currently on Github and many mining pools within the Ethereum network seem to be down with performing this maneuver. Many people from the cryptocurrency community are watching the next step to see what happens. Alongside this teams working on similar projects such as Rootstock, Lisk, Counterparty, and the new UK firm Razormind are looking to take the smart contract reigns. According to Etherchain.org the “soft fork to freeze the DAO funds will activate if the gas limit of block 1800000 is below or equal to 4 million. Approximate remaining voting time: 2 days till Thu Jun 30, 2016”
Time is ticking, and many eyes are focused on the outcome of this controversial experimentation with the Ethereum blockchain. Significant members of the community believe separation from Slock.it is the best method of procedure. Bitcoinist will be following the events as they unfold within the Ether community. There still time to change the majority decision but it looks like the community currently favors the soft fork.
My thoughts on the DAO Crisis: https://t.co/QEcxmfXoaV
— Charles Hoskinson (@IOHK_Charles) June 20, 2016
What do you think about the upcoming Ethereum soft fork? Let us know in the comments below.
Images courtesy of Pixabay, and the Ethereum Foundation website