Download - Dao (Decentralized Autonomous Organization)
![Page 1: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/1.jpg)
DAOOrganizaciones
AutónomasDescentralizadas
Carlos BuendíaBlockchain Lead Engineer
Grant Thornton Blockchain Labs
Ethereum Spain Organizer
10-01-2016
@buendiadas
![Page 2: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/2.jpg)
Contenido
1. Introducción a Ethereum y la DAO
2. Cronología del ataque.
3. Soluciones al problema
4. Solución final
![Page 3: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/3.jpg)
Introducción a la DAO
![Page 4: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/4.jpg)
Ethereum: Sistema de cuentas
"On the Blockchain, no one knows you're a fridge" - Richard Brown
• Principal diferencia frente a Bitcoin
• Dos tipos de cuentas
ContractsExternally Owned Accounts (EOA)
![Page 5: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/5.jpg)
Organización Autónoma Descentralizada
Balance: X+Y Eth
• Sociedad gestionada por reglas establecidas en contratos (Smart Contracts)
• Reglas establecidas previamente al acceso de los usuarios.
• Puede gestionar dinero de los usuarios ( Según las reglas previamente establecidas)
• Ejemplos: DigixDAO, MakerDAO, TheDAO… SSBF DAOX+Y ETH
X ETH Y ETH
![Page 6: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/6.jpg)
The DAO
• Usuario presentan una propuesta a la DAO
• La DAO vota la idea
• La DAO financia la idea
• Se reparten Beneficios/pérdodas
![Page 7: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/7.jpg)
Cronología
![Page 8: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/8.jpg)
30 - ABRIL
![Page 9: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/9.jpg)
Crowdsale
• Durante 30 días, se vendieron “DAO Tokens”
• Los tokens ponderan a la hora de tomar decisiones.
• El dinero asociado a cada token siempre mantiene su equivalente en Ether.
![Page 10: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/10.jpg)
Crowdsale
![Page 11: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/11.jpg)
Si , $150M en un contrato
![Page 12: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/12.jpg)
12- JUNIO
![Page 13: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/13.jpg)
Primeras noticias12- JUN
“Today we discovered a vulnerability in the ETH token wrapper”
MakerDAO slack
![Page 14: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/14.jpg)
“No DAO funds at risk”
12- JUN
![Page 15: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/15.jpg)
17- JUN
![Page 16: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/16.jpg)
Black Friday
“The DAO is currently sustaining a sophisticated attack.”
“The attacker has moved the stolen ether to a child DAO.”
The DAO Child DAO
![Page 17: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/17.jpg)
El ataque: Recursive Split (I)
The DAO
Withdraw ()
Wallet Contract
Split (address del código atacante)
Hacker_Balance=0
Call_Split (Sender)
Address: 304a554a310C7e546dfe434669C62820b7D83490 Address: bb9bc244d798123fde783fcc1c72d3bb8c189413
N times
ETH Balance + = amount
Dark DAO
(Editado)
![Page 18: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/18.jpg)
El ataque: Recursive Split (II)
// Burn DAO Tokens Transfer(msg.sender, 0, balances[msg.sender]); withdrawRewardFor(msg.sender);
totalSupply -= balances[msg.sender]; balances[msg.sender] = 0; paidOut[msg.sender] = 0; return true;
1: Movimiento de fondos
2: Actualización de balances
![Page 19: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/19.jpg)
Recursive Split• No es vulnerabilidad de Ethereum
• No es vulnerabilidad (directa) de Solidity
• Error (humano) de código (Reentrada)*
http://forum.ethereum.org/discussion/1317/reentrant-contracts
![Page 20: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/20.jpg)
20- JUN
![Page 21: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/21.jpg)
Robin Hood Attack
Original DAO “White Hat” DAO
7.2M ETH
Address: bb9bc244d798123fde783fcc1c72d3bb8c189413 Address: 0xb136707642a4ea12fb4bae820f03d2562ebff487
![Page 22: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/22.jpg)
¿Soluciones?
![Page 23: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/23.jpg)
Solución: Softfork
• Los mineros (validadores de transacciones) actualizan su código.
• Acuerdan no validar las transacciones
• El Ether robado pasaría a ser inutilizable
![Page 24: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/24.jpg)
• Cambio en el protocolo (toda solución es posible)
• Cambio en el protocolo. Protocolo = Consenso
Solución: Hardfork
• Devolver fondos, olvidar ejecución de contrato…
• Antecedentes: Bitcoin 2010
![Page 25: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/25.jpg)
Solución: No hacer nada• El usuario asume riesgos al adquirir sus fondos
• Principio de Inmutabilidad
• DAO != ETHEREUM
• El atacante adquiriría 3.6M ETH ($60M)
![Page 26: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/26.jpg)
20- JULIO
![Page 27: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/27.jpg)
Solución final
![Page 28: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/28.jpg)
El Hardfork
• Modificación del contrato de “The DAO” por un contrato para retirar balance
• Ethereum / Ethereum Classic
• El Ether robado pasaría a ser inutilizable
![Page 29: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/29.jpg)
Hoy
ETH ETC
• Mantiene el total de desarrolladores/aplicaciones
• Capitalización de mercado: $1,114,099,290
• Precio: $13.18
• Hashrate (GHz/s) : 4610 Gh/s
• Poco volume de desarrollo, sin apliaciones propias
• Capitalización de mercado: $103,390,038
• Precio: $1.22
• Hashrate (GHz/s): 652 Gh/s
![Page 30: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/30.jpg)
Mañana: Workshop SSBF DAO
• DAO Simple (No es the The DAO!)
• Propuestas de movimientos de fondos
• Votación/ Ejecución
![Page 31: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/31.jpg)
Links de interés 1. Ethereum Accounts (White Paper): https://github.com/ethereum/wiki/wiki/White-Paper2. Ethereum DAO: https://www.ethereum.org/dao3. The DAO: https://daohub.org/4. Maker DAO: https://makerdao.com/5. Digix DAO: https://www.dgx.io
![Page 32: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/32.jpg)
Links de interés (ataque técnico)
1. Child DAO: https://etherchain.org/account/0x304a554a310c7e546dfe434669c62820b7d83490
2. Respuesta de Ethereum: https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability/
3. Ataque de Reentrada: http://forum.ethereum.org/discussion/1317/reentrant-contracts4. Blog Seguridad Blockchain:
http://hackingdistributed.com/2016/06/16/scanning-live-ethereum-contracts-for-bugs/5. Blog Personal de Peter Vessenes:
http://vessenes.com/deconstructing-thedao-attack-a-brief-code-tour/6. Estado del la votación al Soft Fork: http://ethermine.org/stats/votes
![Page 33: Dao (Decentralized Autonomous Organization)](https://reader036.vdocuments.net/reader036/viewer/2022062311/58eff5cf1a28ab7e358b45f9/html5/thumbnails/33.jpg)
DAO
Carlos BuendíaBlockchain Engineer at Grant Thornton
Ethereum Spain Organizer
@buendiadas