It looks like you're new here. If you want to get involved, click one of these buttons!
@ChrisEsq. Right. I raise the point that much of what you are saying is factually wrong because you don't understand how the DAO is coded or the details of how the attack was enacted or even the events that have followed.@ChrisEsq. And was the first exercise for all you novice programmers to review the code and discover the vulnerability for yourselves? Did you then have to work out how to write an attack wallet to take advantage of your new found vulnerability? Did they actually explain the sophistication of the hack at all, or did they just hand you a script kiddies remote control to press?C'mon dude, obviously not. Read NOVICE
The code was professionally audited by one of the highest regarded code security auditors in the US. It cost the slock.it team a 5 figure amount which they paid for out of their own pockets. The only bug that was reported was an insignificant rounding error. So do you think this attack vector might just have been just a tad bit harder to realise than all your Monday morning quatersbacks' would claim?As expected as it is, it's pretty sickening watching all this criticism from clueless post disaster experts who had absolutely nothing to say or offer when the DAO was being developed, when the DAO was being tested, when the DAO was being professionally audited, when the DOA was being community reviewed or and when the DAO was raising $150m! It certainly wasn't for lack of opportunity. It was only the highest profile, most transparent, most audited and reviewed development effort on top of Ethereum so far. And it's not even a DAO specific vulnerability! It's been found in some 70% of contracts already out there.Yes, it is always easier to play Monday morning quarterback. Everything else you're saying, I firmly disagree with.
For sure, this was the highest profile project on ethereum to date. I am certainly not an expert, but why is the wild wild world of sports should it be those experts' obligation to vet the code of one business? The smartest people working with solidity, were, idk this may sound crazy, but busy with their own solidity projects. Most audited? Maybe in ethereum smart k land but that does mean that it was "properly vetted".
QuestionsI believe the audit was looking for re-entry and unchecked send vulnerability. I have no idea what those other contracts are or do.
What's different about those 30% of contracts where this vulnerability wasn't a problem?
What made this process so transparent? Slock.it may have not owned many DAO tokens but they refused to provide disclosures of how many DAO tokens they owned personally, which runs afoul of two different regimes of US conflict of interest rules. VB recently posted how many DAO tokens he owned, but have we heard a similar response from the folks at slock.it?I don't care at all who owns how much in what, it's completely irrelevant because the transparency I was talking was regarding the real world Open Source development effort and not some abstract financial legalism.
In your inexperience, you have defaulted to the first seemingly qualified option regarding the quality of the DAO coding. That then framed your entire opinion of the DAO, it's code, Slock.it and it's developers. From there you exercised that opinion and made quite a number of false and unsubstantiated statements and personal attacks.And who is a novice programmer to comment on 'code quality'? Oh, your Consensus guy, right. You're just going to take him on faith just as $150m worth of investors took Slock.it's skills on faith.I actually don't understand your argument here.
No, I've spoken the facts of the DAO code which explicitly prevents code updates for a minimum of 2 weeks and then only after a successful vote by DAO token holders.And who is a novice to say that Slock.it 'did nothing'? Should I just counter-call you all stupid or should I try and be nice and explain the security in the DAO code that actually prevents code updates without holder consensus, after the 2 week proposal period closes? Did your Consensus guy actually explain anything about how the DAO works?Incorrect, and here is where I think you're being disingenuous On June 11, the folks at maker found an potential exploit of the same style that was used to attack TheDAO within the code of their decentralized exchange (Maker OTC) that could have allowed an attacker to steal funds from the users of the exchange, but their developers reacted quickly and fixed the problem before it became an issue.
What was slock.it's response to all of this? "No DAO funds at risk following the Ethereum smart contract ‘recursive call’ bug discovery" LOL. They made a "representation" that everything was ok, when it certainly was not. Their hubris got in the way. These are the same guys who wanted who wanted 125k eth to handle DAO security. See https://blog.slock.it/dao-security-a-proposal-to-guarantee-the-integrity-of-the-dao-3473899ace9d#.43f382gmf (Double LOL)The attack vector into the DAO was still not known at the time of that release. The re-entry vulnerability had only been realised as a programatic anti-pattern in general. The guys who published it couldn't even find any way to apply it to the DAO and so that was the basis of the representation. At the time the DAO was still believed to be secure. It had absolutely nothing to do with hubris or any other ad hominem which you've cast upon their characters.
Consider your information corrected and all your arguments here invalidated. These people have been working their asses off to get everyone's money back, at their own expense. Or perhaps you've not kept up with the very heated DAO hacker war that still continuing. The Slock.it team have been on the charge ever since the attack and will likely be charging for many months to come just to save some 'no hard forks please' ideal of a minority of mostly Bitcoin trolls.And who are you to say that Slock.it 'did nothing' when they've done absolutely everything in their power, including getting Foundation support for a hard fork, including trashing their dreams, in order to get everyone's money back. How many others of the 70% of vulnerable contract writers have you heard of or seen trying to fix their code?Disagree. See response above about them doing nothing in response to the vulnerability Maker highlight and then to go out to markets and reassure DAO token holders everything is ok.
So who are you to claim Slock.it are malfeasanceJust one guy, making an argument on a forum. Your point on malfeasance is fair. I use a different definition of malfeasance however.
The wrongful or unjust doing of some act which the doer has no right to perform, or which he has stipulated by contract not to do. It differs from "mis- feasance" and "non-feasance," (which titles see.) See 1 Chit. Pr. 9; 1 Chit. PI. 134; Dudley v. Flemingsburg, 115 Ky. 5, 72 S. W. 327, 00 L. R. A. 575, 103 Am. St. Rep. 253; Coite v. Lynes, 33 Conn. 115; Bell v. Josse- lyn, 3 Gray (Mass.) 311, 63 Am. Dec. 741..
Reassuring markets that everything is a-ok when it is certainly not the case is what I would argue that slock.it had absolutely no right(read unjustly) to do. It's an argument, not black letter and I have more arguments! If you want to talk about negligence or "fraud on the market", we can dance!Again completely invalidated by the facts.
Apart from the fact that he's still out there. Apart from the fact he holds 3.7eth to ransom. Apart from the fact that his team broke the DAO when no one else could. Apart from the fact that he's still hacking DAO's because he infiltrated the White Hat's own salvage DAO. Apart from the fact he's the most central player in all this. Maybe you're right, maybe he just not that interesting....... and say absolutely fuck all about the actions of the thief!The thief is just being a thief. He should be punished. I agree with you. I just don't think there is really anything interesting about it.
Again, they haven't stopped fighting. You're just too clueless to realise how much of a novice your really are in all this and would prefer to just assume a superior intellectual opinion of derision.please don't scare away the lawyer yet.Lol, "I ain't never scared"..... except when businesses fail to "fight for the users" and are too wrapped up in self-interest
I had some criticism about the DAO and the managment of the foundation. the post was removed.@G416G Yes but unfortunately you criticise a great deal of stuff which does you a greater dis-service when people don't take you seriously any more.
anyway they seem to be mounting a counter attack as evident by the 21% jump ..
go V go !!
please don't scare away the lawyer yet.