The paper, authored by Dino Mark, founder of Smartwallet, Vlad Zamfir, a researcher with the Ethereum Foundation, and Emin Gün Sirer, a professor at Cornell University, points out a number of attack types (also referred to as ‘Vlad Attacks’) on The DAO.
The document calls for a temporary suspension of proposals to “prevent losses to The DAO caused by unintended consequences of its mechanism design,” and give it “time to make security upgrades.”
“We identify nine causes for concern that can lead DAO participants to engage in strategic rather than honest behaviors,” the paper says. “Some of these behaviors can cause honest DAO investors to have their investments hijacked or committed to proposals against their interest and intent.”
One of The DAO’s major flaws is what the report refers to as the Affirmative Bias, and the Disincentive to Vote No. The experts argue that The DAO has a strong positive bias to vote YES on proposals and to suppress NO votes.
“YES votes will arrive throughout the voting period, while a strategic token holder will want to cast their NO vote only when they have some assurance that the outcome of the vote will be NO,” the document claims.
“Strategic NO voters will cast their votes only after gaining information on others’ negative perception of the same proposal, so the voting process itself will not yield reliably signal information about the token holders’ preferences over the course of the voting period. Preferences of the positive voters will be visible early on, but the negative sentiment will be suppressed during the voting process — this can result in an affirmative bias that can be a problem for a crowd-funding organization where YES results in funding projects.”
The Affirmative Bias Attack allows for the Ambush Attack where a large investor can take advantage of the bias by adding a large percent of YES votes at the last minute to fund a self-serving proposal.
Another concern is the Stalking Attack. Splitting from The DAO, which consists in withdrawing ether holdings from a DAO contract, is open to the Stalking Attack during which an attacker blocks a victim from withdrawing funds out of the contract back into ether. This allows for demands for ransom and blackmailing.
The Token-Value Attack uses social engineering to create a panic among investors or create fictitious entities to drive the price down for The DAO Tokens voting rights. The attacker can achieve this by implementing the Stalker Attack on anyone who splits, and then making that attack public on social media.
In the extraBalance Attack, the attacker tries to scare token holders into splitting from The DAO so that the value of The DAO Tokens voting rights increases. In this scenario, the book value of the token increases through splits because token holders who split can’t recover any extraBalance.
Other potential threats include the Split Majority Takeover Attack, which takes advantage of the fact that The DAO cannot detect similar attacks performed by a group of people acting separately; and the Concurrent Tie-Down Attack, which consists in submitting a concurrent proposal with a much shorter voting period and benefit from the fact that a group of investors cannot react to it since their funds are trapped in another proposal.
The researchers propose a number of potential fixes to these flaws including the implementation of a post-vote grace period during which a proposal is accepted but not yet funded.
“This would provide token holders with a period of time during which they can withdraw their investment in case they perceive the outcome of the vote to decrease the value of the fund,” they state in a blog post.
Another solution would be to start offering instant and direct withdrawals of ether to regular addresses. Introducing instant withdrawals would eliminate the Stalker Attack and weaken the Token-Value Attack, the researchers claim.
“The central take-away from our partial analysis and discussion is that it would be prudent to call for a temporary moratorium on whitelisting proposals so that reasonable measures can be taken to improve the mechanisms of The DAO,” the post reads. “Therefore, we call on the curators to put such a moratorium in effect.”
Slock.it proposal
In light of the flaws addressed in the research paper released last week, Slock.it has submitted a security proposal to The DAO, which the company claims “addresses all current governance issues (and yes, this includes the much talked about ‘Vlad Attacks’).”
The paper advises for the hiring of a full-time expert who would be responsible for monitoring, pre-empting and averting any potential attack vectors The DAO may face, including social, technical and economic attacks.
“This person will act as first point of contact for security disclosures: Having an official first point of contact for the channeling of security concerns will help maintain a calm, level headed way of addressing such matters, while ensuring a swift, professional reaction,” the proposal (pdf) reads.
The DAO aims at acting as a venture capital fund that supports early stage Ethereum projects. The Decentralized Autonomous Organization lets participants (token holders) vote for projects they would like to support.
The DAO has gained much attention during the past weeks as it successfully raised a total of US$132 million worth of ether (12.07 million) making it the largest crowdfunded project in history.