8

The DAO contract (at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413) was hacked in 2016, but is still operational and currently holds over 43 Ether:

https://etherscan.io/address/0xbb9bc244d798123fde783fcc1c72d3bb8c189413

Moreover there are still often transactions made to it, several per week on average. Why isn't the DAO being exploited again? During the hardfork was a change made so that the vulnerable function in the contract splitDAO couldn't be called anymore?

John1
  • 103
  • 1
  • 3
  • Just as a note, it was note "hacked". It was a code mistake. – Itération 122442 Jul 08 '21 at 06:11
  • 2
    Hacking is pretty much the intentional action of exploiting code mistakes in order to cause an unintended result. The DAO hacker claimed in an open letter that he was exercising a feature of the DAO because the contract allowed to withdraw Eth in this way, and not hacking, which is idiotic. The context obviously matters, otherwise pretty much any code exploit would be legal and fair game. The DAO contract was illegally hacked in the sense that the attacker exploited an unintended vulnerability in the code. – Undead8 Aug 01 '21 at 00:27

2 Answers2

5

I researched a bit the details of the DAO hack. Given this paper (DOI:10.1109/ICSAI.2017.8248566), the hacker exploited the splitDao function (line 945) with a reantrancy trick to withdraw all funds.

When splitting the DAO, the newDao contract gets fundsToBeMoved (line 986) which is computed using actualBalance() - which seems to underflow when called on Etherscan and is now equal a to a very big number. Thus, since there's not enough funds in the contract to be sent, the transaction throws, preventing any reantrancy.

Yakitori
  • 767
  • 2
  • 14
  • To confirm, it's not the original DAO contract at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413 that can sends ether, rather the rewardAccount contract at 0xd2e16a20dd7b1ae54fb0312209784478d069c7b0 which has 0 ether now. – John1 Aug 09 '21 at 07:03
  • @John1, could you accept the answer then? – Yakitori Aug 09 '21 at 14:18
  • Great work! I've some concerns though. The rewardAccount contract has a fallback function () { accumulatedInput += msg.value; } so an attacker could deposit ether before attacking so payOut won't fail. Don't worry about the rewards points, I'll extend the deadline if necessary, perhaps assign partial points for your research. – Ismael Aug 13 '21 at 04:46
  • 1
    @Ismael I updated it, but it doesn't change anything really - the hacker would only be able to steal his own funds. payOut only sends funds from the rewardAccount, not the original contract. – Yakitori Aug 13 '21 at 19:35
  • @Yakitori If I remember correctly the recursive attack wasn't on the rewards contract but the ethers being sent to the newDao created, since balances[msg.sender] isn't reset the attacker could move more funds than their share. – Ismael Aug 13 '21 at 21:53
  • @ismael - After digging a bit, I think I found. The newDao contract gets fundsToBeMoved (line 986) which is computed using actualBalance() - which seems to underflow when called on Etherscan and is now equal a to a very big number. Thus, since there's not enough funds in the contract to be sent, the transaction throws.

    If the answer is ok for you, I'll update it. Anyway, thanks for the heads-up.

     – Yakitori Aug 14 '21 at 01:00
  • @Yakitori I think that is the correct answer. I suppose that due to the attack the contract has less ether than it is expecting and actualBalance calculation overflows. Great Job! – Ismael Aug 15 '21 at 22:26
0

Okay this is actually hilarious, thanks for bringing this to my attention, it looks like TheDao token contract is actively traded! There are liquidity pools on Uniswap V2

Regarding the governance contract, it seems like people do still call other non-token functions on it, such as New Proposal, and alter Quorum. Perhaps the ability to drain the contract was modified (I can't answer that yet), while others are aiming to get enough DAO tokens to drain it again with representative voting as advertised.

CQM
  • 167
  • 1
  • 3
  • 14
  • 2
    If the bounty expires without a proper answer I'll extend it, but your current answer does't solve the question. – Ismael Aug 06 '21 at 22:32