Blockchain - Decentralized Autonomous Organization


The Decentralized Autonomous Organization (DAO), which was launched in April 2016, functioned as a smart contract designed to facilitate investment opportunities. The principle that "code is law" or the concept of immutable smart contracts should be approached with caution, as the execution of these ideas has not yet reached a level of maturity that warrants absolute trust.

This concern became apparent following the DAO incident of hacking into the system, when the Ethereum foundation intervened to halt and modify the DAO's operations by implementing a hard fork in the Ethereum blockchain.

Although this hard fork was enacted for legitimate reasons, it contradicts the fundamental principles of decentralization, immutability, and the belief that code governs all. In response to this hard fork, a faction of users chose to continue mining on the original chain, leading to the establishment of Ethereum Classic. This version of the blockchain remains the original, unaltered Ethereum that still encompasses the DAO, reinforcing the idea that on this chain, code remains the ultimate authority.

History of Decentralized Autonomous Organization (DAO)

In June 2016, a vulnerability known as the reentrancy bug in the code led to a significant breach, resulting in the theft of approximately 3.6 million ether, equivalent to around 50 million US dollars, from the DAO into another account.

While the term "hacked" is often used, it is important to clarify that the smart contract functioned as intended; however, the inherent weaknesses in the smart contracts allowed the attacker to take advantage of the situation. This incident can be viewed as an unforeseen flaw (a bug) that the DAO developers did not anticipate.

Consequently, this event prompted a hard fork in the Ethereum blockchain to facilitate recovery from the attack. The DAO attack capitalized on a flaw in the DAO code, enabling the attacker to withdraw tokens from the DAO smart contract multiple times before the contract had the opportunity to update its internal state to reflect the number of tokens withdrawn. The attacker managed to execute several withdrawals, but ultimately, only one withdrawal was recorded by the smart contract, which also lost track of any subsequent withdrawals.

Security Issues of Decentralized Autonomous Organization (DAO)

The security issues of DAO are mentioned in the following bullet points below −

  • The DAO attack highlights the dangers of not formally and thoroughly testing smart contracts.
  • It also highlights the absolute need to develop a formal language for the development and verification of smart contracts.
  • The attack also highlighted the importance of thorough testing to avoid the issues that the DAO experienced. There have been various vulnerabilities discovered in Ethereum over the last few years regarding the smart contract development language.
  • It is of utmost importance that a standard framework is developed to address all these issues.

Some work has already begun, for example, an online service provider Securify, which provides tools to formally verify smart contract code.