Impacted configurations: geth 1.4.8
Probability: High
Impact: High
Information:
A vulnerability has been discovered in the newly launched implementation of the DAO soft fork. The activation script in geth (as well as other clients) permits the execution of EVM code up to the block gas limit without incurring gas fees. This may hinder mining activities and obstruct the addition of valid transactions.
The soft fork will remain disabled if the gas limit for block 1800000 exceeds 4000000 gas (i.e., if the community vote to implement the fork does not pass). In such a scenario, the exploit cannot be executed.
Impact on anticipated chain reorganization depth: None
Suggested temporary alternatives:
- use geth 1.4.7
- utilize geth 1.4.8 without the –dao-soft-fork command line parameter.
Next steps:
Options are currently being evaluated. The community has the ability to circumvent any adverse effects of the soft fork by voting against it until a more effective resolution is identified. It is important to note that, to the best of our understanding, no assets can be recovered from the impacted DAOs until July 14th, 2016. There is no pressing need to halt transactions while additional proposals are being formulated.