{"id":9057,"date":"2025-02-27T06:29:23","date_gmt":"2025-02-27T05:29:23","guid":{"rendered":"https:\/\/wsj-crypto.com\/?p=9057"},"modified":"2025-02-27T06:29:23","modified_gmt":"2025-02-27T05:29:23","slug":"important-announcement-addressing-dao-security-flaw","status":"publish","type":"post","link":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/","title":{"rendered":"IMPORTANT ANNOUNCEMENT: Addressing DAO Security Flaw"},"content":{"rendered":"

<\/p>\n

\n

A breach has been identified and manipulated in the DAO<\/a>, and the perpetrator is presently engaged in siphoning the ether within the DAO into a subsidiary DAO. The breach is a <\/span>recursive calling flaw<\/span><\/a>, <\/b>where the assailant invokes the \u201csplit\u201d function, and then recursively calls the split function within itself, thus accumulating ether multiple times in a single transaction. <\/span><\/p>\n

<\/p>\n

The siphoned ether resides in a subsidiary DAO at <\/span><\/a>https:\/\/etherchain.org\/account\/0x304a554a310c7e546dfe434669c62820b7d83490<\/a>; even if no steps are taken, the perpetrator will not be able to retrieve any ether for approximately another ~27 days (the creation period for the subsidiary DAO)<\/b>. This is an issue that specifically impacts the DAO; <\/span>Ethereum itself remains completely secure<\/b>.<\/span><\/p>\n

<\/p>\n

A software fork has been suggested, <\/span>(with NO ROLLBACK; no transactions or blocks will be \u201cundone\u201d)<\/b> which will make any transactions that perform any calls\/callcodes\/delegatecalls that decrease the balance of an account with code hash <\/span>0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba<\/span> (i.e., the DAO and its subsidiaries) resulted in the transaction (not just the call, but the transaction) being rendered invalid, starting from block 1760000 (exact block number may vary until the code is released), <\/span>preventing the ether from being withdrawn by the perpetrator beyond the 27-day period<\/b>. This will allow ample time for deliberation on potential additional measures, including enabling token holders to retrieve their ether.<\/span><\/p>\n

<\/p>\n

Miners and mining pools should proceed to permit transactions as usual, await the soft fork code, and be prepared to download and implement it if they consent to this direction for the Ethereum ecosystem. DAO token holders and Ethereum users should remain patient and composed. Exchanges should feel confident in resuming ETH trading.<\/b><\/p>\n

<\/p>\n

Contract creators must be cautious to (1) be extremely vigilant regarding recursive call defects, and heed advice from the Ethereum contract programming community that will likely arise in the coming week on alleviating such flaws, and (2) avoid developing contracts that contain over ~$10m in value, except for sub-token contracts and other systems whose value is defined by social agreement external to the Ethereum platform, which can be seamlessly \u201chard forked\u201d through community consensus if a defect arises (e.g., MKR), at least until the community acquires more experience in bug management and\/or improved tools are established.<\/span><\/p>\n

<\/p>\n

Developers, cryptologists, and computer scientists should recognize that any high-level resources (including IDEs, formal verification, debuggers, symbolic execution) that facilitate the creation of secure smart contracts on Ethereum are ideal candidates for <\/span>DevGrants<\/span><\/a>, <\/span>Blockchain Labs grants<\/span><\/a> and <\/span>String\u2019s autonomous finance grants<\/span><\/a>.<\/span><\/p>\n

<\/p>\n

This post will be continually updated.<\/strong><\/p>\n<\/div>\n


\n
Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A breach has been identified and manipulated in the DAO, and the perpetrator is presently engaged in siphoning the ether within the DAO into a subsidiary DAO. The breach is a recursive calling flaw, where the assailant invokes the \u201csplit\u201d function, and then recursively calls the split function within itself, thus accumulating ether multiple times<\/p>\n","protected":false},"author":3,"featured_media":8282,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[1468],"class_list":["post-9057","post","type-post","status-publish","format-standard","has-post-thumbnail","category-ethereum","tag-return-a-list-of-comma-separated-tags-from-this-title-critical-update-re-dao-vulnerability"],"yoast_head":"\nIMPORTANT ANNOUNCEMENT: Addressing DAO Security Flaw - WSJ-Crypto<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IMPORTANT ANNOUNCEMENT: Addressing DAO Security Flaw - WSJ-Crypto\" \/>\n<meta property=\"og:description\" content=\"A breach has been identified and manipulated in the DAO, and the perpetrator is presently engaged in siphoning the ether within the DAO into a subsidiary DAO. The breach is a recursive calling flaw, where the assailant invokes the \u201csplit\u201d function, and then recursively calls the split function within itself, thus accumulating ether multiple times\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/\" \/>\n<meta property=\"og:site_name\" content=\"WSJ-Crypto\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-27T05:29:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2100\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"wsjcrypto\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"wsjcrypto\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/\",\"url\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/\",\"name\":\"IMPORTANT ANNOUNCEMENT: Addressing DAO Security Flaw - WSJ-Crypto\",\"isPartOf\":{\"@id\":\"https:\/\/wsj-crypto.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"datePublished\":\"2025-02-27T05:29:23+00:00\",\"author\":{\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\"},\"breadcrumb\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/#primaryimage\",\"url\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"contentUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"width\":2100,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wsj-crypto.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IMPORTANT ANNOUNCEMENT: Addressing DAO Security Flaw\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wsj-crypto.com\/#website\",\"url\":\"https:\/\/wsj-crypto.com\/\",\"name\":\"WSJ-Crypto\",\"description\":\"Just Another Crypto News Website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wsj-crypto.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\",\"name\":\"wsjcrypto\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"caption\":\"wsjcrypto\"},\"url\":\"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"IMPORTANT ANNOUNCEMENT: Addressing DAO Security Flaw - WSJ-Crypto","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/","og_locale":"it_IT","og_type":"article","og_title":"IMPORTANT ANNOUNCEMENT: Addressing DAO Security Flaw - WSJ-Crypto","og_description":"A breach has been identified and manipulated in the DAO, and the perpetrator is presently engaged in siphoning the ether within the DAO into a subsidiary DAO. The breach is a recursive calling flaw, where the assailant invokes the \u201csplit\u201d function, and then recursively calls the split function within itself, thus accumulating ether multiple times","og_url":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/","og_site_name":"WSJ-Crypto","article_published_time":"2025-02-27T05:29:23+00:00","og_image":[{"width":2100,"height":900,"url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","type":"image\/jpeg"}],"author":"wsjcrypto","twitter_card":"summary_large_image","twitter_misc":{"Scritto da":"wsjcrypto","Tempo di lettura stimato":"2 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/","url":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/","name":"IMPORTANT ANNOUNCEMENT: Addressing DAO Security Flaw - WSJ-Crypto","isPartOf":{"@id":"https:\/\/wsj-crypto.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/#primaryimage"},"image":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/#primaryimage"},"thumbnailUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","datePublished":"2025-02-27T05:29:23+00:00","author":{"@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7"},"breadcrumb":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/#primaryimage","url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","contentUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","width":2100,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/27\/important-announcement-addressing-dao-security-flaw\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wsj-crypto.com\/"},{"@type":"ListItem","position":2,"name":"IMPORTANT ANNOUNCEMENT: Addressing DAO Security Flaw"}]},{"@type":"WebSite","@id":"https:\/\/wsj-crypto.com\/#website","url":"https:\/\/wsj-crypto.com\/","name":"WSJ-Crypto","description":"Just Another Crypto News Website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wsj-crypto.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7","name":"wsjcrypto","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","caption":"wsjcrypto"},"url":"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/9057","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/comments?post=9057"}],"version-history":[{"count":2,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/9057\/revisions"}],"predecessor-version":[{"id":9059,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/9057\/revisions\/9059"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media\/8282"}],"wp:attachment":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media?parent=9057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/categories?post=9057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/tags?post=9057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}