Что случилось с The DAO

index.html

<!doctype html>
<html>
<head>
  <meta charset="utf-8">
  <link href='https://fonts.googleapis.com/css?family=Raleway:500' rel='stylesheet' type='text/css'>

  <style>
    @page {
      size: landscape;
    }
    body {
        font-family: sans-serif;
        font-size: 4vh;
    }
    section {
      display: flex;
      flex-direction: column;
      align-items: center;
      justify-content: center;
      height: 80vh;
      padding: 10vh 0 10vh 0;
      page-break-after: always;
    }
    section p.quote {
      font-style: italic;
      width: 50%;
    }
    section.img {
      display: flex;
      flex-direction: column;
      align-items: center;
      justify-content: center;
      height: 99vh;
      padding: 0 0 0 0;
      page-break-after: always;
    }
    section.img img {
      height: 100%;
    }
    section.img svg {
      height: 100%;
    }
    section.img iframe {
      height: 100%;
      width: 100%;
    }
    img {
      display: block;
      height: 60vh;
      width: auto;
    }
    li {
      margin-bottom: 0.7em;
    }
    .email {
      font-size: 80%;
      opacity: 0.8;
    }
    .logo {
      font-family: 'Raleway', sans-serif;
      font-size: 8vh;
      color: #333;
      opacity: 0.8;
    }
    .logo .flipA {
      display: inline-block;
      -moz-transform:    scale(1, -1);
      -webkit-transform: scale(1, -1);
      transform:         scale(1, -1);
      color: #48045a;
    }
    .logo .flipE {
      display: inline-block;
      -moz-transform:    scale(-1, 1);
      -webkit-transform: scale(-1, 1);
      transform:         scale(-1, 1);
      color: #48045a;
    }
  </style>
</head>

<body spellcheck=false>


<section id="start">
  <h1>Что случилось с The DAO?</h1>
  <p>Максим Талдыкин</p>
  <p class="email">[email protected]</p>
</section>


<section class="img" id="sponsor">
  <a href="http://futurefintech.org">
    <img src="http://i.imgur.com/ABTHpSb.png"/></a>
</section>


<section id="timeline">
  <ul>
    <li>30 April − Crowdsale Launched</li>
    <li>26 May − <a
        href="http://hackingdistributed.com/2016/05/27/dao-call-for-moratorium/">
        Call for a Moratorium</a> (Zamfir et al.)</li>
    <li>28 May − $160M Raised from 12k Investors</li>
    <li>09 June − <a
        href="http://vessenes.com/more-ethereum-attacks-race-to-empty-is-the-real-deal/">
        Race-To-Empty is the Real Deal</a> (Peter Vessenes)</li>
    <li>12 June − <a
        href="https://blog.slock.it/no-dao-funds-at-risk-following-the-ethereum-smart-contract-recursive-call-bug-discovery-29f482d348b#.57j43rsf4">
        No DAO funds at risk</a> (Stephan Tual)</li>
    <li>17 June − <a
        href="https://www.reddit.com/r/ethereum/comments/4oi2ta/i_think_thedao_is_getting_drained_right_now/">
        I think TheDAO is getting drained right now</a></li>
    <li>17 June − <a
        href="https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability/">
        CRITICAL UPDATE Re: DAO Vulnerability</a> (Vitalik Buterin)</li>
    <li>28 June − <a
        href="http://hackingdistributed.com/2016/06/28/ethereum-soft-fork-dos-vector/">
        Soft Fork is a Potential DoS Vector</a></li>
    <li>30 June − Soft Fork Day</li>
    <li>???</li>
    <li>PROFIT</li>
  </ul>
</section>


<section class="img" id="what-happened">
  <img src="http://i.imgur.com/1NITQHe.png"/>
</section>


<section id="how-dao-works">
  <h1>How The DAO works</h1>
</section>


<section class="img" id="bitfinex">
  <iframe src="https://cryptowat.ch/bitfinex/ethbtc/6h"></iframe>
</section>


<section id="attack-in-brief">
  <ul>
    <li><a
        href="https://etherscan.io/token/TheDAO">
        etherscan.io/token/TheDAO</a></li>
    <ul>
      <li>TheDarkDAO</li>
      <ul><li>3,641,694.24 Ether ($51,821,309.06)</li></ul>
      <li>WhiteHatDAO</li>
      <ul>
        <li>7,277,385.71 Ether ($103,557,198.67)</li>
        <li>353,236.41 Ether ($5,026,554.14)</li>
      </ul>
      <li>extraBalance</li>
      <ul><li>344,907.73 Ether ($4,687,296.16)</li></ul>
    </ul>
  </ul>
</section>


<section class="img" id="fork-you">
  <img src="https://pbs.twimg.com/media/ClK1nG1VYAEWyfG.jpg:large"/>
</section>


<section id="soft-fork">
  <h1>Soft Fork: Freeze</h1>
  <ul>
    <li>NO ROLLBACK: no transactions or blocks will be "reversed"</li>
    <ul><li>Some tansactions considered invalid by new software</li></ul>
    <li>Miners vote with gas limit</li>
    <li>All The DAO children are blocked, not just attacked ones</li>
    <li>Prone to DoS</li>
  </ul>
</section>


<section id="hard-fork">
  <h1>Hard Fork: Liquidate</h1>
  <ul>
    <li>New blocks considered invalid by old software</li>
    <li><a
      href="https://github.com/ethcore/hardforkbounty/blob/master/hardforkbounty.sol">
      DAO Rescue Bounty</a></li>
    <li>extraBalance</li>
    <li>Softfork is enough</li>
    <ul>
      <li><a
        href="https://blog.slock.it/a-dao-counter-attack-613548408dd7#.b3dtyr731">
        A DAO Counter Attack</a></li>
    </ul>
  </ul>
</section>

<section id="social-consensus">
  <h1>Social Consensus</h1>
  <p class="quote">... economic incentive is to act in the interests of the community in
    order to maintain the value of their mining rewards.
  </p>
  <a href="https://blog.ethcore.io/how-we-find-common-ground-and-settle-our-differences/">
    How we find common ground</a>(EthCore blog)
</section>

<section id="lessons-learned">
  <h1>Lessons Learned</h1>
  <ul>
    <li>High-level tools that make it easy to write safe smart contracts</li>
    <ul>
      <li>including IDEs, formal verification, debuggers, symbolic execution</li>
    </ul>
    <li>Fix Solidity</li>
    <ul>
      <li><a
        href="https://github.com/ethereum/solidity/issues/656">
        Language-based fix for "Callstack attack" bug</a></li>
    </ul>
    <li>Fix EVM</li>
    <ul>
      <li><a
        href="https://github.com/ethereum/EIPs/issues/114">
        Substitute call stack limit with child gas restriction</a></li>
      <li><a
        href="https://github.com/ethereum/EIPs/issues/116">
        New opcode: STATIC_CALL</a></li>
    </ul>
    <li>Formal methods</li>
    <ul>
      <li><a
        href="https://www.reddit.com/r/ethereum/comments/4p52qd/new_paper_making_smart_contracts_smarter/">
          Making smart contracts smarter</a></li>
    </ul>
  </ul>
</section>


<section id="theend">
  <div class="logo">
    <span>F</span>
    <span>O</span>
    <span>R</span>
    <span>M</span>
    <span class="flipA">A</span>
    <span>L</span>
    <span>&nbsp;</span>
    <span>M</span>
    <span class="flipE">E</span>
    <span>T</span>
    <span>H</span>
    <span>O</span>
    <span>D</span>
    <span>S</span>
  </div>
</section>


<script>
  var sections = [].slice.call(document.getElementsByTagName('section'));
  var dict = {};
  var root = {prev: null};
  var current = root;
  sections.forEach(function(s) {
    current.hash = '#' + s.id;
    current.elem = s;
    dict[current.hash] = current;
    current = current.next = {prev: current};
  });
  current.prev.next = null;
  function hashchange() {
    current = dict[window.location.hash] || root;
  }
  window.addEventListener('hashchange', hashchange, false);
  hashchange();
  function keydown(e) {
    switch(e.keyCode) {
      case 37: /* Left  */
      case 38: /* Up    */
        if(current.prev) {
          window.location.hash = current.prev.hash;
          e.preventDefault();
        }
        break;
      case 39: /* Right */
      case 40: /* Down  */
        if(current.next) {
          window.location.hash = current.next.hash;
          e.preventDefault();
        }
        break;
    }
  }
  window.addEventListener('keydown', keydown, false);
</script>
</body>
</html>