The DAO (or Decentralised Autonomous Organisation) is a network built on computer scripts called smart contracts, which are hosted on a blockchain. Crowd-funded into existence in early May this year, the function of the DAO is to generate and supply funding to projects, products and services which have been voted for by the organisation. It is decentralised, meaning that power is distributed across the individual participants; and autonomous, as it requires no governing agency in order to subsist. As the DAO website describes it exists “simultaneously nowhere and everywhere” and operates “solely with the steadfast iron will of unstoppable code.” As the contracts and transactions are hosted on the blockchain, the operations of the DAO are completely transparent. A single participant can buy into the organisation using the cryptocurrency Ether, and then vote on the direction that the funding takes. As the allocation of capital is contingent on majority vote, the DAO functions as a swarm.
The smart contracts issued by the DAO use turing-complete languages, and although the implications of this are significant (turing-completeness allows that given enough space and time, a program could solve any computational problem)- it has also given rise to the weakness which lead to the DAO hack of Friday June 17th. The hack presented colossal challenges for the DAO as not only did it deeply damage it’s monetary value (approximately $55 million USD worth of Ether), it also raised crushing questions as to the functionality of the two major ideologies implicit in the DAO: i) democratic decentralisation and ii) turing-completeness itself. The turing-complete languages on which the DAO operates are structurally imperative as they serve to reinforce the ideological sufficiency of code. However, it was precisely a feature of these languages, namely recursiveness, that left the DAO vulnerable to a hack.
The hack was achieved by allowing a section of the code (function name splitDAO) to fall back on itself repeatedly, creating a loop that would drain DAO tokens into a child DAO. The funds, according to DAO protocol, are now frozen in that account for a period of 27 days. Ethereum developers and supporters are working hard to rescue the funds from the child DAO before they are released to the hacker. This has involved the development of two potential fixes: a hard and soft fork. The soft fork would freeze the funds within the child DAO and implement a fix dependant on a majority vote from users. The hard fork would require all Ether miners to update their software and overwrite the hackers transactions by bringing the blockchain back to its state prior to the attack. As this would also overwrite all subsequent transactions and effectively create a new blockchain, such a level of interference would injure what is intended to represent an unalterable and autonomous numeric system. A soft fork was therefore preferable, however it was quickly revealed that such an endeavour would pose extremely high risks of denial-of-service attacks. The only remaining option is to continue with a hard fork, or take no action at all.