A new update to the Geth client appropriately codenamed “DAO wars” allows the community to vote whether to freeze all child DAO accounts to prevent withdrawal of money stolen during of the 17 June attack.
The voting will end in less than a week. Version 1.4.8 of Geth and version 1.2.0 of Parity together will enable the community to implement the soft fork, which would temporarily block all DAO tokens, both stolen and legitimate, apart from a few whitelisted accounts. A new patch then will be provided to lift the block when the situation is sorted out.
One of the core developers Péter Szilágyi explained in the Ethereum blog how the voting works.
“Miners supporting the DAO soft-fork can do so by starting Geth 1.4.8 with --dao-soft-fork. This will cause the block gas limits to be lowered towards Pi million until the deciding block 1800000 (approx. 6 days from now) is reached. If the gas limit of this block is below or equal 4M, the soft-fork goes into effect and (all updating) miners will start blocking DAO transactions that release funds.”
Those who reject the fork should either apply the update without the additional command or ignore the update completely.
The statement emphasises that it is vital that if the soft fork is accepted by the majority even non-supporters update their version of the client; otherwise, they would effectively create their own fork of Ethereum network where they would continue accepting the hacker’s transactions.
The announcement concerning the Geth update and the mechanism of voting has caused controversy among Reddit users, some of whom cheered the release of the patch while others criticised the voting as non-democratic and biassed.
“The simple problem is that current voting arrangement is biased against "Yes" voters, because entering custom parameters in a command line is a larger investment than simply using the default configuration,” writes CryptoDao. “Clearly right now you have built a biased application that will indirectly assist the attacker.”
Another point of concern is the seemingly hasty nature of the update, which brings serious changes to the system without adequate testing.
“We got into this situation in the first place with the release of hundreds of lines of code that weren't properly reviewed. The first example of this code was released less than a day prior to the final release candidate. It doesn't seem possible that this thing has been tested properly,” believes user Logical. “This cavalier attitude towards code accuracy, even in the miner sphere is downright terrifying.”
The DAO investment platform was attacked on 17 June when more than 3.6 million ethers ($53 mln) were stolen from its accounts in one day. The hacker used a loophole in the system’s split function to create a child DAO and drain the cryptocurrency from the main platform. However, due to the platform’s design, he will not be able to withdraw the money for the period of 27 days from the split.