What is the proposed Moratorium — and what is it good for?

Introduction and possible attack vectors

On May 27 Vlad Zamfir made a post on the DAOhub forum in which he pointed out, that a moratorium is needed “to protect the DAO’s token holders against the affirmative voting bias, along with mitigating other game-theory based attacks.”

He also pointed out that he, Dino Mark, and Emin Gun Sirer audited The DAO’s code, with “help from other community members”. Their audit focused on an “analysis of the mechanism design/game theory of participating in the DAO”. This post was followed by a blog post and a working paper describing several attack vectors along with possible solutions.

In this post we won’t describe in detail, nor rate the risk and the possible danger of those attacks. As this role is more suited to those auditing the code, we would favor a risk-matrix that gives a decent overview for the DAO token holders (DTH), enabling them to make a solid decision on the Moratorium without the need to dig into a technical whitepaper and expecting them to understand the DAO code in detail, this is beyond our scope.Instead we will give a brief layman’s summary of each attack vector:

  1. The Affirmative Bias, and the Disincentive to Vote No:
    Token holders are incentivized to either vote yes on a proposal or not to vote at all. During the voting time the tokens are blocked, so that a token holder who voted no would be forced to pay for the proposal, while a token holder who didn’t vote has the option to split before the proposal gets accepted.
  2. The Stalking Attack:
    The stalking attack has already been discussed quite a lot. Basically it says that during the time it takes to perform a split, an attacker can buy in into the newly created DAO and block the victim from withdrawing her funds — yet the attacker needs a majority of DAO tokens to perform this attack and therefore has an economical risk as well. Slock.it has quite a long explanation that explains possible defense mechanisms regarding the stalking attack, yet these mechanisms have been critizised as well.
  3. The Ambush Attack:
    The ambush attack (could also be called last-minute attack) is building up on the disincentive to vote no. This attack is best explained by an example: 
    We have a quite bad proposal running out in 2 hours. The quorum is 15% with 50% yes and 50% no votes. Rational DTH do not feel the urge to vote no on this proposal, since it doesn’t have the required quorum anyways. Last minute a large token holder or pool with personal interest to have the proposal passed votes yes (e.g. the proposer himself). Most DTH won’t detect this attack and fund this proposal against their will, because they had no time to vote no or split.
  4. The Token-Value Attack:
    The token-value attack is an attack directly on the value of DAO tokens. The purpose can either be to directly profit (e.g. via shorts or put options), or to purchase DAO tokens back in the open market in order to acquire a larger share of The DAO. This attack can be performed by performing (or pretend to) the other attacks and announcing them loudly via social media channels.
  5. The extraBalance Attack:
    In the extraBalance attack the attacker tries to convince token holders to split from The DAO — therefore raising the book value of the tokens because of the funds in the extraBalance.
  6. The Split Majority Takeover Attack:
    For this attack a majority of token holders needs to be the attacker. The whitepaper addresses the issue of a majority trying to get 100% of The DAOs funds by releasing one proposal to withdraw them. The failsafe for this attack are the curators, who won’t whitelist the attackers. 
    The split majority takeover attack is building on top of that. Here the malicious majority provides several proposals that only drain a part of the funds. Such an attack is more difficult for the curators to detect.
  7. Reward Dilution:
    Another potential attack against token holders who split is for the remaining token holders of The DAO to dilute the dividends they pay out to token holders who split. They can carry out this attack by funding proposals that cycle the fund’s coins, issuing new reward tokens that dilute the rewards that come in from earlier investments. This attack stems from the way reward accounting lumps maintenance costs, internal transfers and genuine investments into a single proposal abstraction. It requires curator participation to launch, but well-meaning curators can inadvertently launch it when reorganizing funds or when the fund fires underperforming contractors; that is, operations which take coins out and return them as rewards.
  8. Risk-Free Voting:
    A token holder can vote on proposals without committing to fund them, which is an enabler for launching other attacks and executing strategic behavior. To do so, the token holder simply votes with his funds as usual, but then, when the voting period is over, calls ‘unblockMe’ and executes a split before the proposal is executed. This decouples the attacker’s funds from any risk he might take with them while voting, and enables a large voter to force bad decisions on the remaining token holders as he exits. It is not without risk, as he may be unable to unblock and split in time, but it is nevertheless possible, as correct execution depends on timing assumptions.
  9. The Concurrent Proposal Trap:
    In this attack an attacker blocks token holders in The DAO by suggesting a proposal with a very long voting period. During this time the attack can provide another malicious proposal with a shorter voting period. Due to the long-term voting the DTH cannot split and need to defend themselves actively against the malicious proposal
  10. Independence Assumption:
    The independence assumption states that there is a design-flaw in The DAO since it does not allow to form any decision-making progress that supports dependencies regarding proposals.

How can the Moratorium make The DAO safer?

While the discussion is still ongoing, Alex van de Sande summarized three possible actions that can be taken during a Moratorium time. There is also a DAOhub forum discussion regarding these suggestions.

  1. Child DAOs:
    A child DAO seemed to have been an idea of him. Yet he stated the following on reddit regarding this idea: “I’ve been convinced there are technical reasons that make mini-DAOs impractical.” — Which is why we won’t discuss this idea further here.
  2. Full contract upgrade:
    A full contract upgrade would mean that a new DAO code would need to be developed, tested and deployed. Then the ‘old’ DAO would need to move to the new contract. This can only be achieved by a 53,3% quorum and a simple majority vote.
  3. A proposal guideline:
    The curators would “want to set up some proposal guidelines and that can be then built into a standard open proposal contract framework.”
    This seems to be his favored measure, since according to him “Most of the DAO issues can be handled or at least highly diminished by the proposal contract themselves”

At the same time, the curators appeal to The DAO, slock.it, the university research groups and the community in general to join forces to work for the DAO 2.0.

These ideas have already been addressed in a blog post by slock.it who gave a positive reaction regarding the ideas submitted by Alex van de Sande.

Future outline

The voting period on the moratorium ends on the 2016–06–11 19:31:34 UTC according to Etherscan.
Basically three things can happen then (the results are assumptions and might be different than we project them):

  1. No quorum reached
    This would probably be the worst case for The DAO, since it shows a lack of interest regarding the issues and the curators would need to decide how to go on.
  2. A majority voted “no”
    This shows that the DTH do not share the same security concerns as the curators. In that case it will be possible to be verified by the curators, to be whitelisted and to submit proposals.
  3. A majority voted “yes”
    This result shows support for the concerns the curators have. It will then be necessary to address the attack vectors in detail, see which ones are critical to count as ‘blockers’ (a blocker is considered as a bug that is so critical, that a software is not able to run) — and develop solutions for these issues. It is hard to assume any timeframe how long the submission of proposals will be blocked then, this is strongly depending on the kind solution-approach that will be taken

Conclusion

As a DTH, one must decide if the risk of these potential attack vectors is great enough to warrant a continued moratorium proposals. Regarding the information by Alex van de Sande and Slock.it, it is very likely that the result of a moratorium will be a proposal contract framework, which possibly could be delivered in a foreseeable timeframe.

While the list of possible attacks is quite long, all of them are game-theoretical attacks, none of them can be considered as a classical “software bug” that would, for example, allow one to “hack” The DAO.

To add a personal statement, it is great to see the curators taking on responsibility for The DAO, even if this does represent some scope creep on the defined role of the curator.Yet it can be only be considered positive to have the smartest heads in the Ethereum network improving and securing The DAO.