Preventing a hostile take over on a DAO

Gatecoin 2016-04-28 02:41:56 UTC #1

Hi guys,

There is something I do not understand in that blogpost.

From what I understand, Curators are there to curate the smart contracts submitted to the DAO. Fair enough, but if they can also be dismissed at any time:

a - they can reject contracts targeting their dismissals > curators can collude and take over the DAO
b - they cannot, so anyone who has 51% can eliminate them one by one and elect his self > Majority shareholder can take over the DAO

I guess the solution is in that part:

a DAO can ‘split’ in case there is no mutual agreement during the second round. No matter what Joe Rich tries, the DAO will always be able to spot his malicious Proposals and split itself proportionally to the second vote results, leaving the attacker with his ether and the rest of the participants in control of their own.

I do not get it, do you know where I can have more details about it?

tjayrush 2016-04-28 02:59:50 UTC #2

Read the source code on the slock.it/DAO. Totally serious. It's the only real way to understand anything (in my opinion). The truth is in the code.

Gatecoin 2016-04-28 03:09:13 UTC #3

thanks, but I m not a developer at all myself.

Will check with our devs

ch405 2016-04-29 11:45:19 UTC #4

The only thing the Curators can do is add/remove addresses from the whitelist. The whitelist is the list of addresses which are able to recieve ETH from the DAO. The Curators exist purely to prevent a 51% attack.

The 51% attack is when a malicious majority tries to put forth a proposal to send ALL of the DAO's ETH to an address "they" (the malicious majority) control. Active DAO token holders will see what is happening and vote "no" on the proposal. Since the (in this case malicious) majority will still win with a "yes" vote. The active minority will then vote to split the DAO which they cannot be stopped by the majority. HOWEVER, the INACTIVE DAO Token Holders(DTH) who aren't participating in voting and simply holding/trading tokens (perhaps in an exchange such as yours) will have no idea what is happening. Therefore, the 51% attacker would get THEIR ETH + SUM of ETH of all inactive DTHs.

The Curators stand in the way of this because they will see this attack and NOT add the 51%'s ETH address to the whitelist, thus effectively blocking the outcome of their proposal.

The Curators CANNOT interfere in any way with the proposals themselves (ie rejecting or approving them)

Also, with the Curators in place in the above scenario it would be uneccesary for the minority to split the DAO as the malicious majority's ETh address would not be able to recieve any ETH from the DAO.

This also means that there is a certain level of trust in the Curator. This is exactly why it is currently set up as a multi-sig contract populated by prominent members in the ETH/Crypto community. BUT, the option still remains to replace them at any time.

Does that help to explain your question?

Gatecoin 2016-05-10 17:16:59 UTC #5

@ch405 thanks, it helps a lot and sorry for the late reply, I did not have time to come back to the forum recently.

Ok I was wrong on the role of the curator (and wrong to say curatorS apparently too)
I was not familiar with that split feature before tonight actually.

there is still a possibility of a "disguised" take over, with those 51% split across multiple addresses, dont you think?

ch405 2016-05-11 00:40:40 UTC #6

Yes definitely, and that is why the curator's exist. if a group of addresses (>= 50% of tokens) colluded and submitted a proposal that very plainly indicated all the ETH would be sent to an address they control it would be obvious to all active token holders and they would vote "NO" and split. The inactive tokens holders would be left behind and they would essentially lose their ETH. There is trust placed in the curators that they will act in the best interest of the inactive token holders and not add the address of the majority to the whitelist.