Replay Attack

What happened?

  • TheDao 150mn crowdsale
  • Recursive Call Bug Discovered
  • 'No Funds at Risk' - Stephan Tual
  • TheDAO is Hacked
  • Soft Fork - DoS flaws
  • Hard Fork

Hard Fork Specification

  • Make a List 'L' of affected contract accounts
    • L := theDAO + extraBalance + ΣchildDAOs + ΣextraBalances
    • #{L} = 116
  • Deploy Contract 'C'
    • C := Refund Contract (also called WithdrawDAO Contract)
  • Transfer Ether
    • At Blk 1'920'000 transfer all ether throughout all accounts in 'L' to contract account 'C'
    • About 12mn ether

What changed?

  • Contract Accounts in List L are empty
  • Contract Account C is not (12mn ether transfered)

Ethereum

  • Hard Fork happened
    • Contract Accounts in List L are empty
    • Contract Account C is funded
    • The balance of a total of 117 Contract Accounts have been changed
  • ETH held before hard fork are still called ETH
  • Community

Ethereum Classic

  • Hard Fork did not happen
    • Protocol remains unchanged
  • ETH held before hard fork are now called ETC
  • Community

What is a Replay Attack?

  • Very few differences btw the two Blockchains
  • There is no function in either protocol, which checks on which Blockchain transaction is sent.
  • If Transaction is signed and sent on one Blockchain, it can be replayed on the other. If and only if:
    • Sender account existed before hard fork
    • Sender account was not empty before hard fork
    • Funds have not been splitted

Example

  • Alice wants to buy a product from Bob as seen on the DarkWeb. The product costs 10 Ether.
  • Alice sends 10 Ether to Bob.
  • Bob sends Alice the product plus Bob can replay the Transaction on the Ethereum Classic Blockchain and thus get a bonus payment of 10 ETC

How to prevent the Replay Attack

  • Split your funds
  • Using Vitalik Buterins' Splitter Contract
  • Deployed at below address 0xAA1A6e3e6EF20068f7F8d8C835d2D22fd5116444

Splitter Contract

Closing Thoughts

  • Next Hard Fork is approaching
  • Built-in difficulty adjustment scheme ε on both Blochains
  • Originally intended to make the switch from proof of work to proof of stake easier
  • Exponential Curve, started at Blk 200000
  • Expected to slow down Block times to about
    • 37s by 1.1.2017 and
    • 146m by 1.6.2017
    • 'Ice age' in 2021