Skip to content

Assignment 2

Jump to bottom
Gijs Van Laer edited this page Oct 12, 2020 · 2 revisions

Released 5 October, due 19 October at 11:59pm

Overview

In this assignment we'll be exploring Ethereum, and in particular the DAO (Decentralized Autonomous Organization). You'll be implementing portions of something like the DAO in Solidity. Phase 1 is notably longer than the other phases. Read everything (including the written portion) before you start coding.

Implementation

Phase 1: There are many like it, but this one is DAOrs

First, in dao.sol implement a smart contract which has the following data and operations:

  1. A constructor which saves the identity of the creator
  2. An initial totalBalance of 0.0
  3. A balances mapping from addresses to amounts
  4. A default valuation of 1.0
  5. A default curator, the creator
  6. delegateCurator which the curator can call to change the curator to another address this cannot be called while an unsealed proposal exists
  7. deposit which can be paid into to gain tokens (saved in balances and totalBalance) at valuation exchange rate
  8. withdraw which pays eth out at a rate of valuation for a specified number of tokens
  • this cannot be called on tokens which are in a proposal
  • this must fail if balances or totalBalance are insufficient
  1. A getBalance function for an address
  2. createProposal which the curator can call to create a new proposal with only 1 unsealed proposal can exist at a given time
  3. vote which commits a user's tokens to yes or no for a given proposal
  4. Votes cannot be changed
  5. A deposit made by someone who has voted also commits the new tokens to their vote
  6. Once a proposal has more than 50% of the tokens which existed at the time of its creation on yes or no it is sealed
  7. A sealed proposal cannot be voted on
  8. If the majority says no all tokens are released back for future votes and valuation is unchanged
  9. If the majority says yes all tokens are released back for future votes and valuation is multiplied by a random value from 0.0 to 10.0 (increments of 0.1)
  10. This random value must be selected from a normal distribution centered at 2.0
  11. If valuation hits 0.0 all tokens are invalidated (totalBalance and balances reset) and valuation goes to 1.0

Phase 2: The DAOrtoise vs the Hare

Copy dao.sol to race.sol and make your withdraw function vulnerable to a race-to-empty attack as described in vessenes blog linked in the resources below, if it's not already (ignoring the send caveat). Fix your dao.sol with remediation approach 1.

Phase 3: Double DAOn

Copy dao.sol to split.sol and add a split function. This function:

  1. Can only be called by someone who has voted on a proposal which is not yet sealed
  2. Once the proposal is sealed, if a voter has split, their tokens can be withdrawn at the previous valuation unless the valuation has become 0.0 (then there's no totalBalance to withdraw)
  3. A voter who has split cannot deposit until the proposal is sealed
  4. Additionally make the split withdrawal vulnerable to the race-to-empty attack

Written portion

Submit 1-2 paragraph answers to the following questions/prompts:

  1. Describe your experience writing Solidity code. What was easy, what was hard, what surprised you?
  2. Describe the gas costs for the operation of dao.sol
  3. What types of attack would the contract dao.sol need to consider and defend against?
  4. Does your implementation in dao.sol defend against these attacks?
  5. Describe the attack which exploits race.sol and how someone can steal from totalBalance
  6. These attacks are similar to what happened to the actual DAO, but not exactly the same. What happened in the actual DAO?
  7. Read about and describe the stalking attack which the DAO enabled, and the DAO rebuttal

Resources

  1. https://remix.ethereum.org/#optimize=false&version=soljson-v0.5.1+commit.c8a2cb62.js
  2. https://solidity.readthedocs.io/en/v0.5.4/introduction-to-smart-contracts.html
  3. https://solidity.readthedocs.io/en/v0.5.4/solidity-by-example.html
  4. https://solidity.readthedocs.io/en/v0.5.4/solidity-in-depth.html
  5. http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/
  6. https://vessenes.com/more-ethereum-attacks-race-to-empty-is-the-real-deal/

Submission

This is an individual assignment, you are not allowed to collaborate. Submit the written portion and code separately via Gradescope. Anything aside from typed PDFs for the written portion will receive zero credit. Document code thoroughly!

Clone this wiki locally