DAO soft-fork #2725
DAO soft-fork #2725
Conversation
This implements a generic approach to enabling soft forks by allowing anyone to put in hashes of contracts that should not be interacted from. This will help "The DAO" in their endevour to stop any whithdrawals from any DAO contract by convincing the mining community to accept their code hash.
Updated: Fri Jun 24 09:58:55 UTC 2016 |
Current coverage is 52.22%@@ develop #2725 diff @@
==========================================
Files 217 217
Lines 24865 24909 +44
Methods 0 0
Messages 0 0
Branches 0 0
==========================================
+ Hits 12965 13009 +44
- Misses 10749 10753 +4
+ Partials 1151 1147 -4
|
karalabe
force-pushed
the
obscuren-softfork-dao-2
branch
2 times, most recently
from
5c318c5
to
a633d54
Compare
karalabe
force-pushed
the
obscuren-softfork-dao-2
branch
2 times, most recently
from
9707c03
to
244c8f3
Compare
| common.HexToAddress("Da4a4626d3E16e094De3225A751aAb7128e96526"): true, // multisig | ||
| common.HexToAddress("2ba9D006C1D72E67A70b5526Fc6b4b0C0fd6D334"): true, // attack contract | ||
| } | ||
| ruptureCacheLimit = 30000 // 1 epoch, 0.5 per possible fork |
There was a problem hiding this comment.
Is there a specific reason why these are globals?
There was a problem hiding this comment.
Easily configurable from one location. Nothing else. Beats hard coding them into the middle of the file :)
|
@fjl PTAL |
karalabe
force-pushed
the
obscuren-softfork-dao-2
branch
from
37e5242
to
9b58c2e
Compare
|
I've squashed this commit, ready for merge. PTAL. |
| @@ -85,6 +85,11 @@ func exec(env vm.Environment, caller vm.ContractRef, address, codeAddr *common.A | |||
| createAccount = true | |||
| } | |||
|
|
|||
| // mark the code hash if the execution is a call, callcode or delegate. | |||
There was a problem hiding this comment.
This comment is not very helpful if you don't know the background why some code needs to be marked as special. I would suggest removing this comment line and add a bit more explanation to the docs for Environment.MarkCodeHash why such a feature is available and used for. In execDelegateCall there is no comment for the same logic.
There was a problem hiding this comment.
Indeed. I just inherited it from Jeff's code. Will patch it up.
There was a problem hiding this comment.
Fixed:
// Mark all contracts doing outbound value transfers to allow DAO filtering.
karalabe
force-pushed
the
obscuren-softfork-dao-2
branch
from
9b58c2e
to
ba784bd
Compare
| } | ||
| // Verify if the DAO soft fork kicks in | ||
| if blockRuptureCodes { | ||
| if recipient := tx.To(); recipient == nil || !ruptureWhitelist[*recipient] { |
There was a problem hiding this comment.
Just to. These are not plain addresses, rather multisig contracts. So to whitelist interaction with these contracts, the transaction to fields needs to be actually checked.
| if err != nil { | ||
| return nil, nil, nil, err | ||
| } | ||
|
|
||
| // Check whether the DAO needs to be blocked or not |
There was a problem hiding this comment.
Since miners only activate the soft fork if DAOSoftFork is set, shouldn't this code also check for it? Otherwise we make the soft fork optional for the block-to-mine code but mandatory for all block validation.
There was a problem hiding this comment.
Indeed (mandatory for all validation) and that is the point of the soft fork. If the majority votes to pass it, others voting against it will also honor it and keep the network together. Otherwise the network will just hard split into two.
There was a problem hiding this comment.
The point is that we should either check for DAOSoftFork here (and in the other places where the soft fork is enacted) or not have the flag at all in the soft fork version of the code. Currently it's inconsistent, as there's then no point in running this version as a miner if one does not want to vote for the soft fork.
|
👍 |
This PR is the implementation of the proposed surgical soft-fork to block DAO contracts from sending funds out into uncontrolled environments. All DAO contracts are blocked from moving funds unless those are initiated by the two whitelisted white-hash contracts. This soft fork is a temporary measure that will be reverted after this mess is sorted out.
How to use
If you agree with the soft-fork to temporarily block DAOs from removing blocks, run Geth with
--dao-soft-fork, which will signal to the miner to reduce the block gas limit below the4Mthreshold, which is needed to pass the fork vote. You don't need to specify anything else, the miner will targetPimillion gas for all blocks below the vote threshold. After the vote block passed (irrelevant of the outcome), the old gas dynamics will take its place.