Ethereum vs Ethereum Classic - Forks, Free Coins, 51% and Replay Attack's

in #ethereum8 years ago

Background

After 'The DAO' hack; which left 60 Million USD worth of ETH in the hands of the 'attacker' (well locked up in a child DAO for 30 days), there was a game of cat and mouse trying to drain the attacker of their funds using the same method that he had used to drain the funds from 'The DAO' itself.

This resulted in a Black/White or Light/Dark child DAOs, as the White Hat hacker attempted to beat the Black Hat in his own game, problem was that this attack could be used against each other back and forth like a game of ping pong.

Eventually there was consensus from the miners to preform a hard fork which revoked the fund from the hackers DAO and allowed users of the network to withdraw their funds from 'The DAO'.

Problem was miners decided the consensus and therefore not all participants of ETH were happy with the idea of hard forking as it was against there principles of immutability; this lead to the rise of Ethereum Classic.

Ethereum Classic is a pre-forked version of the Ethereum network which continued on from the original place where ETH had forked (Block # 1920000); and retained all balances and addresses as they stood. This is interesting as the classic chain has put their money where their mouth is and have stamped their intention for the future. Not forking for 60 Million USD worth of lost Ether is a strong message that they will stand behind the results of the EVM and not interfere with the immutability of the chain.

For holders of Pre-forked ETH (that is people who owned ETH before the fork occurred) they received free ETC when the ETC network went live proportional to the amount of ETH that tey were holding prior to the fork. Exchanges did this on you behalf; if you logged in to PoloniEX in the last week you may have noticed you have the same balance of ETC as you did of ETH before the fork. If you run a local wallet you may not have realized but your keys actually control the same amount of ETC as you had in ETH before the fork; you will need to download and setup another copy of Ethereum wallet and sync with the ETC network and import your keys or use a web based wallet.

51% attacks on Ethereum Classic

Remember i said that the consensus was derived from the miners; that tells us that at least 51% of the mining power of the ethereum network was in favor of having the hard fork and reversing the unintended consequences of the DAO theift; a war has broken out from both sides of the camp in relation to who has done right by the community and some rogue miners have even threatened to attack the ETC chain given the lack of mining prowess.

Current Hash rate of ETH and ETC

Pools such as http://51pool.org/ have been setup dedicated to gaining enough hash rate to attack the Classic chain; also recently there have been statements from large Ethereum Mining operator Chandler Guo's Twitter that his 98 GH operation would be used to attack the classic chain; Chandler has more recently stated that his goal is 'not be evil' and his proposed actions would hurt ETC holders so at least for the time being he has had a change of heart and will continue legitimate mining for Ethereum.

Replay Attacks

The replay attack is interesting one. The forked version of Ethereum Classic is an exact replica of the Ethereum chain before the hard fork was introduced. what this means is that all balances and keys prior to the hard fork are identical and given they are using the same network version and rules to accept valid transaction a valid transaction on one chain is also considered a valid transaction on the other chain as long as the transaction originated from a pre hard forked address which contains balances in the current state on both networks.

Lets dig into this a little more. Given that any address (that is the key-pair) that control the ETH before the fork now has ETH and ETC on both chains that are controlled by that very same key-pair and both networks construct transaction that are the same and vaild on both chains this means that once a transaction is broadcasted from a pre-fork address on either chain and that address contains balances on both chains the broadcasted transaction can be grabbed by a 3rd party and replayed on the other chain. To make things worse somebody is actually monitoring both chains and executing the other transaction on your behalf; i say that like she is doing you a favor; most likely this is not the intended result you were after.

Example:

Honest Bob is the owner of 100 ETH before the fork.
After the fork Bobs still owns 100 ETH but also now own 100 ETC on the Ethereum Classic network.
His private key that controls these funds on both chains are the same.
Post-Fork: Bob transfers 100 ETH to Alice.
Someone; let call the Carol; see Bobs transaction to Alice and replays that on the ETC network
The ETC network see a transaction from Bob to Alice with the appropriate signatures and validates it.
Alice received both 100 ETH and 100 ETC from Bob!

Think of the children.. i mean the Exchange's

This has played havoc with the exchanges which have had to implement countermeasure to ensure that this does not occur with their wallet's as the funds could be constantly deposited and withdrawn which would actually be sending ETC that belongs to other users to the person exploiting this attack.
PoloniEX has acted quickly and split the balance of ETH and ETC in their hot and cold wallets to separate addresses which prevents any replays as the same key no longer controls both coins.

Coinbase and GDAX were not so agile and as a result had their ETC balance of their wallets drained; this has also led to claims of them running a fractional reserve as the amount of ETC withdrawn did not match the amount of ETH on their books and some users experienced a large delays to have there ETC transactions processed; which has been speculated that this delay was the exchange buying coin at market to fulfil withdrawals... i have not researched this and at the moment only treat it as speculation and rumors but it will be interesting to see what comes out of it.

The method used to drain the ETC from CB and GDAX is outline in this tweet from Andrew T. DeSantis The basic process is pictured below

They let it happen?

It has recently come out that the affects of replay attacks were known prior to the hard fork but the Ethereum Foundation failed to implement proper protections due to added complexity; i.e adding these changes would mean that all existing libraries and 3rd party tools that validate transactions would need to be updated.

Peter Todd has recently voice his opinion Tweeting:

Original Tweet HERE

Unknown source

Proposed solution

Both teams are arguing who should actually be the one to implement the change which will require a hard fork as is changes the rules for transaction validation. Ethereum suggests that they have just made a hard fork and another hard fork so close to the last will possibly be 1 fork to many and may cause a loss of confidence from their users and huge complexities in updating libraries. Ethereum classics argument is that the chain that left consensus/ or forked from the original chain should be the one to 'clean up' the mess.

So far a few solutions have been discussed and Ethereum Improvement Protocols (EIP) are being evaluated.

What can you do?


If you have you balance on an exchange most major exchanges have taken care of this issue for you.

If you have you ETH on a local wallet; you have two options, wait until there is a protocol level change on one of the variants or you should secure you ETC coins by downloading a separate client and synchronising the Ethereum Classic chain or using a web wallet (such as myetcwallet.com), then generate a new address in both ETH and ETC and then set off to simultaneous transactions on both chain moving your ETH to your freshly created ETH address and moving your ETC to it's freshly created ETC address; you should wait 20 minutes and verify that both your ETC and ETH are secured on their separate freshly created post fork addresses; if not one of your transaction got replayed before you were able to have the other included in the chain; repeat the initial process until successful. There is also a smart contracted and further information detailed HERE

Once successful you will have both balances secured by different private keys which will prevent replay attacks on your transactions as the replayed transaction will not control any funds the alternative chain.

Don't forget if you are a DAO investor you also have DAOc (The DAO Classic) which can be redeemed from the Etherieum Classic network via a split proposal.

TL;DR

All in all this is a huge mess and unless you are following the project closely it can be easy to be confused;
The main takeaways here are:

  • if you held pre-forked ETH you now have the same amount of ETC controlled by that same key
  • if you held pre-forked DAO you now have the same amount of DAOc controlled by that same key
  • If you are using a local wallet before you process any transactions be sure the read up on replay attacks to ensure you don't lose your funds.

Despite the messy outcome; all Pre-fork ETH holders got given some free coins in the form of ETC and potentially DAOc.. you got them if you wanted them or not but one thing is for sure you cannot argue with the price!!

Sort:  

Problem is that ETC side have no devs on their side - they are traders and cryptoanarchists. The only ETC block explorer http://gastracker.io/ as a little primitive.
Also interesting that sum of market caps ETH+ETC = const av. $1,2 Billion

I sold all my free ETC. I hope I made the decision.

These 51% attack scenarios are the pinnacle of pettiness and power tripping. "Stop liking things I don't like, If you don't play by my rules I'll pee in your sandbox."

Karma ought to set a spark in his server farm if he really ruins the chain for these thousands of people that spoke with their money and rejected a fork for a product they never wanted in such fashion. Respect to them.

Good read @steempower

Seems that this mess never ends ! It's Sad for all cryptocurrencies :(

It is sad, but through failures things improve ;)

yes, the bigger view is that we are all learning how to create something valuable together. This is just a bump in the road. Nothing is created perfect, it will evolve thanks to these problems. We all need to step back and allow things to happen sometimes.

ETC со временем догонит ETH курс будет 1 к 1

Wow. a lot to digest.

I feel that this situation and its development will be a great movie to watch in the future !

Well said. We will see how the outcome will be in a few weeks. Currently ETC looks better then ETH but this might change quickly as we know

great post (y)

I think DAO still have potential. Even after this big hack. They have great idea but don't make bug-test's. Now they should fix all bug's and start again with classic ETH.

Is not easy to say which one is right. But, the longer this going on will setup back the ETH and ETC.

great post, upvoted

These kinds of forks are exciting, holders of the forked asset have their asset holdings effectively double (despite one or the other dropping in value).

I disagree with the intervention of the Ethereum community in the recovery of stolen funds, but I don't hold Ethereum in the first place so I don't really have a place expressing my opinion on the matter.

Their time for such hard-forks is running out though, they're planning (rumoured from earlier in the year) to switch to some form of Proof of Stake. The miners had their say in this switch, next time it'll be the investors!

👍😆great post...

myetcwallet . com is a confirmed phishing / scam site that will send all private keys generated or entered into their site to a server and steal all ETH and ETC stored in those accounts. Do NOT use.

More Information

Tips on how to NOT be phished / scammed

desantis Andrew T. DeSantis tweeted @ 27 Jul 2016 - 00:57 UTC

1/ Earlier today I theorized a mechanism for doubling one's $XBT balance in light of the #Ethereum fork. Here's how: https://t.co/zW88ZheyyL

petertoddbtc Peter Todd tweeted @ 30 Jul 2016 - 23:02 UTC

Re: the so-called "replay attack" not only can it happen by accident, Ethereum knew it would happen; it's deliberate willful inaction.

ChandlerGuo Chandler Guo tweeted @ 24 Jul 2016 - 12:33 UTC

I am Chandler Guo, a 51% attack on Ethereum Classic (ETC) is coming with my 98G hashrate powtopos.com

Disclaimer: I am just a bot trying to be helpful.

your idea is very good