This proposal discloses a potential exploit that leverages a lack of front-end functionality reflection (on both Alchemy and DXvote) in the DAOstack contribution reward scheme (used for worker proposals). By using functionality available in the smart contract which is not reflected on the UI side, it’s possible to mint over 51% REP and take full control of DXdao.
DXdao, an on-chain DAO since 2019
REP, the voting power in DXdao an ERC20 token without the transfer function (i.e. soulbound)
Alchemy, the original front-end UI for DAOstack smart contracts
DXvote, DXdao’s front-end UI for DAOstack smart contracts
The Contributor Reward Scheme is the most used scheme at DXdao, it’s used for anything that transfers money including worker proposals, sponsorships, paying contractors etc. The scheme handles all fund transfers out of the DAO.
A couple of weeks ago, while both Alchemy and DXvote were down (most likely RPC issues), I decided to manually build a transaction and submit it. To do so, I had to dig into the scheme to see which parameters to set while building the transaction.
Looking at the scheme’s rewards array, I noticed all rewards (i.e. ETH, Stablecoins) are “requested per period”. Furthermore, there is a “Number of periods” argument that can be set when submitting a transaction manually.
In other words the scheme allows proposals to have redemption periods i.e. you can redeem a proposal more than once. A use case for this is a 3-month worker proposal which just has to be passed once, and subsequently is redeemable 3 times if the first and only proposal passes successfully. This functionality is also documented in the corresponding function of the Contributor Reward Scheme.
While this functionality is implemented on the smart contract, neither Alchemy nor DXvote (the only two front-ends to these smart contracts) display whether a proposal is a one-off proposal (as it is by default when submitting through DXvote or Alchemy) or if it has multiple periods (i.e. redeemable multiple times).
See this proposal: Alchemy | DAOstack
Looks normal, right?
However, if you look at the proposal creating txs, you can see this proposal actually has 5 periods.
This presents a severe vector of attack, if not monitored, as a proposal as innocuous as a Discord REP boost, could be submitted with enough redeem periods to effectively hold majority REP in the DAO. Additionally, it could also be used to redeem payments multiple times.
The most pragmatic way to exploit this would have been through a Discord REP boost - which are REP issued to active members in DXdao’s Discord server. The REP boosts are issued quarterly - so all that would be required would be to join the DXdao discord server with a new anon account and being highly active in the DXdao server, to be included for a REP boost.
The lowest REP boost is 176.822 REP - sufficient to mint 51% REP. In the same proposal as above 0x8f0d1cb6d9497139e054162b1e067e91c6fe41cd1b8a51631eb62798c11aef89 Tenderly was used to overwrite 3 states:
- Change REP minted to 176.822 (Discord boost amount)
- Change Periods to 100’000
- Simulate proposal to “passed” (to be able to simulate an execution)
The period essentially acts as a multiplier and mints 17M REP to the address. 17M REP would be 90% of all REP - giving the address the ability to instantly pass any proposal through majority votes (i.e. draining the whole treasury).
See Tenderly simulation: Tenderly Dashboard
At the time of the discovery of this exploit there were $84M the DAO, $37.8M of which in ETH and stablecoins.
The exploit makes use of a simple mismatch between smart contract functionality and functionality reflected in the UIs. The only way to ensure such an attack never happens, is to actively monitor proposals for their periods.
The exploit was originally reported in June 2022 by @dlabs to @augustol @ross @johnkelleher and @powers - on the same day it was found. DXvote added monitoring for it in the development environment the same day.
DXvote will show a warning label on proposals as such:
And further detailed errors once the proposal is opened:
DXdao is also planning to fully migrate from DAOstack smart contracts to it’s own suite of contracts in the near future and has established a more robust monitoring process in the short term.