Tornado Cash Governance Attacker Offers DAO New Lifeline—And an Expensive Lesson

Simply days after taking up the venture’s governance, the Twister Money attacker has submitted a brand new proposal to revert the injury they’ve brought about.

On Might 18, the Twister Money DAO by accident voted within the malicious proposal after failing to correctly audit its contents. Twister Money is a privacy-preserving mixer on the Ethereum community.

The attacker was then in a position to grant themselves 1.2 million TORN tokens, giving them management over the DAO. They then swapped 380,000 of the newly-gotten TORN tokens for 372 ETH and ran it again via the privateness protocol.

A DAO, or decentralized autonomous group, is a manner for a venture to prepare itself with out the necessity for a particular firm or particular person to be in energy. Governance tokens—corresponding to Twister Money’s TORN token—are distributed to the group to make and vote on numerous proposals for the venture in query.

The proposal had nothing to do with handing over tokens to any members. As an alternative, it requested group members to vote for or in opposition to growing the quantity of staked TORN tokens wanted to turn into a Twister Money relayer and penalize relayers trying to keep away from having their stake slashed.

The attacker claimed to have the identical logic as an earlier proposal that had already been handed.

Nevertheless, the malicious proposal added a self-destruct operate which, as soon as used, changed the unique proposal with a brand new, malicious one.

“Self destruction is, as one can think about, one of many scariest issues one can casually add as an additional operate,” a sensible contract engineer at Immunefi Gonçalo Magalhães advised Decrypt. “Altering the logic of a contract gives infinite potentialities.”

With the malicious proposal now in place, the attacker was in a position to withdraw all locked governance votes and drain all of the tokens from the governance contract.

“In abstract, the attacker drained the TRON tokens from the governance vault which means they then had all of the voting energy,” a spokesperson for safety agency PeckShield advised Decrypt. “They then swapped a part of the stolen TORN for ETH and deposited it into the Twister Money protocol.”

Shortly after the proposal was revealed to be malicious, one other proposal was made to revert the adjustments.

“As a result of the attacker now has a majority of voting energy, governance mechanisms are primarily meaningless,” Magalhães mentioned.

The attacker additionally submitted one other new proposal that may return the TORN tokens they’d given themself.  After swapping 380,000 TORN for ETH, the attacker nonetheless holds 820,000 TORN tokens, which suggests they nonetheless have complete management over the DAO.

Twitter consumer 0xdeadf4ce has urged, nevertheless, that this might all be a “gigatroll,” saying the brand new proposal to revert the adjustments was merely a method to spice up the token’s value.

How do DAOs keep protected?

This sparked debate on-line about DAO proposals not being correctly audited, if in any respect.

“This isn’t the primary case of governance assault this 12 months,” Snapshot’s head of development Nathan van der Heyden advised Decrypt. “The Beanstalk governance assault is without doubt one of the greatest hacks of the 12 months, and this Twister one might be some of the high-profile.”

On this case, the proposal was well-crafted to be non-descript and unsuspecting.

Many, if not all, voters would have merely solid their vote with out diving deeper into the contract’s code.

“Auditing all important processes is definitely a great measure, however we don’t see it typically being applied,” Magalhães advised Decrypt. “It’s exhausting already to see complete audits being finished on all good contract proxy upgrades.”

A spokesperson at PeckShield confirmed that the corporate receives proposal audit requests and that they “consider a number of well-known protocols have their proposals audited.”

PeckShield declined to disclose who pays for proposal safety audits or what initiatives decide to audit their proposals.

However what’s a DAO to do?

“DAOs ought to encourage the lively evaluation of proposals and participation from holders. Primarily, malicious code like this could not go unnoticed by all DAO members,” Magalhães mentioned. “A person voter ought to have a deep understanding of no matter they’re voting for. On-chain proposals, although digital, are undoubtedly actual, and have actual penalties.”

Whereas this assault was artful, anybody with a eager eye reviewing the code ought to have seen the self-destruct operate. “A self-destruction operate in a contract ought to have fired all headquarter sirens,” he mentioned.

This assault ought to act as a studying lesson, albeit an costly one, for DAOs and their members to stop one more governance assault from taking place this 12 months.

“We’d like generalized onchain governance frameworks that enable these exploits to be educating moments to the group that then adapts their very own frameworks to this new data,” van der Heyden mentioned, “If we don’t study collectively, then we’re compelled to repeat related errors individually.”