How the Blockchain Helped Me Prove I Knew the Future
I’m building a piece of software called EthSlurp. It’s a blockchain data scraper. It runs from the command line and takes various parameters such as an Ethereum contract address, an output format, a date and/or block range, and various other options.
The most salient feature of EthSlurp is its ability to convert a transaction’s input data (which is usually seen as unreadable hex) back into human readable text.
Every ethereum transaction carries with it an arbitrary amount of data in a field called input. This field is one of the nuggets of true genius behind what Vitalik Buterin did — Bitcoin also carries input data in each transaction, but only 80 bytes worth. With Ethereum, the input data can be as long as is needed. Ethereum sends function calls to smart contracts in the input field. In fact, the byte code of the smart contract itself is sent in the input field of the transaction that deploys the contract.
Converting the Input Hex Back into English
When a smart contract is compiled into byte code, an ABI (Application Binary Interface) is created. Using that ABI, which contains a list of all the function calls along with their parameters, EthSlurp is able to convert the input back into a human readable form.
For example, this input from a typical transaction on The DAO smart contract:
0xc9d27afe00000000000000000000000000000000000000000000000000000000000000440000000000000000000000 000000000000000000000000000000000000000001
represents this function call:
vote(68,“Yea”) (A “yes” vote on proposal number 68.)
While this input:
0x23b872dd000000000000000000000000bf6cc4a882ace8e3a19bb8f5372280b33b2f6c9e00000000000000000000000 0fbb1b73c4f0bda4f67dca266ce6ef42f520fbb980000000000000000000000000000000000000000000000056bc75e2d6 3100000
represents the function call:
transferFrom ( “0xbf6cc4a882ace8e3a19bb8f5372280b33b2f6c9e”, “0xfbb1b73c4f0bda4f67dca266ce6ef42 f520fbb98”, “-1”)
That is, send all the ether from the first account to the second. (-1 means send all of the ether.)
I’ve been using EthSlurp to scrape The DAO every day since it first went live back in late April. I’ve stored that data, representing more than 135,000 transactions, here: http://daodeepdive.com/data.html. I’ve separated the transactions in various ways including day-by-day and function-by-function.
So How Did I Predict the Future?
In addition to The DAO smart contract, I also scrape other smart contracts, among them the DarkDAO and The DOA Curator’s MultiSig contract.
Yesterday, around noon EST, I noticed a bunch of transactions that I hadn’t seen before. For the first time since a few days after the theft, there were transactions on the DarkDAO, and because EthSlurp allows me see the function calls, I noticed that the new transaction represented a ‘changeAllowedRecipients’ call. So I scraped that transaction:
0x9257c2e0a11de7b7427d4607f5908d6448278070bb73500139387930826fedc0
whose data input field translates to this:
changeAllowedRecipients(“da4a4626d3e16e094de3225a751aab7128e96526”,1)
I then scraped the da4a... address, and recognized it as The DAO Curator’s Multisig contract. So now I knew that the DAO Curator’s Multisig had been added to the Dark Dao’s whitelist which means that the DAO Curators can make money transferring proposals on the Dark DAO.
Oh My God! I’m the Only Person in the World Who Knows This!
When I first saw this, I was pretty sure I was the only person on earth who knew about this transaction other than the White Hat group and perhaps the Dark DAO Dick (as I call the attacker). Of course, this was only speculation. I don’t know this for sure, but I thought it was probably true.
I decided to document the fact that I knew this before anyone else. I did so in true we-now-have-an-immutable-never-changing-database fashion by sending myself the following Ethereum transaction: 0xa152016a73c308e2ecdf9ff31d6a36f717604472a589f21e998e96c3e9500344.
So what’s the big deal? Why does this prove anything? Click on the ‘Convert to Ascii’ button on that webpage. You will see the following message which I forever recorded on the blockchain:
On July 11, 2016 this contract (0xb656b2a9c3b2416437a811e07466ca712f5a5b5a) which is the
DAO curator contract sent a transaction to the DarkDOA (0x304a554a310c7e546dfe
434669c62820b7d83490) that added the DAO’s curator to the DarkDAO’s whitelist. Here’s the
transaction ID: 0x9257c2e0a11de7b7427d4607f5908d6448278070bb73500139387930826fedc0.
I am writing this to the blockchain before anything happens to demonstrate the power of
http://ethslurp.com software by Great Hill.
That was last night, July 11, 2016 at 8:58:05 PM UTC. This morning at 8:25 in the morning this tweet appeared from Stephen Taul: https://twitter.com/stephantual/status/752886658211676160. I knew this 12 hours before it was announced. I told the future, and I proved it.
Help Me Help You
I’ve seen a lot of commentary over the last few weeks about many different things that the Ethereum community could be doing to make smart contracts smarter and less prone to being hacked. Most of that commentary has been focused (properly) on the front half of the equation — that is, the Solidity source code and the application code. There are many, many things we can do to make the source code better and protect us from bugs.
But I think another interesting area that can be pursued is the learn how to better monitor and watch the contract's transactions as they are laid down on the blockchain. I’m trying to convince myself that somewhere hidden in the ~135,000 transactions on The DAO there are hints that might lead us to the Dark DAO Dick. I've found one thing so far (A Clue to the Attacker's Location (Medium Post)).
You can help by downloading my data (http://daodeepdive.com/data.html). Try to see if you find any patterns. Help me double check that the data is correct. And send me a tip to help keep my work going.