This site accompanies the paper SoK: Attacks on DAOs. We keep an up to date list of past attacks and incidents, as well as possible attacks uncovered in academic papers, reports, or audits. If you are aware of any attack on a DAO not listed, please fill out this form so that we can add it or email us at [email protected].
For each incident, we indicate the date and blockchain on which it occurred. Additionally, for real-world incidents, we indicate the purpose of the attack, whether it was successful, and if it was, the financial damage. Finally, for each (theorized) attack, we highlight which attack vectors of those introduced and discussed in the previous sections are utilized.
In particular, we categorize attacks on DAOs into four categories: (i) bribing (BR) attacks, (ii) token control (TC) attacks, (iii) human-computer interaction (HCI) attacks, and (iv) code and protocol vulnerability (CP) attacks. The following page offers a short summary of the categorization of attack vectors.
If using this database for research, please cite as:
@inproceedings{feichtinger2024sok,
author= {Rainer Feichtinger and Robin Fritsch and Lioba Heimbach and
Yann Vonlanthen and Roger Wattenhofer},
title= {{SoK: Attacks on DAOs}},
booktitle= {{Sixth International Conference on Advances in Financial
Technologies (AFT), Vienna, Austria}},
month= sep,
year= {2024},
}
This website could include inaccuracies or typographical errors.