Back to Vulnerability database

The DAO Reentrancy

ID Submit date Publish date Author Score
1 10.25.2018 10.25.2018 10.0

Decription

The bug is that when splitDAO() is called, it will then call the recipients code to transfer Ethereum coin, after which the recipients code will call splitDAO() again before finishing. This causes the process to repeat itself, transferring more Ethereum coin, then calling splitDAO() again, which calls the hacker's code, which calls splitDAO(), which calls the hacker's code, and so on. The process will continue endlessly, until it drains all of TheDAO's coin. BVSS:1.1/B:S/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:H/AI:N

Component

Smart contract

Platform

Ethereum

Subclass

Reentrancy

Comments


November, 2 01:34pm

nice

@fixit November, 18 10:26am

S