Back to Vulnerability database

The DAO Reentrancy

ID Submit date Publish date Author Score
1 10.25.2018 10.25.2018 10.0


The bug is that when splitDAO() is called, it will then call the recipients code to transfer Ethereum coin, after which the recipients code will call splitDAO() again before finishing. This causes the process to repeat itself, transferring more Ethereum coin, then calling splitDAO() again, which calls the hacker's code, which calls splitDAO(), which calls the hacker's code, and so on. The process will continue endlessly, until it drains all of TheDAO's coin. BVSS:1.1/B:S/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:H/AI:N

Proof of concept



November, 2 01:34pm


@fixit November, 18 10:26am


December, 23 03:12am


@zseano January, 10 11:25pm
@Arbin January, 15 01:04pm

<a href=javascript:alert(1);//>nice 2</a>

@Arbin January, 15 01:06pm