Back to Vulnerability database

The DAO Reentrancy

ID Submit date Publish date Author Score
1 10.25.2018 10.25.2018 10.0

Description

The bug is that when splitDAO() is called, it will then call the recipients code to transfer Ethereum coin, after which the recipients code will call splitDAO() again before finishing. This causes the process to repeat itself, transferring more Ethereum coin, then calling splitDAO() again, which calls the hacker's code, which calls splitDAO(), which calls the hacker's code, and so on. The process will continue endlessly, until it drains all of TheDAO's coin. BVSS:1.1/B:S/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:H/AI:N

Proof of concept

http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/

Attachments

Comments


November, 2 01:34pm

nice

@fixit November, 18 10:26am

S

December, 23 03:12am

nic

@zseano January, 10 11:25pm
@Arbin January, 15 01:04pm

<a href=javascript:alert(1);//>nice 2</a>

@Arbin January, 15 01:06pm

<a>x</a>