splitDAO recursive calling vulnerability
DAO attacker, June 2016

The attacker wants to steal Ether from the DAO.

Ethereum is a distributed computing platform, where people can run code in a shared world-wide network of nodes. Nodes, in exchange of running such code, are paid with a cryptocurrency called Ether. One can create applications that run in Ethereum (called dapps), and a collection of applications are said to create a decentralized autonomous organization (DAO). The largest DAO in 2016 was called "The DAO", which worked as a venture capital funding organization. "The DAO" had a feature that allowed the participants to take their Ether and create a new "child" DAO fully under their control.

The code responsible for moving funds (which can be redeemed for Ether) to a "child" DAO worked the following way: it first calculated how many funds to move, depending on the current balance of the user, then it sent a message to the user, then it moved the balance to the "child" DAO and then removed the balance from the parent DAO. However, the user's balance won't be removed until after the user finishes receiving the message, so when the user receives the message, rather than allowing the process to continue, it can split his funds again, restarting the process, however, since the code that removes the funds from the user's balance hasn't ran yet, it executes again as if the user hadn't done the first transaction. The code repeats the same way again up until the user receives yet another message, which restarts the process again. When the user finally acknowledges the receipt of the messages, the code transfers more funds than the user originally had to the "child" DAO. At the end, the user simply exchanges his funds in the child DAO for Ether.
About In Security Bugs Gallery you will find drawings of different stories inspired by software security vulnerabilities.
Creative Commons License