摘录


TheDAO was attacked today, and the attacker seems to have made off with 3.5mm ether (at time of writing in excess of $45mm). The vulnerability was the Race To Empty or Recursive Call attack.

We'll probably be writing about this for some time, but I wanted to get out there what's known now, and trace out the attack so people can see how this attack looks in the wild.

点评

这个世纪大BUG导致了以太坊的分叉

原文

点击这里查看原文

其它

本帖内容由21QA云收藏工具自动生成,欢迎使用。

系统消息 若觉得内容不错,请点击左上角的"赞"图标,以优化网站的内容呈现。 另外,请及时验证注册邮箱,否则收不到21QA发出的红包。 官方Q群:250203055

提问于 16 一月, 21:06

%E8%B7%AF%E4%BA%BA%E7%94%B2's gravatar image

路人甲
131287480571

编辑于 16 一月, 22:06


价值5000万美金的BUG


And so it goes:

Propose a split and wait until the voting period expires. (DAO.sol, createProposal)
Execute the split. (DAO.sol, splitDAO)
Let the DAO send your new DAO its share of tokens. (splitDAO -> TokenCreation.sol, createTokenProxy)
Make sure the DAO tries to send you a reward before it updates your balance but after doing (3). (splitDAO -> withdrawRewardFor -> ManagedAccount.sol, payOut)
While the DAO is doing (4), have it run splitDAO again with the same parameters as in (2) (payOut -> _recipient.call.value -> _recipient())
The DAO will now send you more child tokens, and go to withdraw your reward before updating your balance. (DAO.sol, splitDAO)
Back to (5)!
Let the DAO update your balance. Because (7) goes back to (5), it never actually will :-).
系统消息 若觉得内容不错,请点击左上角的"赞"图标,以优化网站的内容呈现。 另外,请及时验证注册邮箱,否则收不到21QA发出的红包。 官方Q群:250203055
永久链接

回答于 16 一月, 21:52

%E8%B7%AF%E4%BA%BA%E7%94%B2's gravatar image

路人甲
131287480571

more

系统消息 若觉得内容不错,请点击左上角的"赞"图标,以优化网站的内容呈现。 另外,请及时验证注册邮箱,否则收不到21QA发出的红包。 官方Q群:250203055
永久链接

回答于 16 一月, 22:05

%E8%B7%AF%E4%BA%BA%E7%94%B2's gravatar image

路人甲
131287480571

你的回答
切换预览

你可以使用订阅来关注这个问题

使用邮箱订阅:

登录后可以订阅更新

使用RSS订阅:

回答

回答与评论

文字标记基础知识

  • *斜体文字* 或者 _斜体文字_
  • **黑体文字** 或者 __黑体文字__
  • 插入超链接: [链接文字](http://url.com/ "标题")
  • 插入图片: ![alt](/path/img.jpg "标题")
  • 编号排列: 1. Foo 2. Bar
  • 输入换行符前请输入两个空格(即:空空回车),仅敲回车无效。
  • 支持基本的HTML标签的使用

问题的标签:

×577
×2
×1

问题发表于: 16 一月, 21:06

问题被查看: 475 次

最近更新: 16 一月, 22:06

powered by O*S*Q*A

粤ICP备14040061号-1