How Did the DAO Hack in 2016 Utilize a Reentrancy Attack?
The DAO (Decentralized Autonomous Organization) was a complex smart contract that allowed users to withdraw their funds. The attacker exploited a reentrancy vulnerability in the withdrawal function.
The function sent Ether to the user's address before updating their internal token balance. The attacker's contract, upon receiving the Ether, used its fallback function to recursively call the withdrawal function again.
Because the DAO's internal balance had not yet been updated, it repeatedly sent Ether for the same initial request, allowing the attacker to drain millions of dollars worth of ETH.
Glossar
Reentrancy Vulnerability
Exploit ⎊ The reentrancy vulnerability, prevalent in smart contracts and increasingly relevant to options trading and financial derivatives, arises from a contract's ability to be recursively called before an external call completes, allowing malicious actors to repeatedly drain funds or manipulate state.
The Dao Hack
Event ⎊ The Dao Hack was a seminal security incident involving the exploitation of a reentrancy vulnerability in a decentralized autonomous organization's contract, resulting in the draining of a significant portion of its Ether holdings.
DAO Hack
Event ⎊ A security breach targeting a Decentralized Autonomous Organization, typically exploiting flaws in governance mechanisms or smart contract logic to illicitly transfer pooled assets.
DID
Attestation ⎊ Decentralized identifiers (DIDs) within cryptocurrency and financial derivatives represent a verifiable digital identity, moving beyond centralized authorities to establish trust through cryptographic proofs.