How Did the DAO Hack Use a Reentrancy Vulnerability?
In the 2016 DAO hack, the attacker exploited a reentrancy vulnerability in the withdrawal function. The attacker called the function to withdraw funds, and before the DAO's ledger was updated to reflect the withdrawal, the attacker's contract "re-entered" the withdrawal function, calling it again.
This process was repeated, allowing the attacker to drain a large amount of Ether from the DAO before the contract could update the balance. The vulnerability lay in the order of operations: the contract sent the funds before updating the internal state, a critical design flaw.
Glossar
Reentrancy Vulnerability
Exploit ⎊ Reentrancy vulnerabilities represent a critical flaw in smart contract design, particularly prevalent in decentralized finance (DeFi) protocols and crypto derivatives.
The Dao Hack
Exploit ⎊ The Dao Hack, occurring in June 2016, represents a critical inflection point in the evolution of decentralized autonomous organization (DAO) security and smart contract auditing within the Ethereum ecosystem.
Vulnerability
Exposure ⎊ Vulnerability within cryptocurrency, options, and derivatives manifests as quantifiable risk to capital stemming from imperfectly hedged positions or systemic dependencies.
DID
Attestation ⎊ Decentralized identifiers (DIDs) within cryptocurrency and financial derivatives represent a verifiable digital identity, moving beyond centralized authorities to establish trust through cryptographic proofs.
DAO Hack
Event ⎊ A security breach targeting a Decentralized Autonomous Organization, typically exploiting flaws in governance mechanisms or smart contract logic to illicitly transfer pooled assets.