Skip to content

Commit

Permalink
Protect against recursive withdrawRewardFor attack
Browse files Browse the repository at this point in the history
  • Loading branch information
@LefterisJP
LefterisJP committed Jun 12, 2016
1 parent 6967d70 commit f01f3bd
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion DAO.sol
View file
Expand Up @@ -744,9 +744,10 @@ contract DAO is DAOInterface, Token, TokenCreation {

reward = rewardAccount.balance < reward ? rewardAccount.balance : reward;

paidOut[_account] += reward;
if (!rewardAccount.payOut(_account, reward))
throw;
paidOut[_account] += reward;

return true;
}

Expand Down

3 comments on commit f01f3bd

@craigcalef
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Too bad this didn't get in before the Eth walked away. :(

@nukec
Copy link

@nukec nukec commented on f01f3bd Apr 5, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well sadly, i think this might've given an idea to the attacker in the first place. security fixes should've been reviewed and committed immediately.

@StrongerXi
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sigh..

Please sign in to comment.