Permalink
Browse files

Protect against recursive withdrawRewardFor attack

  • Loading branch information...
LefterisJP committed Jun 12, 2016
1 parent 6967d70 commit f01f3bd8df5e1e222dde625118b7e0f2bfe5b680
Showing with 2 additions and 1 deletion.
  1. +2 −1 DAO.sol
View
@@ -744,9 +744,10 @@ contract DAO is DAOInterface, Token, TokenCreation {
reward = rewardAccount.balance < reward ? rewardAccount.balance : reward;
paidOut[_account] += reward;
if (!rewardAccount.payOut(_account, reward))
throw;
paidOut[_account] += reward;
return true;
}

2 comments on commit f01f3bd

@craigcalef

This comment has been minimized.

Show comment
Hide comment
@craigcalef

craigcalef Jun 18, 2016

Too bad this didn't get in before the Eth walked away. :(

craigcalef replied Jun 18, 2016

Too bad this didn't get in before the Eth walked away. :(

@nukec

This comment has been minimized.

Show comment
Hide comment
@nukec

nukec Apr 5, 2018

well sadly, i think this might've given an idea to the attacker in the first place. security fixes should've been reviewed and committed immediately.

nukec replied Apr 5, 2018

well sadly, i think this might've given an idea to the attacker in the first place. security fixes should've been reviewed and committed immediately.

Please sign in to comment.