...
| Status | ||||
|---|---|---|---|---|
|
Recursive call bugs or calling vulnerability or race to empty is Recursive calling vulnerability is is the kind of attack seen on Friday 2016-06-17. The process is draining the ether contained in the DAO into a child DAO.
The dao exploit followed this pattern: propose a split. Execute the split. When the DAO goes to withdraw your reward, call the function to execute a split before that withdrawal finishes. The source code, TokenCreation.sol, transfers tokens from the parent DAO to the child DAO. Basically the attacker is using this to transfer more tokens than they should be able to into their child DAO.
...