TO WRITE
Potential attacks
Recursive call
INCOMPLETE
Recursive call bugs or race to empty is
Recursive calling vulnerability is the kind of attack seen on Friday 2016-06-17. The process is draining the ether contained in the DAO into a child DAO.
The dao exploit followed this pattern: propose a split. Execute the split. When the DAO goes to withdraw your reward, call the function to execute a split before that withdrawal finishes. The source code, TokenCreation.sol, transfers tokens from the parent DAO to the child DAO. Basically the attacker is using this to transfer more tokens than they should be able to into their child DAO.
In essence, a call that looks like a regular call can easily be turned into a recursive call, and unless the application is coded very carefully, it can be used to make multiple withdrawals when only one should be allowed.
Callstack
Copycat
Solutions
Soft fork
A Softfork is a minor, temporary alteration to the protocol wherein only previously valid blocks/transactions are made invalid. Since old nodes will recognize the new blocks as valid, a softfork is backward-compatible
Basically, it requires only the acquiescence of implementors and miners and need have no long-term repercussions, neither in terms of the code-bases nor in terms of the protocol spec.
Hard fork