Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- The DAO (Decentralized Autonomous Organization) is an entity without any leadership. This was a concept implemented on the Ethereum blockchain with a substantial amount of money.
- The DAO has a piece of functionality called
splitDaoto ensure that the minority could create their own DAO if the majority was being unfair to them. - This functionality works by somebody splitting the DAO into two different ones. The person who does the split puts their token (from the DAO) into this contract. Afterwards, the funds of the splitter are updated to reflect this.
- The vulnerable code is shown below for a reentrancy attack:
... Transfer(msg.sender, 0, balances[msg.sender]); withdrawRewardFor(msg.sender); ... totalSupply -= balances[msg.sender]; balances[msg.sender] = 0; paidOut[msg.sender] = 0;
- The problem has to do with hooks when sending money and other functionality. Once
Transferis called, the initiator of the call can be recalled at this point with the hook. Then, the attacker can recall this function in a nested fashion. - This is a problem because of the
Transfercall being triggered multiple times. By doing this, an attacker could get their funds transfers several times! - To fix this type of problem, the state update for the balances of the user in the contract MUST be updated prior to sending the money. Otherwise, this attack is possible. Of course, some other manipulations had to be done in order to exploit this though.
- The DAO was the first major application on Ethereum. This hack was a big deal at the time and led to a general suspicion in blockchain technology as actually being secure.
