Created
November 10, 2022 07:51
-
-
Save Shashank-In/2f70cb983544bfbe9ebc2255ac08a4ba to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function splitDAO(uint _proposalID, address _newCurator) noEther onlyTokenholders returns (bool _success) { | |
| ... | |
| uint fundsToBeMoved = (balances[msg.sender] * p.splitData[0].splitBalance) / p.splitData[0].totalSupply; | |
| //Since the balance is never updated the attacker can pass this modifier several times | |
| if (p.splitData[0].newDAO.createTokenProxy.value(fundsToBeMoved)(msg.sender) == false) throw; | |
| ... | |
| // Burn DAO Tokens | |
| // Funds are transferred before the balance is updated | |
| Transfer(msg.sender, 0, balances[msg.sender]); | |
| withdrawRewardFor(msg.sender); // be nice, and get his rewards | |
| // Only now after the funds are transferred is the balance updated | |
| totalSupply -= balances[msg.sender]; | |
| paidOut[msg.sender] = 0; | |
| return true; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment