Looking at the crowdfunding example at https://dappsforbeginners.wordpress.com/tutorials/contracts-that-send-transactions/
There's a possible denial of service attack at the line:
c.funders[j].addr.send(c.funders[j].amount);
If one of the funders is a malicious contract, its default function could be a recrusive call to itself. This would cause all refunds to lock up.
Code:
function checkGoalReached(uint campaignID) returns (bool reached) {
Campaign c = campaigns[campaignID];
if (c.amount >= c.fundingGoal){
c.beneficiary.send(c.amount);
c.amount = 0;
c.beneficiary = 0;
c.fundingGoal = 0;
c.deadline = 0;
uint i = 0;
uint f = c.numFunders;
c.numFunders = 0;
while (i <= f){
c.funders[i].addr = 0;
c.funders[i].amount = 0;
i++;
}
return true;
}
if (c.deadline <= block.number){
uint j = 0;
uint n = c.numFunders;
c.beneficiary = 0;
c.fundingGoal = 0;
c.numFunders = 0;
c.deadline = 0;
c.amount = 0;
while (j <= n){
c.funders[j].addr.send(c.funders[j].amount);
c.funders[j].addr = 0;
c.funders[j].amount = 0;
j++;
}
return true;
}
return false;
}