Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
16
16
Posted by3 years ago
Archived
24 comments
This thread is archived
New comments cannot be posted and votes cannot be cast
Sort by
level 1
Original Poster11 points · 3 years ago

So this contract's default function is really weird.

It appears to send any ETH is has (so whatever is in it plus whatever was sent) to the DAO's reward account. Then, it figures out how many DAO tokens it needs to retrieve those from the reward contract (by way of getMyReward) to a child contract, which then calls getMyReward. The call to getMyReward re-enters this child contract, at which point it transfers 99.9999999% of those tokens back to the parent contract before returning. Then, it sends the remaining tokens to another contract (which gains a bunch more paidOut).

The thing is... I can't figure out why. paidOut is actually a very strange feature of the DAO in the first place (it's not really used by anything other than the reward account payout stuff).

Or perhaps there's some other side effect of the re-entrance I'm missing.

It's all very strange.

It's also got some internal values set to keep an eye on certain proposals... presumably to splitDAO drain them. Maybe the first re-entrancy stuff is to drain the reward account (if it contains anything), but isn't bothering to check that the reward account is empty in the first place?

All very weird, regardless.

level 2
3 points · 3 years ago

Weird indeed. But good job on figuring it out.

level 2
Original Poster1 point · 3 years ago

I'm still waiting for my promised official explanation from /u/GrifffGreeen and /u/LefterisJP

More posts from the ethereum community
Continue browsing in r/ethereum
Next-generation platform for decentralised applications.
456k

Buidlers

2.5k

Buidling


Created Dec 14, 2013