After the exit door a vulnerability known as “Recursive call bug” which allowed the attacker to drain the Ether from the DAO’s account. If one wished to exit the DAO, then they could do so by sending a request. The splitting function would then follow the following two steps:
– Give the user back his/her Ether in exchange of their DAO tokens.
– Register the transaction in the ledger and update the internal token balance.
So how does the hack happen? the hacker implements a recursive function in the request, and then this is how the splitting function goes:
– Take the DAO tokens from the user and give them the Ether requested.
– Before the blockchain could register the transaction, the recursive function made the code go back and transfer more Ether for the same DAO tokens… and so on.… Read more...