About the author
The Decentralised Autonomous Organisation (DAO) was a smart contract deployed on the Ethereum blockchain network designed to fund blockchain projects and reward investors.
On 17th June 2016, the attacker made use of the fact that the withdrawBalance function can be called recursively on a specified address, to withdraw a specified amount of money, without having itsbalance updated. Had the withdrawBalance function been written properly to guard against reentrancy, this attack wouldn’t have been successful at all.
The attacker initiated the attack and withdrew 3500000 ETH into a child DAO contract. In order to resolve this, initially, a Robin Hood Group drained the remaining funds in the affected DAO contract with the intention of returning the ETH to its original owners.
Subsequently, due to the stolen funds being frozen (by a failsafe within the DAO contract) for 2 weeks within the child DAO contract, this issue was resolved (within 2 weeks) when the Ethereum foundation and community agreed to a hard fork, which gave birth to the current Ethereum blockchain (where the stolen funds were forcibly returned to the DAO) and the Ethereum Classic blockchain (where the stolen funds did not return).
References:
This article discusses the new Delphi 8 property access specifiers.
Continued discussion of undocumented Delphi 8 Property Access Specifiers, and other ways of adding and removing delegates / events handlers, including clearing the list of all the delegates / event handlers.