A really good read that dives into the code and break down how the DAO attack was performed and the offending code.
http://vessenes.com/deconstructing-thedao-attack-a-brief-code-tour/
Written by Peter Vessenes with thanks to Joey Krug, Dennis Peterson, Nick Johnson, Tim Goddard
Extract:
Root Causes And Lessons Learned
This bug is a confluence of bad programming habits, a (probable) typo, and a complex call stack.
Things that should be done next time:
- A purely functional language with a rich type system is needed. If we can't have that right now,
- All calls that send to untrusted address should have a gas limit
- Balances should be reduced before a send, not after one
- Events should probably have a Log prepended to their name.
- The splitDAO function should be mutexed and keep permanent track of the status of each possible splitter, not just through token tracking.
Further, we're still waiting to see what happens with respect to any possible hard fork that might roll these back, but I think there is a risk that theDAO is somewhat borked right now because it's sense of its own tokens is wrong. I will update on this and many other tidbits over the next week.
I have heard there non exist such smart-contracts. Where can I download that software to check the exploit?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
not sure what you mean, could you re-phase your question?
if you looking for the source code of the DAO you can look here https://github.com/slockit/DAO
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit