The problem was with how some contracts were set up to send funds. The code did what it was supposed to, but the order of the commands made it possible for someone really clever to withdraw more funds than they actually had. The glitch was that the computer was told to decrease the user’s balance only after sending the funds. And in between sending funds and updating the balance, a new call to the same transaction could be initiated, which would also send funds first before updating the balance. And this so-called reentrancy bug could keep repeating until almost all of the gas in the original
...more
