Thoughts on The DAO Hack
We just lived through the nightmare scenario we were worried about as we called for a moratorium on The DAO: someone exploited a weakness in the code of The DAO to empty out more than 2M ($40M USD) ether.
The exploit seems to have targeted the reentrancy problem in the 'splitDAO' function. The reentrancy problem is related to but distinct from the unchecked-send problem that was discussed on this blog yesterday. Both problems are well-known, identified by Least Authority's audit of the Ethereum virtual machine as problems that can affect applications, as well as Peter Vessenes's recent blog post. In essence, a call that looks like a regular call can easily be turned into a recursive call, and unless the application is coded very carefully, it can be used to make multiple withdrawals when only one should be allowed. It looks like the attacker took advantage of if to withdraw substantial sums.
My immediate reactions to this hack are as follows.