Summary

As of 22/06/2016 AEST, 5+ attacks are identified below:

• # 1 The major 17 June 2016 attack #1 that pictured in ether.camp/dao-thief (info from user iamtrillion in the post DAOhub.org - [Workgroup] DAO White Hat Team).

• #2 0xae8ad906948ef5ad5e95eed52990ff89312887d7 where you can see the recursive call transfers in 0x0f6994bd16df20f0d0992a607ab78e8be1a05cb07b411437fed2fec83be1bc9c, has netted 160.09485354 Ether ($1,807.47) in 0xfe24cdd8648121a43a7c86d289be4dd2951ed49f, and commenced at 6/19/2016 12:17:37 PM. This first attack was identified in reddit/r/ethereum - DAO is under attack again where 22 ETH was hacked at the time of writing. Proposal #74 used.

• #3 0x1eb9bd9c2236649b15ee8be1961b40397a64a166 where you can see the recursive call transfers in 0xfa19dcc4af83627730f63ca92281a87d00e3c5d9f06b173d55e2ce5a47283440, has netted 2.123311222 Ether ($23.84) in 0xf14c14075d6c4ed84b86798af0956deef67365b5 and commenced at 6/19/2016 10:20:35 PM. Proposal #81 used.

• #4 0xf68d23ee23703a99d8374a71a92ec0678354498e where you can see the recursive call transfers in 0x27a52fd947e623d3393ca59f3e99c654938d387657bf7c12a04f736c27f45648, with a current balance of 269.80994743 Ether ($3,145.98) in 0xfe24cdd8648121a43a7c86d289be4dd2951ed49f and commenced at 6/21/2016 8:28:16 AM (same account as in attack #2). Lots of failed transaction, balance not necessarily all created by the recursive call vulnerability. Another test attack? These are spaced out over longer periods of time.

• #5 0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf is another test or small attack. These are spaced out over longer periods of time. And there is some accumulation happening in 0x4613f3bca5c44ea06337a9e439fbc6d42e501d0a, 11605 ETH currently.

• Phew. Finally. White hat attack and Update on the White Hat attack. 0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334 where you can see the recursive call transfers in 0x60c58610f70682454d88483e289b7a374b274e546d4f28e76900b9520b40880d and destination account 0xb136707642a4ea12fb4bae820f03d2562ebff487 with balance 7,277,336.423038517 Ether ($96,934,121.15) that commenced in block 1745899 at 6/21/2016 5:44:27 PM. A small number of the Transfer events follow:

  1,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  2,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  3,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  4,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  5,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  6,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  7,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  8,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  9,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  10,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  11,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  12,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  13,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  14,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  15,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  16,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  17,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  18,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  19,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  20,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  21,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  22,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  23,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  24,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  25,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  26,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  27,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  28,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  29,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  30,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  31,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746770,1000
  32,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746785,10000
  33,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746808,5000
  34,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746825,5000
  35,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746830,2500
  36,0x2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334,1746830,2500
  

Update 11:54 22/06/2016 AEST

A new attack is in progress. Confirmed white hat - https://mobile.twitter.com/LefterisJP/status/745419842954530816. Balance now 0.14 ETH so no more attacks on the main account. All split proposals now cannot split.

1,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747775,1605973
2,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747775,1605973
3,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747775,1605973
4,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747775,1605973
5,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747775,1605973
...
231,0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b,1747838,1605973

About 266 kETH has been drained. 0x4f0daa112142ffc4ba1b9f3b76bcd238a094d65b with destination account 0x84ef4b2357079cd7a7c69fd7a37cd0609a679106 with current balance 266,897.915541427 Ether ($3,755,253.67). Transfers can be seen in 0x6f8c0d2751e7e18325e1a113019a9ae5372f306d5424722f79d2123a0eb7d598.

Update 22:03 22/06/2016

Details on the amounts drained are available in How many ethers have been drained through the recursive call attacks on The DAO?.

Update 27/06/2016

Here's an alternative analysis of the attacking accounts by https://medium.com/@oaeee by looking at the recursion depth, with data taken from http://pastebin.com/BZGNeXyR. There is a slight difference to the balances in How many ethers have been drained through the recursive call attacks on The DAO?:

Analysis by https://medium.com/@oaeee

DAO Wars: The Clone Wars

This table shows DAO clones that resulted from attacks and their prey:
Depth refers to the recursion depth reached during the attack.
The tx field shows the number of ether transfers to the child dao

child_dao                                       depth     tx               prey
-------------------------------------------------------------------------------------
b136707642a4ea12fb4bae820f03d2562ebff487        91        642              7561423 <-- Whitehat DAO 1
304a554a310c7e546dfe434669c62820b7d83490        85        14460            3731498 <-- The Dark DAO
84ef4b2357079cd7a7c69fd7a37cd0609a679106        91        1167              386602 <-- Whitehat DAO 2
f4c64518ea10f995918a454158c6b61407ea345c        94        679               325263
4613f3bca5c44ea06337a9e439fbc6d42e501d0a        97        42                 22603
aeeb8ff27288bdabc0fa5ebb731b6f409507516c        91        17                  6028
fe24cdd8648121a43a7c86d289be4dd2951ed49f        91        36                   285

This list shows accounts that successfully attacked the dao:
c0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89 <-- orignial hack (proxy 1)
f835a0247b0063c04ef22006ebe57c5f11977cc4 <-- original hack (proxy 2)
4f0daa112142ffc4ba1b9f3b76bcd238a094d65b <-- white hat hack 2
2ba9d006c1d72e67a70b5526fc6b4b0c0fd6d334 <-- white hat hack 1
2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf
e306aac52823ba1d3938608381a2444d9d641cc1
34a5451ef61a567ee088dcf5f324bfbc4bcf426f
ae8ad906948ef5ad5e95eed52990ff89312887d7
f68d23ee23703a99d8374a71a92ec0678354498e

Fun fact: The heist has cost the attacker approximately 8.7 ether in gas.

---

Details

Copy the following script into getTheDAOTransferEvents:

#!/bin/sh

# First search from 1428757 (The DAO creation) to 1736131
# First Transfer event in block 1599207

FIRSTBLOCK=${1:-1599207}
LASTBLOCK=${2:-"'latest'"}

echo "Searching for The DAO Transfer events to address 0x0000000000000000000000000000000000000000 between blocks $FIRSTBLOCK and $LASTBLOCK"


geth attach << EOF | egrep -e ",0x"

var theDAOABI = [{"anonymous":false,"inputs":[{"indexed":true,"name":"_from","type":"address"},{"indexed":true,"name":"_to","type":"address"},{"indexed":false,"name":"_amount","type":"uint256"}],"name":"Transfer","type":"event"}];

var theDAOAddress = "0xBB9bc244D798123fDe783fCc1C72d3Bb8C189413";

var theDAO = web3.eth.contract(theDAOABI).at(theDAOAddress);

var theDAOTransferEvent = theDAO.Transfer({}, {fromBlock: $FIRSTBLOCK, toBlock: $LASTBLOCK});

console.log("No,From,Block,DAOs");
var i = 0;
theDAOTransferEvent.watch(function(error, result){
  var args = result.args;
  if (args._to == "0x0000000000000000000000000000000000000000") {
    i++;
    var daos = args._amount / 1e16;
    console.log(i + "," + args._from + "," + result.blockNumber + "," + daos);
  }
});
theDAOTransferEvent.stopWatching();

EOF

Set the executable bit of the file using chmod 700 getTheDAOTransferEvents.

The script without any parameters will search for the Transfer events between blocks 1599207 (the first Transfer event appears in this block) and the latest block. This will take some time. You can specify one parameter that will be used as the first block to search. Or you can specify two parameters for the first and last block to search.

This script will only search for Transfer events where the _to: address is 0x0000000000000000000000000000000000000000 as this is a characteristic of the recursive call vulnerability hack transfers. The many Transfer events from the same address will be located in the same block number.

First run geth console in a terminal window.

Then run the script in a separate terminal window to extract all Transfer events of interest using

./getTheDAOTransferEvents > output.txt

Let's exclude the addresses of the 17 June attack - 0xf835a0247b0063c04ef22006ebe57c5f11977cc4 and 0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89:

egrep -v "0xf835a024|0xc0ee9db1" output.txt 
Searching for The DAO Transfer events to address 0x0000000000000000000000000000000000000000 between blocks 1599207 and 'latest'
1,0x13680fa2a60fd551894199f009cca20fb63a3e31,1642728,1.0000000000000409
2,0xa72ded5c1122312d9f4ed66bf4a396139eadaf56,1648837,99999.99
3,0x56bcc40e5e76c658fad956ee32e4250bf97468a1,1648853,100000
4,0xf8f9fc62a19c87c657a06febd184f068c0fc9cae,1652799,50000
5,0x1502447aadf5979e7a842709cd6c4f60afb0a281,1653975,6086.72863124
6,0xb0ea1855228793d06e22dd6164fe6e8ea60a9145,1657485,125000
7,0x3d5507b53d1613d8491a606ecf5c9268301095dd,1657567,79.851818
8,0x042d2f9c0356d54e2f91ecfc30eac6711d40d8c4,1657649,10
9,0x13680fa2a60fd551894199f009cca20fb63a3e31,1659011,3457499.18
10,0xf398c9b8107dccc697546969fb2d5956762b60fb,1659144,1686495.654
11,0xe7535ddfcbefe5c318d271476d068d5f7cf77290,1661021,1000
12,0x6c0d74c64b4ed871837651c4ab3cdce425c1ec6c,1663755,9999.851818000001
13,0x95a61f934d66580dd410a7369f9c5b8e228d2ff3,1663977,1000
14,0xb18e6467db64686dfed14c7368ca59e5019c95c8,1664014,36737.990714019994
15,0x598c72e3fe70e76d2e2f47f529f22634330ffcf3,1665558,4
16,0xb42da5b3701a0592e5aa0aebc0c20711bd49fb46,1666381,10705
17,0xcf69ab35bb6a87a68ce83571a174eef4f998baa7,1667056,960964.209
18,0xcf69ab35bb6a87a68ce83571a174eef4f998baa7,1667381,21326.5709481
19,0xcf69ab35bb6a87a68ce83571a174eef4f998baa7,1667694,155758.42108477
20,0xfdf97eaa34a883647fac329926b1747e9ef601c6,1668800,5000
21,0x7ead5155cef3c97a938967902ab4f9a5c0fc1930,1668807,4999
22,0x50211bb45d81714938e047707c25cdfcd3f5d2f4,1668818,16686.37588422
23,0xa7c605a1aacb641d873c82f9b2715e87339dfd48,1670146,4117.329243
24,0xf4c0eef475ab35625ac223394f9c410ccb577747,1670795,212183.45006283
25,0x98dac39fdcc5c9a8dfc6f63898b62704806851b4,1674370,7676.17428491
26,0xcf69ab35bb6a87a68ce83571a174eef4f998baa7,1676663,85848.11449128
27,0x2b15c5211bda6a867c582080536f6c61766aa5af,1679412,10000
28,0x5a422fb07fc9270f5b310fc61f85b8e779cb29a2,1684882,25000
29,0xcf69ab35bb6a87a68ce83571a174eef4f998baa7,1690158,90000
30,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1690199,307399.18075137
31,0x374139a05ac55917badd3f934f1b93f5c8623ded,1691232,17500
32,0xe82d5b10ad98d34df448b07a5a62c1affbef758f,1693763,98900
33,0xaf2ac7f7115e96eed2d7a992c6d9558275da55d4,1697247,400
34,0x8b78537055e83b79a68ef00d8ed78d3c09480067,1697276,100
35,0x67d6a8aa1bf8d6eaf7384e993dfdf10f0af68a61,1698403,19806.551818
36,0x231d94155dbcfe2a93a319b6171f63b20bd2b6fa,1699065,381995.051818
37,0x5992624c54cdec60a5ae938033af8be0c50cbb0a,1699098,362167.651818
38,0x2dd2951b955a805f9e1e5204c2f420df6a74995d,1699123,1e-16
39,0x883a78aeabaa50d8ddd8570bcd34265f14b19363,1699141,387994.951818
40,0xf8c3879ee8dde81f074abca79b2270eab9942ec1,1701591,2
41,0x0f935781046701897c9e0d9876fb5c82d89d53be,1701640,100
42,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1703092,311546.00029172003
43,0x5accb9f69bb0c04465d6701bdce4d8bd0198d0f6,1704529,500
44,0xd68ba7734753e2ee54103116323aba2d94c78dc5,1704540,285000.07800000004
45,0x4a719061f5285495b37b9d7ef8a51b07d6e6acac,1704686,146979.831818
46,0x065f074f1e93a215a9a05b2c92059ca44a4827eb,1707213,0.99
47,0x42b8a09e46e6e367ed0135d3cd7fbdce777e0873,1709070,1527.604
48,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1710310,167069.04039553
49,0x547389052a8dc86365c46641b5184956ec22749d,1713216,1095687.54708443
50,0xf6175d230b6fc1398c3cd5fd3054366cd1e193cb,1713223,1973982.13583881
51,0x208e4a03118380b4f63cf056ecbfe0a241a41b46,1713572,500
52,0x65c407ffea9fcff194fe9d3335d2b78416226056,1714399,10
53,0x9a9d6a470fc8034085ee8e509623e2f742da6625,1715645,100000
54,0x46664c1e2ddd896a3e0c2b3d502842f261b9e62f,1718201,1.41384222
5815,0x4b595e2328b73a7f4e4cb65b506a74d836bbd7f9,1719077,118000.00000001
12138,0x4b595e2328b73a7f4e4cb65b506a74d836bbd7f9,1719710,33647.948106920005
12429,0xc914fe094086017d0596869f8fb31621f93bde14,1719742,9000.00000001
12662,0x4b595e2328b73a7f4e4cb65b506a74d836bbd7f9,1719778,9999.99
12895,0x4853143d0f5524df67a0a5bdd2fb63c76c7693f6,1719809,1000
13302,0xb45614546c57d8fd106091095e06de0f10a86035,1719946,199500
13738,0x53cec6c88092f756efe56f7db11228a2db45b122,1720084,238999.99000000002
13855,0xc914fe094086017d0596869f8fb31621f93bde14,1720133,10.238061
13914,0x7b0aed10c3b86738f96cbd4fb0933085e0e1ddca,1720156,40465
13944,0x38b16b208a94ee3516d2d3977ebddcc027fb70ca,1720158,40000
14119,0x653a92d29da111e0912b4c01ed453c2e2de73170,1720223,2500099.8369998
14120,0x5b5d8c8eed6c85ac215661de026676823faa0a0c,1720223,200000
14179,0x1502447aadf5979e7a842709cd6c4f60afb0a281,1720256,1
14180,0x835ad98ab8af27814f6563b3117d6b0ab897f83b,1720256,149900
14181,0x96dade6c87e483acb081e9f669b4fc029a440e8b,1720319,99700
14182,0x4e0494181464ce213089eb86b8195ed135eb4d48,1720648,136306.34604707002
14183,0xa4084616dac89e5fd7b81c30e73deb7bcbcc8716,1720726,100000
14184,0x3065a8444787f076bff10e5df3ec66606e3c8b68,1720794,10
14185,0xf3b7a623e833331db177484ec75e1ca522d8d780,1720850,15000
14186,0x5accb9f69bb0c04465d6701bdce4d8bd0198d0f6,1720941,84339.01838214
14187,0xc111bfcb7f36dbbbd07222a44d2c151ce6e8a2cc,1720983,44417.816687743805
14188,0x7892e574caddbb5e9491de9f26c1f2747f442eee,1721041,10000
14189,0x0d70592f27ec3d8996b4317150b3ed8c0cd57e38,1721044,108445.261
14190,0xe3d788da2861b258b2d3f61ed8d8a699bda06ed6,1721046,4000
14191,0xabe6d3b3b88277e5d9d58318be0d66896d806d92,1721050,200000
14192,0x9999d6102715ac273c8d89bb7c219571f80a80c1,1721075,662.87305153
14193,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1722391,900
14194,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1722428,132570.44771255
14195,0xc914fe094086017d0596869f8fb31621f93bde14,1722488,5000
14196,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1722565,36500
14197,0x556b2b8d4c0da3433544756c237503ccf51b2df4,1722667,4983.2928
14198,0xf8f9fc62a19c87c657a06febd184f068c0fc9cae,1723074,16086.67311529
14199,0x547389052a8dc86365c46641b5184956ec22749d,1723509,3.3158869
14200,0x547389052a8dc86365c46641b5184956ec22749d,1723627,3.40679797
14201,0x7b0aed10c3b86738f96cbd4fb0933085e0e1ddca,1724036,11516.00337837
14202,0xf71571246613349c0d5e9aedc88c8366cc20d08b,1724345,55936.990000000005
14203,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1724434,61492.09406702001
14204,0x65c407ffea9fcff194fe9d3335d2b78416226056,1724566,10
14205,0x65c407ffea9fcff194fe9d3335d2b78416226056,1724636,30
14206,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1725553,64736.291076919995
14207,0xf8f9fc62a19c87c657a06febd184f068c0fc9cae,1725674,14400.005001489999
14208,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1726584,13898.51109647
14209,0x65c407ffea9fcff194fe9d3335d2b78416226056,1726699,12560
14210,0x65c407ffea9fcff194fe9d3335d2b78416226056,1726771,113000
14211,0xfaed3f06255794bf3f83d7ab08d4554d5d218b41,1727021,1999.99
14212,0xde013d0fb1b41ea3c86bb335487c52acc8484bf2,1727467,102500
14213,0xb97da70585d77f3a54fc213efd0adb6f07158bd8,1727501,2e-16
14214,0xf5200578ee1147886b55cfdc3e7798557dfaa1b4,1727512,102500
14215,0x534206b24e54e1edd4940cf465e5b66db0ad73b6,1727528,120095.13098016
14216,0xb97da70585d77f3a54fc213efd0adb6f07158bd8,1727529,2e-16
14217,0x26bdce6e4ea9afd060049993ed11f153eb1e322f,1727535,102500
14218,0x286635c294b61bf10f416bbb7b579a0035379d33,1727540,410000
14219,0x5553b4f0e2ce499930b79c3b48bd6c13a0571c34,1727548,150000
14220,0xf8f9fc62a19c87c657a06febd184f068c0fc9cae,1727693,8177.390000010001
14221,0x7b0aed10c3b86738f96cbd4fb0933085e0e1ddca,1727918,16567.13716853
14222,0xaf496a1083a3a7c7edb831f2e9a31eb065f5a228,1728600,4
14223,0x7d799e7f1ed991a8cc7be2e24c4abf8775317538,1728724,115.665
14224,0xda2384f1a7d80ca65469576228d268a5cacbfbe7,1728771,210.56135662
14225,0x56bcc40e5e76c658fad956ee32e4250bf97468a1,1729108,9.84281477
14226,0x68bbe7b8ea5c6435c427e1423d2b35da29eb148a,1730795,24900
14227,0x10ed2372778da1b9d96782c894b752d8a647deb8,1730874,151.735
14228,0xf8f9fc62a19c87c657a06febd184f068c0fc9cae,1731788,2795.79
14229,0xab9acc3c451e43e18dd61ab11048c07b74c99eee,1732408,123
14230,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732448,124
14231,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732448,124
14232,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732448,124
14233,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732448,124
14234,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732448,124
14235,0x374139a05ac55917badd3f934f1b93f5c8623ded,1732460,3000.61667718
14236,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14237,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14238,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14239,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14240,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14241,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14242,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14243,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14244,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14245,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14246,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14247,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14248,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14249,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14250,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14251,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14252,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14253,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14254,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14255,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14256,0xae8ad906948ef5ad5e95eed52990ff89312887d7,1732504,124
14257,0x7727b2afc5a6816452a455e65a6a7dd01d03af4b,1732829,101.904674
14258,0x36786c2ef40834810a6513f48a7ff497cda5f3af,1732902,406.474050294275
14259,0x56bcc40e5e76c658fad956ee32e4250bf97468a1,1733443,3000
14260,0xb3f27731bfe38848694930b3a4db9a973df1560a,1733709,4000
14261,0xf68d23ee23703a99d8374a71a92ec0678354498e,1733738,8000
14262,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735080,81.21739093
14263,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735080,81.21739093
14264,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735080,81.21739093
14265,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735235,60
14266,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735485,1
14267,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735485,1
14268,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735485,1
14269,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735506,1
14270,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735506,1
14271,0x1eb9bd9c2236649b15ee8be1961b40397a64a166,1735506,1
14272,0xb3f27731bfe38848694930b3a4db9a973df1560a,1737170,8000

From the listing above, the candidates are:

• 0xae8ad906948ef5ad5e95eed52990ff89312887d7 where you can see the recursive call transfers in 0x0f6994bd16df20f0d0992a607ab78e8be1a05cb07b411437fed2fec83be1bc9c and has netted 160.09485354 Ether ($1,807.47) in 0xfe24cdd8648121a43a7c86d289be4dd2951ed49f. This first attack was identified in reddit/r/ethereum - DAO is under attack again where 22 ETH was hacked at the time of writing.
• 0x1eb9bd9c2236649b15ee8be1961b40397a64a166 where you can see the recursive call transfers in 0xfa19dcc4af83627730f63ca92281a87d00e3c5d9f06b173d55e2ce5a47283440 and has netted 2.123311222 Ether ($23.84) in 0xf14c14075d6c4ed84b86798af0956deef67365b5.

Update 21/06/2016

A few more The DAO Transfer events that look suspicious, spaced apart over a few hours, either to test or to avoid detection:

1,0xf68d23ee23703a99d8374a71a92ec0678354498e,1743641,0.002
2,0xf68d23ee23703a99d8374a71a92ec0678354498e,1743641,0.002
3,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745366,5000
4,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745366,5000
5,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745402,1000
6,0xf68d23ee23703a99d8374a71a92ec0678354498e,1745408,1
7,0xf68d23ee23703a99d8374a71a92ec0678354498e,1745408,1
8,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745431,5500
9,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745434,5500
10,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745491,5500
11,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745517,6300
12,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745533,18800
13,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745559,18800
15,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745576,18800
15,0x2ed6dac2b01a2a27803d6fe4f8e9729e92a8dfcf,1745602,18800

Split Proposal Id

To find which split proposal was used to mount the attack, browse the account and search for the input data for the first non-internal transaction after the contract creation. For example, take account 0xae8ad906948ef5ad5e95eed52990ff89312887d7. The second last transaction on the page in block 1732364 with txid 0x8445ab0d5738a1ddb06b461b733280ed7df1ce8ff34495e165d4905029eca8b8 has the following input data:

0x43902c87
000000000000000000000000bb9bc244d798123fde783fcc1c72d3bb8c189413
000000000000000000000000000000000000000000000000000000000000004a
0000000000000000000000001bc31e2e4f1bcc0a7dd9d849dfc57e66e59896ab
0000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000011355d6e217c0000

The 0...004a in the third line is the proposal id in hex format - proposal #74.

Accounts

0xbb9bc244d798123fde783fcc1c72d3bb8c189413 in the second line is The DAO account. 0x1bc31e2e4f1bcc0a7dd9d849dfc57e66e59896ab in the fourth line seems to be the splitDAO() created account that holds the ethers for 27 days.

The 17 June 2016 Attack Transfer Events

Here are a small part of the 14,112 17 June 2016 attack Transfer events (I just chose a small subset between blocks 1718497 and 1718504):

user@Kumquat:~$ ./getTheDAOTransferEvents 1718497 1718504
Searching for The DAO Transfer events to address 0x0000000000000000000000000000000000000000 between blocks 1718497 and 1718504
1,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
2,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
3,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
4,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
5,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
6,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
7,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
8,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
9,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718497,25805.6141471
...
44,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718504,25805.6141471
45,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718504,25805.6141471
46,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718504,25805.6141471
47,0xc0ee9db1a9e07ca63e4ff0d5fb6f86bf68d47b89,1718504,25805.6141471

This is the community wiki (no reputation) answer for possible attacks and how to protect against them. Feel free to update the list. If your contract functions have characteristics matching prerequisites carefully evaluate your function against the given advice.

This is the list of potential attacks or mispractices enabling those attacks only. For additional resources for smart contract programming best practices see the Resources link at the end of the answer.

Study potential attack vectors and history of past exploits

Those who do not learn history are doomed to repeat it. Here is a nice summary of known smart contract attacks.

Have more than one developer

One developer writes the code and the other reviews it. Having more than one set of eyeballs is important during development. Issues should be caught during the development time through public discussion, not in the audit.

Use well-known libraries

Do not try to develop smart contracts like ERC-20 yourself. Instead, use open source libraries that provide ready-made and battle-tested smart contracts. It is likely that when you develop something from the scratch you are going to make a mistake.

Gold standard libraries include, but are not limited to

• OpenZeppelin
• BoringSolidity by BoringCrypto
• SushiSwap
• See TecraCoin incident where in-house developed ERC-20 had burnFrom() bug

Have a test suite

Try to ensure that your Solidity code has 100% code coverage with an automated test suite. This ensures your code is testable. The automatic test suite covers and runs every line and branch of the smart contract code at least once.

Solidity unit tests are usually written in Python (Brownie, web3.py) or JavaScript (Hardhat, Truffle).

Tests will do transactions against the smart contract and check that the state of the transaction is as indented post-transaction. (Pendatically, the state is always as the letter of the contract, however in this case the letter and the indent would not match.)

Test for positive cases and negative cases - i.e. things that should not happen even though you know that it does not happen. Sometimes, when the code lives and is updated, some new issues slip through and they would be caught by the past tests - this is called regression testing.

Doing audits without tests is not very productive, as the tests should be always the first line of defence what comes to write robust code.

Set up Github continuous integration that executes all the tests for everyone commit. Reports are automatically stored for the future. This also helps other people to replicate the test environment and run it later, as often due to package upgrades the test runner tools themselves start to fail.

Example

• Hegic incident

Correct use of function visibility modifiers

Internal functions are marked as such and only the proper author can call the function.

Please see The Parity Wallet Hack Explained.

Call stack attack

Synonyms: Shallow stack attack, stack attack

Prerequisites: Functions uses send() or call()

Invoking: The attacker manipulates cross-contract call stack to call() to fail by calling contract with stack of 1023.

Protection: Always check return value of a send() and call(). Prefer someAddress.send() over someAddress.call.value()

More info

• http://martin.swende.se/blog/Devcon1-and-contract-security.html

Re-entrancy attack

Synonyms: Race condition

Prerequisites: Functions uses send() or call() for ethers, or transferFrom() for ERC-20 tokens or send() for ERC-777 tokens.

Invoking: The untrusted called contract calls the same function back, having it in unexpected state. This is how TheDAO was hacked.The attack can be chained over several of functions (cross function race condition).

Protection: Protect your functions with re-entrancy guards. Use Check-Effect-Interact order of actions in your functions that call anything that could be reflected back to the smartcontract.

Check-effects-interact

Use this pattern to minimize the damage of potential re-entry attack.

1. First Check, run things like require()

2. Then Effect, update counters, like balance[address] -= 10

3. Last, do anything that is Interact and will run code in other contracts through send(), call(), transferFrom() and others.

More info

• https://github.com/ConsenSys/smart-contract-best-practices

• https://twitter.com/bneiluj/status/1251448415503908864

• Does reentrancy attack happens as soon as the balance in storage is modified after the withdrawal?

DoS with unexpectd throw

Prerequisites: Functions uses send() or call() with throw following on fail

Invoking: The attacker manipulates the contract state so that send() always fails (e.g. refund)

Protection: Prefer pull payment system over send()

More info

• https://github.com/ConsenSys/smart-contract-best-practices

Economic attacks

Prerequisies: Your smart contract reads price data and trades based on it

Invoking: Arbitration opportunites and unsafe price feeds may not be exploits per se, but still expose the users to the loss of funds that could have been otherwise avoided. In an economic attack, the attacker exploits the opportunity to trade for profit against someone, usually based on disparencies in the price of a token.

Protection: Do not rely on the spot price given by the exchanges or automated market-making smart contracts. All prices, including stablecoin prices, are subject to manipulation.

Popular automated market makers and smart contracts provide safe functions to calculate the price in different situations.

More info

• https://twitter.com/bantg/status/1320765422581538817

Malicious libraries

Prerequisites: Using an external contract as a library and obtaining it through the registry.

Invoking: Call another contract function through a contract registry (see library keyword in Solidity).

Protection: Ensure no dynamic parts which can be swapped out in future versions.

• http://martin.swende.se/blog/Devcon1-and-contract-security.html

Integer overflow

Prerequisites: Function accepts an uint argument with is used in math

Invoking: Sending very big or very negative integer causing the sum calculation to overflow

Protection: Always check the order of values when doing math operations. E.g. https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol

More info

• Is it possible to overflow uints?

Integer division round down

Prerequisites: Payment logic requires division operator /

Invoking: Programmer's error

Protection: Be aware that divisions are always rounded down

Loop length and gas manipulation

Others: Allocating too small int for arrays

Prerequisites: Any loop, copy arrays or strings inside the storage. A for loop where contract users can increase the length of the loop. Consider voting scenario loops.

Invoking: The attacker increases the array length or manipulates block gas limit

Protection: Use pull style payment systems. Spread send() over multiple transactions and check msg.gas limit.

• https://blog.ethereum.org/2016/06/10/smart-contract-security/

• https://github.com/ConsenSys/smart-contract-best-practices

• https://ethereum.stackexchange.com/a/7298/620

Fallback function consuming more than the limit of 2300 gas

Prerequisites: A Solidity contract with catch all function() { } to receive generic sends

Invoking: Programmer's error

Protection: 100% test coverage. Make sure your fallback function stays below 2300 gas. Check for all branches of the function using test suite. Don't store anything in fallback function. Don't call contracts or send ethers in fallback function.

More info:

• https://blog.ethereum.org/2016/06/10/smart-contract-security/

• https://github.com/ConsenSys/smart-contract-best-practices

Forced balance update

Prerequisites: Function reads contract total balance and has some logic depending on it

Invoking: selfdestruct(contractaddress) can forcible upgrade its balance

Protection: Don't trust this.balance to stay within given limits

More

• https://github.com/ConsenSys/smart-contract-best-practices

Miner frontrunning

Synonym: Transaction-Ordering Dependence (TOD)

Prerequisites: A bid style market, like DAI liqudation and auctions

Invoking: The attacker sees transactions in a mempool before they are finalized in blockchain. The attacker has a priviledged connection, like a mining pool, to broadcast his transaction first and override the original benefactor.

Protection: Pre-commit schemes

More

• https://www.theblockcrypto.com/post/45750/exploring-defi-trading-strategies-arbitrage-in-defi

• https://github.com/ConsenSys/smart-contract-best-practices

Static analysis tools

Static analysis tools that check the code for commonly known errors, like integer oveflows. They cannot check the intent of the code, but they run try to analyse the code against well known common problems.

• Myhtril

• Slither

Resources

• OpenZeppelin checklist for things to do before a smart contract audit

• https://github.com/ConsenSys/smart-contract-best-practices

• https://blog.ethereum.org/2016/06/10/smart-contract-security/