The code that caused 150000 ethereums to be stolen
function() payable {
// just being sent some cash?
if (msg.value > 0)
Deposit(msg.sender, msg.value);
else if (msg.data.length > 0)
_walletLibrary.delegatecall(msg.data);
}
Basically:
If the method name is not defined on this contract…
And there’s no ether being sent in the transaction…
And there is some data in the message payload…
Then it will call the exact same method if it’s defined in _walletLibrary, but in the context of this contract.
Using this, the attacker called a method called initWallet(), which was not defined on the multisig contract but was defined in the shared wallet library:
function initWallet(address[] _owners, uint _required, uint _daylimit) {
initDaylimit(_daylimit);
initMultiowned(_owners, _required);
}
Which calls the initMultiowned method...
function initMultiowned(address[] _owners, uint _required) {
m_numOwners = _owners.length + 1;
m_owners[1] = uint(msg.sender);
m_ownerIndex[uint(msg.sender)] = 1;
for (uint i = 0; i < _owners.length; ++i)
{
m_owners[2 + i] = uint(_owners[i]);
m_ownerIndex[uint(_owners[i])] = 2 + i;
}
m_required = _required;
}