From 9ee2427289fccdb516f2b467c133b1de8d0b2d17 Mon Sep 17 00:00:00 2001
From: Gavin Wood <gavin@parity.io>
Date: Fri, 19 Jun 2020 20:12:42 +0200
Subject: [PATCH] Avoid multisig reentrancy (#6445)

---
 substrate/frame/multisig/src/lib.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/substrate/frame/multisig/src/lib.rs b/substrate/frame/multisig/src/lib.rs
index 50bd96aca3c..fc7a6c25b30 100644
--- a/substrate/frame/multisig/src/lib.rs
+++ b/substrate/frame/multisig/src/lib.rs
@@ -553,10 +553,13 @@ impl<T: Trait> Module<T> {
 				// verify weight
 				ensure!(call.get_dispatch_info().weight <= max_weight, Error::<T>::WeightTooLow);
 
-				let result = call.dispatch(RawOrigin::Signed(id.clone()).into());
-				T::Currency::unreserve(&m.depositor, m.deposit);
+				// Clean up storage before executing call to avoid an possibility of reentrancy
+				// attack.
 				<Multisigs<T>>::remove(&id, call_hash);
 				Self::clear_call(&call_hash);
+				T::Currency::unreserve(&m.depositor, m.deposit);
+
+				let result = call.dispatch(RawOrigin::Signed(id.clone()).into());
 				Self::deposit_event(RawEvent::MultisigExecuted(
 					who, timepoint, id, call_hash, result.map(|_| ()).map_err(|e| e.error)
 				));
-- 
GitLab