A known bug that exists within the JVM explained. Bug is present when utilizing Remix(solidity browser) as well as testrpc.
When invoking a payable contract method with a non-zero value, if this method invokes a library method the resulting balance of the calling contract will be increased by twice the amout of the ether sent. For example, if the method is called with 10 ether the resulting balance of the contract will be 20 ether.
This repo contains a bare bones implmentation to exploit the bug. One contract, DoubleSpend, that invokes an empty library method, DoubleSpendLib.doubleSpend(), and thus double spends the ether sent.
DoubleSpend's doubleSpendEther method may be invoked with any amount of ether and the DoubleSpend contract's balance will be twice the ether sent.
Run the existing test to expose the bug.
$ truffle test