From 9969eb1d2d5cc00a7a86a3cc5a10368ae81c8930 Mon Sep 17 00:00:00 2001
From: Gav Wood <gavin@parity.io>
Date: Fri, 19 Jun 2020 18:44:54 +0200
Subject: [PATCH] Avoid multisig reentrancy

---
 frame/multisig/src/lib.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/frame/multisig/src/lib.rs b/frame/multisig/src/lib.rs
index 50bd96aca3c53..fc7a6c25b30b4 100644
--- a/frame/multisig/src/lib.rs
+++ b/frame/multisig/src/lib.rs
@@ -553,10 +553,13 @@ impl<T: Trait> Module<T> {
 				// verify weight
 				ensure!(call.get_dispatch_info().weight <= max_weight, Error::<T>::WeightTooLow);
 
-				let result = call.dispatch(RawOrigin::Signed(id.clone()).into());
-				T::Currency::unreserve(&m.depositor, m.deposit);
+				// Clean up storage before executing call to avoid an possibility of reentrancy
+				// attack.
 				<Multisigs<T>>::remove(&id, call_hash);
 				Self::clear_call(&call_hash);
+				T::Currency::unreserve(&m.depositor, m.deposit);
+
+				let result = call.dispatch(RawOrigin::Signed(id.clone()).into());
 				Self::deposit_event(RawEvent::MultisigExecuted(
 					who, timepoint, id, call_hash, result.map(|_| ()).map_err(|e| e.error)
 				));