diff --git a/project2/report2.pdf b/project2/report2.pdf
index 58a3235..693e82c 100644
Binary files a/project2/report2.pdf and b/project2/report2.pdf differ
diff --git a/project2/report2.tex b/project2/report2.tex
index 1125c7d..550b884 100644
--- a/project2/report2.tex
+++ b/project2/report2.tex
@@ -133,7 +133,41 @@ To mitigate this vulnerability the contract should use \texttt{call} instead of
 \texttt{delegatecall}.
 
 \section{DAO Down}
-% Fill here your answers for exercise B
+
+In this challenge we were given one contract called \texttt{EDao}. It allows
+investors to fund addresses and those addresses can then withdraw the funding
+they received. There is a bug in the \texttt{withdraw} function, however, which
+allows an already funded address to withdraw more than it should be able to. If
+the funded address is a contract address, the contract can exploit the
+\texttt{withdraw} function by repeatedly withdrawing their funding. This is
+possible because the internal balance of how much funds an address can withdraw
+is only changed \emph{after} the funding is paid out to the receiver. For this
+to work, a malicious contract has to have a \texttt{fallback} function which
+calls the \texttt{withdraw} function again. When the \texttt{fallback} function
+is called, the code execution recurses into the \texttt{withdraw} function and
+passes all balance checks because the balance has not yet been changed. The
+payout proceeds a second time and the \texttt{fallback} function is called
+again until the balance of the \texttt{EDao} contract is zero. This type of
+attack is called a \emph{reentrancy attack}.
+
+In practice the following contract (or a variation thereof) has to be deployed
+to the blockchain and the address of the deployed contract has to be funded with
+one Ether in the \texttt{EDao} contract:
+\inputminted[frame=lines,framesep=2mm,bgcolor=LightGray,fontsize=\footnotesize,linenos,breaklines]{solidity}{daodown/hacker.sol}
+An attacker can manually call the contract's \texttt{pwn} function and execute
+the exploit. The malicious contract has successfully siphoned off \texttt{EDao}'s balance. Finally, the attacker calls the \texttt{withdraw} function of the
+malicious contract and the balance is transferred to the attacker.
+
+Mitigating reentrancy attacks is commonly done through two means. Either the
+contract performs changes to its state \emph{before} executing the call or
+functions which perform calls to external addresses are wrapped in a modifier
+with mutex-like functionality. In the former approach a malicious contract will
+not be able to execute the call to its own \texttt{fallback} function an
+additional time because the balance checks fail. In the latter approach a
+boolean variable is set to \texttt{true} when the function is executing the
+first time. Before the function can be executed a second time, the contract
+checks whether the variable is set to \texttt{true}. If it is, the transaction
+is aborted.
 
 \section{Fail Dice}
 % Fill here your answers for exercise C