Created
March 9, 2022 12:02
-
-
Save vyorkin/1f11bd26ac4f5ca6169a3dd1cd80aeb2 to your computer and use it in GitHub Desktop.
Created using remix-ide: Realtime Ethereum Contract Compiler and Runtime. Load this file by pasting this gists URL or ID at https://remix.ethereum.org/#version=soljson-v0.8.12+commit.f00d7308.js&optimize=false&runs=200&gist=
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.10; | |
| contract Foo { | |
| Bar bar; | |
| constructor(address _bar) { | |
| bar = Bar(_bar); | |
| } | |
| function callBar() public { | |
| bar.log(); | |
| } | |
| } | |
| contract Bar { | |
| event Log(string message); | |
| function log() public { | |
| emit Log("Bar was called"); | |
| } | |
| } | |
| // This code is hidden in a separate file | |
| contract Mal { | |
| event Log(string message); | |
| // function () external { | |
| // emit Log("Mal was called"); | |
| // } | |
| // Actually we can execute the same exploit even if this function does | |
| // not exist by using the fallback | |
| function log() public { | |
| emit Log("Mal was called"); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment