Nathan nathan-websculpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function sendViaCall(address payable _to) public payable { | |
| (bool sent, bytes memory data) = _to.call{value:msg.value}(""); | |
| require(sent, "Failed to send Ether"); | |
| } |
nathan-websculpt
/ VulnerableWithdraw.sol
Created
September 16, 2021 12:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function withdrawFromAttackee() public { | |
| uint senderBalance = attackeeBalances[msg.sender]; | |
| require(senderBalance > 0); | |
| (bool success, ) = msg.sender.call{ value: senderBalance }(""); | |
| require(success, "withdrawFromAttackee failed to send"); | |
| attackeeBalances[msg.sender] = 0; | |
| } |
nathan-websculpt
/ AttackVulnerableWithdraw.sol
Created
September 16, 2021 12:46
How to attack the VulnerableWithdraw.sol example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //this is called when Attackee sends Ether to this contract (Attacker) | |
| fallback() external payable { | |
| if(address(contractToAttack).balance >= 1 ether) { | |
| contractToAttack.withdrawFromAttackee(); | |
| } | |
| } | |
| function performAttack() external payable { | |
| require(msg.value >= 1 ether); | |
| contractToAttack.depositIntoAttackee{value: 1 ether}(); |
nathan-websculpt
/ ReentrancyAttackExample.sol
Created
September 16, 2021 15:11
Attacker.performAttack can drain Attackee in a reentrancy attack that utilizes the Attacker's fallback function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: GPL-3.0 | |
| pragma solidity >=0.7.0 <0.9.0; | |
| contract Attackee { | |
| mapping(address => uint) public attackeeBalances; | |
| function depositIntoAttackee() external payable { | |
| attackeeBalances[msg.sender] += msg.value; | |
| } |
nathan-websculpt
/ ReentrancyAttackFIX.sol
Created
September 17, 2021 14:31
The fix for ReentrancyAttackExample.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: GPL-3.0 | |
| pragma solidity >=0.7.0 <0.9.0; | |
| contract Attackee { | |
| mapping(address => uint) public attackeeBalances; | |
| function depositIntoAttackee() external payable { | |
| attackeeBalances[msg.sender] += msg.value; | |
| } |
nathan-websculpt
/ ReentrancyGuard_simpleExample.sol
Last active
September 24, 2021 20:40
This is an example Reentrancy Guard for teaching purposes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: GPL-3.0 | |
| pragma solidity >=0.7.0 <0.9.0; | |
| contract ReentrancyGuard { | |
| bool private guardLocked; | |
| modifier noReentry() { | |
| require(!guardLocked, "Prevented by noReentry in ReentrancyGuard"); |
nathan-websculpt
/ ReentrancyGuard_BlockedAttack.sol
Created
September 22, 2021 15:55
This example shows a simple Reentrancy Guard in action. Even though the balance is not zero-ed out until after the call, this reentrancy guard stops the attacker's receive() from completing the attack. For learning purposes only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: GPL-3.0 | |
| pragma solidity >=0.7.0 <0.9.0; | |
| contract ReentrancyGuard { | |
| bool private guardLocked; | |
| modifier noReentry() { | |
| require(!guardLocked, "Prevented by noReentry in ReentrancyGuard"); |
nathan-websculpt
/ OpenZeppelin_ReentrancyGuard.sol
Created
September 22, 2021 18:03
Here is an example of the OpenZeppelin Reentrancy Guard in use
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: GPL-3.0 | |
| pragma solidity >=0.7.0 <0.9.0; | |
| import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v4.3/contracts/security/ReentrancyGuard.sol"; | |
| contract Attackee is ReentrancyGuard { | |
| mapping(address => uint) public attackeeBalances; | |
| function depositIntoAttackee() external payable { |
nathan-websculpt
/ EscrowExample.sol
Created
September 24, 2021 19:42
Example usage of Escrow -- not production-ready -- for learning purposes only
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: GPL-3.0 | |
| pragma solidity >=0.7.0 <0.9.0; | |
| import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v4.3/contracts/security/ReentrancyGuard.sol"; | |
| import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v4.3/contracts/utils/escrow/Escrow.sol"; | |
| contract EscrowExample is ReentrancyGuard { | |
| Escrow private immutable _escrow; |
nathan-websculpt
/ StringTesting.sol
Created
September 27, 2021 17:34
Compare and Concat strings in solidity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: GPL-3.0 | |
| pragma solidity >=0.7.0 <0.9.0; | |
| contract StringTesting { | |
| function stringCompare(string calldata _inputOne, string calldata _inputTwo) external pure returns (bool r) { | |
| bool rslt; | |
OlderNewer