Ethernaut CTF - Re-entrancy (Level 10)

  Рет қаралды 1,814

D-Squared

D-Squared

Күн бұрын

Пікірлер: 22
@danielcawley1051
@danielcawley1051 2 жыл бұрын
I'm only new to auditing but I was able to get it to work for me, instead of withdrawing at increments of 1 wei at a time I withdrew funds at increments of 1000000000000000 wei a time, I think this worked because if you're withdrawing 1 wei at a time you would have to go through over a 1000000000000000000 transactions which would be too expensive to process. If anyone wants further help on this problem please see the comment below this which will link to a tweet that has the contract that worked.
@AerosDaDinoHoodie
@AerosDaDinoHoodie 2 жыл бұрын
I think I figured out the issue. The Ethernaut level code is written in solidity version ^0.6.0, but it uses syntax from ^0.8.0. This exact code snippet particularly: > (bool result,) = msg.sender.call{value:_amount}(""); That is how you would write it in 0.8x. In a 0.6x version it would look like this: > (bool result,) = msg.sender.call.value(_amount)(""); So the code doesn't match the compiler version, and my guess is that it means a proper withdraw() cannot occur.
@classyboy2000
@classyboy2000 Жыл бұрын
So what do you do about this? I am seeing an issue where I have to select one compiler version in Remix but the two contracts have different versions specified in the pragma (^0.8.0 and 0.6.12). Also when I switch the remix compiler version to 0.6.12 I see this error indicating that remix doesn't now how/from-where to import SafeMath: Error: not found openzeppelin-contracts-06/math/SafeMath.sol
@aryanmalik5537
@aryanmalik5537 Жыл бұрын
@@classyboy2000 Make sure that in 0.6.12, the importing statement gonna be same as in the code provided But in 0.8.0, the importing statement will change to -> import "@openzeppelin/contracts/utils/math/SafeMath.sol";
@benr2466
@benr2466 Жыл бұрын
I just tried continuously withdrawing the msg.value that the fallback receives, couldn’t get it to 0 tho
@rookie_
@rookie_ 2 жыл бұрын
Also, at the end of the attack, do you ever pull (or send) the values into the calling instance account, or are they left in the attacking smart contract?
@haruxe5140
@haruxe5140 2 жыл бұрын
You can optionally create a built-in function for withdrawing funds, or have it sent back to the msg.sender.
@steverobinson8771
@steverobinson8771 Жыл бұрын
Just include a selfdestruct(your_address) function. Call it as the last operation, such that the attack contract gets wiped and sends all funds it has back to 'your_address'
@creativedirector3198
@creativedirector3198 2 жыл бұрын
I couldn't get what "_amount;" means too, probably it does nothing. Have you found out opposite?
@Corpus.Callosum
@Corpus.Callosum 2 жыл бұрын
at some point i made the attack working but somehow target contract was drained to 0.001 not 0, that's why still could not pass the level. :)
@revwrapz8279
@revwrapz8279 2 жыл бұрын
did you ever manage to crack this, ive been here all day, cant work out if its a solidity compiler issues or what, i did how ever notice that the contract im trying to call isnt the same address i enter when deploying the contract, not sure if this is also an issue, ive tried i dont know how many lines of code including making sure i had 0 errors, everything works but i cannot get that contract to give me its funds :(
@d-squared70
@d-squared70 2 жыл бұрын
No worries, frustration is part of the journey ;) Check Evgenily response below, might help a bit
@theblockchainbuddy
@theblockchainbuddy Жыл бұрын
Probably receive() is needed here since the contract is payng back to the attacker so that's what's gonna be called..
@thurendous
@thurendous Жыл бұрын
1 wei should be the problem? It is too little to be done.
@scottpayne6599
@scottpayne6599 Жыл бұрын
I think you just had your units wrong. contract balance is 0.001 ether(1000000000000000 wei). So if you try to withdraw one wei at a time there are too many transactions. So you run out of gas. everywhere you have 1 wei in the contract change to 1000000000000000 wei and it should work.
@joaovictorrabelo4751
@joaovictorrabelo4751 2 жыл бұрын
When lvl 11 sir?
@d-squared70
@d-squared70 2 жыл бұрын
Coming soon. :)
@evgeniys7247
@evgeniys7247 2 жыл бұрын
Hey! Great videos, keep up the good work! I managed to attack, I think you have a problem in the Attack () function in the donate line. I commented on it and donated directly - something like reentrancy_contract.donate(attacker_contract.address, {"from": attacker_account, "value": 100}) Also, this attack must be carried out several times. On a local stand, for 1 wei in the attack, I returned 98 wei, for each block. Well, respectively, for 2 -> 196, etc.
@evgeniys7247
@evgeniys7247 2 жыл бұрын
On rinkeby, it was also possible to carry out an attack, but there, for one attack of 1 wei, you can only carry out 1 wei (not 98 as on local), but you can always attack 100 and so on. If you are interested, you can watch through rinkeby etherscan Reentracy contract address - 0x84933729dD8ead2ef8326A3f243A06C4c720252a Attack contract address - 0x68C15bB0d224F3aA41aCed56D2b62B5E0017c1aF
@d-squared70
@d-squared70 2 жыл бұрын
Thank you for the clear feedback and guidance here. :)
Ethernaut CTF - Elevator (Level 11)
18:16
D-Squared
Рет қаралды 1,1 М.
Smart Contract Hacking
34:44
SANS Offensive Operations
Рет қаралды 3,5 М.
😜 #aminkavitaminka #aminokka #аминкавитаминка
00:14
Аминка Витаминка
Рет қаралды 2,3 МЛН
Friends make memories together part 2  | Trà Đặng #short #bestfriend #bff #tiktok
00:18
Seja Gentil com os Pequenos Animais 😿
00:20
Los Wagners
Рет қаралды 69 МЛН
这是自救的好办法 #路飞#海贼王
00:43
路飞与唐舞桐
Рет қаралды 69 МЛН
Ethernaut CTF - Alien Codex (Level 19)
28:18
D-Squared
Рет қаралды 1,5 М.
Read Only Reentrancy | Hack Solidity (0.8)
19:55
Smart Contract Programmer
Рет қаралды 12 М.
Ethernaut 10 - Re-entrancy
7:57
Smart Contract Programmer
Рет қаралды 5 М.
Smart Contract Security - Ethernaut Challenge #10 - Re-entrancy
1:07:14
DeFi Developer Academy
Рет қаралды 4,1 М.
The ideal smart contract audit report
26:14
D-Squared
Рет қаралды 1,8 М.
Ethernaut CTF - Dex (Level 22)
23:54
D-Squared
Рет қаралды 1,3 М.
Ethernaut CTF - Motorbike (Level 25)
26:54
D-Squared
Рет қаралды 1 М.
Ethernaut CTF - DoubleEntryPoint (Level 26)
25:16
D-Squared
Рет қаралды 1,5 М.
😜 #aminkavitaminka #aminokka #аминкавитаминка
00:14
Аминка Витаминка
Рет қаралды 2,3 МЛН