zenon/cryptocurrencies
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add report for DAODown

Browse Source
This commit is contained in:
Tobias Eidelpes 2022-01-01 16:15:18 +01:00
parent c22a3ec2f3
commit ca5ef66d8f
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
project2/report2.pdf
View File

Binary file not shown.

36
project2/report2.tex
View File

@ -133,7 +133,41 @@ To mitigate this vulnerability the contract should use \texttt{call} instead of
\texttt{delegatecall}.
\section{DAO Down}
% Fill here your answers for exercise B
In this challenge we were given one contract called \texttt{EDao}. It allows
investors to fund addresses and those addresses can then withdraw the funding
they received. There is a bug in the \texttt{withdraw} function, however, which
allows an already funded address to withdraw more than it should be able to. If
the funded address is a contract address, the contract can exploit the
\texttt{withdraw} function by repeatedly withdrawing their funding. This is
possible because the internal balance of how much funds an address can withdraw
is only changed \emph{after} the funding is paid out to the receiver. For this
to work, a malicious contract has to have a \texttt{fallback} function which
calls the \texttt{withdraw} function again. When the \texttt{fallback} function
is called, the code execution recurses into the \texttt{withdraw} function and
passes all balance checks because the balance has not yet been changed. The
payout proceeds a second time and the \texttt{fallback} function is called
again until the balance of the \texttt{EDao} contract is zero. This type of
attack is called a \emph{reentrancy attack}.
In practice the following contract (or a variation thereof) has to be deployed
to the blockchain and the address of the deployed contract has to be funded with
one Ether in the \texttt{EDao} contract:
\inputminted[frame=lines,framesep=2mm,bgcolor=LightGray,fontsize=\footnotesize,linenos,breaklines]{solidity}{daodown/hacker.sol}
An attacker can manually call the contract's \texttt{pwn} function and execute
the exploit. The malicious contract has successfully siphoned off \texttt{EDao}'s balance. Finally, the attacker calls the \texttt{withdraw} function of the
malicious contract and the balance is transferred to the attacker.
Mitigating reentrancy attacks is commonly done through two means. Either the
contract performs changes to its state \emph{before} executing the call or
functions which perform calls to external addresses are wrapped in a modifier
with mutex-like functionality. In the former approach a malicious contract will
not be able to execute the call to its own \texttt{fallback} function an
additional time because the balance checks fail. In the latter approach a
boolean variable is set to \texttt{true} when the function is executing the
first time. Before the function can be executed a second time, the contract
checks whether the variable is set to \texttt{true}. If it is, the transaction
is aborted.
\section{Fail Dice}
% Fill here your answers for exercise C