Add report for DAODown
This commit is contained in:
parent
c22a3ec2f3
commit
ca5ef66d8f
Binary file not shown.
@ -133,7 +133,41 @@ To mitigate this vulnerability the contract should use \texttt{call} instead of
|
|||||||
\texttt{delegatecall}.
|
\texttt{delegatecall}.
|
||||||
|
|
||||||
\section{DAO Down}
|
\section{DAO Down}
|
||||||
% Fill here your answers for exercise B
|
|
||||||
|
In this challenge we were given one contract called \texttt{EDao}. It allows
|
||||||
|
investors to fund addresses and those addresses can then withdraw the funding
|
||||||
|
they received. There is a bug in the \texttt{withdraw} function, however, which
|
||||||
|
allows an already funded address to withdraw more than it should be able to. If
|
||||||
|
the funded address is a contract address, the contract can exploit the
|
||||||
|
\texttt{withdraw} function by repeatedly withdrawing their funding. This is
|
||||||
|
possible because the internal balance of how much funds an address can withdraw
|
||||||
|
is only changed \emph{after} the funding is paid out to the receiver. For this
|
||||||
|
to work, a malicious contract has to have a \texttt{fallback} function which
|
||||||
|
calls the \texttt{withdraw} function again. When the \texttt{fallback} function
|
||||||
|
is called, the code execution recurses into the \texttt{withdraw} function and
|
||||||
|
passes all balance checks because the balance has not yet been changed. The
|
||||||
|
payout proceeds a second time and the \texttt{fallback} function is called
|
||||||
|
again until the balance of the \texttt{EDao} contract is zero. This type of
|
||||||
|
attack is called a \emph{reentrancy attack}.
|
||||||
|
|
||||||
|
In practice the following contract (or a variation thereof) has to be deployed
|
||||||
|
to the blockchain and the address of the deployed contract has to be funded with
|
||||||
|
one Ether in the \texttt{EDao} contract:
|
||||||
|
\inputminted[frame=lines,framesep=2mm,bgcolor=LightGray,fontsize=\footnotesize,linenos,breaklines]{solidity}{daodown/hacker.sol}
|
||||||
|
An attacker can manually call the contract's \texttt{pwn} function and execute
|
||||||
|
the exploit. The malicious contract has successfully siphoned off \texttt{EDao}'s balance. Finally, the attacker calls the \texttt{withdraw} function of the
|
||||||
|
malicious contract and the balance is transferred to the attacker.
|
||||||
|
|
||||||
|
Mitigating reentrancy attacks is commonly done through two means. Either the
|
||||||
|
contract performs changes to its state \emph{before} executing the call or
|
||||||
|
functions which perform calls to external addresses are wrapped in a modifier
|
||||||
|
with mutex-like functionality. In the former approach a malicious contract will
|
||||||
|
not be able to execute the call to its own \texttt{fallback} function an
|
||||||
|
additional time because the balance checks fail. In the latter approach a
|
||||||
|
boolean variable is set to \texttt{true} when the function is executing the
|
||||||
|
first time. Before the function can be executed a second time, the contract
|
||||||
|
checks whether the variable is set to \texttt{true}. If it is, the transaction
|
||||||
|
is aborted.
|
||||||
|
|
||||||
\section{Fail Dice}
|
\section{Fail Dice}
|
||||||
% Fill here your answers for exercise C
|
% Fill here your answers for exercise C
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user