Date:

Share:

Preventing Smart Contract Attacks on Ethereum — A Code Analysis | by Abhishek Chauhan | Jan, 2022

Related Articles

Let’s write a smart smart contract code, see how attacks work, and understand repair techniques for repair

1*adLy0yMz2hdhZKFokpQ2bw
source: Cancel drawing

This type of assaultK Can occur when a contract sends a site to an unknown address. An attacker could carefully construct a contract at an external address that contains malicious code in the fallback function.

EtherStore.sol
Attack.Soul
  1. Attack.solLine 17 of: The malicious contract will read the withdrawFunds Function of EtherStore Contract with a parameter of site 1. It will pass all the requirements (lines 12–16 of EtherStore Contract) because no previous withdrawals have been made.
  2. EtherStore.solLine 17 of: The contract will send one site back to the malicious contract.
  3. Attack.solLine 25 of: The payment for the malicious contract will perform the fallback function.
  4. Attack.solRow 26 of: The total balance of EtherStore The contract was 10 sites and is now 9 sites, so this statement if passes.
  5. Attack.solLine 27 of: The fallback function calls EtherStore withdrawFunds Functions again and ‘re-enters’ to EtherStore contract.
  6. EtherStore.solLine 11 of: In this second call to withdrawFunds, The current contract balance is still site 1 since line 18 has not yet been executed. Hence, we still have balances[0x0..123] = 1 ether. This is also the case with lastWithdrawTime variable. Again, we pass all the requirements.
  7. EtherStore.solRow 17 of: The valid contract attracts 1 more site.
  8. Repeat steps 4-8 until this is no longer the case EtherStore.balance > 1, As dictated by the 26-inch line Attack.sol.
  9. Attack.solLine 26 of: Once one site (or less) is left in EtherStore Contract, that’s if the statement fails. This will then allow lines 18 and 19 of EtherStore Contract to be executed (for each call to withdrawFunds function).
  10. EtherStore.sol, Lines 18 and 19: balances and lastWithdrawTime Mappings will be determined and execution will be completed.

There are a number of common techniques that help avoid potential harm of re-entering into smart contracts.

EtherStore.sol

Source

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular Articles