How Spankchain Got Hacked

Explained: A Reentrancy attack which drained 165 Ether

Alex Roan
The Startup

--

Photo by Kaur Kristjan on Unsplash

Introduction

Spankchain is a decentralised platform for the adult entertainment industry. In 2018, one of their Smart Contracts was attacked and drained of around 165 Ether. The Spackchain team published an overview of the attack when they discovered that it had occurred. In it, they described the exploit as a Reentrancy attack.

Here, we’ll go through a high-level description of the vulnerable contracts, how it is vulnerable, and how it was exploited. We’ll then go through the code in detail and write a malicious contract to exploit the vulnerability.

High-Level Explanation

Spankchain was using a contract which enables entities to exchange Ether and ERC20 tokens. The aim: to reduce fees that would be incurred if the transactions were performed on an exchange.

The contract in question is called LedgerChannel and enables entities (intended as users of the platform) to open channels to transact in. When an entity creates a channel, the open channel allows another entity to join. Once more than one entity is part of the channel, the two can transact Ether or ERC20 tokens.

--

--

Alex Roan
The Startup

CoFounder at Cyfrin. Previously: Chainlink Labs.