Back to Vulnerability database

Re-Entrancy Honey Pot

ID Submit date Publish date Author Score
1 10.26.2018 10.26.2018 9.2

Decription

Because withdraw reverted, it seems like the entire transaction should have been reverted, but recall that call does not propagate exceptions. It sends a message to another contract, and if that "internal transaction" reverts, it just returns 0 to the caller. So here's what happens: 1. Exploit calls withdraw. 2. withdraw calls Exploit's payable fallback function. [call #1] 3. Exploits payable fallback function calls withdraw again. 4. withdraw calls Exploits payable fallback function again. [call #2] 5. That call simply succeeds, because Exploits payable fallback function sees that it has extracted the full 2 ether and just returns. 6. withdraw checks the result of call #2, sees that it was successful, and then reverts. 7. call #1 fails, because a revert happened. This passes control back to the caller with a 0 return value indicating failure. 8. withdraw checks the result of call #1, sees that it failed, and does not do the revert. 9. The transaction completes successfully. Vector: BVSS:1.1/B:S/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/CI:N/II:H/AI:L

Component

Smart contract

Platform

Ethereum

Subclass

Honey Pot

Original source

https://etherscan.io/address/0x95d34980095380851902ccd9a1fb4c813c2cb639#code

Comments