Back to Vulnerability database

Re-Entrancy Honey Pot

ID Submit date Publish date Author Score
1 10.26.2018 10.26.2018 9.2


Because withdraw reverted, it seems like the entire transaction should have been reverted, but recall that call does not propagate exceptions. It sends a message to another contract, and if that internal transaction reverts, it just returns 0 to the caller.

So here's what happens:

  1. Exploit calls withdraw.

  2. withdraw calls Exploit's payable fallback function. [call #1]

  3. Exploits payable fallback function calls withdraw again.

  4. withdraw calls Exploits payable fallback function again. [call #2]

  5. That call simply succeeds, because Exploits payable fallback function sees that it has extracted the full 2 ether and just returns.

  6. withdraw checks the result of call #2, sees that it was successful, and then reverts.

  7. call #1 fails, because a revert happened. This passes control back to the caller with a 0 return value indicating failure.

  8. withdraw checks the result of call #1, sees that it failed, and does not do the revert.

  9. The transaction completes successfully.


Original source