DoubleEntryPoint Level can be solved with a bot that always raises alerts

OpenZeppelin / ethernaut

Web3/Solidity based wargame

MIT License

1.99k stars 684 forks source link

DoubleEntryPoint Level can be solved with a bot that always raises alerts #655

Open Drblessing opened 1 year ago

Drblessing commented 1 year ago

The detection bot:

contract DetectionBot is IDetectionBot {
    IForta public forta; 
    constructor (IForta forta_) {
        forta = forta_;
    }
    function handleTransaction(address user, bytes calldata msgData) external {

        forta.raiseAlert(user);

        return;
    }
}

will auto raise alerts and effectively DDOS the delegateTransfer method. It passes as a valid solution to the level though.

Nfire2103 commented 4 months ago

I noticed the same problem. So, I make a PR to fix this : https://github.com/OpenZeppelin/ethernaut/pull/745. In this one, I updated DetectionBot solution to a real solution. I also updated validateInstance to prevent DetectionBot which always raises alert.