Skip to content

beiweiprogrammer/Reentrancy-attack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
lib
lib
 
 
script
script
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 
foundry.lock
foundry.lock
 
 
foundry.toml
foundry.toml
 
 

Repository files navigation

Reentrancy Lab (Foundry)

This is a minimal lab foucsing on demonstrating Reentrancy Attack, CEI fix and ReentrancyGuard protection

This project demonstrates:

  • a volunerable vault contract
  • a vault contract protected by CEI fix.
  • a vault contract protected by CEI fix and ReentrancyGuard.

Project Structure

src/
  ├── VulnerableVault.sol
  ├── CEIVault.sol
  ├── SafeVault.sol
  ├── ReentrancyAttacker.sol

test/
  ├── Reentrancy.t.sol

Setup

Install dependencies:

forge install
forge test -vvv

Reentrancy Attack Flow

  • attacker deposites 1 ETH
  • attacker try to withdraw 1 ETH
  • attacker withdraws again when withdraw successful
  • keep doing this until there is no sufficient balance

Protection Mechanism

CEI

We deduct balance before the withdraw was successful

ReentrancyGuard

We ues the state to check whether the withdraw process really end.

Tech Stack

  • Solidity ^0.8.20
  • Foundry

Lessons Learned

  • Always update state before external call
  • Use Reenetrancy guard as security

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages