Skip to content

prince2014/reentrancy-attack-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
build/contracts
build/contracts
 
 
contracts
contracts
 
 
migrations
migrations
 
 
test
test
 
 
README.md
README.md
 
 
README_deprecated.md
README_deprecated.md
 
 
truffle.js
truffle.js
 
 

Repository files navigation

honeyPotReentrancyAttack

Example of vulnerable contract and an attack contract that would drain all money from vulnerable contract.

Prerequisites

  1. Make sure you have Ganache running on localhost:8545, if no Ganache installed, see https://www.trufflesuite.com/ganache to install.

Set up

truffle compile

truffle migrate

truffle console

Quick run

HoneyPot.deployed().then(instance => honeyPotAddress = instance.address) web3.eth.getBalance(honeyPotAddress)

web3.eth.getAccounts().then(function(acc){ accounts = acc }) accounts[1] HoneyPot.deployed().then(instance => instance.put({from: accounts[1], value: web3.utils.toWei("10", "ether") })) web3.eth.getBalance(honeyPotAddress)

HoneyPotCollect.deployed().then(instance => evilContractAddress = instance.address) web3.eth.getBalance(evilContractAddress)

HoneyPotCollect.deployed().then(inst => inst.collect({ value: web3.utils.toWei("1", "ether"), gas: 1000000 })) web3.eth.getBalance(evilContractAddress)

HoneyPotCollect.deployed().then(inst => inst.kill())

HoneyPot.deployed().then(instance => instance.put( {value: web3.utils.toWei("8", "ether")})) HoneyPot.deployed().then(instance => instance.balances(accounts[0])) HoneyPot.deployed().then(instance => instance.get())

truffle console commands

Get Honey pot contract address

HoneyPot.deployed().then(instance => honeyPotAddress = instance.address)

Check its balance:

web3.eth.getBalance(honeyPotAddress).toString(10)

Send money to honey pot address from accounts[1]:

web3.eth.getAccounts().then(function(acc){ accounts = acc }) accounts[1]

HoneyPot.deployed().then(instance => instance.put({from: accounts[1], value: web3.utils.toWei("5", "ether") }))

Check again honeypot contract balance:

web3.eth.getBalance(honeyPotAddress)

Get Attack contract address:

HoneyPotCollect.deployed().then(instance => evilContractAddress = instance.address)

Check its balance:

web3.eth.getBalance(evilContractAddress)

Attack HoneyPot contract with evil contract:

HoneyPotCollect.deployed().then(inst => inst.collect({ value: web3.utils.toWei("5", "ether"), gas: 1000000 }))

Transfer ether to the thief account:

HoneyPotCollect.deployed().then(inst => inst.kill())

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages