COMP90088 (2022) Tutorial Week 8 Solutions
1 Contract calls
Documentation can be found here.
A1.x = 28 and A2.x = 54. foo is executed in the context of A1, bar in A2 and baz in A1. A1.x = 10 and A2.x = 72. foo is executed in the context of A1, bar in A1 and baz in A2.
Copyright By PowCoder代写 加微信 powcoder
A1.x = 2 and A2.x = 3. The staticcall to bar causes a revert since it attempts to modify storage.
Cross-function re-entrancy
The attacking contract can begin by calling withdraw. When withdraw calls the attacking contract¡¯s fallback function, the transferLock is still unset so a transfer can be made inside the fallback function to a friendly address. Something like
function() external payable { A.transfer(
would end up transferring the 100 ETH balance to a friendly account while also having withdrawn it, effectively stealing 100 ETH. Note that this attack can be repeated by the friendly address if it also points to an attacking contract.
Also check !withdrawLock to prevent transfers during a withdrawal.
Use the Checks-Effects-Interactions pattern. In this case, set balances[msg.sender] = 0; (the ¡®effect¡¯) before sending out funds with call (the ¡®interaction¡¯) so that there will be no balance for the attacking contract to transfer.
Parity bug
The contract¡¯s code would be larger, and storage is expensive. Therefore it costs more gas to deploy the contract.
Having an updateable contract variable sidesteps the expectation that contract code is im- mutable. As such, it is important for there to be a trustworthy mechanism to update the contract variable, to prevent a bad-acting owner from scamming users of the contract that expect it to behave in a particular manner. Some such mechanisms might include requiring an on-chain announcement period before the new contract variable is adopted or requiring an on-chain vote from holders of some governance token.
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com