FV-SOL-1-C3 Cross Contract

TLDR

In cross-contract reentrancy, an attacker uses two separate contracts: one vulnerable contract and another malicious contract.

The attacker’s contract calls the vulnerable contract repeatedly across functions to manipulate shared state and drain funds.

Game

Think about how an attacker could exploit this setup if they deploy a separate malicious contract.

Can you identify how withdraw might allow another contract to repeatedly manipulate balances and drain funds?

// SPDX-License-Identifier: MIT
// Open me in VSCode and really think before opening the hints!
// Add @audit tags wherever suspicious
// Go to the solidity docs to complete missing knowledge of what's happening here
// Solve by drafting a fix!
pragma solidity ^0.8.0;

contract CrossContractReentrancyGame {
    mapping(address => uint256) public balances;

    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }

    function withdraw() public {
        uint256 balance = balances[msg.sender];
        require(balance > 0, "Insufficient balance");
        (bool success, ) = msg.sender.call{value: balance}("");
        require(success, "Transfer failed");
        balances[msg.sender] = 0;
    }
}

Last updated