-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathReentrancyVulnBankBuggyLockHard.sol
118 lines (99 loc) · 3.77 KB
/
ReentrancyVulnBankBuggyLockHard.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
pragma solidity ^0.7.6;
/**
* @title SafeMath
* @dev Math operations with safety checks that throw on error
*/
library SafeMath {
/**
* @dev Multiplies two numbers, throws on overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {
if (a == 0) {
return 0;
}
c = a * b;
assert(c / a == b);
return c;
}
/**
* @dev Integer division of two numbers, truncating the quotient.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
// assert(b > 0); // Solidity automatically throws when dividing by 0
// uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return a / b;
}
/**
* @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
assert(b <= a);
return a - b;
}
/**
* @dev Adds two numbers, throws on overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256 c) {
c = a + b;
assert(c >= a);
return c;
}
}
contract ReentrancyVulnBankBuggyLockHard {
using SafeMath for uint256;
mapping(address => uint256) private userBalances;
mapping(address => bool) private disableWithdraw;
mapping(address => mapping(address => uint256)) private allowance;
modifier withdrawAllowed {
require(disableWithdraw[msg.sender] == false);
_;
}
function getBalance(address a) public view returns (uint256) {
return userBalances[a];
}
function deposit() public payable {
if (msg.value > 0) {
userBalances[msg.sender] = userBalances[msg.sender].add(msg.value);
}
}
function addAllowance(address other, uint256 amount) public {
allowance[msg.sender][other] = allowance[msg.sender][other].add(amount);
}
// The withdrawBalance function call is making it possible to reenter this
// contract. However, all the functions that modify the balance are
// checking whether a lock was set using the withdrawAllowed modifier. So
// the attacker cannot reenter the transfer or transferFrom function
// anymore.
//
// However, the attacker can collude with a second account, e.g., call into
// another attacker contract, that then reenters into the transferFrom
// function. Since the second account has not yet called the withdraw
// function it is still allowed to enter the contract since this locking
// mechanism has not locked the second contract.
// the transferFrom style function is quite common in Token-like contracts
// essentially you can give another contract permission to withdraw a
// certain amount from your own account.
function transferFrom(address from, uint256 amount) public withdrawAllowed
{
require(userBalances[from] >= amount);
require(allowance[from][msg.sender] >= amount);
userBalances[from] = userBalances[from].sub(amount);
allowance[from][msg.sender] = allowance[from][msg.sender].sub(amount);
userBalances[msg.sender] = userBalances[msg.sender].add(amount);
}
function transfer(address to, uint256 amount) public withdrawAllowed {
require(userBalances[msg.sender] >= amount);
userBalances[msg.sender] = userBalances[msg.sender].sub(amount);
userBalances[to] = userBalances[to].add(amount);
}
function withdrawBalance() public withdrawAllowed {
uint256 amountToWithdraw = userBalances[msg.sender];
if (amountToWithdraw > 0) {
disableWithdraw[msg.sender] = true;
msg.sender.call{value: amountToWithdraw}("");
disableWithdraw[msg.sender] = false;
userBalances[msg.sender] = 0;
}
}
}