Reentrancy | Hack Solidity (0.6)

แชร์
ฝัง
  • เผยแพร่เมื่อ 1 ธ.ค. 2024

ความคิดเห็น • 203

  • @smartcontractprogrammer
    @smartcontractprogrammer  4 ปีที่แล้ว +15

    Here are the topics in this video
    Overview 0:40
    Code 4:31
    Preventative techniques 12:24

  • @0xLife
    @0xLife 4 ปีที่แล้ว +54

    You have a GREAT talent for explaining complex subjects and making them really easy to understand, I love your neutral straight to the point content, the speed and the words choice is perfect, your no filler BS approach is great as well since you leave out the unnecessary hype and focus on providing excellent value in each of your videos. Also the visual aids, and the access to the code are amazing tools. Keep it up mate, and thanks a lot for what you are doing.

    • @PínnedbyMoralisWeb3-c2x
      @PínnedbyMoralisWeb3-c2x 3 ปีที่แล้ว

      Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...

    • @riazbacchus3962
      @riazbacchus3962 2 ปีที่แล้ว +2

      i agree w this comment

    • @eatmungbeans
      @eatmungbeans 2 ปีที่แล้ว

      my thoughts exactly too

    • @Davimejor
      @Davimejor 2 ปีที่แล้ว

      totally agreem good content!

  • @nolestock4291
    @nolestock4291 4 ปีที่แล้ว +12

    Fantastic. I really really appreciate the slow methodical approach. You didn't skip over anything end explained it very well. Thank you so much!

    • @PínnedbyMoralisWeb3-c2x
      @PínnedbyMoralisWeb3-c2x 3 ปีที่แล้ว

      Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...

  • @akif409
    @akif409 4 ปีที่แล้ว +17

    The second preventation method is clever AF. Thanks so much bro!!! Loved it!

    • @bezimienny5
      @bezimienny5 2 ปีที่แล้ว +1

      Doesn't it make it so that only one person can use this function at the time? What if we want to allow an entirely unrelated person to withdraw their eth?

    • @raviojhayt
      @raviojhayt 2 ปีที่แล้ว +1

      @@bezimienny5 I had the same question, then found an answer that explains that once a transaction from person A is added to blockchain, then that single transaction will be atomic. Person B calling the same function will only execute sequentially after Person A transaction is completed.

    • @frog706
      @frog706 2 ปีที่แล้ว

      @@raviojhayt That's awesome so it's just like transactions in a SQL database.

  • @matteotambussi
    @matteotambussi 2 ปีที่แล้ว +3

    AWESOME explanation!
    I didn't know a modifier could trigger something AFTER the function ran. Very cool!

  • @dhu.6939
    @dhu.6939 4 ปีที่แล้ว +5

    I hope you get more subs soon your doing a great job!. Also to mention, iIwatch you with a 1.5x or 2x speed. Thats great that this is possible with your presentation

    • @smartcontractprogrammer
      @smartcontractprogrammer  4 ปีที่แล้ว +1

      should i try talking a little faster?

    • @dhu.6939
      @dhu.6939 4 ปีที่แล้ว +2

      @@smartcontractprogrammer For me its perfect, cause in other tutorials im not able to watch them faster.

  • @IssaNana-k4d
    @IssaNana-k4d 2 หลายเดือนก่อน

    Content is amazing as always. Attacker's pov, just what I've been looking for! Thank you 😄

  • @Sanjism-y9k
    @Sanjism-y9k 3 ปีที่แล้ว +1

    You are the best in how you speak and show everything, thanks a lot!!

    • @PínnedbyMoralisWeb3-c2x
      @PínnedbyMoralisWeb3-c2x 3 ปีที่แล้ว

      Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...

  • @salem232
    @salem232 4 ปีที่แล้ว +3

    Super awesome video !!! Love ❤️ the approach of teaching the hacking and then the preventive code !!!

  • @eli_chaps
    @eli_chaps ปีที่แล้ว

    Came from cyber security and I love this.

  • @MuhammadTajammulZia
    @MuhammadTajammulZia 2 ปีที่แล้ว +1

    You are an amazing teacher and an amazing person. Thank you fro teaching so much for free!

  • @salmanhaider786
    @salmanhaider786 ปีที่แล้ว

    Clear cut clean explanation, thank you sir!

  • @atataheri
    @atataheri 3 ปีที่แล้ว +1

    Love it!!!
    Also if you use the modifier, you only can use it for one function
    as there is only one boolean keeping the state

    • @josemiguel5924
      @josemiguel5924 3 ปีที่แล้ว

      You could use a mapping address => bool to store whether an address transactions are locked or not or even something like address => mapping(string => bool) for specific function names but may not be too efficient

    • @mo_i_nas
      @mo_i_nas 3 ปีที่แล้ว

      @@josemiguel5924 Can you elaborate on this a bit please? I think I understand, and maybe this answers my concern about the modifier lock variable used in the video. If we use this 'lock' boolean, does it lock ANY transactions even if it's not a true reentry? like a real withdrawal from a different user (or address)

    • @josemiguel5924
      @josemiguel5924 3 ปีที่แล้ว +1

      @@mo_i_nas I'm pretty sure that if the boolean that locks transactions is part of the global state of the contract it will block any transaction that has the modifier attached to it even if it is called from another address, what i was talking about is locking transactions for an specific address, meaning that the modifier won't read a boolean that says if the lock is activated or not, it will check a mapping containing addresses and a boolean for each one, so it will check if that address is authorized for making transactions or if it is in a "cooldown", so the lock would be per address and not global for every user but as i was saying, i'm kinda new to solidity so i don't really know how efficient would it be to do it that way, also maybe the most of the time you will be ok with the checks, effects, transactions pattern for protecting against simple reentrancy attacks.

    • @mayanknagwanshi
      @mayanknagwanshi 2 ปีที่แล้ว

      @@josemiguel5924 you dont really need a mapping in this case since, when transaction from person A is added to block, then that single transaction will be atomic. Person B calling the same function will only execute sequentially after Person A transaction is completed. so a function cannot be simultaneously executed by 2 different addresses, it will be sequiential

  • @Ts2pc
    @Ts2pc 2 ปีที่แล้ว

    The lock modifier is a smart design.

  • @r.avinashkumar5372
    @r.avinashkumar5372 2 ปีที่แล้ว +1

    great explanation, all videos just explain to use this in the contract, doesn't explain why. You used the best way by debugging and showing the flow of code.

    • @r.avinashkumar5372
      @r.avinashkumar5372 2 ปีที่แล้ว

      attack function is giving error
      Note: The called function should be payable if you send value and the value you send should be less than your current balance.
      please help

  • @alexlau6393
    @alexlau6393 3 ปีที่แล้ว +1

    great detailed video, thanks for the explanation!

  • @jofawole
    @jofawole 2 ปีที่แล้ว

    thank you so much, man. this is powerful and detailed as usual.

  • @moayaan1911
    @moayaan1911 2 ปีที่แล้ว

    we need MORE VIDEOS in this series

  • @javierdash1
    @javierdash1 2 ปีที่แล้ว

    Amazing explanation as you always do. Thank you very much for sharing your knowledge with us

  • @bennaylor4585
    @bennaylor4585 3 ปีที่แล้ว +1

    Really great explanation thank you so much! Liked and Subscribed.

  • @GwlaS
    @GwlaS ปีที่แล้ว

    Great video. Well explained. Thank you very much. 👌

  • @roinsultan5888
    @roinsultan5888 3 ปีที่แล้ว +1

    Very helpful and well explained thank you for your time and effort.

  • @Banksy_said_hi
    @Banksy_said_hi 2 ปีที่แล้ว +1

    Amazing explaination!

  • @sherlookholmes5499
    @sherlookholmes5499 2 ปีที่แล้ว

    I completely understood thnx man
    Love u bro

  • @ravendonly1
    @ravendonly1 2 ปีที่แล้ว

    thanks sir! this is very helpful to my upcoming project

  • @OJogodaLei
    @OJogodaLei ปีที่แล้ว

    The vulnerability in the smart contract that allows reentrancy lies in the function that enables external deposits, fund transfers, and the balance check in the contract that is calling the deposit function. The defense against this vulnerability lies in verifying the balance before performing the transfer.

  • @softwiz8160
    @softwiz8160 2 ปีที่แล้ว

    Very clear explanation... Great !!!

  • @piotrz6872
    @piotrz6872 3 ปีที่แล้ว +1

    That was a very clear explanation. Thank you!
    Could you make a video about resigning ownership of a contract and regaining it back? - if that's even possible ofc.
    Additional difficulty here would be the fact, that the contract wasn't upgradeable and prepared for such an event.

    • @smartcontractprogrammer
      @smartcontractprogrammer  3 ปีที่แล้ว

      you mean like this?
      github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol

    • @piotrz6872
      @piotrz6872 3 ปีที่แล้ว

      @@smartcontractprogrammer yes, but when owner using ownable resigns ownership (by mistake).

    • @smartcontractprogrammer
      @smartcontractprogrammer  3 ปีที่แล้ว

      Can't recover ownership. The new owner will have to transfer back the ownership to you.

    • @piotrz6872
      @piotrz6872 3 ปีที่แล้ว

      @@smartcontractprogrammer ok. Thanks for your time.

    • @mattrickbeats
      @mattrickbeats 2 ปีที่แล้ว

      Whoah!

  • @timurs7398
    @timurs7398 4 ปีที่แล้ว +1

    Perfect explanation.

    • @PínnedbyMoralisWeb3-c2x
      @PínnedbyMoralisWeb3-c2x 3 ปีที่แล้ว

      Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...

  • @adityamohan87
    @adityamohan87 4 ปีที่แล้ว

    Awesome video with perfect explanation.

    • @PínnedbyMoralisWeb3-c2x
      @PínnedbyMoralisWeb3-c2x 3 ปีที่แล้ว

      Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...

  • @miguelangelTripi
    @miguelangelTripi 2 ปีที่แล้ว

    Thanks for sharing. It is really useful information.

  • @alisalloum629
    @alisalloum629 2 ปีที่แล้ว

    Great video, thanks for sharing:)

  • @Ts2pc
    @Ts2pc 2 ปีที่แล้ว

    Very helpful! Thanks so much!

  • @pauljohn.ytchannel
    @pauljohn.ytchannel 3 ปีที่แล้ว +1

    Just to add, What he did is what we call "Check Effect Interaction Pattern"

    • @PínnedbyMoralisWeb3-c2x
      @PínnedbyMoralisWeb3-c2x 3 ปีที่แล้ว

      Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...

  • @aryastark4064
    @aryastark4064 3 ปีที่แล้ว +1

    really nice explanation. thanks man .

  • @aaron89pd
    @aaron89pd 2 ปีที่แล้ว

    Awesome video! Thank you!!!

  • @haxpor
    @haxpor 2 ปีที่แล้ว

    With the recent incidence of Revest.Finance whose culprit is at reentrancy, this video is somewhat important.
    One question: Does compiler auto generates constructor which map to public data member for us i.e. balances? So we can directly construct EtherStore by specifying address which acts as a key with value defaults to 0 for the address's balance?

  • @thatguyintech
    @thatguyintech 3 ปีที่แล้ว

    excellent breakdown

  • @NN-si6cl
    @NN-si6cl 3 ปีที่แล้ว

    Awesome explanation

  • @paramjeetsingh4321
    @paramjeetsingh4321 2 ปีที่แล้ว

    Very well explained ... thnx a lot

  • @javierdash1
    @javierdash1 2 ปีที่แล้ว

    Undoubtedly one of the best teachers. I have a doubt for the community: If the withdraw function includes parameters with arguments. Example: function withdraw(address _address, address _secondAddress, uint _amount) is it also possible to do a reentrancy? Because I wanted to try and I could not, and in the video it only shows when the withdraw()function does not include arguments. Thanks

  • @mayankchauhan6680
    @mayankchauhan6680 ปีที่แล้ว

    Hey a small question!, when state variable locked = true, will it just stop incoming "withdraw" request from Smart Contract B or will it stop all "withdraw" requests coming from any user?

  • @b-baller
    @b-baller ปีที่แล้ว

    So the fallback() function will be triggered whenever a smart contract receives eth from another address?

  • @atataheri
    @atataheri 3 ปีที่แล้ว +1

    The modifier also restricts function call to one user at a time
    Is that correct?

  • @soroushasamiesfahan6900
    @soroushasamiesfahan6900 2 ปีที่แล้ว

    You are so good . thank you

  • @supadrasta
    @supadrasta ปีที่แล้ว

    Crystal Clear. Openzeppelin reentrancy guard works too, correct?

  • @chriszuidema
    @chriszuidema 2 ปีที่แล้ว

    The first method seems obvious, the second one silence all hackers!

  • @decipherwithzaryab5106
    @decipherwithzaryab5106 4 ปีที่แล้ว +1

    Hello Sir. Big fan.
    I am just starting out with Smart Contract Audits and learning more about the security aspects of Solidity. You videos are of great help.
    However, I would love to know what is the best way to connect to you. I need to discuss some imperartive concepts of Solidity and it would be great if we could connect on Telegram or any other online platform.
    Please let me know.

    • @smartcontractprogrammer
      @smartcontractprogrammer  4 ปีที่แล้ว

      Thanks for the feedback. You can contact me through email or discord
      contact@smartcontractprogrammer.com
      discord.com/channels/271091159793664010/312039801702580242

  • @ДенисБолковенко
    @ДенисБолковенко 2 ปีที่แล้ว +2

    I cannot understand why the fallback function will be triggered after the withdraw function.

    • @derastephh
      @derastephh 3 หลายเดือนก่อน

      When a contract receives money, it automatically triggers the fallback function

  • @carlhopkinson
    @carlhopkinson 2 ปีที่แล้ว

    Good stuff. Thanks!!!!

  • @ericwinchell
    @ericwinchell 2 ปีที่แล้ว

    Awesome demo

  • @bresis87
    @bresis87 2 ปีที่แล้ว

    shouldn't the two lines of code after the "msg.sender.call" be also executed as many times as the withdraw function has been invoked by the attacker? In that case the attack would fail (if there is no underflow vulnerability) since the balance would be less than zero and balances must be integers.....

  • @ecrypto1849
    @ecrypto1849 2 ปีที่แล้ว

    So why doesn't the EtherStore function withdraw() continue executing? Is it because the tx is processing? Meaning: Reentrancy stops when 1. there is no more balance in EtherStore OR 2. tx is succesfull?

  • @allaboutdata512
    @allaboutdata512 2 ปีที่แล้ว

    what if the transaction failed for some reason & the funds are not sent. In that case our balance will be deducted right ?

  • @truthboom1
    @truthboom1 ปีที่แล้ว

    I need a code that will allow me to deposit into a smart contract as well as withdraw from a smart contract

  • @crucru4000
    @crucru4000 2 ปีที่แล้ว

    Txs on EVM are atomic, but are function calls? i.e. is it possible for the balance to be decremented and then the send txn fails, leaving the state incorrect? Obviously the answer to this Q is "no", but I'd like to hear your explanation. Thanks for the great resource :)

  • @cryptojeff3993
    @cryptojeff3993 3 ปีที่แล้ว

    This is an amazing video!!!!

  • @secsolutions2332
    @secsolutions2332 ปีที่แล้ว

    EXPLAIN ME IN THE CODE SECTION? WHERE IN THE CONTRACT A HAS THE VALUE OF ETH THAT IT OWES TO CONTRACT B (i.e 1 ETH)

  • @WilsonSilva90
    @WilsonSilva90 2 ปีที่แล้ว

    Great explanation. Has this vulnerability been fixed or do we still need to be careful about updating the state first?

    • @smartcontractprogrammer
      @smartcontractprogrammer  2 ปีที่แล้ว +2

      Vulnerability is still present

    • @jagadishk5827
      @jagadishk5827 2 ปีที่แล้ว

      Vulnerability is not present if we use solidity 0.8 complier or onwards. Since arithmetic underflow is caught by default.

  • @hoomansanati173
    @hoomansanati173 2 ปีที่แล้ว

    great explantion

  • @vijayrefkin5249
    @vijayrefkin5249 3 ปีที่แล้ว

    In smart contract where to write to write this code and how to compose according to my contract ?

  • @中村由美子-z4q
    @中村由美子-z4q 3 ปีที่แล้ว

    Outstanding

    • @PínnedbyMoralisWeb3-c2x
      @PínnedbyMoralisWeb3-c2x 3 ปีที่แล้ว

      Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...

  • @cyberdisco9724
    @cyberdisco9724 3 ปีที่แล้ว +1

    Do you have any idea why this attack might not work on version 0.8.0? This works for me when using 0.6.10, but 0.8.0 gives me the error a few others have mentioned: the transaction reverted "Reason provided by contract: Failure to send ether". I believe it continues to call the withdraw function even after the balance of the Etherstore is too low. I also get a warning when compiling regarding not having a receive ether function, not sure if that has anything to do with it. Thanks for the video!

    • @smartcontractprogrammer
      @smartcontractprogrammer  3 ปีที่แล้ว +1

      solidity 0.8 uint overflows throw error

    • @vijayrefkin5249
      @vijayrefkin5249 3 ปีที่แล้ว

      @@smartcontractprogrammer over throws means what it doesn’t work? Or Are you saying or latest versionis itself safe from attacking.

    • @OJogodaLei
      @OJogodaLei ปีที่แล้ว

      Uma dúvida o contrato de ataque de reentrância só funcionaria na vesão do compilador 0.6.0? versões superiores os estouros apresentariam erro? e falharia o ataque?

  • @kowsikgelli7257
    @kowsikgelli7257 4 ปีที่แล้ว +2

    Hey when will the code after _; in the modifier executes? In this case you are making locked = false. When this will execute?

    • @smartcontractprogrammer
      @smartcontractprogrammer  4 ปีที่แล้ว +1

      after the function finishes execution (last line, balances[msg.sender] -= _amount)

    • @kowsikgelli7257
      @kowsikgelli7257 4 ปีที่แล้ว

      @@smartcontractprogrammer OK then the locked will go to its initial state nice. Great video bro👍, hey can you make videos on how to write upgradable smart contracts and how to use oracles in Smart contracts. If possible please make videos of these topics.

  • @Ts2pc
    @Ts2pc 2 ปีที่แล้ว

    at 12:12, it go to line22 and will get the "Fail to send ether", so the attack will fail, am I right?

  • @narayangopalmaharjan
    @narayangopalmaharjan 2 ปีที่แล้ว

    First of all thank you for the video . I always love it
    Question :
    In the second method of using modifier What will happen if 10 transactions all start to run withdraw function at same time ?? I think only one of the transaction will succeed and other transactions get failed this makes the contract less usable in concurrency mode

  • @madrabbits1
    @madrabbits1 2 ปีที่แล้ว

    great vid!

  • @ash-ti3ml
    @ash-ti3ml 3 ปีที่แล้ว +1

    I get this error when I try to execute the code transact to Attacker.attack errored: VM error: revert. revert The transaction has been reverted to the initial state. Reason provided by the contract: "Failed to send Ether". Debug the transaction to get more information.

    • @smartcontractprogrammer
      @smartcontractprogrammer  3 ปีที่แล้ว

      Did you send Ether when calling the functions?

    • @yuichiroaoki
      @yuichiroaoki 3 ปีที่แล้ว

      @@smartcontractprogrammer thank you for this great video, but I got the exact same error when calling attack function with 1 ether.

  • @shubhamrathod506
    @shubhamrathod506 2 ปีที่แล้ว

    nice one man thanks

  • @therealjasonc1243
    @therealjasonc1243 4 ปีที่แล้ว

    Great video !

    • @PínnedbyMoralisWeb3-c2x
      @PínnedbyMoralisWeb3-c2x 3 ปีที่แล้ว

      Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...

  • @benjaminrockiee3888
    @benjaminrockiee3888 2 ปีที่แล้ว

    Very standard explanation. But i"m being confused on the best withdraw function to use after watching your other video on how to withdraw ether (payable) 0.5, i'm using that one but which withdraw function is best to apply currently? This one here or that one? I'd appreciate your reply..

  • @jerryjeremy4038
    @jerryjeremy4038 3 ปีที่แล้ว

    a programming language like this will have so many loop holes. great tip anyway.

  • @salem232
    @salem232 4 ปีที่แล้ว +1

    How about authorization/ signature per each transaction? Will that also help to prevent re-entrance??

    • @smartcontractprogrammer
      @smartcontractprogrammer  4 ปีที่แล้ว +2

      nope. the vulnerability here is how the code is executed, not authorization

    • @salem232
      @salem232 4 ปีที่แล้ว

      Smart Contract Programmer ah~~ okay , thanks!!

  • @LEOSTRIBE
    @LEOSTRIBE ปีที่แล้ว

    not able to run both contracts at same time

  • @han-jieliu6889
    @han-jieliu6889 2 ปีที่แล้ว

    Fantastic, I love it, but it couldn't work at solidity 0.8.0, is there any breaking change?

    • @smartcontractprogrammer
      @smartcontractprogrammer  2 ปีที่แล้ว +2

      overflow / underflow throws error in Solidity 0.8
      check here for latest example
      solidity-by-example.org/hacks/re-entrancy/

    • @han-jieliu6889
      @han-jieliu6889 2 ปีที่แล้ว

      ​@@smartcontractprogrammer Thank you so much

  • @quanit6428
    @quanit6428 3 ปีที่แล้ว

    Sorry sir but I dont see the update balance when the user runs deposit function. Do We need to add that as well?

  • @AbstractAbsorption
    @AbstractAbsorption 2 ปีที่แล้ว

    Why is contract A sending to contract B triggering the "fallback" function?

    • @VegettoTenkai
      @VegettoTenkai 2 ปีที่แล้ว

      Hey pal, did you see the fallback lesson? The fallback functions is triggered in 2 cases, when someone is sending money to the contract and when someone is calling a function that does not exist, hope it's helpful for you

    • @AbstractAbsorption
      @AbstractAbsorption 2 ปีที่แล้ว +1

      @@VegettoTenkai got it, that does help -- thank you! So this is a core part of Solidity then and not a one-off for this particular contract

  • @karishmayadav6986
    @karishmayadav6986 2 ปีที่แล้ว

    Not get properly the starting phases

  • @olumideadeniyi641
    @olumideadeniyi641 3 ปีที่แล้ว

    bravo mate, bravo

    • @PínnedbyMoralisWeb3-c2x
      @PínnedbyMoralisWeb3-c2x 3 ปีที่แล้ว

      Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...

  • @jeromeadams4740
    @jeromeadams4740 3 ปีที่แล้ว

    Hi, I'm a little confused as to what msg.sender.call is doing. I think it calls a function of the sender contract where you put the function name in the parentheses. So by adding "" it calls the fallback function since there is no function that has no name. Similarly, if you wanted to call a function called send() youd put "send" in parentheses.
    Is this correct? I tried reading thr docs and it didnt really help.
    Thanks.

    • @smartcontractprogrammer
      @smartcontractprogrammer  3 ปีที่แล้ว +2

      msg.sender.call{value: _amount}("") is sending ETH to msg.sender
      yes you're understanding is mostly correct
      > , if you wanted to call a function called send() youd put "send" in parentheses.
      You would put "send()"
      Also "send()" is a built in function available to all payable addresses, so you should avoid naming your function as "send()"

  • @nikola3013
    @nikola3013 2 ปีที่แล้ว

    This does not seem to work anymore, I tried to recreate an example and I receive an error on require(sent)

    • @smartcontractprogrammer
      @smartcontractprogrammer  2 ปีที่แล้ว

      Try example at solidity-by-example.org. Code in video won't work with sol 0.8

    • @nikola3013
      @nikola3013 2 ปีที่แล้ว

      @@smartcontractprogrammer Thank you ! I see the new function withdraws all funds a user has and does not take the _amount argument. Why does this no longer work?

  • @inferious777
    @inferious777 2 ปีที่แล้ว

    how is this possible? are the two contracts not on different "threads" because coming from web2 this seems only possible if they are different classes of the same program.

  • @karishmayadav6986
    @karishmayadav6986 2 ปีที่แล้ว

    Can please anyone tell me the step by step process which we have to execute first and how we get 2 ether in starting

  • @FugalBaboon
    @FugalBaboon 2 ปีที่แล้ว

    How is the fallback() function triggered automatically? I don't see it called anywhere

    • @smartcontractprogrammer
      @smartcontractprogrammer  2 ปีที่แล้ว

      fallback is default function that gets called if the function to call doesn't exist

    • @davethemonkey
      @davethemonkey 2 ปีที่แล้ว +2

      In this example, what do you mean that function to call doesn’t exist? Thank you

  • @faiqkhan7545
    @faiqkhan7545 2 ปีที่แล้ว

    I am confused how reentrancy.sol triggered fallback function?
    I think I am missing something.

    • @FugalBaboon
      @FugalBaboon 2 ปีที่แล้ว

      I had to google. It seems that fallback() is a special function that can be triggered if ETH is sent to the contract, so when contract A sends 1 ETH to contract B, it triggers fallback()

  • @r.avinashkumar5372
    @r.avinashkumar5372 2 ปีที่แล้ว

    Not able to get EtherStrore reference inside other contract , can anyone please help

  • @jordixboy
    @jordixboy 3 ปีที่แล้ว

    3 things:
    1. Awesome video
    2.So, this can basically happen because until the tx is not mined, the state of ether store is not updated right? and since attack contract makes this operations within the same tx
    3. you forgot to add a withdraw function to your attack contract, you cant withdraw your stolen ether :D

    • @smartcontractprogrammer
      @smartcontractprogrammer  3 ปีที่แล้ว +1

      2. it's not that the state is not updated until tx is mined. Its just how the program flows. You can simulate the same hack with other programming languages.
      Key idea of the hack is that you are calling back into a function while the function has not completed.
      example
      f() {
      g()
      }
      g() {
      if (!called) {
      f()
      } else {
      called = true
      }
      }
      3. XD

    • @jordixboy
      @jordixboy 3 ปีที่แล้ว +1

      @@smartcontractprogrammer Yea, saw that on your video 2 mins later, I thought state wasnt update until TX is mined

  • @hermajaystey
    @hermajaystey 10 หลายเดือนก่อน

    Hey man, do these videos still help in 2024 or have things changed too much?

    • @smartcontractprogrammer
      @smartcontractprogrammer  9 หลายเดือนก่อน +2

      Most hacks are still relevant

    • @0xLabRat
      @0xLabRat 2 หลายเดือนก่อน +1

      @@smartcontractprogrammerDude, your playlist is GOLD.

  • @aspiceoflife
    @aspiceoflife 3 ปีที่แล้ว

    Why are you setting locked to both true and false in the reentrancy function?

  • @apocalipse23TheFinal
    @apocalipse23TheFinal ปีที่แล้ว

    Hello There, trying to follow the tutorial but when try attack button keep giving "gas stimation error" . Any clue what i could be doing wrong? the attack contract doesnt need to have eth correct? just the msg.sender wallet? Thanks , great video.

    • @OJogodaLei
      @OJogodaLei ปีที่แล้ว +1

      To what is presented the attack contract and the target contract must have the same compiler, attack would only work below version 0.8.0, because from that version the overflows would indicate error messages and the target contract must have the vulnerability if it does not have will present the error of the gas estimate

  • @Bruhne
    @Bruhne ปีที่แล้ว

    I fell off at deploying the contracts. Please consider doing this in the 0.8 series with more detail in deploying the contracts.
    Thanks!

  • @FlySoloG
    @FlySoloG 3 ปีที่แล้ว

    Geniussss

  • @vadimchilinciuc2105
    @vadimchilinciuc2105 3 ปีที่แล้ว

    One question ? Do you know somethign about erc20 reentrancy ? I cant find nothing out there :(
    And Thanks for your videos !

    • @smartcontractprogrammer
      @smartcontractprogrammer  3 ปีที่แล้ว

      re-entrancy can potentially be done on any contract that calls other contracts

  • @karishmayadav6986
    @karishmayadav6986 2 ปีที่แล้ว

    How it have 2 ether in staring

  • @TheRohanGaming
    @TheRohanGaming 3 ปีที่แล้ว

    Is there any way to send eth automatically to another wallet after receiving
    Someone hacked my wallet
    When I fund my wallet it Automatically send all ether to another wallet instantly

    • @smartcontractprogrammer
      @smartcontractprogrammer  3 ปีที่แล้ว

      wallet is a contract = yes - redirect payment using fallback
      wallet is a EOA = no

  • @r.avinashkumar5372
    @r.avinashkumar5372 2 ปีที่แล้ว

    @smarContract Provider
    attack function is giving error
    Note: The called function should be payable if you send value and the value you send should be less than your current balance.
    please help

    • @smartcontractprogrammer
      @smartcontractprogrammer  2 ปีที่แล้ว

      check solidity-by-example.org for latest example

    • @r.avinashkumar5372
      @r.avinashkumar5372 2 ปีที่แล้ว

      @@smartcontractprogrammer hey thanks actually I copy-pasted the code but still same error

    • @r.avinashkumar5372
      @r.avinashkumar5372 2 ปีที่แล้ว

      @@smartcontractprogrammer for all your codes the attack is failing and it says
      transact to Attack.attack errored: VM error: revert.
      Note: The called function should be payable if you send value and the value you send should be less than your current balance.

  • @markosudar7448
    @markosudar7448 2 ปีที่แล้ว +1

    it encourages me so bad to hack in real world. thanks bro I will end up in jail BCS of u

  • @syronbeats3380
    @syronbeats3380 2 ปีที่แล้ว

    Hello, do I need to actually have ether in my wallet to make this work?

    • @smartcontractprogrammer
      @smartcontractprogrammer  2 ปีที่แล้ว +1

      Yes - you need ETH to send transactions

    • @syronbeats3380
      @syronbeats3380 2 ปีที่แล้ว

      @@smartcontractprogrammer thanks for reply. Can you tell me how much ETH? Is it a specific amount plus gas or just gas?

    • @syronbeats3380
      @syronbeats3380 2 ปีที่แล้ว

      Also, is there a specific way to know which contracts have these vulnerabilities? I want to try and get some bounties from the contract owners

  • @tuduff
    @tuduff 3 ปีที่แล้ว

    Hey brother, what do you think about this.
    function sendValue(address payable recipient, uint256 amount) internal {
    require(address(this).balance >= amount, "Address: insufficient balance");

    • @smartcontractprogrammer
      @smartcontractprogrammer  3 ปีที่แล้ว

      if address(this).balance < amount then function will fail when amount is attempted to send.
      So that is a redundant check

    • @tuduff
      @tuduff 3 ปีที่แล้ว

      @@smartcontractprogrammer is inside a contract and got a comment to re-entrancy check

  • @سرالحضارات-ي4ق
    @سرالحضارات-ي4ق 3 ปีที่แล้ว

    What you mean hack solidity