We’ve learnt about the basic ways we can attack smart contracts. We’ve deployed our own contracts to practice complementary opposites in public. We’ve seen deep into the permanent and public storage of all things. Now it’s time to fallback on the most classic vulnerability there is and re-enter consciously the hack which nearly unravelled it all.
We’ll be playing for the throne, going for the top floor, and re-entering a contract to claim it all. This truly is the climax. Who knew smart contracts could present such a dramatic soap opera?Preparation¶
- Ensure that you still have some Goerli ETH left in your account. Use the faucet if you need to top up.
- Read about The DAO hack.
- Sit and breathe quietly for at least 20 minutes. Use this music if it helps. Or this.
We’re going to investigate more advanced hacks using fallback functions - or the lack thereof - and patterns in functions which don’t protect adequately against them. We’ll also be looking at some more footguns in Solidity, like misleading scope modifiers and interfering interfaces.
In writing some more advanced attack contracts, you will be learning both how to write your own contracts and do so more securely, at the same time. If time allows, we’ll also take a look at the Remix debugger and try and step through a function call to trace what happens in the EVM.Summation¶
In this session, you will have learned:
- More complex ways to use fallback functions to exploit poor code.
- What kinds of patterns to avoid when writing your own contracts.
- How to use more of the functions in Remix to assist you in your own development.
- Why reading code is a multi-layered affair, and how nuanced trust really is.
- How to think in the sort of logical patterns good developers make a habit of.