Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/falconandrea/example-dos-vulnerability

Simple test to try and understand the DOS attack and its vulnerability
https://github.com/falconandrea/example-dos-vulnerability

denial-of-service-attack hardhat solidity vulnerability-analysis

Last synced: 28 days ago
JSON representation

Simple test to try and understand the DOS attack and its vulnerability

Awesome Lists containing this project

README

        


trackgit-views

# Denial of Service (DoS) Vulnerability in a Smart Contract

## Introduction

This repository explores the Denial of Service (DoS) vulnerability in a smart contract on the Ethereum blockchain. A DoS attack aims to disrupt the normal functioning of a system or application, rendering it unavailable to legitimate users. In the context of a smart contract, a DoS attack can exploit design flaws or vulnerabilities to block contract execution, deny access to certain functionalities, or exhaust resources.

## Vulnerability Description

The smart contract `Good.sol` implements an auction where participants can place bids for an item by sending an amount greater than the current highest bid. As a result, the new bidder becomes the new winner. The contract keeps track of the current winning bidder and the amount they bid. When a user becomes the new winner, the contract sends the money previously bid by the old winner to their address.
However, a vulnerability arises if the previous winner is a smart contract that lacks a fallback or receive function to receive the funds. In this scenario, no other participant can become the new winner because the attempt to send funds to the old winner fails, preventing the update of the `currentWinner` value.
As a result, the `Good.sol` contract gets stuck, preventing further participation in the auction.

## Mitigation

To mitigate the DoS vulnerability in the `Good.sol` contract, you can create a separate withdraw function for the previous winners.

## Contracts

### Good.sol

The Good.sol contract is the main contract implementing the auction functionality. It includes features such as the current winning bidder and bid tracking.

### Attack.sol

The Attack.sol contract exploits the DoS vulnerability in Good.sol by making a higher bid and becoming the new winning bidder. However, Attack.sol cannot receive funds, leading to a blocked state in the Good.sol contract.

## Disclaimer

This repository is for educational purposes only. The code provided should not be used in production environments without thorough security audits. Use at your own risk.