https://github.com/kevincharm/ctf-hats-1

https://github.com/kevincharm/ctf-hats-1

Last synced: 3 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/kevincharm/ctf-hats-1
• Owner: kevincharm
• Created: 2022-05-04T23:34:51.000Z (about 3 years ago)
• Default Branch: master
• Last Pushed: 2022-05-13T12:02:40.000Z (about 3 years ago)
• Last Synced: 2024-12-31T19:26:10.759Z (5 months ago)
• Language: Solidity
• Size: 339 KB
• Stars: 0
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
**Project Name:** Capture The Flag

**Title:** Invincibility Via ERC-721 Re-entrancy

**Description:**

It is possible to get a balance of more than 3 mons per user by re-entering the `Game.sol` contract through the `onERC721Received` function.

When a swap is initiated, after the first `_safeTransfer` (line 154), we can re-enter `Game.sol` and recursively swap until the counterparty is drained, at which point they can invoke `join()` again and get another 3 mons.

Repeat this a second time and we can have an account with 9 total mons.

When we have 9 mons, we can `fight()` the invincible deployer and always win as the condition `balanceOf(attacker) > balanceOf(opponent)` (line 75) always holds.