https://github.com/kevincharm/ctf-hats-2

Last synced: 3 months ago
JSON representation

Host: GitHub
URL: https://github.com/kevincharm/ctf-hats-2
Owner: kevincharm
Created: 2022-09-22T16:17:42.000Z (over 2 years ago)
Default Branch: master
Last Pushed: 2022-09-22T16:19:48.000Z (over 2 years ago)
Last Synced: 2024-12-31T19:26:13.221Z (5 months ago)
Language: Solidity
Size: 336 KB
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        **Project Name:** Capture The Flag

**Title:** CTF 2: Force send ETH, then re-enter

**Description:**

The vault contract returns its own ETH balance when calling `totalAssets()`. Although there is a payable function `deposit`, we can bypass this function by forcing ETH to be sent via selfdestruct. `ERC4626ETH.sol:158` calculates an excess ETH amount to be transferred out of the contract, using `totalAssets()` in its calculation, which as we mentioned before, can be manipulated.

So to exploit this contract, we force send ETH to the vault, thereby messing up the internal accounting as `totalSupply()` does not go up (because tokens aren't minted). We withdraw some amount that we deposited, and when the vault sends back our ETH, we simply re-enter `withdraw` again to empty the vault.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/kevincharm/ctf-hats-2

Awesome Lists containing this project

README