Sorry in advance if this question is dumb I am a noob to solidity programming but how does the escrow object in the Attacker contract know to implement withdrawFunds (and other methods) from the original contract that its trying to hack? I.e. how does the escrow interface know it implements the methods from the hacked contract?
The whole reason transfer() and send() were introduced was to address the cause of the infamous hack on The DAO. The idea was that 2300 gas is enough to emit a log entry but insufficient to make a reentrant call that then modifies storage. Remember, though, that gas costs are subject to change, which means this is a bad way to address reentrancy anyway. Earlier this year, the Constantinople fork was delayed because lowering gas costs caused code that was previously safe from reentrancy to no longer be. If we’re not going to use transfer() and send() anymore, we’ll have to protect against reentrancy in more robust ways. Fortunately, there are good solutions for this problem
I'm studying but "Fail with error 'Only beneficiary can withdraw'". Tell me where I'm wrong. too bad. 23:00 EDIT : ok i found why, but i can't finish the course > gas estimed error. hm
I appreciate how incredible you are and your work! i never expected could get peace of mind again, his efforts are the best ever! I can't stop recommending you #gripnotch 👏👏..
I appreciate how incredible you are and your work! i never expected could get peace of mind again, his efforts are the best ever! I can't stop recommending you #gripnotch 👏👏..
Today I was studying about Reentrancy , finally this cleared all my doubts . Thanks!!
Sorry in advance if this question is dumb I am a noob to solidity programming but how does the escrow object in the Attacker contract know to implement withdrawFunds (and other methods) from the original contract that its trying to hack? I.e. how does the escrow interface know it implements the methods from the hacked contract?
Great video, GOGOGO! What is the other exploit you talk about around 7 minutes, that you can force a contract to receive funds?
if erc20 contract code not verify how will be transfer victim contract 1avax/ether i mean if we cant see contract code?
Another question, why do we create an innocent contract instead of just using our metamask account?
I understand that the transfer method controls re-entries. Why not use transfer instead of call?
The whole reason transfer() and send() were introduced was to address the cause of the infamous hack on The DAO. The idea was that 2300 gas is enough to emit a log entry but insufficient to make a reentrant call that then modifies storage.
Remember, though, that gas costs are subject to change, which means this is a bad way to address reentrancy anyway. Earlier this year, the Constantinople fork was delayed because lowering gas costs caused code that was previously safe from reentrancy to no longer be.
If we’re not going to use transfer() and send() anymore, we’ll have to protect against reentrancy in more robust ways. Fortunately, there are good solutions for this problem
Nice nice. I love attacking with reentrency.
I'm studying but "Fail with error 'Only beneficiary can withdraw'". Tell me where I'm wrong. too bad. 23:00 EDIT : ok i found why, but i can't finish the course > gas estimed error. hm
Did you found something new? please help me I'm a poor brazilian this is my only chance ! I would be grateful all my life
I need helppp
you know sand box from all around countries from world
gm
GM
I appreciate how incredible you are and your work! i never expected could get peace of mind again, his efforts are the best ever! I can't stop recommending you #gripnotch 👏👏..
I appreciate how incredible you are and your work! i never expected could get peace of mind again, his efforts are the best ever! I can't stop recommending you #gripnotch 👏👏..