Lesson 14: Sublesson 'Reentrancy attacks' question #3021
-
|
Hi there, I'm following the Reentrancy vulnerabilities sublesson, and I have a question. In the repo, as well as in the Solidity by example page, the In the video, Patrick declares the Therefore, I'm wondering if the contract is still vulnerable to a reentrancy attack, is the |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
@polar0 No we do not need payable with withdraw function because it is not using a global variable And our withdraw function is still vulnerable because we are changing the state at the end of it and because it uses external contract function calls that will call the fallback function of the attack contract that will again call the withdraw function and that loops go on until the balance will be greater than 0. |
Beta Was this translation helpful? Give feedback.
-
|
Ok, thanks for the answer. I was wondering because I copy/pasted the code from these examples, and I can't use the |
Beta Was this translation helpful? Give feedback.
-
|
@polar0 Yes it happened with you as well the call gets failed. |
Beta Was this translation helpful? Give feedback.
@polar0 No we do not need payable with withdraw function because it is not using a global variable
msg.valueand the attack function needs a value of at least 1 ether in order to pass the revert statement, that could be the one reason why your attack function is reverting.And our withdraw function is still vulnerable because we are changing the state at the end of it and because it uses external contract function calls that will call the fallback function of the attack contract that will again call the withdraw function and that loops go on until the balance will be greater than 0.