Read Only Reentrancy | Hack Solidity (0.8)

00:00

in a re-entrancy hack a contract will

00:02

call a Target contract this Target

00:04

contract will call back into the caller

00:06

in this case the hack contract well the

00:08

first call has now finished this hack

00:10

contract will call back into the Target

00:12

contract this is re-engine C hack a

00:14

read-only re-entracy is a little bit

00:16

more complicated first the hack contract

00:18

will call into a contract we'll call

00:21

this contract date contract day will

00:23

call back into the caller in this case

00:25

it will be the hack contract at this

00:27

moment the call made in the first step

00:29

to contract day has not yet finished

00:31

while the call in the first step is not

00:33

yet finished this hack contract will

00:35

call into a Target contract the Target

00:38

contract will read some state from

00:39

contract day finish executing step 3

00:42

after the function call to the Target

00:44

contract finishes then the execution to

00:46

step 2 finishes and thus leader

00:49

execution to step 1 finishes let's take

00:51

a look at an example for this example

00:53

I'll be using Foundry so first let's

00:55

install it I'll install Foundry by

00:57

copying and pasting this command into my

00:59

terminal all of the command and the

01:01

codes that I'll be typing I'll put it up

01:03

on GitHub

01:05

the next step of installing Foundry is

01:07

to type Foundry up so I'll type Foundry

01:10

up

01:12

next I'll initialize The Foundry project

01:14

inside this directory by typing Forge

01:17

init okay once that command executed

01:19

successfully if I check the current

01:22

directory you can see some files that

01:23

Foundry put in and we're now ready to

01:26

write some code for the read-only

01:27

reentrc example for this example you'll

01:30

simulate a read-only reentrancy attack

01:32

on the curb sde pool and we'll be

01:35

executing this on the main Network so we

01:38

won't be actually hacking the contract

01:39

we will just be running a simulation

01:41

first I'll open source folder and then

01:45

remove this boilerplate code

01:49

and then I'll create a new contract

01:52

called hack dot so first I'll paste the

01:54

solidity version next I'll import

01:57

console.tool so that you'll be able to

01:58

console log some values inside a

02:00

transaction next I'll set the address

02:02

for the curb sde pool and the token that

02:05

you get when you deposit into this pool

02:06

I'll name it LP for liquidity provider

02:09

we're going to be hacking the curb

02:10

contract so I'll paste the interface for

02:13

the curb

02:14

for this example the functions that

02:16

we're going to be calling is get virtual

02:17

price add liquidity and remove liquidity

02:20

when you call this function get virtual

02:22

price it Returns the value of the shares

02:24

the higher the value of the shares the

02:26

more tokens that you'll get that is

02:28

locked inside the pool when you call the

02:29

function withdrawal we can add the

02:31

tokens to this curve pool by calling the

02:33

function add liquidity and to remove the

02:35

tokens from this pool we'll be calling

02:37

the function remove liquidity we're also

02:39

going to need the irc20 interface so

02:41

I'll paste it here okay so next let's

02:43

write the hack contract so I'll type

02:46

contract hack first let's set some

02:50

contact addresses I curve this will be

02:53

private constant and I'll name it pool

02:56

and this is equal to I curve this is the

03:00

interface that we defined above and the

03:02

address of the pool that we'll be

03:03

calling is St E4 I also set the irc20

03:07

for the lp tokens so ierc

03:11

25A constant LP token and this will be

03:17

irc20 for the lp this is the token that

03:20

we'll receive when we call the function

03:22

at liquidity on the purple next I'll

03:25

write the function called Palm this will

03:29

be external and payable since we will be

03:33

sending some leave this will be the main

03:34

function that we will be calling to

03:36

initiate the attack so what we're going

03:39

to be doing is to First add liquidity to

03:42

the curve pool next we'll log the value

03:45

of the shares by calling the function

03:46

get virtual price

03:48

log get virtual price and then we'll

03:52

remove

03:53

liquidity by calling this function we'll

03:56

be able to trigger the read-only

03:58

reagency attack

04:00

when we call the function remove

04:01

liquidity on the curb as the E4 and then

04:04

if I scroll down you can see here that

04:07

it sends the if back before the function

04:10

finishes executing so this means that

04:13

when we call the function remove

04:14

liquidity the code will execute and then

04:17

before it finishes executing all of the

04:20

code it will send some leave so this is

04:22

where we can do the reagency back inside

04:25

my code editor and back inside our

04:27

contract when we call the function

04:28

remove liquidity at some point it would

04:31

send the if back to this contract so

04:34

inside this contract I'll Define a

04:35

receive external payable and this is

04:39

where we will write our rest of our code

04:41

to execute the read-only reentrancy in

04:44

this example to show you the get virtual

04:46

price will be higher while we're still

04:49

executing remove liquidity inside here

04:52

we will log get virtual price again okay

04:57

let's write our code the first thing is

04:59

to add liquidity now if I scroll up to

05:02

call add liquidity on the curvepool

05:04

we'll need to prepare a array up to

05:06

specifying the amount of tokens to add

05:08

and

05:09

the minimum amount of LP tokens to make

05:12

so scroll down first we'll initialize

05:15

the inventory of two unit two

05:18

memory or call it amounts and this will

05:22

be equal to the first value represents

05:24

the amount of beef that we're going to

05:26

be sending so you'll be sending

05:28

message.value the second amount

05:30

represents the amount of stf that we're

05:32

sending we will be sending zero and then

05:34

we'll add liquidity by calling

05:37

pull dot add liquidity

05:40

passing in the amounts and the minimum

05:43

amount of LPS that will be minting we'll

05:46

say one and when we call this function

05:48

that liquidity since this is the if sde4

05:52

we'll have to also send the amount of

05:54

beef that is specified over here so say

05:58

value is message dot value when we call

06:02

this function that liquidity it Returns

06:04

the amount of LP tokens that were minted

06:07

so I'll say uint LP equals to and that

06:10

is ADD liquidity next we'll log the

06:12

virtual price the value of one share of

06:16

these LP tokens so I'll say

06:19

console.log then I'll type

06:22

before

06:24

remove LP

06:27

virtual price and then call the function

06:30

pool dot get virtual price and then

06:33

we'll remove liquidity let's scroll up

06:36

to call remove liquidity we'll need to

06:38

pass in the amount of LP tokens that

06:40

we're going to be burning and the

06:41

minimum amount of underlying token this

06:44

will be if and sde that we expect to

06:46

receive so scroll down we'll prepare a

06:49

uint array of size 2 unit 2 memory Min

06:55

amounts for this example I'll just say

06:57

minimum amounts at 0 U and zero uint

07:01

zero and then we'll call the function

07:03

remove pool Dot remove liquidity passing

07:07

in the amount of LP tokens that we're

07:09

going to be burning we'll withdraw all

07:11

of it so we'll pass in all of our LP

07:13

tokens and pass in minimum amounts when

07:16

we call this function remove liquidity

07:17

at some point it will send us back the

07:20

eve which will trigger the receive

07:22

function so inside here we'll log the

07:26

get virtual price so I'll copy this

07:29

paste it here and then say during remove

07:33

liquidity log the virtual price okay

07:35

this completes the first step of our

07:37

hack contract what we're trying to see

07:40

here is that while we're calling remove

07:42

liquidity we should see that get virtual

07:45

price is higher and by confirming that

07:48

get virtual price will be higher while

07:50

this part of the function is executing

07:52

we'll be able to write our exploit

07:55

inside this receive function so let's

07:57

first check the get virtual price is

07:59

actually higher inside this part of the

08:01

code so I'll open my terminal and then

08:04

I'll try to compile the contract by

08:06

typing Forge build now notice that the

08:10

contract didn't compile because there

08:12

was a contract in the test file that we

08:14

deleted so I'll go fix that right now

08:17

open the test and then remove the

08:20

Imports

08:23

and then remove all of the code inside

08:25

the test and let's try compiling again

08:29

okay our contract compiles let's now

08:31

write the test a rename counter to

08:37

hack.t.soul and also rename the test

08:40

contract to hack test instead of

08:43

importing a counter we'll import the

08:45

hack contract and then inside our test

08:48

contract I'll also import the console

08:50

from Forge STD so copy this

08:54

paste it here and then first we'll

08:57

initialize the hack contract so I'll

08:59

type hack public hack and then we'll

09:04

write the function to set up the test

09:06

function set up public then we'll

09:10

initialize the hack contract pack is

09:13

equal to new hack next we'll write a

09:16

function to test our poem function

09:18

function test all

09:22

public and then we'll call the function

09:24

hack dot poem when we call this function

09:27

let's send hundred thousand if so I'll

09:30

say value 100

09:33

000 times 18. okay that's execute the

09:36

test so when we call the function Palm

09:39

we should see that get virtual price

09:42

will be higher inside the receive

09:45

function compared to what we get when we

09:48

call the function get virtual price

09:49

inside the pawn so I'll open my terminal

09:53

clear the logs and then we'll be running

09:55

a test on the main Network I'll copy the

09:58

address for the fork URL that I got from

10:00

Alchemy API I'll paste this command

10:03

sending the fork URL to the Alchemy API

10:06

and then we'll execute the test by

10:08

calling Forge test Dash I'll put in Four

10:12

B's BBB and this will print out of other

10:16

logs when we run the test then we'll say

10:19

fork URL is Fork URL from what we set

10:25

above and then hit enter

10:28

okay our test finished executing and you

10:31

can see that there is a lot of logs this

10:34

is because if I scroll up I put in Four

10:37

B's and this means that it would print a

10:40

lot of logs for this execution what I am

10:42

interested is in the virtual price

10:45

before removing liquidity and the

10:47

virtual price during removing liquidity

10:49

let's take a look before removing

10:51

liquidity it is this amount that you see

10:54

over here and during when we're removing

10:56

liquidity you can see that the virtual

10:58

price has gone up by a little bit ecf5

11:01

over here and you see a 9 over here what

11:03

this means is that if we target another

11:05

contract that depends on Virtual price

11:07

and then call that contract while we're

11:10

removing liquidity we'll be able to

11:12

exploit that contract that will be the

11:14

next step okay I'm back in my hack

11:16

contract and what we're going to do next

11:18

is write an example contract to Target a

11:21

contract to exploit inside the function

11:23

received so first I'll write a Target

11:26

contract that we'll be using for this

11:29

example so I'll say contract

11:31

Target and let's imagine that this

11:33

Target contract you'll be able to State

11:36

the lp tokens and you'll get some kind

11:39

of rewards where the rewards is

11:41

calculated based on the value returned

11:43

by get virtual price so first I'll copy

11:47

these to contract addresses and instead

11:50

of LP token here I'll name it token I'll

11:53

rename it to token so let's imagine that

11:55

this contract has three functions a

11:57

function to stake the tokens

12:00

a function to unstake the lp tokens and

12:04

some kind of function to get rewards

12:06

based on the amount of tokens that we

12:08

stick function get viewed okay let's

12:12

fill in the details so stake it will

12:15

take in the amount of LP tokens to State

12:18

this will be external and when we call

12:20

this function let's say that it

12:22

transfers the token transfer from from

12:25

message dot sender to this contract

12:28

address this for the amount amount from

12:31

the input

12:32

and then let's say that it keeps track

12:34

of the amount of tokens that is state so

12:37

create a mapping

12:39

from address to uint this will be public

12:42

I'll name a balance up then when we

12:46

stake it will update the balance of for

12:48

message dot sender incremented by amount

12:52

okay scrolling down when we on stake

12:55

we'll be able to unstick the amount this

12:57

will be external when we on state we'll

13:00

first update the balance of message dot

13:04

sender decremented by amount and then

13:07

we'll transfer the token token dot

13:10

transfer to message dot sender for the

13:13

amount okay the last function we'll

13:16

write is get rewards so this will be

13:18

external

13:20

returns let's say that it just Returns

13:22

the amount of tokens amount of rewards

13:24

tokens that we earn we'll set the amount

13:27

of rewards token that we earn is we

13:29

multiply the amount of state by the

13:32

value of shares and the value of shares

13:34

we get it by calling get virtual price

13:36

on the curvepool so say unit

13:40

reward is equal to balance of message

13:43

dot sender times get virtual price pool

13:46

dot get virtual price now both the lp

13:50

tokens and get virtual price has 18

13:52

decimals so what we'll have to do is

13:55

divide by 10 to the 18. if we multiply

13:58

balance all which has 18 decimals and

14:01

get virtual price which has 18 decimals

14:04

this multiplication now has 36 decimals

14:08

so to get it back down to 18 decimals

14:11

again we'll have to divide by 10 to the

14:13

18. and then we'll have some code to

14:16

transfer the reward go to transfer

14:20

reward but for this example we'll just

14:22

omit it

14:24

escape code to transfer reward and for

14:27

this example we'll just return the

14:29

amount of reward that was calculated

14:31

okay let's try compiling this contract

14:34

clear the logs and then type Forge build

14:39

look at the contract compiled

14:40

successfully so let's move on to write

14:42

some exploit inside the hack contract so

14:45

scrolling down to the hack contract

14:46

first I'll store the Target contract

14:50

inside the hack contract so I'll say

14:51

Target

14:52

private immutable Target and then Define

14:57

a Constructor Constructor we'll take in

15:00

the address of the target

15:02

and then we'll set the target target

15:04

equal to

15:07

Target address of Target

15:09

now what we're going to do is before we

15:13

call the function poem we'll stake some

15:15

LP tokens into the Target contract and

15:19

then afterwards we call the function

15:21

poem this will eventually call remove

15:24

liquidity which we'll call the receive

15:26

function inside here we know that get

15:28

virtual price is overpriced so inside

15:32

here we'll call the function get reward

15:35

On Target and we should get more rewards

15:38

than what we should have if we didn't do

15:41

the exploit okay so let's do that so

15:44

first I'll create a function called

15:48

set up this will be external

15:51

payable and inside here we'll deposit

15:55

we'll stake some tokens into the Target

15:57

contract so first we'll need to add

16:00

liquidity copy this paste it here and

16:03

then we will transfer this LP token over

16:06

to the Target contract so LP token Dot

16:10

approve address of the target

16:14

for the amount LP and then call Target

16:18

Dot take LP next we'll execute the pawn

16:24

function and this will execute remove

16:27

liquidity which will execute receipt and

16:30

inside here let's get the reward by

16:32

calling uint reward is equal to Target

16:36

dot get keyboard and then for this

16:40

example we'll log the amount of rewards

16:42

that we earned if we had called get

16:45

reward inside the receive function so

16:48

say console.log

16:50

reward

16:52

reward and then we'll also compare this

16:56

amount of rewards that we would have got

16:59

compared to how much reward we will get

17:02

if we call it after the read-only

17:04

reentrancy is done so if we did not

17:07

execute our read-only reentrency how

17:09

much reward will we get

17:13

I'll copy these two code

17:16

and then paste it here

17:18

okay let's update our test so back

17:21

inside the hack test contract I know

17:23

that we'll need to deploy the Target

17:25

contract so Target public

17:28

Target and then we'll deploy the Target

17:31

contract first Target

17:33

is equal to new Target

17:36

and now the hack contract takes in the

17:39

address of the target so inside the

17:40

Constructor I'll pass in the address of

17:42

the

17:43

Target and then before we call the

17:45

function Palm you'll need to call the

17:48

function setup to stake some of our LP

17:51

tokens into the Target contract so here

17:55

hack not

17:57

setup and when we call this function

17:59

setup we'll get some LP tokens from the

18:02

pool from the curb SD E4 and then stake

18:05

it so let's send some if so I'll say

18:08

value we'll send 10 if 10 times 10 to

18:12

the 18. okay let's try compounding

18:14

contract I'll open the terminal clear

18:17

the logs and then type Forge build

18:20

and a contract compiles so let's now run

18:23

the test again

18:24

and our test was successful let's check

18:27

the logs scroll up

18:33

before we remove liquidity get virtual

18:36

price return some amount during the lp

18:39

is being removed so this will be the

18:42

code that was executed inside the

18:44

receive function get virtual price was

18:47

slightly higher and when we call the

18:50

function get reward we would have gotten

18:52

this much amount whereas after remove

18:54

liquidity is done executing and then we

18:57

call get reward we get a slightly thus

18:59

amount this means that if we were to

19:01

call get reward while the liquidity was

19:04

being removed then we would have gotten

19:06

more rewards than calling get reward

19:08

after recalled remove liquidity that was

19:11

an example of read-only reentrancy where

19:14

we wrote Our hack contract and then we

19:16

called the curb SD info we called it by

19:19

calling the function remove liquidity

19:21

and then while the remove liquidity is

19:23

executing it transferred some if and

19:26

then inside here it executed the code

19:28

inside the receive which allowed us to

19:31

call the Target contract get keyboard

19:33

get reward calculated the amount of

19:36

rewards by calling get virtual price

19:38

inside the curve pool at this point the

19:41

virtual price is slightly higher than

19:44

what it should be so by the time all of

19:47

this finished executing we were able to

19:49

get more rewards than what we would have

19:51

if we did not execute the read-only

19:54

re-engency