You have a GREAT talent for explaining complex subjects and making them really easy to understand, I love your neutral straight to the point content, the speed and the words choice is perfect, your no filler BS approach is great as well since you leave out the unnecessary hype and focus on providing excellent value in each of your videos. Also the visual aids, and the access to the code are amazing tools. Keep it up mate, and thanks a lot for what you are doing.
Doesn't it make it so that only one person can use this function at the time? What if we want to allow an entirely unrelated person to withdraw their eth?
@@bezimienny5 I had the same question, then found an answer that explains that once a transaction from person A is added to blockchain, then that single transaction will be atomic. Person B calling the same function will only execute sequentially after Person A transaction is completed.
I hope you get more subs soon your doing a great job!. Also to mention, iIwatch you with a 1.5x or 2x speed. Thats great that this is possible with your presentation
You could use a mapping address => bool to store whether an address transactions are locked or not or even something like address => mapping(string => bool) for specific function names but may not be too efficient
@@josemiguel5924 Can you elaborate on this a bit please? I think I understand, and maybe this answers my concern about the modifier lock variable used in the video. If we use this 'lock' boolean, does it lock ANY transactions even if it's not a true reentry? like a real withdrawal from a different user (or address)
@@mo_i_nas I'm pretty sure that if the boolean that locks transactions is part of the global state of the contract it will block any transaction that has the modifier attached to it even if it is called from another address, what i was talking about is locking transactions for an specific address, meaning that the modifier won't read a boolean that says if the lock is activated or not, it will check a mapping containing addresses and a boolean for each one, so it will check if that address is authorized for making transactions or if it is in a "cooldown", so the lock would be per address and not global for every user but as i was saying, i'm kinda new to solidity so i don't really know how efficient would it be to do it that way, also maybe the most of the time you will be ok with the checks, effects, transactions pattern for protecting against simple reentrancy attacks.
@@josemiguel5924 you dont really need a mapping in this case since, when transaction from person A is added to block, then that single transaction will be atomic. Person B calling the same function will only execute sequentially after Person A transaction is completed. so a function cannot be simultaneously executed by 2 different addresses, it will be sequiential
Undoubtedly one of the best teachers. I have a doubt for the community: If the withdraw function includes parameters with arguments. Example: function withdraw(address _address, address _secondAddress, uint _amount) is it also possible to do a reentrancy? Because I wanted to try and I could not, and in the video it only shows when the withdraw()function does not include arguments. Thanks
great explanation, all videos just explain to use this in the contract, doesn't explain why. You used the best way by debugging and showing the flow of code.
attack function is giving error Note: The called function should be payable if you send value and the value you send should be less than your current balance. please help
The vulnerability in the smart contract that allows reentrancy lies in the function that enables external deposits, fund transfers, and the balance check in the contract that is calling the deposit function. The defense against this vulnerability lies in verifying the balance before performing the transfer.
With the recent incidence of Revest.Finance whose culprit is at reentrancy, this video is somewhat important. One question: Does compiler auto generates constructor which map to public data member for us i.e. balances? So we can directly construct EtherStore by specifying address which acts as a key with value defaults to 0 for the address's balance?
That was a very clear explanation. Thank you! Could you make a video about resigning ownership of a contract and regaining it back? - if that's even possible ofc. Additional difficulty here would be the fact, that the contract wasn't upgradeable and prepared for such an event.
Hello Sir. Big fan. I am just starting out with Smart Contract Audits and learning more about the security aspects of Solidity. You videos are of great help. However, I would love to know what is the best way to connect to you. I need to discuss some imperartive concepts of Solidity and it would be great if we could connect on Telegram or any other online platform. Please let me know.
Thanks for the feedback. You can contact me through email or discord contact@smartcontractprogrammer.com discord.com/channels/271091159793664010/312039801702580242
Hey a small question!, when state variable locked = true, will it just stop incoming "withdraw" request from Smart Contract B or will it stop all "withdraw" requests coming from any user?
shouldn't the two lines of code after the "msg.sender.call" be also executed as many times as the withdraw function has been invoked by the attacker? In that case the attack would fail (if there is no underflow vulnerability) since the balance would be less than zero and balances must be integers.....
Txs on EVM are atomic, but are function calls? i.e. is it possible for the balance to be decremented and then the send txn fails, leaving the state incorrect? Obviously the answer to this Q is "no", but I'd like to hear your explanation. Thanks for the great resource :)
So why doesn't the EtherStore function withdraw() continue executing? Is it because the tx is processing? Meaning: Reentrancy stops when 1. there is no more balance in EtherStore OR 2. tx is succesfull?
Do you have any idea why this attack might not work on version 0.8.0? This works for me when using 0.6.10, but 0.8.0 gives me the error a few others have mentioned: the transaction reverted "Reason provided by contract: Failure to send ether". I believe it continues to call the withdraw function even after the balance of the Etherstore is too low. I also get a warning when compiling regarding not having a receive ether function, not sure if that has anything to do with it. Thanks for the video!
Uma dúvida o contrato de ataque de reentrância só funcionaria na vesão do compilador 0.6.0? versões superiores os estouros apresentariam erro? e falharia o ataque?
Hi, I'm a little confused as to what msg.sender.call is doing. I think it calls a function of the sender contract where you put the function name in the parentheses. So by adding "" it calls the fallback function since there is no function that has no name. Similarly, if you wanted to call a function called send() youd put "send" in parentheses. Is this correct? I tried reading thr docs and it didnt really help. Thanks.
msg.sender.call{value: _amount}("") is sending ETH to msg.sender yes you're understanding is mostly correct > , if you wanted to call a function called send() youd put "send" in parentheses. You would put "send()" Also "send()" is a built in function available to all payable addresses, so you should avoid naming your function as "send()"
First of all thank you for the video . I always love it Question : In the second method of using modifier What will happen if 10 transactions all start to run withdraw function at same time ?? I think only one of the transaction will succeed and other transactions get failed this makes the contract less usable in concurrency mode
Very standard explanation. But i"m being confused on the best withdraw function to use after watching your other video on how to withdraw ether (payable) 0.5, i'm using that one but which withdraw function is best to apply currently? This one here or that one? I'd appreciate your reply..
@@smartcontractprogrammer OK then the locked will go to its initial state nice. Great video bro👍, hey can you make videos on how to write upgradable smart contracts and how to use oracles in Smart contracts. If possible please make videos of these topics.
I get this error when I try to execute the code transact to Attacker.attack errored: VM error: revert. revert The transaction has been reverted to the initial state. Reason provided by the contract: "Failed to send Ether". Debug the transaction to get more information.
3 things: 1. Awesome video 2.So, this can basically happen because until the tx is not mined, the state of ether store is not updated right? and since attack contract makes this operations within the same tx 3. you forgot to add a withdraw function to your attack contract, you cant withdraw your stolen ether :D
2. it's not that the state is not updated until tx is mined. Its just how the program flows. You can simulate the same hack with other programming languages. Key idea of the hack is that you are calling back into a function while the function has not completed. example f() { g() } g() { if (!called) { f() } else { called = true } } 3. XD
how is this possible? are the two contracts not on different "threads" because coming from web2 this seems only possible if they are different classes of the same program.
Hello There, trying to follow the tutorial but when try attack button keep giving "gas stimation error" . Any clue what i could be doing wrong? the attack contract doesnt need to have eth correct? just the msg.sender wallet? Thanks , great video.
To what is presented the attack contract and the target contract must have the same compiler, attack would only work below version 0.8.0, because from that version the overflows would indicate error messages and the target contract must have the vulnerability if it does not have will present the error of the gas estimate
Hey pal, did you see the fallback lesson? The fallback functions is triggered in 2 cases, when someone is sending money to the contract and when someone is calling a function that does not exist, hope it's helpful for you
@@smartcontractprogrammer Thank you ! I see the new function withdraws all funds a user has and does not take the _amount argument. Why does this no longer work?
I had to google. It seems that fallback() is a special function that can be triggered if ETH is sent to the contract, so when contract A sends 1 ETH to contract B, it triggers fallback()
Is there any way to send eth automatically to another wallet after receiving Someone hacked my wallet When I fund my wallet it Automatically send all ether to another wallet instantly
Hey brother, what do you think about this. function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance");
@smarContract Provider attack function is giving error Note: The called function should be payable if you send value and the value you send should be less than your current balance. please help
@@smartcontractprogrammer for all your codes the attack is failing and it says transact to Attack.attack errored: VM error: revert. Note: The called function should be payable if you send value and the value you send should be less than your current balance.
Here are the topics in this video
Overview 0:40
Code 4:31
Preventative techniques 12:24
You have a GREAT talent for explaining complex subjects and making them really easy to understand, I love your neutral straight to the point content, the speed and the words choice is perfect, your no filler BS approach is great as well since you leave out the unnecessary hype and focus on providing excellent value in each of your videos. Also the visual aids, and the access to the code are amazing tools. Keep it up mate, and thanks a lot for what you are doing.
Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...
i agree w this comment
my thoughts exactly too
totally agreem good content!
Fantastic. I really really appreciate the slow methodical approach. You didn't skip over anything end explained it very well. Thank you so much!
Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...
The second preventation method is clever AF. Thanks so much bro!!! Loved it!
Doesn't it make it so that only one person can use this function at the time? What if we want to allow an entirely unrelated person to withdraw their eth?
@@bezimienny5 I had the same question, then found an answer that explains that once a transaction from person A is added to blockchain, then that single transaction will be atomic. Person B calling the same function will only execute sequentially after Person A transaction is completed.
@@raviojhayt That's awesome so it's just like transactions in a SQL database.
AWESOME explanation!
I didn't know a modifier could trigger something AFTER the function ran. Very cool!
same
I hope you get more subs soon your doing a great job!. Also to mention, iIwatch you with a 1.5x or 2x speed. Thats great that this is possible with your presentation
should i try talking a little faster?
@@smartcontractprogrammer For me its perfect, cause in other tutorials im not able to watch them faster.
Content is amazing as always. Attacker's pov, just what I've been looking for! Thank you 😄
The lock modifier is a smart design.
You are the best in how you speak and show everything, thanks a lot!!
Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...
Came from cyber security and I love this.
Super awesome video !!! Love ❤️ the approach of teaching the hacking and then the preventive code !!!
Love it!!!
Also if you use the modifier, you only can use it for one function
as there is only one boolean keeping the state
You could use a mapping address => bool to store whether an address transactions are locked or not or even something like address => mapping(string => bool) for specific function names but may not be too efficient
@@josemiguel5924 Can you elaborate on this a bit please? I think I understand, and maybe this answers my concern about the modifier lock variable used in the video. If we use this 'lock' boolean, does it lock ANY transactions even if it's not a true reentry? like a real withdrawal from a different user (or address)
@@mo_i_nas I'm pretty sure that if the boolean that locks transactions is part of the global state of the contract it will block any transaction that has the modifier attached to it even if it is called from another address, what i was talking about is locking transactions for an specific address, meaning that the modifier won't read a boolean that says if the lock is activated or not, it will check a mapping containing addresses and a boolean for each one, so it will check if that address is authorized for making transactions or if it is in a "cooldown", so the lock would be per address and not global for every user but as i was saying, i'm kinda new to solidity so i don't really know how efficient would it be to do it that way, also maybe the most of the time you will be ok with the checks, effects, transactions pattern for protecting against simple reentrancy attacks.
@@josemiguel5924 you dont really need a mapping in this case since, when transaction from person A is added to block, then that single transaction will be atomic. Person B calling the same function will only execute sequentially after Person A transaction is completed. so a function cannot be simultaneously executed by 2 different addresses, it will be sequiential
Clear cut clean explanation, thank you sir!
Undoubtedly one of the best teachers. I have a doubt for the community: If the withdraw function includes parameters with arguments. Example: function withdraw(address _address, address _secondAddress, uint _amount) is it also possible to do a reentrancy? Because I wanted to try and I could not, and in the video it only shows when the withdraw()function does not include arguments. Thanks
we need MORE VIDEOS in this series
great explanation, all videos just explain to use this in the contract, doesn't explain why. You used the best way by debugging and showing the flow of code.
attack function is giving error
Note: The called function should be payable if you send value and the value you send should be less than your current balance.
please help
The vulnerability in the smart contract that allows reentrancy lies in the function that enables external deposits, fund transfers, and the balance check in the contract that is calling the deposit function. The defense against this vulnerability lies in verifying the balance before performing the transfer.
With the recent incidence of Revest.Finance whose culprit is at reentrancy, this video is somewhat important.
One question: Does compiler auto generates constructor which map to public data member for us i.e. balances? So we can directly construct EtherStore by specifying address which acts as a key with value defaults to 0 for the address's balance?
That was a very clear explanation. Thank you!
Could you make a video about resigning ownership of a contract and regaining it back? - if that's even possible ofc.
Additional difficulty here would be the fact, that the contract wasn't upgradeable and prepared for such an event.
you mean like this?
github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol
@@smartcontractprogrammer yes, but when owner using ownable resigns ownership (by mistake).
Can't recover ownership. The new owner will have to transfer back the ownership to you.
@@smartcontractprogrammer ok. Thanks for your time.
Whoah!
Hello Sir. Big fan.
I am just starting out with Smart Contract Audits and learning more about the security aspects of Solidity. You videos are of great help.
However, I would love to know what is the best way to connect to you. I need to discuss some imperartive concepts of Solidity and it would be great if we could connect on Telegram or any other online platform.
Please let me know.
Thanks for the feedback. You can contact me through email or discord
contact@smartcontractprogrammer.com
discord.com/channels/271091159793664010/312039801702580242
You are an amazing teacher and an amazing person. Thank you fro teaching so much for free!
Crystal Clear. Openzeppelin reentrancy guard works too, correct?
yup
Amazing explaination!
Hey a small question!, when state variable locked = true, will it just stop incoming "withdraw" request from Smart Contract B or will it stop all "withdraw" requests coming from any user?
great detailed video, thanks for the explanation!
Just to add, What he did is what we call "Check Effect Interaction Pattern"
Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...
shouldn't the two lines of code after the "msg.sender.call" be also executed as many times as the withdraw function has been invoked by the attacker? In that case the attack would fail (if there is no underflow vulnerability) since the balance would be less than zero and balances must be integers.....
thank you so much, man. this is powerful and detailed as usual.
So the fallback() function will be triggered whenever a smart contract receives eth from another address?
excellent breakdown
Txs on EVM are atomic, but are function calls? i.e. is it possible for the balance to be decremented and then the send txn fails, leaving the state incorrect? Obviously the answer to this Q is "no", but I'd like to hear your explanation. Thanks for the great resource :)
Very clear explanation... Great !!!
I completely understood thnx man
Love u bro
The modifier also restricts function call to one user at a time
Is that correct?
Amazing explanation as you always do. Thank you very much for sharing your knowledge with us
Great explanation. Has this vulnerability been fixed or do we still need to be careful about updating the state first?
Vulnerability is still present
Vulnerability is not present if we use solidity 0.8 complier or onwards. Since arithmetic underflow is caught by default.
Really great explanation thank you so much! Liked and Subscribed.
So why doesn't the EtherStore function withdraw() continue executing? Is it because the tx is processing? Meaning: Reentrancy stops when 1. there is no more balance in EtherStore OR 2. tx is succesfull?
Great video. Well explained. Thank you very much. 👌
Do you have any idea why this attack might not work on version 0.8.0? This works for me when using 0.6.10, but 0.8.0 gives me the error a few others have mentioned: the transaction reverted "Reason provided by contract: Failure to send ether". I believe it continues to call the withdraw function even after the balance of the Etherstore is too low. I also get a warning when compiling regarding not having a receive ether function, not sure if that has anything to do with it. Thanks for the video!
solidity 0.8 uint overflows throw error
@@smartcontractprogrammer over throws means what it doesn’t work? Or Are you saying or latest versionis itself safe from attacking.
Uma dúvida o contrato de ataque de reentrância só funcionaria na vesão do compilador 0.6.0? versões superiores os estouros apresentariam erro? e falharia o ataque?
I need a code that will allow me to deposit into a smart contract as well as withdraw from a smart contract
really nice explanation. thanks man .
Very helpful and well explained thank you for your time and effort.
I cannot understand why the fallback function will be triggered after the withdraw function.
When a contract receives money, it automatically triggers the fallback function
Sorry sir but I dont see the update balance when the user runs deposit function. Do We need to add that as well?
set ETH amount to send with deposit
Perfect explanation.
Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...
EXPLAIN ME IN THE CODE SECTION? WHERE IN THE CONTRACT A HAS THE VALUE OF ETH THAT IT OWES TO CONTRACT B (i.e 1 ETH)
Awesome demo
Hi, I'm a little confused as to what msg.sender.call is doing. I think it calls a function of the sender contract where you put the function name in the parentheses. So by adding "" it calls the fallback function since there is no function that has no name. Similarly, if you wanted to call a function called send() youd put "send" in parentheses.
Is this correct? I tried reading thr docs and it didnt really help.
Thanks.
msg.sender.call{value: _amount}("") is sending ETH to msg.sender
yes you're understanding is mostly correct
> , if you wanted to call a function called send() youd put "send" in parentheses.
You would put "send()"
Also "send()" is a built in function available to all payable addresses, so you should avoid naming your function as "send()"
First of all thank you for the video . I always love it
Question :
In the second method of using modifier What will happen if 10 transactions all start to run withdraw function at same time ?? I think only one of the transaction will succeed and other transactions get failed this makes the contract less usable in concurrency mode
EVM is not concurrent. Transactions are executed sequentially.
Very standard explanation. But i"m being confused on the best withdraw function to use after watching your other video on how to withdraw ether (payable) 0.5, i'm using that one but which withdraw function is best to apply currently? This one here or that one? I'd appreciate your reply..
solidity 0.8 syntax
@@smartcontractprogrammer How do i get it?
Awesome video with perfect explanation.
Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...
Very helpful! Thanks so much!
Awesome video! Thank you!!!
Hey when will the code after _; in the modifier executes? In this case you are making locked = false. When this will execute?
after the function finishes execution (last line, balances[msg.sender] -= _amount)
@@smartcontractprogrammer OK then the locked will go to its initial state nice. Great video bro👍, hey can you make videos on how to write upgradable smart contracts and how to use oracles in Smart contracts. If possible please make videos of these topics.
Awesome explanation
Great video, thanks for sharing:)
what if the transaction failed for some reason & the funds are not sent. In that case our balance will be deducted right ?
thanks sir! this is very helpful to my upcoming project
The first method seems obvious, the second one silence all hackers!
at 12:12, it go to line22 and will get the "Fail to send ether", so the attack will fail, am I right?
Fantastic, I love it, but it couldn't work at solidity 0.8.0, is there any breaking change?
overflow / underflow throws error in Solidity 0.8
check here for latest example
solidity-by-example.org/hacks/re-entrancy/
@@smartcontractprogrammer Thank you so much
In smart contract where to write to write this code and how to compose according to my contract ?
Thanks for sharing. It is really useful information.
How about authorization/ signature per each transaction? Will that also help to prevent re-entrance??
nope. the vulnerability here is how the code is executed, not authorization
Smart Contract Programmer ah~~ okay , thanks!!
I get this error when I try to execute the code transact to Attacker.attack errored: VM error: revert. revert The transaction has been reverted to the initial state. Reason provided by the contract: "Failed to send Ether". Debug the transaction to get more information.
Did you send Ether when calling the functions?
@@smartcontractprogrammer thank you for this great video, but I got the exact same error when calling attack function with 1 ether.
One question ? Do you know somethign about erc20 reentrancy ? I cant find nothing out there :(
And Thanks for your videos !
re-entrancy can potentially be done on any contract that calls other contracts
3 things:
1. Awesome video
2.So, this can basically happen because until the tx is not mined, the state of ether store is not updated right? and since attack contract makes this operations within the same tx
3. you forgot to add a withdraw function to your attack contract, you cant withdraw your stolen ether :D
2. it's not that the state is not updated until tx is mined. Its just how the program flows. You can simulate the same hack with other programming languages.
Key idea of the hack is that you are calling back into a function while the function has not completed.
example
f() {
g()
}
g() {
if (!called) {
f()
} else {
called = true
}
}
3. XD
@@smartcontractprogrammer Yea, saw that on your video 2 mins later, I thought state wasnt update until TX is mined
how is this possible? are the two contracts not on different "threads" because coming from web2 this seems only possible if they are different classes of the same program.
like recursion
I fell off at deploying the contracts. Please consider doing this in the 0.8 series with more detail in deploying the contracts.
Thanks!
Hello There, trying to follow the tutorial but when try attack button keep giving "gas stimation error" . Any clue what i could be doing wrong? the attack contract doesnt need to have eth correct? just the msg.sender wallet? Thanks , great video.
To what is presented the attack contract and the target contract must have the same compiler, attack would only work below version 0.8.0, because from that version the overflows would indicate error messages and the target contract must have the vulnerability if it does not have will present the error of the gas estimate
Very well explained ... thnx a lot
Good stuff. Thanks!!!!
Hey man, do these videos still help in 2024 or have things changed too much?
Most hacks are still relevant
@@smartcontractprogrammerDude, your playlist is GOLD.
Can please anyone tell me the step by step process which we have to execute first and how we get 2 ether in starting
Great video !
Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...
This is an amazing video!!!!
great vid!
Why is contract A sending to contract B triggering the "fallback" function?
Hey pal, did you see the fallback lesson? The fallback functions is triggered in 2 cases, when someone is sending money to the contract and when someone is calling a function that does not exist, hope it's helpful for you
@@VegettoTenkai got it, that does help -- thank you! So this is a core part of Solidity then and not a one-off for this particular contract
Why are you setting locked to both true and false in the reentrancy function?
inside the modifier noReentrant?
@@smartcontractprogrammer Yes. And what does '_;' do?
This does not seem to work anymore, I tried to recreate an example and I receive an error on require(sent)
Try example at solidity-by-example.org. Code in video won't work with sol 0.8
@@smartcontractprogrammer Thank you ! I see the new function withdraws all funds a user has and does not take the _amount argument. Why does this no longer work?
How is the fallback() function triggered automatically? I don't see it called anywhere
fallback is default function that gets called if the function to call doesn't exist
In this example, what do you mean that function to call doesn’t exist? Thank you
I am confused how reentrancy.sol triggered fallback function?
I think I am missing something.
I had to google. It seems that fallback() is a special function that can be triggered if ETH is sent to the contract, so when contract A sends 1 ETH to contract B, it triggers fallback()
Outstanding
Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...
Is there any way to send eth automatically to another wallet after receiving
Someone hacked my wallet
When I fund my wallet it Automatically send all ether to another wallet instantly
wallet is a contract = yes - redirect payment using fallback
wallet is a EOA = no
Hey brother, what do you think about this.
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
if address(this).balance < amount then function will fail when amount is attempted to send.
So that is a redundant check
@@smartcontractprogrammer is inside a contract and got a comment to re-entrancy check
You are so good . thank you
great explantion
nice one man thanks
Not able to get EtherStrore reference inside other contract , can anyone please help
@smarContract Provider
attack function is giving error
Note: The called function should be payable if you send value and the value you send should be less than your current balance.
please help
check solidity-by-example.org for latest example
@@smartcontractprogrammer hey thanks actually I copy-pasted the code but still same error
@@smartcontractprogrammer for all your codes the attack is failing and it says
transact to Attack.attack errored: VM error: revert.
Note: The called function should be payable if you send value and the value you send should be less than your current balance.
bravo mate, bravo
Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...
This attack still valide for solidity 0.8.*?
Yes
a programming language like this will have so many loop holes. great tip anyway.
not able to run both contracts at same time
The withdraw function work not only this way... Its a primitive example of it
Thank you for watching, for question, guidance and support at anytime. Just DM +1.(4 .2 .3). 4 . 3 . 0 . 6 . 9 . 8 . 4 @ W H A T S A P...
Hello, do I need to actually have ether in my wallet to make this work?
Yes - you need ETH to send transactions
@@smartcontractprogrammer thanks for reply. Can you tell me how much ETH? Is it a specific amount plus gas or just gas?
Also, is there a specific way to know which contracts have these vulnerabilities? I want to try and get some bounties from the contract owners
Not get properly the starting phases
Geniussss
it encourages me so bad to hack in real world. thanks bro I will end up in jail BCS of u