An example re-entrancy attack on a flashloan vault.

Related tags

Cryptography cosmwasm-re-entrancy-example
Overview

CosmWasm re-entrancy Exploit Example

The exploit example is located in contracts/liquidity_hub/vault-network/exploit_contract.

A vault in contracts/liquidity_hub/vault-network/vault allows users to get a flashloan for a fee.

The user provide a callback for the flashloan which is sandwiched between the vault's own messages. The execution order is:

  • Call vault for flashloan
  • Vault sends tokens, executes the callback and inserts its own callback.
  • The calling contract executes whatever he wishes with the received funds
  • the vault callback executes.

The vault contract can ensure that all lent-out funds are returned by the lender by extending the Response with a callback [vault::CallbackMsg::AfterTrade]. This callback is ensured to be the last call in the execution order.

The edge-case that was overlooked was the case in which the lender performs a deposit with his lent funds. This edge-case is shown to be exploitable in tests/exploit.rs.

Run

cd into contracts/liquidity_hub/vault-network/exploit_contract and run cargo test. The exploit test can be viewed in tests/exploit.rs.

You might also like...
An example smart contract that builds on top of xyz

xyz Guestbook Tutorial Contract This repository contains an example smart contract that illustrates how to build on top of the xyz NFT contract. This

null 5 Apr 4, 2022
Example crate using fltk-build

white-frame This is just an example showing the use of fltk-build to create native C/C++ FLTK and cfltk modules for fltk-rs. This repo contains 2 exam

Mohammed Alyousef 1 Nov 21, 2021
Simple example for building a blockchain in Rust

rust-blockchain-example Simple example for building a blockchain in Rust Start using RUST_LOG=info cargo run This starts the client locally. The block

mario 51 Dec 31, 2022
Example worker for ethereum-based applications

Ethsig-rs Example worker for ethereum-based applications. Features: Verify arbitrary messages and their signature from an Ethereum Address Verify EIP-

odyslam.eth 28 Sep 26, 2022
Example of a block root with a Verkle state root

Example of a block root with a Verkle state root Block content This is a standard RLP block containing 3 transactions, and an added VerkleProof field

Guillaume Ballet 25 Nov 25, 2022
Example of a SC coded in RUST that can safely perform any swaps of tokens (NFT, SFT, ESDT, MetaESDT)
Example of a SC coded in RUST that can safely perform any swaps of tokens (NFT, SFT, ESDT, MetaESDT)

Elrond-NFT-Trading Example of a Smart Contract (SC) coded in RUST, that can perform any swaps of tokens (NFT, SFT, ESDT, MetaESDT) The idea P2P swaps

Sia 3 May 17, 2022
A simple example demonstrating cross-contract calls in CosmWasm smart contracts

Cross-contract calls This tutorial demonstrates cross-contract calls with CosmWasm v1. Overview An end user calls the reservation contract to register

csli Tools 3 Sep 12, 2022
Example NFT marketplace project using ink! smart contract.

NFT Marketplace project This contract is an example for the NFT marketplace implementation. License Apache 2.0 🏗️ How to use - Contracts 💫 Build Use

Swanky dApps 8 Jan 18, 2023
CosmWasm-Examples is a collection of example contracts and applications built using the CosmWasm framework

CosmWasm-Examples is a collection of example contracts and applications built using the CosmWasm framework. CosmWasm is a secure and efficient smart contract platform designed specifically for the Cosmos ecosystem.

Vitalii Tsyhulov 20 Jun 9, 2023
Owner
Smart-contract developer and @Abstract-OS co-founder.
null
GitHub
MD5/SHA256 HASH ATTACK IN RUST

hashraccoon Installation Install cargo curl https://sh.rustup.rs -sSf | sh Install the hashraccoon crate cargo install hashraccoon Download the rockyo

null 3 Nov 5, 2022
Program to determine the password of an encrypted ZIP file via dictionary attack.

zip-dict-attack Program to determine the password of an encrypted ZIP file via dictionary attack. Inspired by this article. Usage Cargo is used to bui

null 2 Oct 8, 2022
Tony Hawk's Underground 2: Remix Cheat Cracker - Performs dictionary attack on cheat code hashes for THU2R

Tony Hawk's Underground 2 Cheat Cracker A simple utility for cracking cheat codes for Tony Hawk's Underground 2, written in Rust. Background This proj

null 7 Mar 2, 2023
PolkaBTC Clients | Vault, Staked Relayer, Oracle, Faucet

PolkaBTC Clients Faucet, Oracle, Vault & Staked Relayer This project is currently under active development. Prerequisites Download and start Bitcoin C

Interlay 35 Dec 20, 2022
Simple (not simplest) UST vault that integrate with Anchor Protocol

Simple (not simplest) UST Vault Building a simple UST Vault that generate yield from Anchor while also have UST reserved for lending, and etc. This co

Kiettiphong Manovisut 2 May 3, 2022
Distributed Vault For Your Secrets

https://meta-secret.github.io Application Design Activity Diagram graph TD User --> |split password| MSS{MetaSecret} MSS --> |split| Hash1

Meta Secret 4 Nov 9, 2022
Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer of security for your most sensitive files.

Koofr Vault https://vault.koofr.net Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer o

Koofr 12 Dec 30, 2022
Hyperswitch Card Vault is an open-source sensitive information storage system built on Rust.

Tartarus - Rust Locker Overview The Hyperswitch Card Vault (Tartarus) is a highly performant and a secure vault to save sensitive data such as payment

Juspay Technologies 9 Nov 23, 2023
Example implementation for Biscuit tokens cryptography

example implementation for Biscuit token cryptography To aid in the implementation of Biscuit tokens in various languages, this repository contains an

Clever Cloud 6 May 25, 2021
The Voting example based on MoonZoon and Solana + Anchor framework.

The Voting example based on MoonZoon and Solana + Anchor framework.

Martin Kavík 6 Aug 13, 2022