An example re-entrancy attack on a flashloan vault.

Last update: Dec 29, 2022

Related tags

Cryptography cosmwasm-re-entrancy-example

Overview

CosmWasm re-entrancy Exploit Example

The exploit example is located in contracts/liquidity_hub/vault-network/exploit_contract.

A vault in contracts/liquidity_hub/vault-network/vault allows users to get a flashloan for a fee.

The user provide a callback for the flashloan which is sandwiched between the vault's own messages. The execution order is:

Call vault for flashloan
Vault sends tokens, executes the callback and inserts its own callback.
The calling contract executes whatever he wishes with the received funds
the vault callback executes.

The vault contract can ensure that all lent-out funds are returned by the lender by extending the Response with a callback [vault::CallbackMsg::AfterTrade]. This callback is ensured to be the last call in the execution order.

The edge-case that was overlooked was the case in which the lender performs a deposit with his lent funds. This edge-case is shown to be exploitable in tests/exploit.rs.

Run

cd into contracts/liquidity_hub/vault-network/exploit_contract and run cargo test. The exploit test can be viewed in tests/exploit.rs.

You might also like...

The Voting example based on MoonZoon and Solana + Anchor framework.

The Voting example based on MoonZoon and Solana + Anchor framework.

The Voting example based on MoonZoon and Solana + Anchor framework.

Martin Kavík

6 Aug 13, 2022

An example smart contract that builds on top of xyz

xyz Guestbook Tutorial Contract This repository contains an example smart contract that illustrates how to build on top of the xyz NFT contract. This

null

5 Apr 4, 2022

Example crate using fltk-build

white-frame This is just an example showing the use of fltk-build to create native C/C++ FLTK and cfltk modules for fltk-rs. This repo contains 2 exam

Mohammed Alyousef

1 Nov 21, 2021

Simple example for building a blockchain in Rust

rust-blockchain-example Simple example for building a blockchain in Rust Start using RUST_LOG=info cargo run This starts the client locally. The block

mario

51 Dec 31, 2022

Example worker for ethereum-based applications

Ethsig-rs Example worker for ethereum-based applications. Features: Verify arbitrary messages and their signature from an Ethereum Address Verify EIP-

odyslam.eth

28 Sep 26, 2022

Example of a block root with a Verkle state root

Example of a block root with a Verkle state root Block content This is a standard RLP block containing 3 transactions, and an added VerkleProof field

Guillaume Ballet

25 Nov 25, 2022

Example of a SC coded in RUST that can safely perform any swaps of tokens (NFT, SFT, ESDT, MetaESDT)

Example of a SC coded in RUST that can safely perform any swaps of tokens (NFT, SFT, ESDT, MetaESDT)

Elrond-NFT-Trading Example of a Smart Contract (SC) coded in RUST, that can perform any swaps of tokens (NFT, SFT, ESDT, MetaESDT) The idea P2P swaps

Sia

3 May 17, 2022

A simple example demonstrating cross-contract calls in CosmWasm smart contracts

Cross-contract calls This tutorial demonstrates cross-contract calls with CosmWasm v1. Overview An end user calls the reservation contract to register

csli Tools

3 Sep 12, 2022

Example NFT marketplace project using ink! smart contract.

NFT Marketplace project This contract is an example for the NFT marketplace implementation. License Apache 2.0 🏗️ How to use - Contracts 💫 Build Use

Swanky dApps

8 Jan 18, 2023

Owner

Smart-contract developer and @Abstract-OS co-founder.

null

GitHub

PolkaBTC Clients | Vault, Staked Relayer, Oracle, Faucet

PolkaBTC Clients Faucet, Oracle, Vault & Staked Relayer This project is currently under active development. Prerequisites Download and start Bitcoin C

Interlay

35 Dec 20, 2022

Simple (not simplest) UST vault that integrate with Anchor Protocol

Simple (not simplest) UST Vault Building a simple UST Vault that generate yield from Anchor while also have UST reserved for lending, and etc. This co

Kiettiphong Manovisut

2 May 3, 2022

MD5/SHA256 HASH ATTACK IN RUST

hashraccoon Installation Install cargo curl https://sh.rustup.rs -sSf | sh Install the hashraccoon crate cargo install hashraccoon Download the rockyo

null

3 Nov 5, 2022

Distributed Vault For Your Secrets

https://meta-secret.github.io Application Design Activity Diagram graph TD User --> |split password| MSS{MetaSecret} MSS --> |split| Hash1

Meta Secret

4 Nov 9, 2022

Program to determine the password of an encrypted ZIP file via dictionary attack.

zip-dict-attack Program to determine the password of an encrypted ZIP file via dictionary attack. Inspired by this article. Usage Cargo is used to bui

null

2 Oct 8, 2022

Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer of security for your most sensitive files.

Koofr Vault https://vault.koofr.net Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer o

Koofr

12 Dec 30, 2022

Tony Hawk's Underground 2: Remix Cheat Cracker - Performs dictionary attack on cheat code hashes for THU2R

Tony Hawk's Underground 2 Cheat Cracker A simple utility for cracking cheat codes for Tony Hawk's Underground 2, written in Rust. Background This proj

null

7 Mar 2, 2023

Hyperswitch Card Vault is an open-source sensitive information storage system built on Rust.

Tartarus - Rust Locker Overview The Hyperswitch Card Vault (Tartarus) is a highly performant and a secure vault to save sensitive data such as payment

Juspay Technologies

9 Nov 23, 2023

Girl Friend <- Generate Foundry Fork Test from Attack Transaction

girlfriend Girl Friend <- G F <- Generate Foundry Fork Test from Attack Transaction She is truly a great friend. Prerequisites # Install abi-guesser g

fuzzland

92 Jul 24, 2024

Example implementation for Biscuit tokens cryptography

example implementation for Biscuit token cryptography To aid in the implementation of Biscuit tokens in various languages, this repository contains an

Clever Cloud

6 May 25, 2021