-
Notifications
You must be signed in to change notification settings - Fork 4
21 Shop
r1oga edited this page Oct 30, 2022
·
2 revisions
Get the item from the shop for less than the price asked.**
Like for the Level 11 - Elevator, Shop relies on an interface to interact with another contract whose implementation is unknown. An attacker can create a contract that implements its own version of this function.
buy() is calling price() twice:
- In the conditional check: the price returned must be higher than 100 to pass
- To update the price: here is the opportunity to return a value lower than 100.
So we need to implement a malicious price function that:
- returns a value higher than 100 on its first call
- returns a value lower than 100 on its second call
- Don't let interface functions unimplemented.
- It is unsafe to approve some action by double calling even the same view function.