Make contract unusable by exploiting push external calls ๐
packages/hardhat/contracts
folder and check out what contracts we have there.highestBidder
you have to send ETH greater than the previous highestBid
.DoS with (Unexpected) revert
. So how does it work?bid()
function, and stay the leader forever.fallback()
was commented in our Attack.sol
.scaffold-eth
to make sure our assumption works fine.attack
method as an attacker and disable our VulnerableAuction
forever!highestBidder
.highestBidder
even though he puts more ETH that we did.favor pull over push for external calls
.GoodAuction.sol
. Note how we added a new method withdrawRefund
. Now we do not depend on any push external calls like sending money back to someone.