30 lines
812 B
Solidity
30 lines
812 B
Solidity
/*
|
|
* @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/denial_of_service/auction.sol
|
|
* @author: -
|
|
* @vulnerable_at_lines: 23
|
|
*/
|
|
|
|
pragma solidity ^0.4.15;
|
|
|
|
//Auction susceptible to DoS attack
|
|
contract DosAuction {
|
|
address currentFrontrunner;
|
|
uint currentBid;
|
|
|
|
//Takes in bid, refunding the frontrunner if they are outbid
|
|
function bid() payable {
|
|
require(msg.value > currentBid);
|
|
|
|
//If the refund fails, the entire transaction reverts.
|
|
//Therefore a frontrunner who always fails will win
|
|
if (currentFrontrunner != 0) {
|
|
//E.g. if recipients fallback function is just revert()
|
|
// <yes> <report> DENIAL_OF_SERVICE
|
|
require(currentFrontrunner.send(currentBid));
|
|
}
|
|
|
|
currentFrontrunner = msg.sender;
|
|
currentBid = msg.value;
|
|
}
|
|
}
|