...

Pepe_NOSTRos / Pepe NOSTRos

npub1fd6…tddp

2024-05-03 18:30:10

in reply to nevent1q…w48r

This is what i dug up about poisoned transactions:

Transaction poisoning refers to an attack on the Ethereum network where a malicious actor manipulates data within a transaction to cause unintended consequences. This can include altering the recipient address or changing the value of the transaction, effectively stealing funds or causing other disruptions.

Let's consider a vulnerable smart contract that uses an unsafe method for transferring funds:
pragma solidity ^0.6.0;

contract VulnerableContract {
function sendEth(address payable recipient) public {
// Unsafe method: directly sending Ether without validating the recipient's balance or safeTransfer logic
recipient.transfer(msg.value);
}
}

In this example, the 'sendEth' function of the 'VulnerableContract' is susceptible to a transaction poisoning attack. If an attacker were to modify the recipient address and send a poisoned transaction with a large amount, the contract would unknowingly transfer funds to the wrong address, leaving users like you at risk of losing their funds.

Here's an example of how an attacker could exploit the vulnerable 'sendEth' function in our previous example:
pragma solidity ^0.6.0; // Exploit Code
contract ExploitContract {
address public hacker; // Store the hacker's address as a public variable

constructor() public {
hacker = 0xabcdef123; // Set the hacker's address to the contract when it's deployed
}

function sendEth(address payable recipient) public {
// Unsafe method: directly sending Ether without validating the recipient's balance or safeTransfer logic
recipient.transfer(msg.value);
// Poisoned transaction with modified recipient and amount
ExploitContract(hacker).sendEth(0xfakeaddress456);
}
}
In this example, an attacker could deploy their own contract (ExploitContract) and pass it as a parameter when deploying the vulnerable 'VulnerableContract'. By doing so, the hacker can manipulate the 'sendEth' function within the 'VulnerableContract', effectively stealing funds from legitimate users.

am not a solidity guy but this is what I found on quick dig

Author Public Key

npub1fd6xvlufxkxdtq4ds2ck5tfy6kluhzdvfvf50m5qu4n55ya60zeq43tddp

Show more details

Published at

2024-05-03 18:30:10

Kind type

1 Short Text Note

Event JSON

{ "id": "cdd421f68dfa317aa1520cce8136a3b5f945876e8b72699932b8f7008c354e1a", "pubkey": "4b74667f89358cd582ad82b16a2d24d5bfcb89ac4b1347ee80e5674a13ba78b2", "created_at": 1714761010, "kind": 1, "tags": [ [ "e", "00a2a1318fefc49e5aa6ddae5c3221fc23a449c71d40f801829ef79cdd288fbe", "wss://nos.lol/", "root" ], [ "e", "00a2a1318fefc49e5aa6ddae5c3221fc23a449c71d40f801829ef79cdd288fbe", "wss://nos.lol/", "reply" ], [ "p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245", "", "mention" ] ], "content": "https://image.nostr.build/51ae03c9d1a3ccf413d9ad28380792f9bb88b64fcfb4b16fa03763f1b6f07027.png\n \nThis is what i dug up about poisoned transactions: \n\nTransaction poisoning refers to an attack on the Ethereum network where a malicious actor manipulates data within a transaction to cause unintended consequences. This can include altering the recipient address or changing the value of the transaction, effectively stealing funds or causing other disruptions. \n\nLet's consider a vulnerable smart contract that uses an unsafe method for transferring funds:\npragma solidity ^0.6.0;\n\ncontract VulnerableContract {\n function sendEth(address payable recipient) public {\n // Unsafe method: directly sending Ether without validating the recipient's balance or safeTransfer logic\n recipient.transfer(msg.value);\n }\n}\n\nIn this example, the 'sendEth' function of the 'VulnerableContract' is susceptible to a transaction poisoning attack. If an attacker were to modify the recipient address and send a poisoned transaction with a large amount, the contract would unknowingly transfer funds to the wrong address, leaving users like you at risk of losing their funds.\n\n\nHere's an example of how an attacker could exploit the vulnerable 'sendEth' function in our previous example:\npragma solidity ^0.6.0; // Exploit Code\ncontract ExploitContract { \n address public hacker; // Store the hacker's address as a public variable\n \n constructor() public {\n hacker = 0xabcdef123; // Set the hacker's address to the contract when it's deployed\n }\n \n function sendEth(address payable recipient) public {\n // Unsafe method: directly sending Ether without validating the recipient's balance or safeTransfer logic\n recipient.transfer(msg.value); \n // Poisoned transaction with modified recipient and amount\n ExploitContract(hacker).sendEth(0xfakeaddress456); \n }\n}\nIn this example, an attacker could deploy their own contract (ExploitContract) and pass it as a parameter when deploying the vulnerable 'VulnerableContract'. By doing so, the hacker can manipulate the 'sendEth' function within the 'VulnerableContract', effectively stealing funds from legitimate users. \n\nam not a solidity guy but this is what I found on quick dig", "sig": "9c49ddcf35ab7f6d2e7640d0962abb552310f78b9f3ef68055d6bb4c2952bdfe89a305142157c65e6d69baced3a0d2f532f70048098c7c8682b1b38942bfd84e" }