Before we dive into code, let’s take a quick overview of what’s going to happen in the attack.
This is called a sequence diagram, and each column is an entity. Here we have three entities: the attacker, the BankRobber, and the Bank.
The attacker, is a human issuing commands. The BankRobber is a smart contract the attacker wrote and controls. The Bank is also a smart contract, which is supposed to be safely holding everyone’s funds.
We’ll read this from top-to-bottom, left-to-right:
The first thing that happens is the attacker will create the BankRobber script and set himself as the owner.
Then the attacker deposits 1 of his own ETH into the BankRobber‘s account. So here the BankRobber contract will own and control 1 ETH. We’ll use this 1 real ETH to trick the Bank that we’re a legitimate customer.
The attacker will instruct the BankRobber to make a deposit by calling the makeBankDeposit function. The BankRobber, legitimately deposits 1 real ETH into the Bank.
The Bank accepts the deposit, and sets the robber’s internal balance to 1 ETH.
Next comes the attack: The attacker instructs the BankRobber to steal from the bank, which he happily does.
First the BankRobber will call withdraw from the bank. The bank sends the Ether by calling .call.value, which invokes the BankRobber‘s fallback function. The fallback function is crafted to call back to the bank again and call withdraw again before the bank has cleared the balance to zero.