Before we dive into code, let’s take a quick overview of what’s going to happen in the attack.
This is called a sequence diagram, and each column is an entity. Here we have three entities: the attacker, the BankRobber, and the Bank.
The attacker, is a human issuing commands. The
BankRobber is a smart contract the attacker wrote and controls. The
Bank is also a smart contract, which is supposed to be safely holding everyone’s funds.
We’ll read this from top-to-bottom, left-to-right:
The first thing that happens is the attacker will create the
BankRobber script and set himself as the owner.
Then the attacker deposits 1 of his own ETH into the
BankRobber‘s account. So here the
BankRobber contract will own and control 1 ETH. We’ll use this 1 real ETH to trick the
Bank that we’re a legitimate customer.
The attacker will instruct the
BankRobber to make a deposit by calling the
makeBankDeposit function. The
BankRobber, legitimately deposits 1 real ETH into the
Bank accepts the deposit, and sets the robber’s internal balance to 1 ETH.
Next comes the attack: The attacker instructs the
BankRobber to steal from the bank, which he happily does.
BankRobber will call
withdraw from the bank. The bank sends the Ether by calling
.call.value, which invokes the
BankRobber‘s fallback function. The fallback function is crafted to call back to the bank again and call withdraw again before the bank has cleared the balance to zero.