Short description
I was playing with the re-entrancy and mis-use of tx.origin example from solidity readthedocs.
This example shows how a user wallet can be tricked into having all of the calling account's funds transferred to an attacker's account.
After changing the invocation of transfer to call.value to allow for sending more gas (so the custom fall-back function could be invoked for the re-entrancy attack), I observed behaviour that I do not understand (see below).
The relevant code
User wallet:
pragma solidity >=0.5.0 <0.7.0;
// THIS CONTRACT CONTAINS A BUG - DO NOT USE
contract TxUserWallet {
address owner;
constructor() public payable {
owner = msg.sender;
}
function() external payable {}
function transferTo(address payable dest, uint amount) public payable {
//require(tx.origin == owner, "tx.origin not owner");
dest.call.value(amount)("");
}
}
Attacker's wallet:
pragma solidity >=0.5.0 <0.7.0;
interface TxUserWallet {
function transferTo(address payable dest, uint amount) external;
}
contract TxAttackWallet {
address payable owner;
constructor() public payable {
owner = msg.sender;
}
function() external payable {
TxUserWallet(msg.sender).transferTo(owner, msg.sender.balance);
}
}
Observations I don't understand
I compiled and deployed the contracts in Remix.
When I call the function TxUserWallet.transferTo (from the owner's account, with enough gas, value and balance) using as parameters (1) the attacker's wallet address and (2) some value val (smaller than the msg.value), then I notice that an amount of val is transferred, whereas I would expect the total sender account balance to be transferred ... ?
When I comment out the body of the fall-back function of the attack wallet, compile, deploy and then repeat the steps from point 1 above, then Remix reports success on the transaction, but nothing is transferred, whereas in this case I would expect val to be transferred ... ?
My question
How to understand the above observations?
Transactions:
Deploying attack wallet from account 1:
[vm]
from:0xca3...a733c
to:TxAttackWallet.(constructor)
value:0 wei
data:0x608...b0032
logs:0
hash:0x37b...32f64
status 0x1 Transaction mined and execution succeed
transaction hash 0x37bfe3f84e1b164b4a3fc711fadda2ed287071e07477ecf82a9a437f90e32f64
contract address 0x22e37c29ad8303c6b58d3cea5a3f86160278af01
from 0xca35b7d915458ef540ade6068dfe2f44e8fa733c
to TxAttackWallet.(constructor)
gas 3000000 gas
transaction cost 150927 gas
execution cost 74747 gas
hash 0x37bfe3f84e1b164b4a3fc711fadda2ed287071e07477ecf82a9a437f90e32f64
input 0x608...b0032
decoded input {}
decoded output -
logs []
value 0 wei
Deploying user wallet from account 2 (which currently has a balance of over 100 ether):
[vm]
from:0x147...c160c
to:TxUserWallet.(constructor)
value:0 wei
data:0x608...b0032
logs:0
hash:0x5c1...18439
status 0x1 Transaction mined and execution succeed
transaction hash 0x5c183894bc0f00f420b8c19f86f51fb91dc3b288729cd34f4ee9a0932aa18439
contract address 0x1439818dd11823c45fff01af0cd6c50934e27ac0
from 0x14723a09acff6d2a60dcdf7aa4aff308fddc160c
to TxUserWallet.(constructor)
gas 3000000 gas
transaction cost 148247 gas
execution cost 72747 gas
hash 0x5c183894bc0f00f420b8c19f86f51fb91dc3b288729cd34f4ee9a0932aa18439
input 0x608...b0032
decoded input {}
decoded output -
logs []
value 0 wei
Calling TxUserWallet.transferTo from account 2 (owner) with the address of attack wallet:
[vm]
from:0x147...c160c
to:TxUserWallet.transferTo(address,uint256) 0x143...27ac0
value:1000000000000000000 wei
data:0x2cc...03039
logs:0
hash:0xcfc...476b8
status 0x1 Transaction mined and execution succeed
transaction hash 0xcfc442c88207d20c0b365548e5bdc6bf7b868d2991486246875d8ca11fe476b8
from 0x14723a09acff6d2a60dcdf7aa4aff308fddc160c
to TxUserWallet.transferTo(address,uint256) 0x1439818dd11823c45fff01af0cd6c50934e27ac0
gas 3000000 gas
transaction cost 40659 gas
execution cost 17723 gas
hash 0xcfc442c88207d20c0b365548e5bdc6bf7b868d2991486246875d8ca11fe476b8
input 0x2cc...03039
decoded input {
"address dest": "0x22e37c29Ad8303c6b58D3Cea5A3f86160278af01",
"uint256 amount": {
"_hex": "0x3039"
}
}
decoded output {}
logs []
value 1000000000000000000 wei
Now account 2 has 1 ether less in stead of being completely robbed empty.
It's not the owner's balance that you trying to transfer it's the contract balance. Look at the msg.sender.balance this is the contract balance, because the contract is the one who sent this transaction. It works right now because you sending etc to the contract in your transaction's value. So the contract balance becomes equal to the value of your transaction. And then you sending the entire balance of the contract to your account 1.
Related
I am trying to implement a token swap of my custom ERC20 token via UniswapV3
I use Rinkeby Ethereum network.
I deployed the token under address: 0x4646CB39EA04d4763BED770F80F0e0dE8efcdF0f
I added the liquidity to Uniswap for this token and ETH.
Now, I try to execute swap in my contract, but it doesn't work. I get the error:
Gas estimation errored with the following message (see below). The transaction execution will likely fail. Do you want to force sending?
execution reverted
My Swap.sol contract takes an address of the token to swap with ETH as a constructor parameter. When I deploy it using DAI token address, the swap works just fine.
I assume this is a Uniswap liquidity related problem, but I added liquidity manually and I can swap my token inside their app.
Contract code:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;
pragma abicoder v2;
import "#uniswap/v3-periphery/contracts/libraries/TransferHelper.sol";
import "#uniswap/v3-periphery/contracts/interfaces/ISwapRouter.sol";
import "#uniswap/v3-periphery/contracts/interfaces/IQuoter.sol";
contract Swap {
address private constant SWAP_ROUTER =
0xE592427A0AEce92De3Edee1F18E0157C05861564;
address private constant WETH = 0xc778417E063141139Fce010982780140Aa0cD5Ab;
address public tokenAddress;
address public immutable _owner;
ISwapRouter public immutable swapRouter;
constructor(address token) {
_owner = msg.sender;
swapRouter = ISwapRouter(SWAP_ROUTER);
tokenAddress = token;
}
function swapExactInputSingle() external payable {
require(msg.value > 0, "Must pass non 0 ETH amount");
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: WETH,
tokenOut: tokenAddress,
fee: 3000,
recipient: msg.sender,
deadline: block.timestamp,
amountIn: msg.value,
amountOutMinimum: 1,
sqrtPriceLimitX96: 0
});
swapRouter.exactInputSingle{value: msg.value}(params);
}
receive() external payable {}
}
I had the same issue with the swapExactInputMultihop function on uniswap. For each pools/paths you're going through, you need to make sure you've got the correct pool fee set.
You can checkout the swap fees on the uniswap website: V3-overview/fees
or on a video tutorial, going through the whole process:
Blockchain With Wisdom on YouTube
Managed to fix it.
I set the fee: 3000 in contract, but I created liquidity with 1% fee, so I had to change it to fee: 10000 according to docs: fee The fee tier of the pool, used to determine the correct pool contract in which to execute the swap
I'm writing a contract that involves transferring an ERC-721 token from one user to another. In order to test that this works with existing NFT collections, I'm using ganache-cli to fork mainnet and impersonate the holder of the ERC-721 token in question. I've confirmed on Etherscan that the address I'm unlocking is indeed the holder of the ERC-721 token that I'm trying to transfer.
First, I'm forking mainnet using ganache-cli:
ganache-cli -f <INFURA_MAINNET_ENDPOINT> -d -i 66 1 --unlock <HOLDER_ADDRESS>
My smart contract code includes:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface IERC721 {
function ownerOf(uint256 _tokenId) external returns (address);
function safeTransferFrom(address _from, address _to, uint256 _tokenId) external payable;
}
interface CryptopunkInterface {
function transferPunk(address _to, uint _tokenId) external;
}
and contains this function:
/// #dev Sells NFT into a bid (i.e., "hits" the bid)
/// #param _bidderAddress Address of the bidder
/// #param _nftAddress Address of collection to which the bid applies
/// #param _tokenId Token id of the NFT in question
/// #param _expectedWeiPriceEach Price (in wei) that seller expects to receive for each NFT
/// #return Proceeds remitted to seller
function hitBid(address _bidderAddress, address _nftAddress, uint256 _tokenId, uint256 _expectedWeiPriceEach) public returns (uint256) {
console.log("msg.sender of hitBid: ", msg.sender);
// Initialize bid
Bid memory bid = bids[_bidderAddress][_nftAddress];
// Require that bid exists
require(bid.quantity > 0, "This bid does not exist.");
// Require that bid amount is at least what the seller expects
require(bid.weiPriceEach >= _expectedWeiPriceEach, "Bid is insufficient.");
// Decrement bidder's bid quantity for this collection
bids[_bidderAddress][_nftAddress].quantity = bid.quantity - 1;
// Compute platform fee proceeds
uint256 platformFeeProceeds = bid.weiPriceEach * platformFee / 10000;
// Remit platform fee proceeds to owner
sendValue(OWNER, platformFeeProceeds);
// Transfer NFT to bidder
// Check whether _nftAddress is Cryptopunks address
if (_nftAddress == 0xb47e3cd837dDF8e4c57F05d70Ab865de6e193BBB) {
CryptopunkInterface(_nftAddress).transferPunk(_bidderAddress, _tokenId);
} else {
console.log("ownerOf NFT being sold: ", IERC721(_nftAddress).ownerOf(_tokenId));
IERC721(_nftAddress).safeTransferFrom(msg.sender, _bidderAddress, _tokenId);
}
// Compute seller proceeds
uint256 sellerProceeds = bid.weiPriceEach - platformFeeProceeds;
// Remit seller proceeds to seller
sendValue(payable(msg.sender), sellerProceeds);
// Emit new trade event
emit NewTrade(_bidderAddress, msg.sender, _nftAddress, bid.weiPriceEach, 1, _tokenId);
// Return seller proceeds
return sellerProceeds;
}
When I run truffle test, executing the function on behalf of the unlocked holder address, I get this error:
Error: Returned error: VM Exception while processing transaction: revert ERC721: transfer caller is not owner nor approved -- Reason given: ERC721: transfer caller is not owner nor approved.
UPDATE:
I switched from using ganache-cli to using Hardhat to fork mainnet. I'm impersonating the relevant addresses in my test.js file:
const BAYC_HOLDER_ADDRESS = "0x54BE3a794282C030b15E43aE2bB182E14c409C5e";
await hre.network.provider.request({
method: "hardhat_impersonateAccount",
params: [BAYC_HOLDER_ADDRESS],
});
I've also verified that msg.sender of hitBid is indeed the ownerOf the NFT in question with the console.log statements above.
msg.sender of hitBid: 0x54be3a794282c030b15e43ae2bb182e14c409c5e
ownerOf NFT being sold: 0x54be3a794282c030b15e43ae2bb182e14c409c5e
Nonetheless, I'm still getting the same error:
Error: VM Exception while processing transaction: reverted with reason string 'ERC721: transfer caller is not owner nor approved'
The reason you are getting this error is because msg.sender of hitBid() is not the same as msg.sender of IERC721(_nftAddress).safeTransferFrom().
The seller needs to sign two transactions:
The user needs to sign approve(yourContractAddress, tokenId)
The user needs to sign hitBid()
That will prevent hitBid() from reverting, since your contract address (msg.sender of safeTransferFrom()) will then be approved to make the transfer.
I'm trying to transfer an ERC721 token, but I'm getting the error ERC721: transfer caller is not owner nor approved for the transferToken method.
Main.sol
import "./ERC721.sol";
import "./Counters.sol";
contract Main is ERC721 {
using Counters for Counters.Counter;
Counters.Counter internal _tokenIds;
address payable internal admin;
constructor() ERC721("MyToken", "TOKEN") {
admin = payable(msg.sender);
}
}
Auction.sol
import "./Main.sol";
contract Auction is Main {
struct AuctionInfo {
uint256 tokenId;
address highestBidder;
uint highestBid;
}
mapping(string => AuctionInfo) private _auctionInfo;
function createAuction(string memory id) public {
_tokenIds.increment();
uint256 newTokenId = _tokenIds.current();
_mint(msg.sender, newTokenId);
_auctionInfo[id].tokenId = newTokenId;
}
function transferToken(string memory id) public {
require(msg.sender == _auctionInfo[id].highestBidder, "You are not the highest bidder");
safeTransferFrom(address(this), _auctionInfo[id].highestBidder, _auctionInfo[id].tokenId);
}
// other methods...
}
The minting contract is this and the owner of the token is the msg.sender of the minting method if I'm not mistaken. Am I to use the approve (or setApprovalForAll) for this each time before transferring? I've tried this, payable(this), and address(this) for the safeTransferFrom method, but none seem to be working.
For example, I tried the following, but get the same revert message:
approve(address(this), _auctionInfo[id].tokenId);
this.safeTransferFrom(address(this), _auctionInfo[id].highestBidder, _auctionInfo[id].tokenId);
The main principle behind any Blockchain is that nobody on the blockchain network should be trusted, and still the transactions should happen fool proof, with no possibility of any cheating being done (barring of course of some hacking).
If you invoke the approve method from the Auction contract, then the msg.sender for the approve function in the ERC721 token contract is your auction contract address. So, in other words, your Auction Contract is trying to approve itself to sell someone else's NFTs, which is not very trustworthy.
What should really happen is that owner of the NFT should invoke the approve method of the ERC721 contract - i.e. the transaction that you send for the approve function call, should be signed by the NFT owner wallet address. This way, the msg.sender for the approve function in the ERC721 contract will be the owner of the NFT. As per the ERC721 standards, the owner of the NFT can approve anyone they want, to sell their NFT(s), as the no-trust in the network is still maintained (At least I should be able to trust myself). The approve method should be invoked from within your DAPP, before the transferToken function is invoked from the DAPP.
Hope that explains why you are unable to transfer your ERC721 tokens.
Because of the internal visibility of the ERC721._approve() function, you can effectively perform the approval for the user.
Then you'll be able to execute the safeTransferFrom(tokenOwner, receiver, tokenId) from your contract, because your contract address is approved to operate this specific token even though it belongs to the tokenOwner.
This snippet mints the token, assigning the ownership to the msg.sender. But then it also calls the _approve() function that doesn't contain any validations and simply assigns the approval of the token to the Auction address.
pragma solidity ^0.8;
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol";
contract Auction is ERC721 {
constructor() ERC721("CollectionName", "Symbol") {}
function createAuction() public {
uint256 newTokenId = 1;
_mint(msg.sender, newTokenId);
_approve(address(this), newTokenId);
}
}
You can see from the screenshot that the owner is 0x5B... (the user address) and that the token is approved for 0xd9... (the contract address).
Note: The _approve() function is internal - it can be called from the ERC721 contract and contracts deriving from it (in your case Main and Auction), but it can't be called from external contracts or end user addresses.
I have this code I have entered into Remix IDE, as ReceivedEther.sol, a standalone smart contract.
I've transferred 0.02 Ether to the smart contract, using MetaMask.
When I checked the smart contract's balance, it returns 200000000000000000, as expected.
If I try to use the transferEther function, however, and enter a number smaller than this - say, 0.005 ETH, or 50000000000000000 as the amount - it doesn't work using MetaMask.
When MetaMask prompts me it's never for that amount. It's for 0 ETH and 0.00322 gas fee (or whatever the gas is). Basically it always set the amount of ETH at 0 and only charges the fee.
Why can't I transfer an amount of ETH using this function in the Remix IDE with MetaMask?
pragma solidity ^0.8.0;
contract ReceivedEther {
function transferEther(address payable _recipient, uint _amount) external returns (bool) {
require(address(this).balance >= _amount, 'Not enough Ether in contract!');
_recipient.transfer(_amount);
return true;
}
/**
* #return contract balance
*/
function contractBalance() external view returns (uint) {
return address(this).balance;
}
}
Your code sends ETH (stated in the _amount variable) from the smart contract to the _recipient. So it doesn't require any ETH to be sent in order to execute the transferEther() function.
If you want your contract to accept ETH, the function that accepts it (or the general fallback() or receive() function) needs to be marked as payable.
Example:
pragma solidity ^0.8.0;
contract ReceivedEther {
receive() external payable {} // note the `payable` keyword
// rest of your implementation
}
Then you can send whathever amount of ETH to the smart contract address (without specifying any function to execute).
See more at https://docs.soliditylang.org/en/v0.8.5/contracts.html#receive-ether-function
If you want to prefill the amount in MetaMask from Remix IDE, you can use the "Value" input in the "Deploy & Run Transactions" tab.
I have created a basic ERC20 token by implementing OpenZeppelin as follow in ERC20.sol file:
pragma solidity ^0.6.4;
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v3.4.0/contracts/token/ERC20/ERC20.sol";
contract Token is ERC20 {
constructor(string memory _name, string memory _symbol)
public
ERC20(_name, _symbol)
{
_mint(msg.sender, 10000000000000000000000000000);
}
}
Then implement another contract Contract.sol as follow:
import "./ERC20.sol";
pragma solidity ^0.6.4;
contract SimpleBank{
Token tokenContract;
constructor(Token _tokenContract) public {
tokenContract = _tokenContract;
}
function deposit(uint amt) public returns (bool) {
require(amt != 0 , "deposit amount cannot be zero");
tokenContract.transfer(address(this),amt);
return true;
}
}
As, I have deployed both contract from the address 0xAb8483F64d9C6d1EcF9b849Ae677dD3315835cb2 so, it holds 10000000000000000000000000000 tokens.
But when I call deposit function from same address I got the following error:
transact to SimpleBank.deposit errored: VM error: revert. revert The
transaction has been reverted to the initial state. Reason provided by
the contract: "ERC20: transfer amount exceeds balance". Debug the
transaction to get more information.
So, what is the proper way to interact with the deployed ERC20 token so that the deploy function works.
The user address 0xAb8483... sends a transaction executing SimpleBank's function deposit(), which makes 0xAb8483... the value of msg.sender in SimpleBank.
But then SimpleBank sends an internal transaction executing Token's function transfer(). Which makes SimpleBank address (not the 0xAb8483...) the value of msg.sender in Token.
So the snippet tokenContract.transfer(address(this),amt); within SimpleBank is trying to send SimpleBank's tokens. Not the user's (0xAb8483...) tokens.
This transfer of tokens (from point 2) reverts, because SimpleBank doesn't own any tokens. Which makes the top-level transaction (from point 1) revert as well.
If you want SimpleBank to be able to transfer 0xAb8483...'s tokens, 0xAb8483... needs to approve() the tokens first to be spent by SimpleBank. Directly from their address, so that they are msg.sender in the Token contract.
Only then SimpleBank can execute transferFrom(0xAb8483..., address(this), amt) (from, to, amount).
TLDR: Your contract can't spend tokens that it doesn't own, unless the owner has manually approved your contract to spend them.
If it could spend someone else's tokens without approval, it would be very easy to steal from people who can't/don't verify your source code (by spending their USDT, WETH and other widely-used tokens).