You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the SignatureReplay example contract,The victims v,r,svalues can be reused multiple times in the withdrawBySig() function.However, the funds in the contract ultimately go to the legitimate signer (the victim), and the attacker does not gain any financial benefit from calling withdrawBySig() function with the victim’s v, r, s values. The attacker ends up losing money by paying the gas fees for the transaction, while the signer benefits because they can withdraw their funds without paying gas fees in the future.
here is the logs from the modified test_signatureReplay() function
[PASS] test_signatureReplay() (gas: 1342404)
Logs:
attacker balance: 0
victim balance: 100000000000000000000
victim balance in the contract: 0
The attacker does not steal any funds from the victim, and the victim’s balance returns to the original amount (i.e., 100 ether).
I believe this example would be more effective if adjustments were made to the contract to demonstrate a scenario where the victim actually loses money to the attacker. This would help students better understand the concept and risks of replay attacks.
Thank you for the content patrick and team❤️
The text was updated successfully, but these errors were encountered:
In the
SignatureReplayexample contract,The victimsv,r,svalues can be reused multiple times in thewithdrawBySig()function.However, the funds in the contract ultimately go to the legitimatesigner(the victim), and the attacker does not gain any financial benefit from callingwithdrawBySig()function with the victim’sv,r,svalues. The attacker ends up losing money by paying the gas fees for the transaction, while the signer benefits because they can withdraw their funds without paying gas fees in the future.here is the logs from the modified
test_signatureReplay()functionThe attacker does not steal any funds from the victim, and the victim’s balance returns to the original amount (i.e., 100 ether).
I believe this example would be more effective if adjustments were made to the contract to demonstrate a scenario where the victim actually loses money to the attacker. This would help students better understand the concept and risks of replay attacks.
Thank you for the content patrick and team❤️
The text was updated successfully, but these errors were encountered: