El Profesor


Before you start, listen to This.

So as you understand from the video, your mission is to perform the biggest money heist in a bank we own!

Some details:

The bank has issued a new fundraiser for a new coin called DAO. The fundraiser currently holds 1337 Ethereum, and you hold only one Ethereum. When you'll empty the bank, you'll get the flag! We've attached the smart-contract source code for your impression.



The goal is to exploit a reentrancy vulnerability and drain the contract balance. The same vulnerability was used against The DAO and resulted in a 50 million dollar theft.

The vulnerable piece of code is:

As it is quite evident, the code is vulnerable because the balance zeroing is done after the Ether transfer is performed. When Ether is sent to some address, it may be a contract address and its fallback function will be triggered. In this function it is possible to recursively call the withdrawBalance() method again provided that there is enough gas.

So our attack contract looks like:

The attack will withdraw the donate amount twice and transfer the coins to the attacker address.

We deploy the new contract:

Then, we attack:

After that, we check the balance and get the flag: