Attacking Ethereum Smart Contracts – Reentrancy, Weak Sources of Randomness, and Business Logic

“What Ethereum intends to provide is a blockchain with a built-in fully fledged Turing-complete programming language that can be used to create “contracts” that can be used to encode arbitrary state transition functions [...]. The code in Ethereum contracts is written in a low-level, stack-based bytecode language, referred to as “Ethereum virtual machine code” or “EVM code”. The code consists of a series of bytes, where each byte represents an operation.”

Vitalik Buterin [1]

Welcome to the seventh chapter of this book, where we’ll analyze our vulnerable application with a Capture the Flag (CTF) on Ethereum Smart Contracts.

The epigraph features ...

Get Attacking and Exploiting Modern Web Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.