Skip to content

kchousos/ERC20-Reentrancy-Attack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
docs
docs
 
 
lib
lib
 
 
script
script
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 
foundry.lock
foundry.lock
 
 
foundry.toml
foundry.toml
 
 
trace.log
trace.log
 
 

Repository files navigation

Smart Contracts Analysis HW1

Implemented as part of the "Analysis of Smart Contracts on Blockchain" course of UoA, Spring semester 2026.

Structure

The meaningful files are:

  • src/MyToken.sol: ERC20 Token Standard [1] compliant smart contract implementation.

    Contains both a safe burn function and an unsafe vulnBurn function that does not follow the Checks-Effects-Interactions (CEI) pattern and is thus vulnerable to a re-entrancy attack [2].

  • src/Attacker.sol: Attacker contract that performs a re-entrancy attack.

    Leverages its receive function to recursively call the vulnerable vulnBurn.

  • script/AttackScript.s.sol: A deployment script that orchestrates the attack.

Generated documentation from these source files lives in https://kchousos.github.io/Smart-Contracts-HW1.

Usage

Execution on local testnet

First start the local testnet in a separate terminal with the following command:

$ anvil

Then, deploy the script on the testnet:

$ forge script script/AttackScript.s.sol \
      --rpc-url http://127.0.0.1:8545 \
      --private-key 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80

Attack transaction trace

A sample transaction trace of the attack exists in /trace.log. Such a trace can be produced with the following command:

$ forge script script/AttackScript.s.sol \
        --rpc-url http://127.0.0.1:8545 \
        --private-key 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 \
        -vvvv

Notes

NatSpec comments [3] in the source code added with the help of Claude Sonnet 4.6.

References

[1] F. Vogelsteller and V. Buterin, "ERC-20: Token Standard," Ethereum Improvement Proposals. Accessed: Mar. 06, 2026. [Online]. Available: https://eips.ethereum.org/EIPS/eip-20

[2] "Cyfrin code glossary: Re-entrancy hack in solidity." Accessed: Mar. 07, 2026. [Online]. Available: https://www.cyfrin.io/glossary/re-entrancy-hack-solidity-code-example

[3] The Solidity Authors, "NatSpec Format — Solidity 0.8.35-develop documentation," Solidity Programming Language. Accessed: Mar. 07, 2026. [Online]. Available: https://docs.soliditylang.org/en/latest/natspec-format.html

About

Sample ERC20 token with vulnerable burn function and reentrancy attack implementation.

kchousos.github.io/ERC20-Reentrancy-Attack/

Topics

ethereum smart-contracts solidity erc20 reentrancy-attack

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages