Skip to content

AdamJLemmon/ether-jvm-double-spend-bug

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
build/contracts
build/contracts
 
 
contracts
contracts
 
 
migrations
migrations
 
 
test
test
 
 
README.md
README.md
 
 
truffle.js
truffle.js
 
 

Repository files navigation

Ethereum JVM Double Spend Bug

A known bug that exists within the JVM explained. Bug is present when utilizing Remix(solidity browser) as well as testrpc.

Bug Description

When invoking a payable contract method with a non-zero value, if this method invokes a library method the resulting balance of the calling contract will be increased by twice the amout of the ether sent. For example, if the method is called with 10 ether the resulting balance of the contract will be 20 ether.

Contents

This repo contains a bare bones implmentation to exploit the bug. One contract, DoubleSpend, that invokes an empty library method, DoubleSpendLib.doubleSpend(), and thus double spends the ether sent.

DoubleSpend's doubleSpendEther method may be invoked with any amount of ether and the DoubleSpend contract's balance will be twice the ether sent.

Test

Run the existing test to expose the bug.

$ truffle test

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages