Honeypot
Honeypot
A honeypot is a type of smart contract attack that appears to be a vulnerable contract, but is actually just a trap. Honeypots work by luring attackers with a balance stored in the smart contract, and what appears to be a vulnerability in the code. Typically, to access the funds, the attacker would have to send their own funds, but unbeknownst to them, there is some kind of recovery mechanism allowing the smart contract owner to recover their own funds along with the funds of the attacker.
Let's look at a couple different real world examples:
In this contract, it seems that by sending more than the contract balance to multiplicate()
, you can set your address as the contract owner, then proceed to drain the contract of funds. However, although it seems that this.balance
is updated after the function is executed, it is actually updated before the function is called, meaning that multiplicate()
is never executed, yet the attackers funds are locked in the contract.
This contract is especially sneaky. So long as passHasBeenSet
is still set to false, anyone could GetHash()
, SetPass()
, and GetGift()
. The sneaky part of this contract, is that the last sentence is entirely true, but the problem is that passHasBeenSet
is already set to true, even though it's not in the etherscan transaction log.
You see, when smart contracts make transactions to each other they don't appear in the transaction log, this is because they perform what's known as a message call and not a transaction. So what happened here, must have been some external contract setting the pass before anyone else could.
A safer method the attacker should have used would have been to check the contract storage with a security analysis tool, such as Mythril.
Resources
Last updated