Oddbean new post about | logout
 https://image.nostr.build/51ae03c9d1a3ccf413d9ad28380792f9bb88b64fcfb4b16fa03763f1b6f07027.png
  
This is what i dug up about poisoned transactions: 

Transaction poisoning refers to an attack on the Ethereum network where a malicious actor manipulates data within a transaction to cause unintended consequences. This can include altering the recipient address or changing the value of the transaction, effectively stealing funds or causing other disruptions. 

Let's consider a vulnerable smart contract that uses an unsafe method for transferring funds:
pragma solidity ^0.6.0;

contract VulnerableContract {
    function sendEth(address payable recipient) public {
        // Unsafe method: directly sending Ether without validating the recipient's balance or safeTransfer logic
        recipient.transfer(msg.value);
    }
}

In this example, the 'sendEth' function of the 'VulnerableContract' is susceptible to a transaction poisoning attack. If an attacker were to modify the recipient address and send a poisoned transaction with a large amount, the contract would unknowingly transfer funds to the wrong address, leaving users like you at risk of losing their funds.


Here's an example of how an attacker could exploit the vulnerable 'sendEth' function in our previous example:
pragma solidity ^0.6.0; // Exploit Code
contract ExploitContract { 
    address public hacker; // Store the hacker's address as a public variable
    
    constructor() public {
        hacker = 0xabcdef123; // Set the hacker's address to the contract when it's deployed
    }
    
    function sendEth(address payable recipient) public {
         // Unsafe method: directly sending Ether without validating the recipient's balance or safeTransfer logic
        recipient.transfer(msg.value); 
        // Poisoned transaction with modified recipient and amount
        ExploitContract(hacker).sendEth(0xfakeaddress456); 
    }
}
In this example, an attacker could deploy their own contract (ExploitContract) and pass it as a parameter when deploying the vulnerable 'VulnerableContract'. By doing so, the hacker can manipulate the 'sendEth' function within the 'VulnerableContract', effectively stealing funds from legitimate users. 

am not a solidity guy but this is what I found on quick dig 
 tldr: FAFO 😂 
 yah, kinda seems that way. 
 Nice post thanks for digging this up !