Introduction

• It's time for some hands-on experience!
• In this lab, you'll leverage the Checks-Effects-Interactions (CEI) pattern to fix the Reentrancy vulnerability in Vulnerable.sol. If you implement the CEI pattern correctly, the attack you created in Reentrancy Fundamentals: Attack Lab should NOT work.
• As discussed in the Lab Workflow section, your solution will be verified by the Challenge Verification Engine.
• For you to pass the lab, you must complete the Lab Challenges.

Prerequisites

• Reentrancy Fundamentals: Attack Theory
• Reentrancy Fundamentals: Defend Theory

Lab Sample

Lab Sample

Tip:

Click on the image to zoom in

---

Lab Challenges

1. Attacker.sol should NOT be able to steal all ETH from Vulnerable.sol
   Important:

   While you can solve this challenge in multiple ways, please use the Checks-Effects-Interactions Pattern.

   Review Defense Pattern 3: Checks-Effect-Interactions.

Lab Workflow

1. Use the Lab Options section to start the lab.
2. Optional: If you previously worked in the lab, you'll need to: i) close any open tabs; ii) navigate to the lab's terminal and execute revert.
3. Review the Vulnerable.sol and Attacker.sol contracts. While doing the review, start to think about how you can update Vulnerable.sol to solve the Lab Challenges.
4. Update Vulnerable.sol for the Checks-Effects-Interactions pattern.
   Warning:

   Within Vulnerable.sol, please make your changes between the following code comments:

   • // COMMENT GROUP A: START
   • // COMMENT GROUP A: END

   If you change other code, the lab might not work.

5. When you're ready to verify your solution, go to the lab environment's terminal and execute the cv command. (This is short for Challenges Verify.)
6. Behind the scenes, the cv command invokes Attacker.attack().
7. cv prints a call stack and verifies that the Lab Challenges have been completed.

Lab Options

Pros

• Access the lab directly through your web browser.
• There are no dependencies to install.

Cons

• Executes on GitHub's servers. This has a financial cost if the free tier is exhausted. Luckily, it's easy to set a spending limit of 0 so you won't be charged (instructions below).

Prerequisites

• Sign up for a Github account.
• IMPORTANT: Github will charge for Codespace usage once the free tier is exhausted. If you don't want to be charged, navigate to this link and ensure the Codespaces spending limit is set to 0. Blockbash (and its contributors) are not responsible for any unexpected charges.

Warning:

You must complete the Prerequisites (mentioned above) before starting the lab.

Next Steps

1. Click
2. Complete the steps within the Lab Workflow section.

Tip:

If you have a question (or problem), please review the Need Help section.

Pros

• If you're already a Visual Studio Code user, your preexisting setup should be applied. This includes keybindings, extensions, etc.
• As the lab isn't being executed within the browser, you'll have a more "native" experience.
• Depending on your computer, the experience might be faster than the Codespace environment.

Cons

• Requires dependencies to be installed (see below).

Prerequisites

• Install Visual Studio Code.
• Install the Dev Containers Extension.
• Install Docker (other container runtimes are not officially supported).

Warning:

You must complete the Prerequisites (mentioned above) before starting the lab.

Next Steps

1. Click
2. Complete the steps within the Lab Workflow section.

Tip:

If you have a question (or problem), please review the Need Help section.

Need Help?

1. Review the hints within the Lab Challenges section.
2. If the hints don't help, leverage this link for further assistance.

Disclosures

Warning:

• Content should be used for educational purposes only. You should not leverage this content for nefarious purposes. Blockbash's authors are not liable for misuse of this content.
• Everyone makes mistakes, including the authors of Blockbash. All content and recommendations should be verified via another source. Blockbash's authors are not liable for any mistakes. If you've found an error, please create a Github Issue.