@SolidityScan Post-EIP-7702, EOAs can have code.
Attack:
Deploy contract with receive() that re-calls withdrawAll() if victim contract has balance more than deposited balance.
Delegate EOA logic to above contract
Deposit + call withdrawAll()
On ETH send, receive() reenters and drains contract
Day 39/365
Didnβt work much today and spent around 2 hours.
One of my issues from a previous contest was downgraded from High to Low, which felt a bit discouraging.
#365DaysChallenge
Day 38/365
Read the documentation and watched Panoptic Vault videos.
Started looking into the codebase. Spent more time than expected on videos about the protocol and how options work.
Time spent: 7 hours
#365DaysChallenge
Day 35/365
Learned how Uniswap V3 fees work.
Reviewed a bug I had missed earlier in a contest related to account abstraction wallets.
Time spent: 7 hours
#365DaysChallenge
Day 34/365
Didnβt work much today.
Revised the Uniswap V3 swap function.
Iβm trying to push myself to work more, but itβs hard.
I usually feel highly motivated during audits, but while learning, I donβt feel the same level of interest.
Time Spent: 1 hour
#365DaysChallenge