5

Haven't tested it out but I think in theory this could work. It might work somehing like this:

An attacker first writes a lot of data to storage so there is data to be deleted.

Using .send() in the contract to be attacked the attacker gets his fallback function called and frees up space with delete() so he gets more gas to work with than actually should be possible leaving him with enough gas to execute an Reentrant attack.

Is this even possible? And if not, why not?

eth
  • 85,679
  • 53
  • 285
  • 406
Mick de Graaf
  • 667
  • 5
  • 8

1 Answers1

4

It's not possible because the negative gas is accumulated in a separate refund counter and only provided at the very end of the transaction (up to a maximum of half the gas used). See What are the limits to gas refunds?

Community
  • 1
eth
  • 85,679
  • 53
  • 285
  • 406