Understanding Rekeying Attacks
On Algorand, the Rekeying feature allows an account to change its authorized signing key without changing its public address. While useful for key rotation, it is dangerous if mishandled.
The Threat: A malicious smart contract might trick a user into signing a transaction that sets the rekey-to field to the attacker's address.
Your Objective
Modify the PyTeal contract on the right. Ensure the transaction is only approved if the rekey_to field is empty (ZeroAddress).
Account State Simulation
WAITING FOR CODE
ATTACKER
Update the code to run simulation.
contract.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
2
3
4
5
6
7
8
9
10
11
12
13
14
15
CONSOLE OUTPUT