Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
pragma solidity ^0.5.0;
import "";
* @title TokenizedBypasser
* @dev TokenizedBypasser is a malicious SimpleTimelock beneficiary that
* tokenizes its claim on the locked ETH.
contract TokenizedBypasser is ERC20 {
using SafeMath for uint256;
// the SimpleTimelock contract we're bypassing
SimpleTimelock public simpleTimelockInstance;
// tracks whether the simpleTimelockInstance has been set
bool public instanceSet;
// owner of the contract
address payable public alice;
// accept ETH
function () external payable {}
constructor() public {
alice = msg.sender;
// allows alice to set the simpleTimelockInstance
function setSimpleTimelockInstance(SimpleTimelock _simpleTimelockInstance) external {
require(!instanceSet, "instance cannot be changed once set");
require(msg.sender == alice, "only alice can set the instance");
instanceSet = true;
simpleTimelockInstance = SimpleTimelock(_simpleTimelockInstance);
require(simpleTimelockInstance.beneficiary() == address(this),
"this contract is not the beneficiary of the passed instance"
// allows anyone to mint new coins, limited to the number of ETH that can be paid out
// new coins are always given to alice
function mintNewAliceCoin() external {
require(instanceSet, "cannot be called before an instance has been set");
uint256 maxAliceCoinAllowed = address(simpleTimelockInstance).balance.add(address(this).balance);
uint256 totalSupplyOfAliceCoin = totalSupply();
require(totalSupplyOfAliceCoin < maxAliceCoinAllowed, "cannot mint more AliceCoin right now");
uint256 amountToMint = maxAliceCoinAllowed.sub(totalSupplyOfAliceCoin);
_mint(alice, amountToMint);
// allows any AliceCoin holder to cash in their AliceCoin for ETH whenever this contract holds enough ETH to do so
// note that after the releaseTime this contract will always have access to enough ETH to payout all AliceCoin holders
function cashInAliceCoin() external {
uint256 amountToRelease = balanceOf(msg.sender);
require(amountToRelease <= address(this).balance, "this contract has not yet received enough of the released ETH");
// burn msg.sender's AliceCoin
_burn(msg.sender, amountToRelease);
// give msg.sender their ETH
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment