Created
March 31, 2021 15:16
-
-
Save MatthiasEgli/1cc0630317fe7f52d6d3a41dbdc596d9 to your computer and use it in GitHub Desktop.
Created using remix-ide: Realtime Ethereum Contract Compiler and Runtime. Load this file by pasting this gists URL or ID at https://remix.ethereum.org/#version=soljson-v0.8.1+commit.df193b15.js&optimize=false&runs=200&gist=
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ETH Workshop Examples - do not use in production, these contracts contain bugs! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //"SPDX-License-Identifier: WTFPL" | |
| pragma solidity ^0.8.0; | |
| /* This program is free software. It comes without any warranty, to | |
| the extent permitted by applicable law. You can redistribute it | |
| and/or modify it under the terms of the Do What The Fuck You Want | |
| To Public License, Version 2, as published by Sam Hocevar. See | |
| http://www.wtfpl.net/ for more details. */ | |
| /* These contracts are examples of contracts with bugs and vulnerabilities in order to practice your hacking skills. | |
| DO NOT USE THEM OR GET INSPIRATION FROM THEM TO MAKE CODE USED IN PRODUCTION | |
| You are required to find vulnerabilities where an attacker harms someone else. | |
| Being able to destroy your own stuff is not a vulnerability and should be dealt at the interface level. | |
| */ | |
| // Contract to store and redeem money. | |
| contract Store { | |
| struct Safe { | |
| address owner; | |
| uint amount; | |
| } | |
| Safe[] public safes; | |
| /// @dev Store some ETH. | |
| function store() public payable { | |
| safes.push(Safe({owner: msg.sender, amount: msg.value})); | |
| } | |
| /// @dev Take back all the amount stored. | |
| function take() public { | |
| for (uint i; i<safes.length; ++i) { | |
| Safe storage safe = safes[i]; | |
| if (safe.owner==msg.sender && safe.amount!=0) { | |
| payable(msg.sender).transfer(safe.amount); | |
| safe.amount=0; | |
| } | |
| } | |
| } | |
| } | |
| contract AttackStore { | |
| Store store = Store(0x49bA97A478cbb6FDDF0C221F55f1eAD08293a17F); | |
| // add code here | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //"SPDX-License-Identifier: WTFPL" | |
| pragma solidity ^0.8.0; | |
| /* This program is free software. It comes without any warranty, to | |
| the extent permitted by applicable law. You can redistribute it | |
| and/or modify it under the terms of the Do What The Fuck You Want | |
| To Public License, Version 2, as published by Sam Hocevar. See | |
| http://www.wtfpl.net/ for more details. */ | |
| /* These contracts are examples of contracts with bugs and vulnerabilities in order to practice your hacking skills. | |
| DO NOT USE THEM OR GET INSPIRATION FROM THEM TO MAKE CODE USED IN PRODUCTION | |
| You are required to find vulnerabilities where an attacker harms someone else. | |
| Being able to destroy your own stuff is not a vulnerability and should be dealt at the interface level. | |
| */ | |
| contract Vault { | |
| mapping(address => uint) public balances; | |
| /// @dev Store ETH in the contract. | |
| function store() public payable { | |
| balances[msg.sender]+=msg.value; | |
| } | |
| /// @dev Redeem your ETH. | |
| function redeem() public { | |
| msg.sender.call{ value: balances[msg.sender] }(""); | |
| balances[msg.sender]=0; | |
| } | |
| } | |
| contract AttackVault { | |
| Vault vault = Vault(0x56f1213761c6De51073420EEB7bab136DF7beF6e); | |
| // Add your code here | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment