Created
July 11, 2018 17:30
-
-
Save RyanHendricks/178206d2821cafbc94bd0041da21a0b3 to your computer and use it in GitHub Desktop.
ShitTokenICO - Find the bug(s)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.23; | |
| // There are no compiler errors but what could potentially go wrong here? | |
| contract ShitTokenICO { | |
| // balances of the respective internal accounts | |
| uint256 public founderOneFunds; | |
| uint256 public founderTwoFunds; | |
| uint256 public teamFunds; | |
| uint256 public vestedFunds; | |
| // tracking how much each investor contributed | |
| mapping(address => uint256) public investorFundsReceived; | |
| // returns the amount invested by the function caller (investor) | |
| function getInvestmentAmountData() public view returns (uint256 senderData) { | |
| return investorFundsReceived[msg.sender]; | |
| } | |
| // Handles the receipt of ETH on behalf of the investors, founders, and team. | |
| function fundsReceived(address _investor, uint256 _value) internal { | |
| investorFundsReceived[_investor] =+ _value; | |
| uint256 partialShare = _value / 3; | |
| founderOneFunds =+ partialShare; | |
| founderTwoFunds =+ partialShare; | |
| teamFunds = 2 * partialShare / 3; | |
| vestedFunds = partialShare / 3; | |
| } | |
| // Handles received funds by calling internal fundsReceived function. | |
| function() public payable{ | |
| fundsReceived(msg.sender, msg.value); | |
| } | |
| } |
emailnjv
commented
Jul 12, 2018
- UINT overflow
- No way to withdraw funds(or set beneficiaries)
- “=+” should it not be “+=” ?
- this is true
- also true, but let's assume this logic is handled elsewhere outside the scope of this component contract.
- correct, although switching from deprecated unary still doesn't solve a potential problem. Code updated below with this change and addition of the checkTotal() function. What happens when an investor decides to contribute more ETH in a second or even third txn..
pragma solidity ^0.4.23;
// There are no compiler errors but what could potentially go wrong here?
contract ShitTokenICO {
// balances of the respective internal accounts
uint256 public founderOneFunds;
uint256 public founderTwoFunds;
uint256 public teamFunds;
uint256 public vestedFunds;
// tracking how much each investor contributed
mapping(address => uint256) public investorFundsReceived;
// returns the amount invested by the function caller (investor)
function getInvestmentAmountData() public returns (uint256 senderData) {
return investorFundsReceived[msg.sender];
}
// Handles the receipt of ETH on behalf of the investors, founders, and team.
function fundsReceived(address _investor, uint256 _value) internal {
investorFundsReceived[_investor] += _value;
uint256 partialShare = _value / 3;
founderOneFunds += partialShare;
founderTwoFunds += partialShare;
teamFunds = 2 * partialShare / 3;
vestedFunds = partialShare / 3;
}
function checkTotal() public returns (uint256, uint256) {
return(founderOneFunds + founderTwoFunds + teamFunds + vestedFunds, getInvestmentAmountData());
}
// Handles received funds by calling internal fundsReceived function.
function() public payable{
fundsReceived(msg.sender, msg.value);
}
}`
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment