Skip to content

Instantly share code, notes, and snippets.

@chevdor
Last active September 7, 2016 11:22
Show Gist options
  • Save chevdor/73ca9a1484a5adb17e21ce1a238318ca to your computer and use it in GitHub Desktop.
Save chevdor/73ca9a1484a5adb17e21ce1a238318ca to your computer and use it in GitHub Desktop.
WhitehatWithdraw bytecode using soljson-v0.3.6-2016-08-30-cf974fd

Validation of the WhitehatWithdraw contract

The WhitehatWithdraw contract is located at:

0x9f5304da62a5408416ea58a17a92611019bd5ce3

The goal of this verification is to ensure that the code running at the address 0x9f5304da62a5408416ea58a17a92611019bd5ce3 matches the code claimed to be deployed. This code can be found here: https://raw.githubusercontent.com/BitySA/whetcwithdraw/master/whetcwithdraw.sol

This verification is done by compiling the claimed code of the smart contract and checking whether or not it matches the bytecode stored at the contract address in the Ethereum Classic Blockchain.

The following test are run from the console using geth running on Classic, started as:

geth --datadir /Users/troyololo/Library/EthereumClassic --fast --verbosity 2 --oppose-dao-fork --rpc console
Note
Using the right compiler is critical to check the bytecode properly. Use soljson-v0.3.5-2016-08-10-fc60839.js. In the online compiler, you also need to click TOGGLE DETAILS and get the RUNTIME bytecode from there. The leading 0x has been added manually.
0x606060405236156100b95760e060020a600035046302ef6c8681146100c15780631554611f146100dc5780633e2640d6146100f15780633fb27b851461010557806357211ac01461013b57806364dab283146101515780637e3ef7cd14610164578063884b5dc21461017a578063893d20e8146101dd578063a6f9dae1146101f0578063c01c1ca314610213578063d0e30db014610228578063e3ce971414610273578063eb8bbd2814610297578063f3fef3a3146102aa575b6102c1610002565b6102c36004355b600060006000600034111561032b57610002565b6102d560006000600034111561041a57610002565b6102c160043560003411156104a357610002565b6102c1600054600160a060020a039081163391909116141580610131575060095460a060020a900460ff165b156104cb57610002565b6102c3600435600060003411156104f157610002565b6102e96000600034111561051157610002565b6102c36004356000600034111561052357610002565b604080516004803580820135602081810280860182019096528185526102c1959394602494909385019291829190850190849080828437509496505050505050506000805481908190600160a060020a0390811633919091161461058057610002565b6102e96000600034111561062557610002565b6102c1600435600054600160a060020a0390811633919091161461063757610002565b6102d560006000600034111561065957610002565b6102d5600480543490810190915560408051918252516000917f4d6ce1e535dbade1c23defba91e23b8f791ce5edc0cc320257a2b364e4e38426919081900360200190a15060015b90565b6102c16004356024356044356064356084356000600060003411156106d857610002565b6102c3600060003411156107ed57610002565b6102c160043560243560003411156107d057610002565b005b60408051918252519081900360200190f35b604080519115158252519081900360200190f35b60408051600160a060020a03929092168252519081900360200190f35b600160a060020a038416600090815260026020526040902054810392505b5050919050565b6001546040805160e060020a6370a08231028152600160a060020a038781166004830152915191909216916370a0823191602482810192602092919082900301816000876161da5a03f1156100025750506040805180516001547f18160ddd0000000000000000000000000000000000000000000000000000000083529251909550600160a060020a039290921692506318160ddd91600482810192602092919082900301816000876161da5a03f1156100025750506040805151600454600160a060020a03881660009081526002602052929092205491850204925082101590506103065760009250610324565b600054600160a060020a0390811633919091161461043757610002565b5060405160085430600160a060020a039081163192911690600090839082818181858883f19350505050151561046c57610002565b6040805182815290517f2a3ef566ae160e22f4c547c4a751e6dabd0c266b98b091a909eb729b609ea1869181900360200190a15090565b600054600160a060020a039081163391909116146104c057610002565b600680548201905550565b6009805474ff0000000000000000000000000000000000000000191660a060020a179055565b50600160a060020a0381166000908152600260205260409020545b919050565b50600754600160a060020a0316610270565b6040805160015460e060020a6370a08231028252600160a060020a03858116600484015292519216916370a082319160248181019260209290919082900301816000876161da5a03f11561000257505060405151915061050c9050565b600054600160a060020a0390811633919091161415806105a9575060095460a060020a900460ff165b156105b357610002565b600092505b835183101561061f57838381518110156100025790602001906020020151915083836001018151811015610002576020908102909101810151600160a060020a038416600090815260029283905260409020819055600480548201905593019290506105b8565b50505050565b50600054600160a060020a0316610270565b6000805473ffffffffffffffffffffffffffffffffffffffff19168217905550565b6006546005540142101561066c57610002565b5060405160095430600160a060020a039081163192911690600090839082818181858883f1935050505015156106a157610002565b6040805182815290517fb12d6ae91e976812a292ae5290d71e8d13eaaf2767838c729b8553ddb3ede4209181900360200190a15090565b60008481526003602052604090205460ff16156106f457610002565b604080517f57697468647261772044414f45544320746f200000000000000000000000000081526c01000000000000000000000000600160a060020a038a1602601382015260278101889052815190819003604701812080825260ff881660208381019190915282840188905260608301879052925190945060019260808084019391929182900301816000866161da5a03f115610002575060408051516000878152600360205291909120805460ff191690921790915590506107c781888860026107d9565b92508260001415610803575b50505050505050565b6107f633838360015b60006000600060648511156107fa57610002565b50600454610270565b5050565b6107bb876100c8565b30600160a060020a0316318311156108235730600160a060020a03163192505b5050600160a060020a0385166000908152600260205260408120805483019055606484830204908183039082111561088257604051600754600160a060020a031690600090849082818181858883f19350505050151561088257610002565b60008111156108b657604051600160a060020a03871690600090839082818181858883f1935050505015156108b657610002565b60408051848152602081018790528082018690529051600160a060020a0388811692908a16917febff2602b3f468259e1e99f613fed6691f3a6526effe6ef3e768ba7ae7a36c4f9181900360600190a35050505050505056

sha3 of this bytecode:

0xc84c5048fd6f01d7045d0c0652d78af3b3c444481f68956483f0b0b549701d6b

Bytecode of the contract on ETC (Ethereum Classic chain):

eth.getCode("0x9f5304da62a5408416ea58a17a92611019bd5ce3");
0x606060405236156100b95760e060020a600035046302ef6c8681146100c15780631554611f146100dc5780633e2640d6146100f15780633fb27b851461010557806357211ac01461013b57806364dab283146101515780637e3ef7cd14610164578063884b5dc21461017a578063893d20e8146101dd578063a6f9dae1146101f0578063c01c1ca314610213578063d0e30db014610228578063e3ce971414610273578063eb8bbd2814610297578063f3fef3a3146102aa575b6102c1610002565b6102c36004355b600060006000600034111561032b57610002565b6102d560006000600034111561041a57610002565b6102c160043560003411156104a357610002565b6102c1600054600160a060020a039081163391909116141580610131575060095460a060020a900460ff165b156104cb57610002565b6102c3600435600060003411156104f157610002565b6102e96000600034111561051157610002565b6102c36004356000600034111561052357610002565b604080516004803580820135602081810280860182019096528185526102c1959394602494909385019291829190850190849080828437509496505050505050506000805481908190600160a060020a0390811633919091161461058057610002565b6102e96000600034111561062557610002565b6102c1600435600054600160a060020a0390811633919091161461063757610002565b6102d560006000600034111561065957610002565b6102d5600480543490810190915560408051918252516000917f4d6ce1e535dbade1c23defba91e23b8f791ce5edc0cc320257a2b364e4e38426919081900360200190a15060015b90565b6102c16004356024356044356064356084356000600060003411156106d857610002565b6102c3600060003411156107ed57610002565b6102c160043560243560003411156107d057610002565b005b60408051918252519081900360200190f35b604080519115158252519081900360200190f35b60408051600160a060020a03929092168252519081900360200190f35b600160a060020a038416600090815260026020526040902054810392505b5050919050565b6001546040805160e060020a6370a08231028152600160a060020a038781166004830152915191909216916370a0823191602482810192602092919082900301816000876161da5a03f1156100025750506040805180516001547f18160ddd0000000000000000000000000000000000000000000000000000000083529251909550600160a060020a039290921692506318160ddd91600482810192602092919082900301816000876161da5a03f1156100025750506040805151600454600160a060020a03881660009081526002602052929092205491850204925082101590506103065760009250610324565b600054600160a060020a0390811633919091161461043757610002565b5060405160085430600160a060020a039081163192911690600090839082818181858883f19350505050151561046c57610002565b6040805182815290517f2a3ef566ae160e22f4c547c4a751e6dabd0c266b98b091a909eb729b609ea1869181900360200190a15090565b600054600160a060020a039081163391909116146104c057610002565b600680548201905550565b6009805474ff0000000000000000000000000000000000000000191660a060020a179055565b50600160a060020a0381166000908152600260205260409020545b919050565b50600754600160a060020a0316610270565b6040805160015460e060020a6370a08231028252600160a060020a03858116600484015292519216916370a082319160248181019260209290919082900301816000876161da5a03f11561000257505060405151915061050c9050565b600054600160a060020a0390811633919091161415806105a9575060095460a060020a900460ff165b156105b357610002565b600092505b835183101561061f57838381518110156100025790602001906020020151915083836001018151811015610002576020908102909101810151600160a060020a038416600090815260029283905260409020819055600480548201905593019290506105b8565b50505050565b50600054600160a060020a0316610270565b6000805473ffffffffffffffffffffffffffffffffffffffff19168217905550565b6006546005540142101561066c57610002565b5060405160095430600160a060020a039081163192911690600090839082818181858883f1935050505015156106a157610002565b6040805182815290517fb12d6ae91e976812a292ae5290d71e8d13eaaf2767838c729b8553ddb3ede4209181900360200190a15090565b60008481526003602052604090205460ff16156106f457610002565b604080517f57697468647261772044414f45544320746f200000000000000000000000000081526c01000000000000000000000000600160a060020a038a1602601382015260278101889052815190819003604701812080825260ff881660208381019190915282840188905260608301879052925190945060019260808084019391929182900301816000866161da5a03f115610002575060408051516000878152600360205291909120805460ff191690921790915590506107c781888860026107d9565b92508260001415610803575b50505050505050565b6107f633838360015b60006000600060648511156107fa57610002565b50600454610270565b5050565b6107bb876100c8565b30600160a060020a0316318311156108235730600160a060020a03163192505b5050600160a060020a0385166000908152600260205260408120805483019055606484830204908183039082111561088257604051600754600160a060020a031690600090849082818181858883f19350505050151561088257610002565b60008111156108b657604051600160a060020a03871690600090839082818181858883f1935050505015156108b657610002565b60408051848152602081018790528082018690529051600160a060020a0388811692908a16917febff2602b3f468259e1e99f613fed6691f3a6526effe6ef3e768ba7ae7a36c4f9181900360600190a35050505050505056

Sha3 from that:

web3.sha3(eth.getCode("0x9f5304da62a5408416ea58a17a92611019bd5ce3"), {encoding: 'hex'});
0xc84c5048fd6f01d7045d0c0652d78af3b3c444481f68956483f0b0b549701d6b

Conclusion, we see that both bytecode match, thus confirming that the bytecode stored in the blockchain was issued from the claimed smart contract source code.

Note
This verification is not a statement or a verification about the content of the source code, the reader is left with the duty of checking the source code and sharing the results with the community.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment