Created
August 31, 2017 11:01
-
-
Save marekkirejczyk/f651ec48f8ef291d2f6fc19ec0158703 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pragma solidity ^0.4.16; | |
contract ERC20Basic { | |
uint256 public totalSupply; | |
function balanceOf(address who) constant returns (uint256); | |
function transfer(address to, uint256 value) returns (bool); | |
event Transfer(address indexed from, address indexed to, uint256 value); | |
} | |
contract ERC20 is ERC20Basic { | |
function allowance(address owner, address spender) constant returns (uint256); | |
function transferFrom(address from, address to, uint256 value) returns (bool); | |
function approve(address spender, uint256 value) returns (bool); | |
event Approval(address indexed owner, address indexed spender, uint256 value); | |
} | |
contract VulnerableToken is ERC20Basic { | |
function VulnerableToken(address owner, uint amount) { | |
init(owner, amount); | |
} | |
//Not private | |
function init(address owner, uint amount) { | |
balances[owner] = amount; | |
} | |
mapping(address => uint256) balances; | |
//Overflow | |
//No balance check | |
function transfer(address _to, uint256 _value) returns (bool) { | |
require(_to != address(0)); | |
balances[msg.sender] = balances[msg.sender] - _value; | |
balances[_to] = balances[_to] + _value; | |
Transfer(msg.sender, _to, _value); | |
return true; | |
} | |
function balanceOf(address _owner) constant returns (uint256 balance) { | |
return balances[_owner]; | |
} | |
function buy() payable { | |
balances[msg.sender] = msg.value; | |
} | |
//Re-entry | |
//Negative Check | |
//Ignored result | |
function sell(uint amount) payable { | |
msg.sender.send(amount); | |
balances[msg.sender] -= amount; | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment