marekkirejczyk/VulnerableToken

## VulnerableToken
pragma solidity ^0.4.16;

contract ERC20Basic {
  uint256 public totalSupply;
  function balanceOf(address who) constant returns (uint256);
  function transfer(address to, uint256 value) returns (bool);
  event Transfer(address indexed from, address indexed to, uint256 value);
}


contract ERC20 is ERC20Basic {
  function allowance(address owner, address spender) constant returns (uint256);
  function transferFrom(address from, address to, uint256 value) returns (bool);
  function approve(address spender, uint256 value) returns (bool);
  event Approval(address indexed owner, address indexed spender, uint256 value);
}

contract VulnerableToken is ERC20Basic {

  function VulnerableToken(address owner, uint amount) {
      init(owner, amount);
  }

  //Not private
  function init(address owner, uint amount) {
      balances[owner] = amount;
  }

  mapping(address => uint256) balances;

  //Overflow
  //No balance check
  function transfer(address _to, uint256 _value) returns (bool) {
    require(_to != address(0));
    balances[msg.sender] = balances[msg.sender] - _value;
    balances[_to] = balances[_to] + _value;
    Transfer(msg.sender, _to, _value);
    return true;
  }

  function balanceOf(address _owner) constant returns (uint256 balance) {
    return balances[_owner];
  }


  function buy() payable {
    balances[msg.sender] = msg.value;
  }

  //Re-entry
  //Negative Check
  //Ignored result
  function sell(uint amount) payable {
    msg.sender.send(amount);
    balances[msg.sender] -= amount;
  }

}
	pragma solidity ^0.4.16;

	contract ERC20Basic {
	uint256 public totalSupply;
	function balanceOf(address who) constant returns (uint256);
	function transfer(address to, uint256 value) returns (bool);
	event Transfer(address indexed from, address indexed to, uint256 value);
	}


	contract ERC20 is ERC20Basic {
	function allowance(address owner, address spender) constant returns (uint256);
	function transferFrom(address from, address to, uint256 value) returns (bool);
	function approve(address spender, uint256 value) returns (bool);
	event Approval(address indexed owner, address indexed spender, uint256 value);
	}

	contract VulnerableToken is ERC20Basic {

	function VulnerableToken(address owner, uint amount) {
	init(owner, amount);
	}

	//Not private
	function init(address owner, uint amount) {
	balances[owner] = amount;
	}

	mapping(address => uint256) balances;

	//Overflow
	//No balance check
	function transfer(address _to, uint256 _value) returns (bool) {
	require(_to != address(0));
	balances[msg.sender] = balances[msg.sender] - _value;
	balances[_to] = balances[_to] + _value;
	Transfer(msg.sender, _to, _value);
	return true;
	}

	function balanceOf(address _owner) constant returns (uint256 balance) {
	return balances[_owner];
	}


	function buy() payable {
	balances[msg.sender] = msg.value;
	}

	//Re-entry
	//Negative Check
	//Ignored result
	function sell(uint amount) payable {
	msg.sender.send(amount);
	balances[msg.sender] -= amount;
	}

	}