vasa-develop
/ LottoSnippet.sol
Created
July 21, 2018 19:50
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| function cash(uint roundIndex, uint subpotIndex){ //line 80 | |
| var subpotsCount = getSubpotsCount(roundIndex); | |
| if(subpotIndex>=subpotsCount) | |
| return; | |
| var decisionBlockNumber = getDecisionBlockNumber(roundIndex,subpotIndex); | |
| if(decisionBlockNumber>block.number) | |
| return; | |
| if(rounds[roundIndex].isCashed[subpotIndex]) | |
| return; |
vasa-develop
/ FindThisHash.sol
Created
July 21, 2018 19:51
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract FindThisHash { | |
| bytes32 constant public hash = 0xb5b5b97fafd9855eec9b41f74dfb6c38f5951141f9a3ecd7f44d5479b630ee0a; | |
| constructor() public payable {} // load with ether | |
| function solve(string solution) public { | |
| // If you can find the pre image of the hash, receive 1000 ether | |
| require(hash == sha3(solution)); | |
| msg.sender.transfer(1000 ether); | |
| } |
vasa-develop
/ DistributeTokens.sol
Created
July 21, 2018 19:53
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract DistributeTokens { | |
| address public owner; // gets set somewhere | |
| address[] investors; // array of investors | |
| uint[] investorTokens; // the amount of tokens each investor gets | |
| // ... extra functionality, including transfertoken() | |
| function invest() public payable { | |
| investors.push(msg.sender); | |
| investorTokens.push(msg.value * 5); // 5 times the wei sent |
vasa-develop
/ snippet.sol
Created
July 21, 2018 19:54
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bool public isFinalized = false; | |
| address public owner; // gets set somewhere | |
| function finalize() public { | |
| require(msg.sender == owner); | |
| isFinalized == true; | |
| } | |
| // ... extra ICO functionality | |
| // overloaded transfer function | |
| function transfer(address _to, uint _value) returns (bool) { | |
| require(isFinalized); |
vasa-develop
/ Roulette.sol
Created
July 21, 2018 19:56
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract Roulette { | |
| uint public pastBlockTime; // Forces one bet per block | |
| constructor() public payable {} // initially fund contract | |
| // fallback function used to make a bet | |
| function () public payable { | |
| require(msg.value == 10 ether); // must send 10 ether to play | |
| require(now != pastBlockTime); // only 1 transaction per block | |
| pastBlockTime = now; |
vasa-develop
/ OwnerWallet.sol
Created
July 21, 2018 19:57
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract OwnerWallet { | |
| address public owner; | |
| //constructor | |
| function ownerWallet(address _owner) public { | |
| owner = _owner; | |
| } | |
| // fallback. Collect ether. | |
| function () payable {} | |
vasa-develop
/ NameRegistrar.sol
Created
July 21, 2018 19:58
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // A Locked Name Registrar | |
| contract NameRegistrar { | |
| bool public unlocked = false; // registrar locked, no name updates | |
| struct NameRecord { // map hashes to addresses | |
| bytes32 name; | |
| address mappedAddress; | |
| } | |
| mapping(address => NameRecord) public registeredNameRecord; // records who registered names | |
| mapping(bytes32 => address) public resolve; // resolves hashes to addresses |
vasa-develop
/ FunWithNumbers.sol
Created
July 21, 2018 19:59
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract FunWithNumbers { | |
| uint constant public tokensPerEth = 10; | |
| uint constant public weiPerEth = 1e18; | |
| mapping(address => uint) public balances; | |
| function buyTokens() public payable { | |
| uint tokens = msg.value/weiPerEth*tokensPerEth; // convert wei to eth, then multiply by token rate | |
| balances[msg.sender] += tokens; | |
| } | |
| function sellTokens(uint tokens) public { |
vasa-develop
/ Phishable.sol
Created
July 21, 2018 20:01
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract Phishable { | |
| address public owner; | |
| constructor (address _owner) { | |
| owner = _owner; | |
| } | |
| function () public payable {} // collect ether | |
| function withdrawAll(address _recipient) public { | |
| require(tx.origin == owner); |
vasa-develop
/ AttackContract.sol
Created
July 21, 2018 20:01
DO NOT USE THIS CODE. THIS CODE IS USED TO DEMONSTRATE A VULNERABILITY IN A SOLIDITY CODE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "Phishable.sol"; | |
| contract AttackContract { | |
| Phishable phishableContract; | |
| address attacker; // The attackers address to receive funds. | |
| constructor (Phishable _phishableContract, address _attackerAddress) { | |
| phishableContract = _phishableContract; | |
| attacker = _attackerAddress; | |
| } | |