Ethereum Tutorials

SMART CONTRACTS

Trap for a Hacker

I love Ethereum smart contracts.

Now, etherscan.io site has lots of advantages and just one disadvantage: they trust authors. You want to publish the source code - go ahead. Not every one is aware that Solidity has no decompiler though... So nothing prevents you from making small changes to the code.

As the result, people began building traps to catch hackers. Here is one I found - it is such a candy:

pragma solidity ^0.4.18;

contract MultiplicatorX2
{
        address public Owner = msg.sender;

        function() public payable{}

        function withdraw()  payable public
        {
                require(msg.sender == Owner);
                Owner.transfer(this.balance);
        }

        function multiplicate(address adr) public payable
        {
            if(msg.value>=this.balance)
            {
                adr.transfer(this.balance+msg.value);
            }
        }
}

A contract is very simple. It has one ether on it. Now, if you want to get it, you should send equal amount - and get it all: "if(msg.value>=this.balance)".

Well... as I said, a trap. A code published isn't identical to bitcode in a blockchain.

Here is an address: https://etherscan.io/address/0xe26e90598190a98c92c75204c9a4ecfe5983f8e0

If you follow the link, you can see that:
the first payment (1 ether) was made by a creator
a second payment was made by an unknown hacker
then a creator took the money and disappeared in a thin air

Disappeared? Did I say - disappeared?

Nope, he created a new contract: 0x5aA88d2901C68fdA244f1D0584400368d2C8e739

I love Ethereum smart contracts and popcorn: they go well together.







(C) snowcron.com, all rights reserved

Please read the disclaimer