Ethereum Tutorials

ICO TOOLKIT

OUR ICO

Trap for a Hacker

I love Ethereum smart contracts.

Now, etherscan.io site has lots of advantages and just one disadvantage: they trust authors. You want to publish the source code - go ahead. Not every one is aware that Solidity has no decompiler though... So nothing prevents you from making small changes to the code.

Update: they fixed the problem. Still worth studying...

As the result, people began building traps to catch hackers. Here is one I found - it is such a candy:

pragma solidity ^0.4.18;

contract MultiplicatorX2
{
        address public Owner = msg.sender;

        function() public payable{}

        function withdraw()  payable public
        {
                require(msg.sender == Owner);
                Owner.transfer(this.balance);
        }

        function multiplicate(address adr) public payable
        {
            if(msg.value>=this.balance)
            {
                adr.transfer(this.balance+msg.value);
            }
        }
}

A contract is very simple. It has one ether on it. Now, if you want to get it, you should send equal amount - and get it all: "if(msg.value>=this.balance)".

Well... as I said, a trap. A code published isn't identical to bitcode in a blockchain.

Here is an address: https://etherscan.io/address/0xe26e90598190a98c92c75204c9a4ecfe5983f8e0

If you follow the link, you can see that:
the first payment (1 ether) was made by a creator
a second payment was made by an unknown hacker
then a creator took the money and disappeared in a thin air

Disappeared? Did I say - disappeared?

Nope, he created a new contract: 0x5aA88d2901C68fdA244f1D0584400368d2C8e739

I love Ethereum smart contracts and popcorn: they go well together.







Learn Touch Typing

(C) snowcron.com, all rights reserved

Please read the disclaimer