Ethereum Tutorials



Trap for a Hacker

I love Ethereum smart contracts.

Now, site has lots of advantages and just one disadvantage: they trust authors. You want to publish the source code - go ahead. Not every one is aware that Solidity has no decompiler though... So nothing prevents you from making small changes to the code.

Update: they fixed the problem. Still worth studying...

As the result, people began building traps to catch hackers. Here is one I found - it is such a candy:

pragma solidity ^0.4.18;

contract MultiplicatorX2
        address public Owner = msg.sender;

        function() public payable{}

        function withdraw()  payable public
                require(msg.sender == Owner);

        function multiplicate(address adr) public payable

A contract is very simple. It has one ether on it. Now, if you want to get it, you should send equal amount - and get it all: "if(msg.value>=this.balance)".

Well... as I said, a trap. A code published isn't identical to bitcode in a blockchain.

Here is an address:

If you follow the link, you can see that:
the first payment (1 ether) was made by a creator
a second payment was made by an unknown hacker
then a creator took the money and disappeared in a thin air

Disappeared? Did I say - disappeared?

Nope, he created a new contract: 0x5aA88d2901C68fdA244f1D0584400368d2C8e739

I love Ethereum smart contracts and popcorn: they go well together.

Learn Touch Typing

(C), all rights reserved

Please read the disclaimer