Ethereum Tutorials

Trap for a Hacker

I love Ethereum smart contracts.

Now, site has lots of advantages and just one disadvantage: they trust authors. You want to publish the source code - go ahead. Not every one is aware that Solidity has no decompiler though... So nothing prevents you from making small changes to the code.

Update: they fixed the problem. Still worth studying...

As the result, people began building traps to catch hackers. Here is one I found - it is such a candy:

pragma solidity ^0.4.18;

contract MultiplicatorX2
        address public Owner = msg.sender;

        function() public payable{}

        function withdraw()  payable public
                require(msg.sender == Owner);

        function multiplicate(address adr) public payable

A contract is very simple. It has one ether on it. Now, if you want to get it, you should send equal amount - and get it all: "if(msg.value>=this.balance)".

Well... as I said, a trap. A code published isn't identical to bitcode in a blockchain.

Here is an address:

If you follow the link, you can see that:
the first payment (1 ether) was made by a creator
a second payment was made by an unknown hacker
then a creator took the money and disappeared in a thin air

Disappeared? Did I say - disappeared?

Nope, he created a new contract: 0x5aA88d2901C68fdA244f1D0584400368d2C8e739

I love Ethereum smart contracts and popcorn: they go well together.

Visibility is very important for this site. If you like it please link from your page to this URL or share info using Social Buttons below.
(C), all rights reserved

Please read the disclaimer