Ethereum Tutorials


Trap for a Hacker

I love Ethereum smart contracts.

Now, site has lots of advantages and just one disadvantage: they trust authors. You want to publish the source code - go ahead. Not every one is aware that Solidity has no decompiler though... So nothing prevents you from making small changes to the code.

As the result, people began building traps to catch hackers. Here is one I found - it is such a candy:

pragma solidity ^0.4.18;

contract MultiplicatorX2
        address public Owner = msg.sender;

        function() public payable{}

        function withdraw()  payable public
                require(msg.sender == Owner);

        function multiplicate(address adr) public payable

A contract is very simple. It has one ether on it. Now, if you want to get it, you should send equal amount - and get it all: "if(msg.value>=this.balance)".

Well... as I said, a trap. A code published isn't identical to bitcode in a blockchain.

Here is an address:

If you follow the link, you can see that:
the first payment (1 ether) was made by a creator
a second payment was made by an unknown hacker
then a creator took the money and disappeared in a thin air

Disappeared? Did I say - disappeared?

Nope, he created a new contract: 0x5aA88d2901C68fdA244f1D0584400368d2C8e739

I love Ethereum smart contracts and popcorn: they go well together.

(C), all rights reserved

Please read the disclaimer