Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create exploits for sb-curated unchecked low level calls vulnerabilities #24

Closed
52 tasks done
mokita-j opened this issue Sep 5, 2024 · 17 comments · Fixed by #27
Closed
52 tasks done

Create exploits for sb-curated unchecked low level calls vulnerabilities #24

mokita-j opened this issue Sep 5, 2024 · 17 comments · Fixed by #27
Assignees
@mokita-j
Labels
WIP Work in poggers

Comments

@mokita-j
Copy link
Member

mokita-j commented Sep 5, 2024
edited
Loading

Write attacker's contracts for unchecked low level vulnerabilities.
Automate the exploit using the testing framework.

  • unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e.sol
  • unchecked_low_level_calls/0x0cbe050f75bc8f8c2d6c0d249fea125fd6e1acc9.sol
  • unchecked_low_level_calls/0x19cf8481ea15427a98ba3cdd6d9e14690011ab10.sol
  • unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol
  • unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.sol
  • unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol
  • unchecked_low_level_calls/0x3e013fc32a54c4c5b6991ba539dcd0ec4355c859.sol
  • unchecked_low_level_calls/0x3f2ef511aa6e75231e4deafc7a3d2ecab3741de2.sol
  • unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3.sol
  • unchecked_low_level_calls/0x4a66ad0bca2d700f11e1f2fc2c106f7d3264504c.sol
  • unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.sol
  • unchecked_low_level_calls/0x524960d55174d912768678d8c606b4d50b79d7b1.sol
  • unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.sol
  • unchecked_low_level_calls/0x5aa88d2901c68fda244f1d0584400368d2c8e739.sol
  • unchecked_low_level_calls/0x610495793564aed0f9c7fc48dc4c7c9151d34fd6.sol
  • unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol
  • unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol
  • unchecked_low_level_calls/0x70f9eddb3931491aab1aeafbc1e7f1ca2a012db4.sol
  • unchecked_low_level_calls/0x78c2a1e91b52bca4130b6ed9edd9fbcfd4671c37.sol
  • unchecked_low_level_calls/0x7a4349a749e59a5736efb7826ee3496a2dfd5489.sol
  • unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4.sol
  • unchecked_low_level_calls/0x806a6bd219f162442d992bdc4ee6eba1f2c5a707.sol
  • unchecked_low_level_calls/0x84d9ec85c9c568eb332b7226a8f826d897e0a4a8.sol
  • unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b.sol
  • unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol
  • unchecked_low_level_calls/0x958a8f594101d2c0485a52319f29b2647f2ebc06.sol
  • unchecked_low_level_calls/0x9d06cbafa865037a01d322d3f4222fa3e04e5488.sol
  • unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431.sol
  • unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae.sol
  • unchecked_low_level_calls/0xb0510d68f210b7db66e8c7c814f22680f2b8d1d6.sol
  • unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.sol
  • unchecked_low_level_calls/0xb37f18af15bafb869a065b61fc83cfc44ed9cc27.sol
  • unchecked_low_level_calls/0xb620cee6b52f96f3c6b253e6eea556aa2d214a99.sol
  • unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.sol
  • unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52.sol
  • unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.sol
  • unchecked_low_level_calls/0xd2018bfaa266a9ec0a1a84b061640faa009def76.sol
  • unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c.sol
  • unchecked_low_level_calls/0xdb1c55f6926e7d847ddf8678905ad871a68199d2.sol
  • unchecked_low_level_calls/0xe09b1ab8111c2729a76f16de96bc86a7af837928.sol
  • unchecked_low_level_calls/0xe4eabdca81e31d9acbc4af76b30f532b6ed7f3bf.sol
  • unchecked_low_level_calls/0xe82f0742a71a02b9e9ffc142fdcb6eb1ed06fb87.sol
  • unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220.sol
  • unchecked_low_level_calls/0xec329ffc97d75fe03428ae155fc7793431487f63.sol
  • unchecked_low_level_calls/0xf2570186500a46986f3139f65afedc2afe4f445d.sol
  • unchecked_low_level_calls/0xf29ebe930a539a60279ace72c707cba851a57707.sol
  • unchecked_low_level_calls/0xf70d589d76eebdd7c12cc5eec99f8f6fa4233b9e.sol
  • unchecked_low_level_calls/etherpot_lotto.sol
  • unchecked_low_level_calls/king_of_the_ether_throne.sol
  • unchecked_low_level_calls/lotto.sol
  • unchecked_low_level_calls/mishandled.sol
  • unchecked_low_level_calls/unchecked_return_value.sol

Created exploits: 20/52
Not exploitable contracts: 32

Cannot exploit vulnerabilities in lines 162,175 at 0x89c1b3807d4c67df034fffb62f3509561218d30b
@mokita-j
Copy link
Member Author

mokita-j commented Sep 5, 2024

mishandled.sol contract does not have write functions that allow us to change the state.Thus, it is not exploitable.

@mokita-j
Copy link
Member Author

mokita-j commented Sep 5, 2024

lotto.sol contract does not implement write functions nor payable functions. Thus, it is not exploitable.

@mokita-j mokita-j self-assigned this Sep 5, 2024
@mokita-j mokita-j added the WIP Work in poggers label Sep 5, 2024
@mokita-j
Copy link
Member Author

mokita-j commented Sep 9, 2024

king_of_the_ether_throne.sol contract is not exploitable. It has the wrong pragma version, which makes it impossible to manage ether.

@mokita-j
Copy link
Member Author

mokita-j commented Sep 9, 2024

etherpot_lotto.sol contract is not exploitable. It has the wrong pragma version, which makes it impossible to manage ether.

@mokita-j
Copy link
Member Author

mokita-j commented Sep 9, 2024

0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol contract also has reentrancy vulnerabilities.

@mokita-j
Copy link
Member Author

0x3e013fc32a54c4c5b6991ba539dcd0ec4355c859.sol contract is a potential honeypot contract

@mokita-j
Copy link
Member Author

0x3f2ef511aa6e75231e4deafc7a3d2ecab3741de2.sol is a potential honeypot contract

@mokita-j
Copy link
Member Author

0xf70d589d76eebdd7c12cc5eec99f8f6fa4233b9e.sol is a potential honeypot contract

@mokita-j
Copy link
Member Author

0xdb1c55f6926e7d847ddf8678905ad871a68199d2.sol is a potential honeypot contract

@mokita-j
Copy link
Member Author

0xe4eabdca81e31d9acbc4af76b30f532b6ed7f3bf.sol is a potential honeypot contract

@mokita-j
Copy link
Member Author

0xe82f0742a71a02b9e9ffc142fdcb6eb1ed06fb87.sol is a potential honeypot contract

@mokita-j
Copy link
Member Author

0xd2018bfaa266a9ec0a1a84b061640faa009def76.sol is a potential honeypot contract

@mokita-j
Copy link
Member Author

0x806a6bd219f162442d992bdc4ee6eba1f2c5a707.sol is a potential honeypot contract

@mokita-j
Copy link
Member Author

0x78c2a1e91b52bca4130b6ed9edd9fbcfd4671c37.sol is a potential honeypot contract

@mokita-j
Copy link
Member Author

0x70f9eddb3931491aab1aeafbc1e7f1ca2a012db4.sol is a potential honeypot contract.

@mokita-j
Copy link
Member Author

0x7a4349a749e59a5736efb7826ee3496a2dfd5489.sol is a potential honeypot contract.

@mokita-j
Copy link
Member Author

0x5aa88d2901c68fda244f1d0584400368d2c8e739.sol is a potential honeypot contract.

@mokita-j mokita-j linked a pull request Sep 23, 2024 that will close this issue
Add tests simulating sb-curated unchecked low level attacks #27
Merged
@mokita-j mokita-j mentioned this issue Sep 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mokita-j mokita-j

Labels
WIP Work in poggers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add tests simulating sb-curated unchecked low level attacks ASSERT-KTH/sb-heists
1 participant
@mokita-j