Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tests simulating sb-curated unchecked low level attacks #27

Merged
merged 45 commits into from
Sep 23, 2024
Merged

Add tests simulating sb-curated unchecked low level attacks #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
bfb3245
add unchecked return value exploit
mokita-j Sep 5, 2024
1d6fbd1
add exploit 0x0cbe050f75bc8f8c2d6c0d249fea125fd6e1acc9
mokita-j Sep 5, 2024
7e4d386
update exploit statys
mokita-j Sep 9, 2024
29e3ae6
add exploit
mokita-j Sep 9, 2024
76f0f1a
add exploit
mokita-j Sep 9, 2024
823078f
add exploit
mokita-j Sep 10, 2024
2cd7f11
add exploit
mokita-j Sep 10, 2024
fcade06
add airport exploit
mokita-j Sep 10, 2024
4efdea9
add airdrop exploit
mokita-j Sep 10, 2024
af6dad5
add demo exploit
mokita-j Sep 10, 2024
4b37f50
add airdropContract exploit
mokita-j Sep 10, 2024
94e062e
add EBU exploit
mokita-j Sep 10, 2024
37494b2
add demo exploit
mokita-j Sep 10, 2024
573f5b9
add airdDrop exploit
mokita-j Sep 10, 2024
8247a1b
add WhaleGiveaway2 exploit
mokita-j Sep 10, 2024
54da273
add Freebie exploit
mokita-j Sep 10, 2024
2e1a7d8
add Honey exploit
mokita-j Sep 10, 2024
e2ccf4b
add FreeEth exploit
mokita-j Sep 10, 2024
f45e642
add Pir exploit
mokita-j Sep 10, 2024
ff11701
add Pie exploit
mokita-j Sep 10, 2024
3b1290e
add honeypot contract exploits
mokita-j Sep 10, 2024
9296570
add WhaleGiveaway1 exploit
mokita-j Sep 10, 2024
5178557
add MultiplicatorX3 exploit
mokita-j Sep 10, 2024
d07cec6
add TokenBank exploit
mokita-j Sep 10, 2024
5e6bce5
add tokenBank exploit
mokita-j Sep 10, 2024
56bb9ca
add tokenbank exploit
mokita-j Sep 10, 2024
ca72181
add WedIndex exploit
mokita-j Sep 10, 2024
56432db
add marriage exploit
mokita-j Sep 10, 2024
d17cf79
add DepositToken exploit
mokita-j Sep 11, 2024
25395bb
add simplewallet exploit
mokita-j Sep 11, 2024
6be1b8b
add keepMyEther exploit
mokita-j Sep 11, 2024
2001349
add VaultProxy exploit
mokita-j Sep 11, 2024
2e97d46
add VaultProxy exploit
mokita-j Sep 11, 2024
d353b14
add TokenSender exploit
mokita-j Sep 11, 2024
8efc732
add PoCGame exploit
mokita-j Sep 11, 2024
acfff61
add PoCGame exploit
mokita-j Sep 11, 2024
752abf4
add EtherGet exploit
mokita-j Sep 11, 2024
44be425
fix typo
mokita-j Sep 11, 2024
0d05700
add PandaCore exploit
mokita-j Sep 11, 2024
614bc40
remove the non-exploitables
mokita-j Sep 19, 2024
a8b3c00
remove non-exploitable
mokita-j Sep 19, 2024
0e97c38
add towncrier vulnerability
mokita-j Sep 20, 2024
60f89c9
update exploits.csv
mokita-j Sep 20, 2024
92c9394
add changes
mokita-j Sep 23, 2024
0b141e4
Merge branch 'main' into 24-sb-curated-unchecked-low-level-calls
mokita-j Sep 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...ontracts/dataset/unchecked_low_level_calls/0xf70d589d76eebdd7c12cc5eec99f8f6fa4233b9e.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ contract WhaleGiveaway2
payable
{
if(msg.value>1 ether)
{ Owner.transfer(this.balance);
{Owner.transfer(this.balance);
msg.sender.transfer(this.balance);
}
}
Expand Down
37 changes: 37 additions & 0 deletions smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/GeneScience.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
pragma solidity ^0.4.24;

contract GeneScience {
/// @dev simply a boolean to indicate this is the contract we expect to be
function isGeneScience() public pure returns (bool) {
return true;
}

/// @dev given genes of kitten 1 & 2, return a genetic combination - may have a random factor
/// @param genes1 genes of mom
/// @param genes2 genes of sire
/// @return the genes that are supposed to be passed down the child
function mixGenes(uint256[2] genes1, uint256[2] genes2,uint256 g1,uint256 g2, uint256 targetBlock) public returns (uint256[2]) {
uint256[2] memory gene;
gene[0] = (genes1[0] & g1) | (genes2[0] & g2);
gene[1] = (genes1[1] & g1) | (genes2[1] & g2);
return gene;
}

function getPureFromGene(uint256[2] gene) public view returns(uint256) {
return 1;
}

/// @dev get sex from genes 0: female 1: male
function getSex(uint256[2] gene) public view returns(uint256) {
return gene[0]%2;
}

/// @dev get wizz type from gene
function getWizzType(uint256[2] gene) public view returns(uint256) {
return 1;
}

function clearWizzType(uint256[2] _gene) public returns(uint256[2]) {
return _gene;
}
}
39 changes: 39 additions & 0 deletions smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/MyERC721.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
pragma solidity ^0.5.0;

contract MyERC721 {

/// @notice Name and symbol of the non fungible token, as defined in ERC721.
string public constant name = "NFT";
string public constant symbol = "NFT";

bytes4 constant InterfaceSignature_ERC165 =
bytes4(keccak256('supportsInterface(bytes4)'));

bytes4 constant InterfaceSignature_ERC721 =
bytes4(keccak256('name()')) ^
bytes4(keccak256('symbol()')) ^
bytes4(keccak256('totalSupply()')) ^
bytes4(keccak256('balanceOf(address)')) ^
bytes4(keccak256('ownerOf(uint256)')) ^
bytes4(keccak256('approve(address,uint256)')) ^
bytes4(keccak256('transfer(address,uint256)')) ^
bytes4(keccak256('transferFrom(address,address,uint256)')) ^
bytes4(keccak256('tokensOfOwner(address)')) ^
bytes4(keccak256('tokenMetadata(uint256,string)'));

/// @notice Introspection interface as per ERC-165 (https://github.com/ethereum/EIPs/issues/165).
/// Returns true for any standardized interfaces implemented by this contract. We implement
/// ERC-165 (obviously!) and ERC-721.
function supportsInterface(bytes4 _interfaceID) external view returns (bool)
{
// DEBUG ONLY
//require((InterfaceSignature_ERC165 == 0x01ffc9a7) && (InterfaceSignature_ERC721 == 0x9a20483d));

return ((_interfaceID == InterfaceSignature_ERC165) || (_interfaceID == InterfaceSignature_ERC721));
}

function() external payable {
revert("I always revert!");
}

}
22 changes: 22 additions & 0 deletions smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/PandaCaller.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
pragma solidity ^0.4.24;

import "../dataset/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol";
contract PandaCaller {
PandaCore public pandaCore;

function PandaCaller(address _pandaCore) public {
pandaCore = PandaCore(_pandaCore);
}

function call(uint256 _matronId, uint256[2] _childGenes, uint256[2] _factors) public {
uint babyId = pandaCore.giveBirth(_matronId, _childGenes, _factors);
}

function withdraw() public {
pandaCore.withdrawBalance();
}

function() external payable {
revert("I always revert!");
}
}
157 changes: 157 additions & 0 deletions smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/TokenEBU.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
/**
*Submitted for verification at Etherscan.io on 2018-04-08
*/

pragma solidity ^0.4.16;

interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; }

contract TokenEBU {
// Public variables of the token
string public name;
string public symbol;
uint8 public decimals = 18;
// 18 decimals is the strongly suggested default, avoid changing it
uint256 public totalSupply;

// This creates an array with all balances
mapping (address => uint256) public balanceOf;
mapping (address => mapping (address => uint256)) public allowance;

// This generates a public event on the blockchain that will notify clients
event Transfer(address indexed from, address indexed to, uint256 value);

// This notifies clients about the amount burnt
event Burn(address indexed from, uint256 value);

/**
* Constructor function
*
* Initializes contract with initial supply tokens to the creator of the contract
*/
function TokenEBU(
uint256 initialSupply,
string tokenName,
string tokenSymbol
) public {
totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount
balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens
name = tokenName; // Set the name for display purposes
symbol = tokenSymbol; // Set the symbol for display purposes
}

/**
* Internal transfer, only can be called by this contract
*/
function _transfer(address _from, address _to, uint _value) internal {
// Prevent transfer to 0x0 address. Use burn() instead
require(_to != 0x0);
// Check if the sender has enough
require(balanceOf[_from] >= _value);
// Check for overflows
require(balanceOf[_to] + _value > balanceOf[_to]);
// Save this for an assertion in the future
uint previousBalances = balanceOf[_from] + balanceOf[_to];
// Subtract from the sender
balanceOf[_from] -= _value;
// Add the same to the recipient
balanceOf[_to] += _value;
Transfer(_from, _to, _value);
// Asserts are used to use static analysis to find bugs in your code. They should never fail
assert(balanceOf[_from] + balanceOf[_to] == previousBalances);
}

/**
* Transfer tokens
*
* Send `_value` tokens to `_to` from your account
*
* @param _to The address of the recipient
* @param _value the amount to send
*/
function transfer(address _to, uint256 _value) public {
_transfer(msg.sender, _to, _value);
}

/**
* Transfer tokens from other address
*
* Send `_value` tokens to `_to` on behalf of `_from`
*
* @param _from The address of the sender
* @param _to The address of the recipient
* @param _value the amount to send
*/
function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {
require(_value <= allowance[_from][msg.sender]); // Check allowance
allowance[_from][msg.sender] -= _value;
_transfer(_from, _to, _value);
return true;
}

/**
* Set allowance for other address
*
* Allows `_spender` to spend no more than `_value` tokens on your behalf
*
* @param _spender The address authorized to spend
* @param _value the max amount they can spend
*/
function approve(address _spender, uint256 _value) public
returns (bool success) {
allowance[msg.sender][_spender] = _value;
return true;
}

/**
* Set allowance for other address and notify
*
* Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it
*
* @param _spender The address authorized to spend
* @param _value the max amount they can spend
* @param _extraData some extra information to send to the approved contract
*/
function approveAndCall(address _spender, uint256 _value, bytes _extraData)
public
returns (bool success) {
tokenRecipient spender = tokenRecipient(_spender);
if (approve(_spender, _value)) {
spender.receiveApproval(msg.sender, _value, this, _extraData);
return true;
}
}

/**
* Destroy tokens
*
* Remove `_value` tokens from the system irreversibly
*
* @param _value the amount of money to burn
*/
function burn(uint256 _value) public returns (bool success) {
require(balanceOf[msg.sender] >= _value); // Check if the sender has enough
balanceOf[msg.sender] -= _value; // Subtract from the sender
totalSupply -= _value; // Updates totalSupply
Burn(msg.sender, _value);
return true;
}

/**
* Destroy tokens from other account
*
* Remove `_value` tokens from the system irreversibly on behalf of `_from`.
*
* @param _from the address of the sender
* @param _value the amount of money to burn
*/
function burnFrom(address _from, uint256 _value) public returns (bool success) {
require(balanceOf[_from] >= _value); // Check if the targeted balance is enough
require(_value <= allowance[_from][msg.sender]); // Check allowance
balanceOf[_from] -= _value; // Subtract from the targeted balance
allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance
totalSupply -= _value; // Update totalSupply
Burn(_from, _value);
return true;
}
}
33 changes: 33 additions & 0 deletions smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/TownCrierCaller.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
pragma solidity ^0.4.9;

import "../dataset/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b.sol";
import "hardhat/console.sol";
contract TownCrierCaller {
TownCrier public TC_CONTRACT;
bytes4 constant TC_CALLBACK_FID = bytes4(sha3("response(uint64,uint64,bytes32)"));
int requestId;
bytes32 public hash;

function TownCrierCaller(address _townCrier) {
TC_CONTRACT = TownCrier(_townCrier);
}

function request(uint8 requestType, bytes32[] requestData) public payable {

requestId = TC_CONTRACT.request.value(msg.value)(requestType, this, TC_CALLBACK_FID, 0, requestData);
hash = sha3(requestType, requestData);
}

function cancel() public {
TC_CONTRACT.cancel(uint64(requestId));
}

function response(uint64 responseType, uint64 errors, bytes32 data) public {
revert();
}

function() payable {
revert();
}

}
Loading
Loading