DeFi Hack
1.May The Force Be With YouRequestA long time ago in a galaxy far, far away… a new DAO was created. Can you steal all the YODA tokens belonging to MayTheForceBeWithYou contract?
Source Code12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914 ...
Damn Vulnerable Defi
0x01UnstoppableRequestThere’s a lending pool with a million DVT tokens in balance, offering flash loans for free.
If only there was a way to attack and stop the pool from offering flash loans …
You start with 100 DVT tokens in balance.
Code12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849// SPDX-License-Identifier: MITpragma solidity ^0.8.0;import "@openzeppelin/contracts/token/ERC20/IERC20.sol";import "@openzeppelin/contracts/security/Reent ...
Creat与Creat2
Creat12345678910111213141516171819from web3 import Web3import utilsimport rlpw3 = Web3(Web3.HTTPProvider( 'https://eth-goerli.g.alchemy.com/v2/LpLlanLNUEgZtjfJbVeZVMe_wh3B2NXG'))def getnonce(addr): return w3.eth.get_transaction_count(Web3.to_checksum_address(hex(addr)))def getaddress(addr, nonce): return (Web3.keccak(rlp.encode([addr, nonce]))[12:].hex())addr = 0x8aC8215492Ce132Eb4d1db7EcE3eF0caF670deFfnonce = getnonce(addr)print(nonce)getnextaddress = getaddress(addr, nonce)p ...
ChainFlag
Storage0x01cowSource Code12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273pragma solidity ^0.4.0;contract cow{ address public owner_1; address public owner_2; address public owner_3; address public owner; mapping(address => uint) public balance; struct hacker { address hackeraddress1; address hackeraddress2; } hacker h; constructor()public{ ...
重入攻击
漏洞概述重入攻击是最常见的漏洞之一,重入漏洞的原理是基于递归原理。重入攻击的本质是由于外部调用或是使用transfer,send等转账时,导致合约的执行权落入攻击者手中,而此时如果一些重要的状态变量没有更新,攻击者就可以重入到该合约进行攻击。0.8.0版本后重入攻击受到了一定限制,但是仍然存在重入的风险。
漏洞示例例一
123456function withdraw(uint _amount) external payable { require (balances[msg.sender] >= _amount,"balance is insufficient"); (bool sent,) = msg.sender.call{value: _amount}(""); require(sent, "Failed to send Ether"); balances[msg.sender] -= _amount;//漏洞!!1 }
这是一个很简单的重入漏洞 ...
EVM构造code的题
构造出一个返回值与code相等的字节码123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566// SPDX-License-Identifier: UNLICENSEDpragma solidity 0.8.16;contract Deployer { constructor(bytes memory code) { assembly { return (add(code, 0x20), mload(code)) } }}contract Challenge { bool public solved = false; function safe(bytes memory code) private pure returns (bool) { uint i = 0; whil ...