Comments (12)
I am not sure if I guess it is correct. We should set new investor after the success of send. :)
from ethereum-games.
Nope sorry. That's not it. Keep looking π
from ethereum-games.
there is a potential flaw of integer overflow, but that require a large amount of wei
from ethereum-games.
How about this: https://etherscan.io/tx/0x238866bcbf1abc18f4220a18c20586aa21226bdcd8c34397f6dba013a86749bf
The investor contract at 0x55aa079e2fb0c8b68a0a08efbff3f1aa5472f1a2 (source code is provided) gets nothing on the next step, because of:
- gas limit for "send" at SimplePonzi,
- gas-consuming fallback function of "smart" investor.
Some ether will be stuck at SimplePonzi address.
Anyway, the SimplePonzi is not blocked here as it would be with "transfer" instead of "send".
from ethereum-games.
@deepcode You're right, this contract would not be able to receive the ether and it would be stuck in the contract, but that's not a flaw in the game as much as a feature in how Ethereum is designed. Contracts with flaws are free to screw themselves over, but you wouldn't be able to affect the game play this way. You would simply lose your own ether.
from ethereum-games.
Then maybe this: https://rinkeby.etherscan.io/tx/0x5fa700b23a81ba8a21522f68e23244f71bdb42cdd28f32c680391f6d17264f4a
This demo attack is performed on Rinkeby testnet with an exact copy of the SimplePonzi contract and with similar initial conditions (0.005 ETH and 0.007 ETH investments before the attack).
Spent by the attacker: 0.008 ETH (on previous transaction) + gas fee.
Resulting currentInvestment value: 750 ETH.
Rinkeby SimplePonzi contract copy is at https://rinkeby.etherscan.io/address/0x022159d0c168ce87c35a7643bc41e560febfde02 .
from ethereum-games.
My man! Congrats, you got it. You can render the contract unusable by sending a 2nd transaction with a large value. The ether goes back to you so there is no large loss.
Paste your ETH address here @deepcode and I'll send you your 0.1 ETH reward. I'll admit that reward looked a lot juicier when I wrote this chapter in November π
from ethereum-games.
Wow! I was almost ready to start reading the opcodes of SimplePonzi to get a different perspective
Let's reward the address of "successful attacker"... but not on Rinkeby π
0x51FA329cab258588dB7236b67363Ab6cfEA54eB4
@k26dr Thanks for the prize and more thanks for all the fun with the contract!
from ethereum-games.
from ethereum-games.
Got the reward, twice the promised! Thanks again @k26dr and @chrisdannen !
from ethereum-games.
really happy I followed up while reading this book lol good job!
from ethereum-games.
Then maybe this: https://rinkeby.etherscan.io/tx/0x5fa700b23a81ba8a21522f68e23244f71bdb42cdd28f32c680391f6d17264f4a
This demo attack is performed on Rinkeby testnet with an exact copy of the SimplePonzi contract and with similar initial conditions (0.005 ETH and 0.007 ETH investments before the attack).
Spent by the attacker: 0.008 ETH (on previous transaction) + gas fee. Resulting currentInvestment value: 750 ETH.
Rinkeby SimplePonzi contract copy is at https://rinkeby.etherscan.io/address/0x022159d0c168ce87c35a7643bc41e560febfde02 .
can you please elaborate, how did attacker did it , the link is broken..., how did the currentInvestment has 750 eth value ?
from ethereum-games.
Related Issues (9)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ethereum-games.