Code Monkey home page Code Monkey logo

Comments (12)

yunzhishang avatar yunzhishang commented on July 22, 2024

I am not sure if I guess it is correct. We should set new investor after the success of send. :)

from ethereum-games.

k26dr avatar k26dr commented on July 22, 2024

Nope sorry. That's not it. Keep looking πŸ˜‰

from ethereum-games.

WingT avatar WingT commented on July 22, 2024

there is a potential flaw of integer overflow, but that require a large amount of wei

from ethereum-games.

gramgrok avatar gramgrok commented on July 22, 2024

How about this: https://etherscan.io/tx/0x238866bcbf1abc18f4220a18c20586aa21226bdcd8c34397f6dba013a86749bf

The investor contract at 0x55aa079e2fb0c8b68a0a08efbff3f1aa5472f1a2 (source code is provided) gets nothing on the next step, because of:

  1. gas limit for "send" at SimplePonzi,
  2. gas-consuming fallback function of "smart" investor.

Some ether will be stuck at SimplePonzi address.
Anyway, the SimplePonzi is not blocked here as it would be with "transfer" instead of "send".

from ethereum-games.

k26dr avatar k26dr commented on July 22, 2024

@deepcode You're right, this contract would not be able to receive the ether and it would be stuck in the contract, but that's not a flaw in the game as much as a feature in how Ethereum is designed. Contracts with flaws are free to screw themselves over, but you wouldn't be able to affect the game play this way. You would simply lose your own ether.

from ethereum-games.

gramgrok avatar gramgrok commented on July 22, 2024

Then maybe this: https://rinkeby.etherscan.io/tx/0x5fa700b23a81ba8a21522f68e23244f71bdb42cdd28f32c680391f6d17264f4a

This demo attack is performed on Rinkeby testnet with an exact copy of the SimplePonzi contract and with similar initial conditions (0.005 ETH and 0.007 ETH investments before the attack).

Spent by the attacker: 0.008 ETH (on previous transaction) + gas fee.
Resulting currentInvestment value: 750 ETH.

Rinkeby SimplePonzi contract copy is at https://rinkeby.etherscan.io/address/0x022159d0c168ce87c35a7643bc41e560febfde02 .

from ethereum-games.

k26dr avatar k26dr commented on July 22, 2024

My man! Congrats, you got it. You can render the contract unusable by sending a 2nd transaction with a large value. The ether goes back to you so there is no large loss.

Paste your ETH address here @deepcode and I'll send you your 0.1 ETH reward. I'll admit that reward looked a lot juicier when I wrote this chapter in November πŸ˜…

from ethereum-games.

gramgrok avatar gramgrok commented on July 22, 2024

Wow! I was almost ready to start reading the opcodes of SimplePonzi to get a different perspective ☺️

Let's reward the address of "successful attacker"... but not on Rinkeby πŸ˜‰

0x51FA329cab258588dB7236b67363Ab6cfEA54eB4

@k26dr Thanks for the prize and more thanks for all the fun with the contract!

from ethereum-games.

chrisdannen avatar chrisdannen commented on July 22, 2024

from ethereum-games.

gramgrok avatar gramgrok commented on July 22, 2024

Got the reward, twice the promised! Thanks again @k26dr and @chrisdannen !

from ethereum-games.

ashaller2017 avatar ashaller2017 commented on July 22, 2024

really happy I followed up while reading this book lol good job!

from ethereum-games.

paraskumarop avatar paraskumarop commented on July 22, 2024

Then maybe this: https://rinkeby.etherscan.io/tx/0x5fa700b23a81ba8a21522f68e23244f71bdb42cdd28f32c680391f6d17264f4a

This demo attack is performed on Rinkeby testnet with an exact copy of the SimplePonzi contract and with similar initial conditions (0.005 ETH and 0.007 ETH investments before the attack).

Spent by the attacker: 0.008 ETH (on previous transaction) + gas fee. Resulting currentInvestment value: 750 ETH.

Rinkeby SimplePonzi contract copy is at https://rinkeby.etherscan.io/address/0x022159d0c168ce87c35a7643bc41e560febfde02 .

can you please elaborate, how did attacker did it , the link is broken..., how did the currentInvestment has 750 eth value ?

from ethereum-games.

Related Issues (9)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.