Add report for BadParity
This commit is contained in:
parent
a926072a0a
commit
fc82b8c44b
3
.gitignore
vendored
3
.gitignore
vendored
@ -22,3 +22,6 @@ genesis.json
|
||||
|
||||
# Ignore enodes
|
||||
enodes
|
||||
|
||||
# Ignore minted stuff
|
||||
_minted-report2
|
||||
|
||||
Binary file not shown.
@ -9,6 +9,10 @@
|
||||
\usepackage[english]{babel}
|
||||
\usepackage{fancyhdr}
|
||||
\usepackage{titling}
|
||||
\usepackage{minted}
|
||||
\usepackage{xcolor} % to access the named colour LightGray
|
||||
\definecolor{LightGray}{gray}{0.9}
|
||||
|
||||
\renewcommand{\thesection}{Exercise \Alph{section}:}
|
||||
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
@ -63,7 +67,68 @@ Our group consists of the following members:
|
||||
\end{center}
|
||||
|
||||
\section{Bad Parity}
|
||||
% Fill here your answers for exercise A
|
||||
|
||||
For this challenge we were given two contracts: \texttt{Wallet} and
|
||||
\texttt{WalletLibrary}. The second contract is used by the \texttt{Wallet}
|
||||
contract to set the owner upon initialization, to get the current owner, to
|
||||
change the owner and to withdraw funds from the wallet. These functions are
|
||||
called from the \texttt{Wallet} contract through the use of the
|
||||
\texttt{delegatecall} function. In contrast to a regular \texttt{call},
|
||||
\texttt{delegatecall} executes the function in the context of the \emph{calling}
|
||||
smart contract. This means that if there happens to be a variable in both
|
||||
contracts with the same name and a function changes that variable, the
|
||||
\emph{caller's} and not the \emph{callee's} variable is changed. If insufficient
|
||||
care is exercised during programming, the semantics of \texttt{delegatecall} can
|
||||
have serious security implications, as in this case with \texttt{Wallet} and
|
||||
\texttt{WalletLibrary}.
|
||||
|
||||
The \texttt{fallback} function in \texttt{Wallet} is called when the smart
|
||||
contract receives a transaction with empty call data or call data which does not
|
||||
match any other function. The call data sent with the transaction is then passed
|
||||
to the \texttt{WalletLibrary} contract via \texttt{delegatecall}. The
|
||||
\texttt{WalletLibrary} contract has a function called \texttt{initWallet} which
|
||||
sets the owner of the contract to the given address. Usually this function would
|
||||
be called only upon initialization of the contract (in the constructor for
|
||||
example). We can call this function at any time by supplying the correct call
|
||||
data to the \texttt{fallback} function from the \texttt{Wallet} contract. Since
|
||||
the function is then called via \texttt{delegatecall}, the owner of the
|
||||
\texttt{Wallet} contract is changed to an address of our choosing.
|
||||
|
||||
To trigger the \texttt{initWallet} function, the call data must contain the
|
||||
signature of the function and all parameters. The function signature is the
|
||||
first four bytes of the keccak hash of the function name and the types of its
|
||||
parameters. Any parameters are added to the signature in a padded form. Creating
|
||||
the call data in python works as follows (where \texttt{address} is the address
|
||||
of the new owner):
|
||||
\begin{minted}[frame=lines,framesep=2mm,bgcolor=LightGray,fontsize=\footnotesize,linenos]{python}
|
||||
sig = w3.keccak(text='initWallet(address)')[:4].hex() + address[2:].rjust(64, '0')
|
||||
# sig = 0x9da8be21000000000000000000000000f9ac06BAeb6597511C22Dc7b03DA447cA893fb4e
|
||||
\end{minted}
|
||||
|
||||
We can then send this call data to the contract (via the geth console):
|
||||
\begin{minted}[frame=lines,framesep=2mm,bgcolor=LightGray,fontsize=\footnotesize,linenos]{python}
|
||||
eth.sendTransaction({
|
||||
from: student,
|
||||
to: badparityAddress,
|
||||
data: "0x9da8be21000000000000000000000000f9ac06BAeb6597511C22Dc7b03DA447cA893fb4e",
|
||||
gas: "80000"
|
||||
});
|
||||
\end{minted}
|
||||
The owner of the \texttt{Wallet} contract is now our own address. Since we are
|
||||
the owner, we can call the \texttt{withdraw} function from the \texttt{Wallet}
|
||||
contract:
|
||||
\begin{minted}[frame=lines,framesep=2mm,bgcolor=LightGray,fontsize=\footnotesize,linenos,breaklines]{python}
|
||||
sig = w3.keccak(text='withdraw(uint256)')[:4].hex() + hex(30000000000000000000)[2:].rjust(64, '0')
|
||||
# sig = 0x2e1a7d4d000000000000000000000000000000000000000000000001a055690d9db80000
|
||||
eth.sendTransaction({
|
||||
from: student,
|
||||
to: badparityAddress,
|
||||
data: "0x2e1a7d4d000000000000000000000000000000000000000000000001a055690d9db80000",
|
||||
gas: "80000"
|
||||
});
|
||||
\end{minted}
|
||||
|
||||
Our own balance has increased by 30 Ether.
|
||||
|
||||
\section{DAO Down}
|
||||
% Fill here your answers for exercise B
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user