cryptocurrencies/project2/badparity/README.md

Bad Parity

Story

You are still working at an IT Security Consultant company called AllmostAllsafe. The biggest customer of AllmostAllsafe is EveCorp. EveCorp is highly interested in Blockchain and Smart Contract projects lately (as almost every company...). After the great success of their fund raising DAO, the company wants to put their funds into a very secure Wallet contract so that all funds are better protected.

Therefore, they have decided to put their faith into a Wallet contract library form a subcontractor called BadParity.

That is the story so far.

ring ring late night emergency call

There is a major security breach within the wallet contracts of BadParity and you have to handle the incident response! Since it is a smart contract we cannot simply patch the vulnerability. Moreover, the admin of the customer who is under the controll of the keys for the Wallet contract is on vacation - therefore we cannot simply use those keys.

To the rescue: It is your task to find the vulnerability, exploit it and withdraw all the money from the Wallet contract before an attacker can do that.

Technical description

There is an instance of the Wallet contract for every student, initialized with a balance of 30 EveCoins. The Wallet contract is of course owned by an EveCorp account, that is not under your control.

The challenge is solved when the balance of your Wallet contract is 0

Hints

• http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
• http://solidity.readthedocs.io/en/v0.4.23/introduction-to-smart-contracts.html