Bartu Bozkurt bartubozkurt
π―
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Bad */ | |
| int totalValue = 275000; | |
| int percentage = 2; | |
| for (uint i = 0; i < 30; i++) { | |
| totalValue += totalValue * percentage / 100; | |
| } | |
| /* | |
| Exact value: 498124.436 | |
| Result: 498108 | |
| */ |
bartubozkurt
/ overflowUnderflow.sol
Last active
February 2, 2023 11:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Bad */ | |
| pragma solidity =0.4.11; | |
| contract Bad { | |
| mapping(address => uint256) balances; | |
| function badWithdraw(uint256 amounts) public { | |
| require(amounts <= balances[msg.sender]); | |
| balances[msg.sender] -= amounts; | |
| (bool success, bytes memory data) = msg.sender.call{value: amounts}(""); | |
| require(success); | |
| } |
bartubozkurt
/ TimeProxies.sol
Created
February 2, 2023 10:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Bad */ | |
| contract TimedCrowdsale { | |
| event Finished(); | |
| event notFinished(); | |
| // Sale should finish exactly at January 1, 2019 | |
| function isSaleFinished() private returns (bool) { | |
| return block.timestamp >= 1546300800; | |
| } |
bartubozkurt
/ weakPrng.sol
Created
February 2, 2023 10:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Bad */ | |
| function getRandomNum() public view returns(uint256 randomNum_) { | |
| randomNum_ = uint256(keccak256(block.blockhash(block.number - 1), now)) | |
| } | |
| /* Better */ | |
| // Using VRF by Chainlink | |
| // https://docs.chain.link/docs/vrf/v2/examples/get-a-random-number/ |
bartubozkurt
/ PrivateOnChainData.sol
Created
February 2, 2023 10:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Bad */ | |
| string private password; | |
| /* Better */ | |
| // string private password | |
| // shouldn't store the password on blockchain |
bartubozkurt
/ ReentrancyMitigations.sol
Last active
February 1, 2023 17:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Bad */ | |
| function badWithdraw(uint amounts) public { | |
| require(amounts <= balances[msg.sender]); // 1.πππππ | |
| // there is no risk of reentrancy because transfer is 2300 gas | |
| msg.sender.transfer(amounts) // 3.ππ‘π§ππ₯πππ§ππ’π‘ | |
| balances[msg.sender] - amounts; // 2.ππππππ§π¦ | |
| } | |
| /* Better */ | |
| function goodWithdraw(uint amounts) public { |
bartubozkurt
/ ReentrancyGuard.sol
Created
February 1, 2023 17:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract Guarded { | |
| ... | |
| bool locked = false; | |
| function withdraw() external { | |
| require(!locked, "Reentrant call detected!"); | |
| locked = true; | |
| ... | |
| locked = false; |
bartubozkurt
/ ERC777Reentrancy.sol
Created
February 1, 2023 17:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| address token; | |
| mapping(address => uint) canBorrowAmount; | |
| /* Bad */ | |
| function badBorrow(uint amounts) public { | |
| require(amounts <= canBorrowAmount[msg.sender]); // 1.πππππ | |
| IERC777(token).transfer(msg.sender, amounts) // 3.ππ‘π§ππ₯πππ§ππ’π‘ | |
| canBorrowAmount[msg.sender] - amounts; // 2.ππππππ§π¦ | |
| } | |
| /* Better */ |
bartubozkurt
/ reentrancyAttack.sol
Last active
February 1, 2023 17:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Bad */ | |
| function badWithdraw(uint amounts) public { | |
| require(amounts <= balances[msg.sender]); // 1.πππππ | |
| (bool success, bytes memory data) | |
| = msg.sender.call{value: amounts}(""); // 3.ππ‘π§ππ₯πππ§ππ’π‘ | |
| require(success); | |
| balances[msg.sender] - amounts; // 2.ππππππ§π¦ | |
| } | |
| /* Better */ |
bartubozkurt
/ ControlledDelegatecall.sol
Last active
February 1, 2023 17:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Bad */ | |
| contract Bad { | |
| function badDelegate(address _yourContract, bytes calldata _data) payable public returns (bytes memory) { | |
| (bool success, bytes memory data) = _yourContract.delegatecall(_data); | |
| require(success); | |
| return data; | |
| } | |
| } | |
| /* Vulnerability | |
| Anyone can destroy the Bad contract using by βselfdestructβ |