- Write contracts
- Study zeppelin in depth and then learn to test for this: logic bugs, failed sends, recursive calls, overflow, poison data, exposed functions, exposed secrets, dust spam, replay attack, miner vulnerabilities, malicious creator, off-chain safety, cross-chain attacks, tx-origin problems, stack depth exhaustion, etc.
- http://hackthiscontract.io/dashboard?address=ggg
- https://medium.com/@rtaylor30/how-i-snatched-your-153-037-eth-after-a-bad-tinder-date-d1d84422a50b
Bilal Arif furusiyya
furusiyya
/ BlockChainHacking.md
Created
September 17, 2017 23:59
Getting started with blockchain hacking :)
furusiyya
/ NotaryPlatformToken.sol
Last active
October 2, 2017 16:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * NotaryPlatformToken.sol v1.0.0 | |
| * | |
| * Bilal Arif - https://twitter.com/furusiyya_ | |
| * Notary Platform | |
| */ | |
| pragma solidity ^0.4.16; | |
furusiyya
/ CarContract.sol
Last active
September 28, 2017 17:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.16; | |
| contract ReentrancyGuard { | |
| event ReentrancyAttemp(address senderAddress); | |
| /** | |
| * @dev We use a single lock for the whole contract. | |
| */ | |
| bool private rentrancy_lock = false; |
furusiyya
/ NotaryPlatformICO.md
Last active
October 20, 2017 05:36
Addresses of Notary Platform ICO's
Notary Platform Token Contract: https://rinkeby.etherscan.io/address/0x26583673d43e8646fe792d62c84fa6811de8276a#code
Car Contract: https://rinkeby.etherscan.io/address/0xd5a2378b5c7d2381a5f6fd1faaef47a736b757cd#code
Notary Mapper: https://rinkeby.etherscan.io/address/0x0c84290a98362c96be7e9fb44ea543b47d723223#readContract
Crowdfunding Contracts: https://etherscan.io/address/0x34a3deb32b4705018f1e543a5867cf01aff3f15b#code Notary Platform Token: https://etherscan.io/address/0xf92698aa5cf655B092D98548b292bB150998888D#readContract
furusiyya
/ ICO_Bonuses
Last active
October 10, 2017 17:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bonuses[0x017ABCC1012A7FfA811bBe4a26804f9DDac1Af4D] = true; | |
| bonuses[0x1156ABCBA63ACC64162b0bbf67726a3E5eA1E157] = true; | |
| bonuses[0xEAC8483261078517528DE64956dBD405f631265c] = true; | |
| bonuses[0xB0b0D639b612937D50dd26eA6dc668e7AE51642A] = true; | |
| bonuses[0x417535DEF791d7BBFBC97b0f743a4Da67fD9eC3B] = true; | |
| bonuses[0x6723f81CDc9a5D5ef2Fe1bFbEdb4f83Bd017D3dC] = true; | |
| bonuses[0xb9Bd4f154Bb5F2BE5E7Db0357C54720c7f35405d] = true; | |
| bonuses[0x21CA5617f0cd02f13075C7c22f7231D061F09189] = true; | |
| bonuses[0x0a6Cd7e558c69baF7388bb0B3432E29Ecc29ac55] = true; | |
| bonuses[0x6a7f63709422A986A953904c64F10D945c8AfBA1] = true; |
furusiyya
/ blockstack.id
Created
October 20, 2017 23:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Verifying that "furusiyya.id" is my Blockstack ID. https://onename.com/furusiyya |
furusiyya
/ Assignment.md
Created
October 25, 2017 12:25
You have to create a smart contract in solidity language and deploy it on ethereum testnet. Smart contract will represent an ERC20 token that have only one function used for transferring tokens. Solidity: https://solidity.readthedocs.io
furusiyya
/ LexbyteAudit.md
Created
October 30, 2017 02:35
- A flat pricing with ETH: USD - $0.02 per token (50 tokens to 1 USD)
- Coin rate should be $0.02 (can just use the live feed from www.oraclize.it or similar)
- Token supply: 1 billion, selling 150 million e.g. $3M cap.
- Token: 8 decimals
- Multisig wallet for the proceeds, as per gnosis (as that doesn't seem to have had any issues vs. parity)
- Ensure tokens are reserved and allocated by a certain date when they unlock to subscribers
- No ETH cap: Anyone can buy as many tokens as they like until all tokens are sold
- Sale ends when 150m tokens (out of 1bn) allocated to contract run out or a certain date is reached
- Ideally the smart contract should verify in etherscan and fit into the token tracker
furusiyya
/ LockableToken.sol
Created
November 1, 2017 22:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.13; | |
| contract ERC20Basic { | |
| uint256 public totalSupply; | |
| function balanceOf(address who) constant returns (uint256); | |
| function transfer(address to, uint256 value) returns (bool); | |
| event Transfer(address indexed from, address indexed to, uint256 value); | |
| } | |
| contract ERC20 is ERC20Basic { |
furusiyya
/ LexAudit.md
Created
November 20, 2017 09:42
Files imported from OpenZeppelin are not audited. In the audit OpenZeppelin latest commit 99f3e26f83f4628246b48c8b3afa5bb3958f5224 is considered. Only Coin.sol is audited.
- Token minting is only allowed to owner so contract is centralized and not compliant to escrow standards.
- No unit test are provided which is a big red flag. I will recommend to write unit test and use of truffle.
- Check that destination of token transfers is not 0x0
- Rate of Occurrence: Low