Dr. Mark B Lundeberg, 2018 Feb 15
bitcoincash:qqy9myvyt7qffgye5a2mn2vn8ry95qm6asy40ptgx2
This security advisory notes a vulnerability in the common construction of cross-chain smart contracts (contracts between distinct cryptocurrencies) through hash locking. I focus on the primary use case in [atomic
| /*** | |
| * Shoutouts: | |
| * | |
| * Bytecode origin https://www.reddit.com/r/ethereum/comments/6ic49q/any_assembly_programmers_willing_to_write_a/dj5ceuw/ | |
| * Modified version of Vitalik's https://www.reddit.com/r/ethereum/comments/6c1jui/delegatecall_forwarders_how_to_save_5098_on/ | |
| * Credits to Jorge Izquierdo (@izqui) for coming up with this design here: https://gist.github.com/izqui/7f904443e6d19c1ab52ec7f5ad46b3a8 | |
| * Credits to Stefan George (@Georgi87) for inspiration for many of the improvements from Gnosis Safe: https://github.com/gnosis/gnosis-safe-contracts | |
| * | |
| * This version has many improvements over the original @izqui's library like using REVERT instead of THROWing on failed calls. | |
| * It also implements the awesome design pattern for initializing code as seen in Gnosis Safe Factory: https://github.com/gnosis/gnosis-safe-contracts/blob/master/contracts/ProxyFactory.sol |
| pragma solidity ^0.4.10; | |
| // Based on Alex Miller's design, with minor revisions to appease the compiler, and incorporate Christian Lundkvist's | |
| // input about hash collisions. | |
| contract Bitcoin { | |
| struct UTXO { | |
| address owner; | |
| uint value; |
| #! /usr/bin/env ruby | |
| # NOTE: Requires Ruby 2.1 or greater. | |
| # This script can be used to parse and dump the information from | |
| # the 'html/contact_info.htm' file in a Facebook user data ZIP download. | |
| # | |
| # It prints all cell phone call + SMS message + MMS records, plus a summary of each. | |
| # | |
| # It also dumps all of the records into CSV files inside a 'CSV' folder, that is created |
| pragma solidity ^0.4.22; | |
| // ECE 398 SC - Smart Contracts and Blockchain Security | |
| // http://soc1024.ece.illinois.edu/teaching/ece398sc/spring2018/ | |
| // Simpest possible duplex-micropayment channel | |
| // - Funded with an up front amount at initialization | |
| // - The contract creator is called "alice". The other party, "bob", is passed | |
| // as an argument to the Constructor | |
| // - There is no fixed deadline, but instead any party can initiate a dispute, | |
| // which lasts for a fixed time |
| /** | |
| * @dev OpcodeChecker processes contract code to generate a bitmap of used opcodes. | |
| * | |
| * DO NOT USE: See the vulnerability identified by Recmo below. A patch will be provided soon. | |
| * | |
| * The generated bitmap can be used to enforce whitelisting and blacklisting on contract code. | |
| * Bit n of the bitmap is set iff opcode n is used. For instance, the presence of the STOP opcode | |
| * will result in bit 0 of the bitmap being set. | |
| * | |
| * A best-effort attempt is made to skip over unreachable data, but there may be false positives. |
| pragma solidity ^0.4.14; | |
| /* | |
| Example of how to verify BLS signatures and BGLS aggregate signatures in Ethereum. | |
| Signatures are generated using https://github.com/Project-Arda/bgls | |
| Code is based on https://github.com/jstoxrocky/zksnarks_example | |
| */ | |
| contract BLSExample { |
| pragma solidity ^0.4.24; | |
| contract PizzaStore { | |
| uint constant SLICE_PRICE_IN_ETH = 1e17; | |
| uint constant SLICE_PRICE_IN_TOKEN = 1e19; | |
| ERC20Interface constant PIZZA_TOKEN = ERC20Interface(0xdd974D5C2e2928deA5F71b9825b8b646686BD200); | |
| event ProofOfPayment(address _beneficiary, address _token, uint _amount, bytes32 _data); |
F(x) that would make it return yx