sunweb3sec / defivulnlabs Goto Github PK
View Code? Open in Web Editor NEWTo learn common smart contract vulnerabilities using Foundry!
To learn common smart contract vulnerabilities using Foundry!
how about move test directory to project's root directory . according to this
of course it is also possible to put it in the current src/test directory.
This code contains a vulnerability that could allow the contract admin to manipulate the winner and drain the prize funds. Let me analyze the issue:
In the LotteryGame contract, the pickWinner function uses an assembly block to directly set the winner address using the sstore opcode.
This allows the contract admin to manipulate the winner address and set it to any address of their choice.
The safeCheck modifier checks if the msg.sender is equal to the referee address, and if not, it calls the getkWinner function. However, the getkWinner function doesn't perform any validation or security checks, and it simply returns the current value of winner. This means that anyone can call getkWinner to see the manipulated winner address. assign me this @SunWeb3Sec so i can solve this
In Reentrancy.sol
we have contracts EtherStore and EtherStoreRemediated but in tests we have 4 contracts additional two attack and attackRemediated
I cant locate 2 additional contracts . Is there any trick to it. Am I missing something ???
The code appears to have a potential vulnerability that could be exploited.
In the testApproveScam function, the contract allows Alice to grant unlimited approval to the address of Eve using the approve function.
This means that Alice is granting permission to Eve to transfer any amount of tokens from Alice's account. This can be problematic if Alice unintentionally grants approval to a malicious or untrusted address, allowing it to drain Alice's funds.
To mitigate this vulnerability, it is recommended to use a more controlled and limited approach when granting approval. For example, Alice can specify the exact amount of tokens to approve or implement a mechanism where approval is granted only for specific trusted addresses or contracts.
Additionally, the code could benefit from better error handling and input validation to prevent potential issues and improve the overall security and robustness of the smart contract.
assign me this @SunWeb3Sec so i can solve issue
Thank you very much for taking time to create these the learning experience is helpful!
Dirtybytes need to complile under 0.8.15.
This code contains a vulnerability related to the "isContract" check in the Target contract. The issue arises due to relying on the extcodesize function to determine if an address is a contract. However, this method is not entirely reliable, as it returns 0 for contracts that are still in the construction phase.
To address this vulnerability, a more secure method should be used to check if an address is a contract. One commonly used approach is to check the code.length of the address.
Line 74, alice.balance should change to bob.balance.
Hi,
While experimenting with 20220623 Sense Finance - Access control, I've bumped into the following compilation error.
Any idea what's wrong with my foundary setup or command?
P/S: I've newly cloned this github repository, it shouldn't caused by github cloning.
forge test --contracts ./src/test/SenseFinance_exp.sol -vv
[โ ] Compiling...
[โ ฐ] Compiling 8 files with 0.7.6
[โ ] Solc 0.7.6 finished in 248.22ms
Error:
Compiler run failed
error[4957]: src/test/interface.sol:31:16: TypeError: This type is only supported in ABI coder v2. Use "pragma abicoder v2;" to enable the feature.
function ffi(string[] calldata) external returns (bytes memory);
^---------------^
error[4957]: src/test/interface.sol:48:74: TypeError: This type is only supported in ABI coder v2. Use "pragma abicoder v2;" to enable the feature.
function envString(string calldata, string calldata) external returns (string[] memory);
^-------------^
error[4957]: src/test/interface.sol:49:73: TypeError: This type is only supported in ABI coder v2. Use "pragma abicoder v2;" to enable the feature.
function envBytes(string calldata, string calldata) external returns (bytes[] memory);
^------------^
error[4957]: src/test/interface.sol:75:48: TypeError: This type is only supported in ABI coder v2. Use "pragma abicoder v2;" to enable the feature.
function getRecordedLogs() external returns (Log[] memory);
^----------^
error[4957]: src/test/interface.sol:174:39: TypeError: This type is only supported in ABI coder v2. Use "pragma abicoder v2;" to enable the feature.
function rpcUrls() external returns(string[2][] memory);
^----------------^
error[4957]: src/test/SenseFinance_exp.sol:10:5: TypeError: This type is only supported in ABI coder v2. Use "pragma abicoder v2;" to enable the feature.
SwapRequest memory request,
^------------------------^
error[2443]: src/test/SenseFinance_exp.sol:62:9: TypeError: The type of this parameter, struct ISpace.SwapRequest, is only supported in ABI coder v2. Use "pragma abicoder v2;" to enable the feature.
aad,
^-^
error[2443]: src/test/SenseFinance_exp.sol:69:20: TypeError: The type of this parameter, struct ISpace.SwapRequest, is only supported in ABI coder v2. Use "pragma abicoder v2;" to enable the feature.
space.onSwap(aad, 2000000000000000000, 2000000000000000000)
^-^
When I try to test the Uninitialized_variables.sol,using forge test --contracts ./src/test/Uninitialized_variables.sol -vvvv.
I got the result.
forge test --contracts ./src/test/Uninitialized_variables.sol -vvvv
[โ ] Compiling...
[โ ] Compiling 1 files with 0.8.17
[โ ข] Solc 0.8.17 finished in 1.43s
Compiler run successful (with warnings)
Running 1 test for src/test/Uninitialized_variables.sol:ContractTest
[PASS] testSafeMint() (gas: 655369)
Logs:
Unitialized Upgrader: 0x0000000000000000000000000000000000000000
Initialized Upgrader: 0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496
Exploit completed
Since EngineContract destroyed, next call will fail.
Traces:
[655369] ContractTest::testSafeMint()
โโ [276918] โ new Engine@0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f
โ โโ โ 1383 bytes of code
โโ [101370] โ new Motorbike@0x2e234DAe75C793f67A35089C9d99245E1C58470b
โ โโ [46480] Engine::initialize() [delegatecall]
โ โ โโ emit Initialized(version: 1)
โ โ โโ โ ()
โ โโ โ 159 bytes of code
โโ [21275] โ new Attack@0xF62849F9A0B5Bf2913b396098F7c7019b51A820a
โ โโ โ 106 bytes of code
โโ [2392] Engine::upgrader() [staticcall]
โ โโ โ 0x0000000000000000000000000000000000000000
โโ [0] console::log(Unitialized Upgrader:, 0x0000000000000000000000000000000000000000) [staticcall]
โ โโ โ ()
โโ [44480] Engine::initialize()
โ โโ emit Initialized(version: 1)
โ โโ โ ()
โโ [392] Engine::upgrader() [staticcall]
โ โโ โ ContractTest: [0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496]
โโ [0] console::log(Initialized Upgrader:, ContractTest: [0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496]) [staticcall]
โ โโ โ ()
โโ [28641] Engine::upgradeToAndCall(Attack: [0xF62849F9A0B5Bf2913b396098F7c7019b51A820a], 0x9e5faafc)
โ โโ [5103] Attack::attack() [delegatecall]
โ โ โโ โ ()
โ โโ โ ()
โโ [0] console::log(Exploit completed) [staticcall]
โ โโ โ ()
โโ [0] console::log(Since EngineContract destroyed, next call will fail.) [staticcall]
โ โโ โ ()
โโ [6741] Engine::upgradeToAndCall(Attack: [0xF62849F9A0B5Bf2913b396098F7c7019b51A820a], 0x9e5faafc)
โ โโ [5103] Attack::attack() [delegatecall]
โ โ โโ โ ()
โ โโ โ ()
โโ โ ()
Test result: ok. 1 passed; 0 failed; finished in 1.16ms
Excepting result is the second call to function upgradeToAndCall will fail.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.