Dao challenge - Ams Ethereum Developers - 2016-08-30
•
0 likes•309 views
Each week I put €100 worth of ether in a smart contract and challenge the world to rob it. This short presentations shows a few of my early mistakes using Solidity. https://dao-challenge.herokuapp.com
![Buy tokens (), sell tokens refund()
Problem: sender.send can fail silently
contract DaoChallenge { // Version 1
modifier noEther() {if (msg.value > 0) throw; _}
/* This creates an array with all balances */
mapping (address => uint256) public tokenBalanceOf;
uint256 constant tokenPrice = 1000000000000000; // 1 finney
function DaoChallenge () {}
function () {
address sender = msg.sender;
if(tokenBalanceOf[sender] != 0) {
throw;
}
tokenBalanceOf[sender] = msg.value / tokenPrice;
}
function refund() noEther {
address sender = msg.sender;
uint256 tokenBalance = tokenBalanceOf[sender];
if (tokenBalance <= 0) { throw; }
tokenBalanceOf[sender] = 0;
sender.send(tokenBalance * tokenPrice);
}
}
2016-08-30 - Ethereum Developer Meetup Amsterdam - sjors@sprovoost.nl - h>ps://dao-challenge.herokuapp.com/ 2](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
More Related Content
Viewers also liked
Viewers also liked (17)
Recently uploaded
Recently uploaded (20)
Dao challenge - Ams Ethereum Developers - 2016-08-30
- 1. New smart contract every week with €100 No intentional bugs DAO Challenge Please Rob My Smart Contracts 2016-08-30 - Ethereum Developer Meetup Amsterdam - sjors@sprovoost.nl - h>ps://dao-challenge.herokuapp.com/ 1
- 2. Buy tokens (), sell tokens refund() Problem: sender.send can fail silently contract DaoChallenge { // Version 1 modifier noEther() {if (msg.value > 0) throw; _} /* This creates an array with all balances */ mapping (address => uint256) public tokenBalanceOf; uint256 constant tokenPrice = 1000000000000000; // 1 finney function DaoChallenge () {} function () { address sender = msg.sender; if(tokenBalanceOf[sender] != 0) { throw; } tokenBalanceOf[sender] = msg.value / tokenPrice; } function refund() noEther { address sender = msg.sender; uint256 tokenBalance = tokenBalanceOf[sender]; if (tokenBalance <= 0) { throw; } tokenBalanceOf[sender] = 0; sender.send(tokenBalance * tokenPrice); } } 2016-08-30 - Ethereum Developer Meetup Amsterdam - sjors@sprovoost.nl - h>ps://dao-challenge.herokuapp.com/ 2
- 3. Can you guess how to rob this? contract DaoChallenge // Version 2 { function DaoChallenge () {} function () { address sender = msg.sender; uint256 amount = msg.value; if (amount % tokenPrice != 0) { throw; } tokenBalanceOf[sender] += amount / tokenPrice; notifySellToken(amount, sender); } function withdrawEtherOrThrow(uint256 amount) { bool result = msg.sender.call.value(amount)(); if (!result) { throw; } } function refund() noEther { address sender = msg.sender; uint256 tokenBalance = tokenBalanceOf[sender]; if (tokenBalance == 0) { throw; } tokenBalanceOf[sender] = 0; withdrawEtherOrThrow(tokenBalance * tokenPrice); } } 2016-08-30 - Ethereum Developer Meetup Amsterdam - sjors@sprovoost.nl - h>ps://dao-challenge.herokuapp.com/ 3
- 4. contract DaoChallenge // Version 3 { function DaoChallenge () {} function () { address sender = msg.sender; uint256 amount = msg.value; if (amount % tokenPrice != 0) { throw; } tokenBalanceOf[sender] += amount / tokenPrice; notifySellToken(amount, sender); } function withdrawEtherOrThrow(uint256 amount) private { bool result = msg.sender.call.value(amount)(); if (!result) { throw; } } function refund() noEther { address sender = msg.sender; uint256 tokenBalance = tokenBalanceOf[sender]; if (tokenBalance == 0) { throw; } tokenBalanceOf[sender] = 0; withdrawEtherOrThrow(tokenBalance * tokenPrice); } } 2016-08-30 - Ethereum Developer Meetup Amsterdam - sjors@sprovoost.nl - h>ps://dao-challenge.herokuapp.com/ 4