Info

Sweet Crab
Author
Download ZIP (9.4 KB)

Testing and Issues

You can test this entry and submit issues during the testing period of the Blockchain Contest contest.

Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.

Voting

410

Comments

Sweet Crab Oct 16, 2019 at 11:31
atomic swap
31
You have not added any comments yet...
by rating

Issues

Andrey Toukmanov Oct 17, 2019 at 12:57
Hello, your sol contract has a serious vulnerability
Attacker who make deposit with hash of 0 can infinitely withraw ether from contract, till balance if > 0
Here is exploit (run with node, first arg your node path, testnet by default):
https://gist.github.com/toukmanov/8290feb057776d2a4e612c4b59a7ca84
Ethereum
18
Sweet Crab Oct 17, 2019 at 14:21
Thank you, you're right. It is necessary to add a check that the secretHash is not a hash from zero. We have already fix it.
Chic Dolphin Oct 21, 2019 at 13:26
So I pulled the code from init.boc file provided. And to my surprise the first thing it does (after SETCP 0) is ACCEPT. So I deployed it on testnet and sure enough it looses balance quickly.

https://gist.github.com/rainydio/4e5b2f10c8bd4290a154a6d8b31f07c9
3
Nobody added any issues yet...