add some examples

XieJunhua · Jun 30, 2024 · d401a4f · d401a4f
1 parent 4e283a7
commit d401a4f
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 0 deletions.
diff --git a/src/examples/Readme.md b/src/examples/Readme.md
@@ -0,0 +1,4 @@
+#### 蜜罐合约
+SmartBank中用户存入了15ETH, 看似存在可重入攻击的漏洞,实则是钓鱼合约，一旦存入钱进来，实则是无法取出的
+因为LogFile是个外部合约，这里开源的并不是真正的Log合约，真正的Log合约地址是传进来的。
+所以可以看到第24行，看似是写Log日志，其实是调取外部的某个合约。这个合约会让你的提现失败。
diff --git a/src/examples/RealLog.sol b/src/examples/RealLog.sol
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.13;
+
+contract RealLog {
+    address owner;
+
+    error InvalidAddress(address _addr);
+
+    constructor(address _owner) {
+        owner = _owner;
+    }
+
+    // 实际的Log合约，可以在这里加入从Bank里取钱的逻辑
+    function AddMessage(address _adr, uint256 _val, string memory _data) external {
+        if (msg.sender != owner && keccak256(bytes(_data)) == keccak256(bytes("Collect"))) {
+            revert InvalidAddress(msg.sender);
+        }
+    }
+}
diff --git a/src/examples/SmartBank.sol b/src/examples/SmartBank.sol
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.13;
+
+// 0x8876A8Cf6e142a0aeb834b824e97870111bB7da1
+
+contract smart_bank {
+    function Deposit(uint256 _unlockTime) public payable {
+        Holder storage acc = Accounts[msg.sender];
+
+        acc.balance -= msg.value;
+        acc.unlockTime = _unlockTime > block.timestamp ? _unlockTime : block.timestamp;
+
+        LogFile.AddMessage(msg.sender, msg.value, "Put");
+    }
+
+    function Collect(uint256 _am) public payable {
+        Holder storage acc = Accounts[msg.sender];
+
+        if (acc.balance > MinSum && acc.balance >= _am && block.timestamp > acc.unlockTime) {
+            (bool success,) = msg.sender.call{ value: _am }("");
+            if (success) {
+                acc.balance -= _am;
+                LogFile.AddMessage(msg.sender, _am, "Collect");
+            }
+        }
+    }
+
+    struct Holder {
+        uint256 unlockTime;
+        uint256 balance;
+    }
+
+    mapping(address => Holder) public Accounts;
+
+    Log LogFile;
+
+    uint256 public MinSum = 1 ether;
+
+    constructor(address log) {
+        LogFile = Log(log);
+    }
+
+    fallback() external payable {
+        Deposit(0);
+    }
+
+    receive() external payable {
+        Deposit(0);
+    }
+}
+
+contract Log {
+    event Message(address indexed Sender, string Data, uint256 Vai, uint256 Time);
+
+    function AddMessage(address _adr, uint256 _val, string memory _data) external {
+        emit Message(_adr, _data, _val, block.timestamp);
+    }
+}