Challenge 1 — Basic Token Contract
The smart contract shown below is published at 0xBe560932… and is funded with about €100 worth of ether. Please try to plunder it. There are two ways to win:
- Find a weakness and drain the contract yourself.
- Take more ETH out of the contract than you put in and contact me.
There’s one important rule: you may not go after me and my private key.
You can find the full code for this challenge on GitHub.
The code in this contract is based on the Ethereum sample token application as well as the DAO contract, but much simpler and with very limited functionality. I funded the contract with ETH when it was created.
You can buy tokens from the contract for 1 finney and get them refunded.
Update on Aug. 2, 2016: You can buy a token by sending 0.001 ETH to the contract, which is located at 0xBe560932…. Selling a token requires you to “watch” the contract (see Challenge 5) in your wallet software and select the refund() method.
Ideally, a smart hacker can steal all the funds inside the contract on their own, without any help. However, even a small theft means the code is not secure, so I consider that winning. If the latter scenario were to occur, I would still need to pay out the winner manually.
This is why I built a backdoor into the contract. I allows me to take the funds out and send them to the winner.
I also use the backdoor when the challenge expires without a winner, see the deadline below.
A bug in the backdoor that doesn’t involve my private key is fair game. Exploiting a bug in Ethereum, Solidity, etc. is also fair game. I may even decide to hack the contract myself. Update 2016–08–02: this indeed happened when I robbed Challenge 2 myself
The reason I put my own money into this challenge is to hone my skills at writing secure, smart contract code. Perhaps this particular contract is impenetrable, but as I publish more complex code, the odds of my making a mistake increase.
I will withdraw funds from the contract on or after Sept. 17, 2016. The challenge expires on Sept. 30, 2016. The reason for this delay is to give you the opportunity to set up a trap for me that takes effect the moment I try to pull the funds out, if that is at all possible.
P.S. While I was writing the code for this contract, using the Mix IDE, there were some things that confused me:
- If I click on the refresh button, Mix crashes 9 of 10 times.
- I have to re-enter the transactions in the scenario every time I restart the editor, with or without a crash.
Am I doing something wrong? Should I use a different IDE?
