Solidity CTF — Part 3: “HoneyPot”

Alexander Wade
Jul 1, 2018 · 10 min read

Part 3: “HoneyPot”

Explanation — Part 2: “Safe Execution”

bytes4 internal constant SET = bytes4(keccak256('Set(uint256)'));

function execute(address _target) public noOwner {
require(
_target.delegatecall(
abi.encodeWithSelector(this.execute.selector)
) == false, 'unsafe execution'
);

(bytes4 sel, uint val) = getRet();
require(sel == SET);
function () func;
assembly { func := val }
func();
}
sel := and(
mload(ptr), 0xffffffff00000000000000000000000000000000000000000000000000000000
)
val := mload(add(0x04, ptr))function getRet() internal pure returns (bytes4 sel, uint val) {
assembly {
if iszero(eq(returndatasize, 0x24)) { revert(0, 0) }
let ptr := mload(0x40)
returndatacopy(ptr, 0, 0x24)
sel := and(
mload(ptr), 0xffffffff00000000000000000000000000000000000000000000000000000000
)
val := mload(add(0x04, ptr))
}
}
if iszero(eq(returndatasize, 0x24)) { revert(0, 0) }                                     
let ptr := mload(0x40)
returndatacopy(ptr, 0, 0x24)
sel := and(
mload(ptr), 0xffffffff00000000000000000000000000000000000000000000000000000000
)
val := mload(add(0x04, ptr))
require(sel == SET);                               
function () func;
assembly { func := val }
func();

Authio

Security Auditing and Standards for Ethereum

Alexander Wade

Written by

CEO and Lead Tea Enthusiast at Authio

Authio

Authio

Security Auditing and Standards for Ethereum