Challenge
Our team has prepared for an ICO. However, we are worried that there might a way to exploit the smart contracts in such a way that new investors won't be able to invest anymore. Can you spot the bug and prove us right?
Each "victim" will have two investors. Your goal is to make impossible for our investor to invest money when "get_flag" is called.
Target: http://142.93.103.129:3001
This mean our goal is to paralyze this contract.
I spend lots of time to list all require
and try to make investor fail to invest money.
I think those in DCTF18_Crowdsale is most suspicious …
1 |
|
But nothing wrong here…
Finally, I found this!!
1 |
|
The invest cap multiple 2 for each investment
and it use safeMath to prevent overflow!!!!
1 |
|
If we invest lots of times, this contract’s invest cap will be maximum and never work any longer.
Exploit
1 |
|