Maojui

Defcamp 2018 - ico (Blockchain - 387)

2018-11-11

Challenge

Our team has prepared for an ICO. However, we are worried that there might a way to exploit the smart contracts in such a way that new investors won't be able to invest anymore. Can you spot the bug and prove us right? 

Each "victim" will have two investors. Your goal is to make impossible for our investor to invest money when "get_flag" is called.

Target: http://142.93.103.129:3001

This mean our goal is to paralyze this contract.

I spend lots of time to list all require and try to make investor fail to invest money.

I think those in DCTF18_Crowdsale is most suspicious …

1
2
3
4
5
6
7
8
9
require (msg.sender != address(0));           // valid investor address
require (tx.gasprice <= gasPriceLimit); // tx gas price doesn't exceed limit
require (!investors[msg.sender].purchasing); // investor not already purchasing
require (now >= startTime && now <= endTime); // within crowdsale period
require (capTimestamp != 0); // investor cap initialized
require (msg.value >= minInvestment); // value should exceed or be equal to minimum investment
require (whitelisted(msg.sender)); // check if investor is whitelisted
require (withinCap(0)); // check if purchase is within cap
require (withinInvestorCap(msg.sender, 0)); // check if purchase is within investor cap

But nothing wrong here…

Finally, I found this!!

1
investorCapBaseline = investorCapBaseline.mul(2);

The invest cap multiple 2 for each investment

and it use safeMath to prevent overflow!!!!

1
2
3
4
5
6
7
8
9
// In safeMath
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
uint256 c = a * b;
assert(c / a == b);
return c;
}

If we invest lots of times, this contract’s invest cap will be maximum and never work any longer.

Exploit

1
2
for i in range(256):
get_flag(icoAdd, wallet, password)

DCTF{905d4e658026c948db460ef562779b222080aa9cd331910745d553eaca5d0e16}

python code
Smart Contract