Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
#!/usr/bin/env python
# -*- coding: utf-8 -*-
__author__ = "Raz0r"
__email__ = "me@raz0r.name"
"""
This is a solution to the PolySwarm's smart contract hacking challenge done with manticore.
Please refer to https://raz0r.name/writeups/polyswarm-smart-contract-hacking-challenge-writeup/ for a complete walk through.
"""
import binascii
from manticore.ethereum import ManticoreEVM, ABI
m = ManticoreEVM()
# Set up accounts with original addresses
owner_account = m.create_account(
balance=1000, name="owner", address=0xBC7DDD20D5BCEB395290FD7CE3A9DA8D8B485559
)
attacker_account = m.create_account(
balance=1000, name="attacker", address=0x762C808237A69D786A85E8784DB8C143EB70B2FB
)
cashmoney_contract = m.create_account(
balance=1000, name="CashMoney", address=0x64BA926175BC69BA757EF53A6D5EF616889C9999
)
# Create WinnerLog contract using its init bytecode
with open("winnerlog.bin", "rb") as f:
bytecode = f.read()
def __run_manticore(self, trace):
self.print('[.] Running Manticore')
consts = ManticoreConfig.get_group('core')
consts.procs = self.procs
output_path = self.__create_output_path()
manticore = ManticoreEVM(workspace_url=output_path)
if self.force_loop_limit:
loop_delimiter = LoopDepthLimiter(loop_count_threshold=self.loop_limit)
manticore.register_plugin(loop_delimiter)
if self.avoid_constant_txs:
filter_nohuman_constants = FilterFunctions(regexp=r'.*', depth='human', mutability='constant', include=False)
manticore.register_plugin(filter_nohuman_constants)
self.print('[...] Creating user accounts')
for num in range(0, self.amount_user_accounts):
account_name = 'user_account_' + str(num)
manticore.create_account(balance=self.user_initial_balance, name=account_name)
self.print('[...] Creating a contract and its library dependencies')
with open(self.contract_path, 'r') as contract_file: