Add SB Curated (copied from the smartbugs repository).

2022-11-23 09:07:09 +00:00
parent 03da27c72a
commit 254a3b20c1
156 changed files with 17228 additions and 0 deletions
--- a/dataset/other/crypto_roulette.sol
+++ b/dataset/other/crypto_roulette.sol
@@ -0,0 +1,61 @@
+/*
+ * @source: https://github.com/thec00n/smart-contract-honeypots/blob/master/CryptoRoulette.sol
+ * @vulnerable_at_lines: 40,41,42
+ */
+pragma solidity ^0.4.19;
+
+// CryptoRoulette
+//
+// Guess the number secretly stored in the blockchain and win the whole contract balance!
+// A new number is randomly chosen after each try.
+// https://www.reddit.com/r/ethdev/comments/7wp363/how_does_this_honeypot_work_it_seems_like_a/
+// To play, call the play() method with the guessed number (1-20).  Bet price: 0.1 ether
+
+contract CryptoRoulette {
+
+    uint256 private secretNumber;
+    uint256 public lastPlayed;
+    uint256 public betPrice = 0.1 ether;
+    address public ownerAddr;
+
+    struct Game {
+        address player;
+        uint256 number;
+    }
+    Game[] public gamesPlayed;
+
+    function CryptoRoulette() public {
+        ownerAddr = msg.sender;
+        shuffle();
+    }
+
+    function shuffle() internal {
+        // randomly set secretNumber with a value between 1 and 20
+        secretNumber = uint8(sha3(now, block.blockhash(block.number-1))) % 20 + 1;
+    }
+
+    function play(uint256 number) payable public {
+        require(msg.value >= betPrice && number <= 10);
+        // <yes> <report> OTHER - uninitialized storage
+        Game game; //Uninitialized storage pointer
+        game.player = msg.sender;
+        game.number = number;
+        gamesPlayed.push(game);
+
+        if (number == secretNumber) {
+            // win!
+            msg.sender.transfer(this.balance);
+        }
+
+        shuffle();
+        lastPlayed = now;
+    }
+
+    function kill() public {
+        if (msg.sender == ownerAddr && now > lastPlayed + 1 days) {
+            suicide(msg.sender);
+        }
+    }
+
+    function() public payable { }
+}
--- a/dataset/other/name_registrar.sol
+++ b/dataset/other/name_registrar.sol
@@ -0,0 +1,32 @@
+/*
+ * @source: https://github.com/sigp/solidity-security-blog#storage-example
+ * @vulnerable_at_lines: 21
+ */
+// A Locked Name Registrar
+
+pragma solidity ^0.4.15;
+contract NameRegistrar {
+
+    bool public unlocked = false;  // registrar locked, no name updates
+
+    struct NameRecord { // map hashes to addresses
+        bytes32 name;
+        address mappedAddress;
+    }
+
+    mapping(address => NameRecord) public registeredNameRecord; // records who registered names
+    mapping(bytes32 => address) public resolve; // resolves hashes to addresses
+
+    function register(bytes32 _name, address _mappedAddress) public {
+        // set up the new NameRecord
+        // <yes> <report> OTHER - uninitialized storage
+        NameRecord newRecord;
+        newRecord.name = _name;
+        newRecord.mappedAddress = _mappedAddress;
+
+        resolve[_name] = _mappedAddress;
+        registeredNameRecord[msg.sender] = newRecord;
+
+        require(unlocked); // only allow registrations if contract is unlocked
+    }
+}
--- a/dataset/other/open_address_lottery.sol
+++ b/dataset/other/open_address_lottery.sol
@@ -0,0 +1,105 @@
+/*
+ * @source: https://etherscan.io/address/0x741f1923974464efd0aa70e77800ba5d9ed18902#code
+ * @vulnerable_at_lines: 91
+ */
+
+pragma solidity ^0.4.19;
+/*
+ * This is a distributed lottery that chooses random addresses as lucky addresses. If these
+ * participate, they get the jackpot: 7 times the price of their bet.
+ * Of course one address can only win once. The owner regularly reseeds the secret
+ * seed of the contract (based on which the lucky addresses are chosen), so if you did not win,
+ * just wait for a reseed and try again!
+ *
+ * Jackpot chance:   1 in 8
+ * Ticket price: Anything larger than (or equal to) 0.1 ETH
+ * Jackpot size: 7 times the ticket price
+ *
+ * HOW TO PARTICIPATE: Just send any amount greater than (or equal to) 0.1 ETH to the contract's address
+ * Keep in mind that your address can only win once
+ *
+ * If the contract doesn't have enough ETH to pay the jackpot, it sends the whole balance.
+
+ https://www.reddit.com/r/ethdev/comments/7wp363/how_does_this_honeypot_work_it_seems_like_a/
+*/
+
+contract OpenAddressLottery{
+    struct SeedComponents{
+        uint component1;
+        uint component2;
+        uint component3;
+        uint component4;
+    }
+    
+    address owner; //address of the owner
+    uint private secretSeed; //seed used to calculate number of an address
+    uint private lastReseed; //last reseed - used to automatically reseed the contract every 1000 blocks
+    uint LuckyNumber = 7; //if the number of an address equals 7, it wins
+        
+    mapping (address => bool) winner; //keeping track of addresses that have already won
+    
+    function OpenAddressLottery() {
+        owner = msg.sender;
+        reseed(SeedComponents((uint)(block.coinbase), block.difficulty, block.gaslimit, block.timestamp)); //generate a quality random seed
+    }
+    
+    function participate() payable {
+        if(msg.value<0.1 ether)
+            return; //verify ticket price
+        
+        // make sure he hasn't won already
+        require(winner[msg.sender] == false);
+        
+        if(luckyNumberOfAddress(msg.sender) == LuckyNumber){ //check if it equals 7
+            winner[msg.sender] = true; // every address can only win once
+            
+            uint win=msg.value*7; //win = 7 times the ticket price
+            
+            if(win>this.balance) //if the balance isnt sufficient...
+                win=this.balance; //...send everything we've got
+            msg.sender.transfer(win);
+        }
+        
+        if(block.number-lastReseed>1000) //reseed if needed
+            reseed(SeedComponents((uint)(block.coinbase), block.difficulty, block.gaslimit, block.timestamp)); //generate a quality random seed
+    }
+    
+    function luckyNumberOfAddress(address addr) constant returns(uint n){
+        // calculate the number of current address - 1 in 8 chance
+        n = uint(keccak256(uint(addr), secretSeed)[0]) % 8;
+    }
+    
+    function reseed(SeedComponents components) internal {
+        secretSeed = uint256(keccak256(
+            components.component1,
+            components.component2,
+            components.component3,
+            components.component4
+        )); //hash the incoming parameters and use the hash to (re)initialize the seed
+        lastReseed = block.number;
+    }
+    
+    function kill() {
+        require(msg.sender==owner);
+        
+        selfdestruct(msg.sender);
+    }
+    
+    function forceReseed() { //reseed initiated by the owner - for testing purposes
+        require(msg.sender==owner);
+        // <yes> <report> OTHER - uninitialized storage
+        SeedComponents s;
+        s.component1 = uint(msg.sender);
+        s.component2 = uint256(block.blockhash(block.number - 1));
+        s.component3 = block.difficulty*(uint)(block.coinbase);
+        s.component4 = tx.gasprice * 7;
+        
+        reseed(s); //reseed
+    }
+    
+    function () payable { //if someone sends money without any function call, just assume he wanted to participate
+        if(msg.value>=0.1 ether && msg.sender!=owner) //owner can't participate, he can only fund the jackpot
+            participate();
+    }
+
+}