AISE/smartbugs-curated
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add SB Curated (copied from the smartbugs repository).

Browse Source
This commit is contained in:
Joao F. Ferreira
2022-11-23 09:07:09 +00:00
parent 03da27c72a
commit 254a3b20c1
156 changed files with 17228 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

297
dataset/unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e.sol Normal file
View File

@@ -0,0 +1,297 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 201,213
*/
pragma solidity ^0.4.21;
contract PoCGame
{
/**
* Modifiers
*/
modifier onlyOwner()
{
require(msg.sender == owner);
_;
}
modifier isOpenToPublic()
{
require(openToPublic);
_;
}
modifier onlyRealPeople()
{
require (msg.sender == tx.origin);
_;
}
modifier onlyPlayers()
{
require (wagers[msg.sender] > 0);
_;
}
/**
* Events
*/
event Wager(uint256 amount, address depositer);
event Win(uint256 amount, address paidTo);
event Lose(uint256 amount, address loser);
event Donate(uint256 amount, address paidTo, address donator);
event DifficultyChanged(uint256 currentDifficulty);
event BetLimitChanged(uint256 currentBetLimit);
/**
* Global Variables
*/
address private whale;
uint256 betLimit;
uint difficulty;
uint private randomSeed;
address owner;
mapping(address => uint256) timestamps;
mapping(address => uint256) wagers;
bool openToPublic;
uint256 totalDonated;
/**
* Constructor
*/
constructor(address whaleAddress, uint256 wagerLimit)
onlyRealPeople()
public
{
openToPublic = false;
owner = msg.sender;
whale = whaleAddress;
totalDonated = 0;
betLimit = wagerLimit;
}
/**
* Let the public play
*/
function OpenToThePublic()
onlyOwner()
public
{
openToPublic = true;
}
/**
* Adjust the bet amounts
*/
function AdjustBetAmounts(uint256 amount)
onlyOwner()
public
{
betLimit = amount;
emit BetLimitChanged(betLimit);
}
/**
* Adjust the difficulty
*/
function AdjustDifficulty(uint256 amount)
onlyOwner()
public
{
difficulty = amount;
emit DifficultyChanged(difficulty);
}
function() public payable { }
/**
* Wager your bet
*/
function wager()
isOpenToPublic()
onlyRealPeople()
payable
public
{
//You have to send exactly 0.01 ETH.
require(msg.value == betLimit);
//You cannot wager multiple times
require(wagers[msg.sender] == 0);
//log the wager and timestamp(block number)
timestamps[msg.sender] = block.number;
wagers[msg.sender] = msg.value;
emit Wager(msg.value, msg.sender);
}
/**
* method to determine winners and losers
*/
function play()
isOpenToPublic()
onlyRealPeople()
onlyPlayers()
public
{
uint256 blockNumber = timestamps[msg.sender];
if(blockNumber < block.number)
{
timestamps[msg.sender] = 0;
wagers[msg.sender] = 0;
uint256 winningNumber = uint256(keccak256(abi.encodePacked(blockhash(blockNumber), msg.sender)))%difficulty +1;
if(winningNumber == difficulty / 2)
{
payout(msg.sender);
}
else
{
//player loses
loseWager(betLimit / 2);
}
}
else
{
revert();
}
}
/**
* For those that just want to donate to the whale
*/
function donate()
isOpenToPublic()
public
payable
{
donateToWhale(msg.value);
}
/**
* Payout ETH to winner
*/
function payout(address winner)
internal
{
uint256 ethToTransfer = address(this).balance / 2;
winner.transfer(ethToTransfer);
emit Win(ethToTransfer, winner);
}
/**
* Payout ETH to whale
*/
function donateToWhale(uint256 amount)
internal
{
// <yes> <report> UNCHECKED_LL_CALLS
whale.call.value(amount)(bytes4(keccak256("donate()")));
totalDonated += amount;
emit Donate(amount, whale, msg.sender);
}
/**
* Payout ETH to whale when player loses
*/
function loseWager(uint256 amount)
internal
{
// <yes> <report> UNCHECKED_LL_CALLS
whale.call.value(amount)(bytes4(keccak256("donate()")));
totalDonated += amount;
emit Lose(amount, msg.sender);
}
/**
* ETH balance of contract
*/
function ethBalance()
public
view
returns (uint256)
{
return address(this).balance;
}
/**
* current difficulty of the game
*/
function currentDifficulty()
public
view
returns (uint256)
{
return difficulty;
}
/**
* current bet amount for the game
*/
function currentBetLimit()
public
view
returns (uint256)
{
return betLimit;
}
function hasPlayerWagered(address player)
public
view
returns (bool)
{
if(wagers[player] > 0)
{
return true;
}
else
{
return false;
}
}
/**
* For the UI to properly display the winner's pot
*/
function winnersPot()
public
view
returns (uint256)
{
return address(this).balance / 2;
}
/**
* A trap door for when someone sends tokens other than the intended ones so the overseers can decide where to send them.
*/
function transferAnyERC20Token(address tokenAddress, address tokenOwner, uint tokens)
public
onlyOwner()
returns (bool success)
{
return ERC20Interface(tokenAddress).transfer(tokenOwner, tokens);
}
}
//Define ERC20Interface.transfer, so PoCWHALE can transfer tokens accidently sent to it.
contract ERC20Interface
{
function transfer(address to, uint256 tokens) public returns (bool success);
}

14
dataset/unchecked_low_level_calls/0x0cbe050f75bc8f8c2d6c0d249fea125fd6e1acc9.sol Normal file
View File

@@ -0,0 +1,14 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 12
*/
pragma solidity ^0.4.10;
contract Caller {
function callAddress(address a) {
// <yes> <report> UNCHECKED_LL_CALLS
a.call();
}
}

506
dataset/unchecked_low_level_calls/0x19cf8481ea15427a98ba3cdd6d9e14690011ab10.sol Normal file
View File

@@ -0,0 +1,506 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 439,465
*/
//DAO Polska Token deployment
pragma solidity ^0.4.11;
interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; }
// title Migration Agent interface
contract MigrationAgent {
function migrateFrom(address _from, uint256 _value);
}
contract ERC20 {
uint public totalSupply;
function balanceOf(address who) constant returns (uint);
function allowance(address owner, address spender) constant returns (uint);
function transfer(address to, uint value) returns (bool ok);
function transferFrom(address from, address to, uint value) returns (bool ok);
function approve(address spender, uint value) returns (bool ok);
event Transfer(address indexed from, address indexed to, uint value);
event Approval(address indexed owner, address indexed spender, uint value);
}
/**
* Math operations with safety checks
*/
contract SafeMath {
function safeMul(uint a, uint b) internal returns (uint) {
uint c = a * b;
assert(a == 0 || c / a == b);
return c;
}
function safeDiv(uint a, uint b) internal returns (uint) {
assert(b > 0);
uint c = a / b;
assert(a == b * c + a % b);
return c;
}
function safeSub(uint a, uint b) internal returns (uint) {
assert(b <= a);
return a - b;
}
function safeAdd(uint a, uint b) internal returns (uint) {
uint c = a + b;
assert(c>=a && c>=b);
return c;
}
function max64(uint64 a, uint64 b) internal constant returns (uint64) {
return a >= b ? a : b;
}
function min64(uint64 a, uint64 b) internal constant returns (uint64) {
return a < b ? a : b;
}
function max256(uint256 a, uint256 b) internal constant returns (uint256) {
return a >= b ? a : b;
}
function min256(uint256 a, uint256 b) internal constant returns (uint256) {
return a < b ? a : b;
}
function assert(bool assertion) internal {
if (!assertion) {
throw;
}
}
}
/**
* Standard ERC20 token with Short Hand Attack and approve() race condition mitigation.
*
* Based on code by FirstBlood:
* https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
*/
contract StandardToken is ERC20, SafeMath {
/* Token supply got increased and a new owner received these tokens */
event Minted(address receiver, uint amount);
/* Actual balances of token holders */
mapping(address => uint) balances;
// what exaclt ether was sent
mapping(address => uint) balancesRAW;
/* approve() allowances */
mapping (address => mapping (address => uint)) allowed;
/* Interface declaration */
function isToken() public constant returns (bool weAre) {
return true;
}
function transfer(address _to, uint _value) returns (bool success) {
balances[msg.sender] = safeSub(balances[msg.sender], _value);
balances[_to] = safeAdd(balances[_to], _value);
Transfer(msg.sender, _to, _value);
return true;
}
function transferFrom(address _from, address _to, uint _value) returns (bool success) {
uint _allowance = allowed[_from][msg.sender];
balances[_to] = safeAdd(balances[_to], _value);
balances[_from] = safeSub(balances[_from], _value);
allowed[_from][msg.sender] = safeSub(_allowance, _value);
Transfer(_from, _to, _value);
return true;
}
function balanceOf(address _owner) constant returns (uint balance) {
return balances[_owner];
}
function approve(address _spender, uint _value) returns (bool success) {
// To change the approve amount you first have to reduce the addresses`
// allowance to zero by calling `approve(_spender, 0)` if it is not
// already 0 to mitigate the race condition described here:
// https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
if ((_value != 0) && (allowed[msg.sender][_spender] != 0)) throw;
allowed[msg.sender][_spender] = _value;
Approval(msg.sender, _spender, _value);
return true;
}
function allowance(address _owner, address _spender) constant returns (uint remaining) {
return allowed[_owner][_spender];
}
}
// daoPOLSKAtokens
contract daoPOLSKAtokens{
string public name = "DAO POLSKA TOKEN version 1";
string public symbol = "DPL";
uint8 public constant decimals = 18; // 18 decimal places, the same as ETC/ETH/HEE.
// Receives
address public owner;
address public migrationMaster;
// The current total token supply.
uint256 public otherchainstotalsupply =1.0 ether;
uint256 public supplylimit = 10000.0 ether;
//totalSupply
uint256 public totalSupply = 0.0 ether;
//chains:
address public Chain1 = 0x0;
address public Chain2 = 0x0;
address public Chain3 = 0x0;
address public Chain4 = 0x0;
address public migrationAgent=0x8585D5A25b1FA2A0E6c3BcfC098195bac9789BE2;
uint256 public totalMigrated;
event Migrate(address indexed _from, address indexed _to, uint256 _value);
event Refund(address indexed _from, uint256 _value);
struct sendTokenAway{
StandardToken coinContract;
uint amount;
address recipient;
}
mapping(uint => sendTokenAway) transfers;
uint numTransfers=0;
mapping (address => uint256) balances;
mapping (address => uint256) balancesRAW;
mapping (address => mapping (address => uint256)) allowed;
event UpdatedTokenInformation(string newName, string newSymbol);
event Transfer(address indexed _from, address indexed _to, uint256 _value);
event receivedEther(address indexed _from,uint256 _value);
event Approval(address indexed _owner, address indexed _spender, uint256 _value);
// This notifies clients about the amount burnt
event Burn(address indexed from, uint256 value);
//tokenCreationCap
bool public supplylimitset = false;
bool public otherchainstotalset = false;
function daoPOLSKAtokens() {
owner=msg.sender;
migrationMaster=msg.sender;
}
function setSupply(uint256 supplyLOCKER) public {
if (msg.sender != owner) {
throw;
}
if (supplylimitset != false) {
throw;
}
supplylimitset = true;
supplylimit = supplyLOCKER ** uint256(decimals);
//balances[owner]=supplylimit;
}
function setotherchainstotalsupply(uint256 supplyLOCKER) public {
if (msg.sender != owner) {
throw;
}
if (supplylimitset != false) {
throw;
}
otherchainstotalset = true;
otherchainstotalsupply = supplyLOCKER ** uint256(decimals);
}
/**
* Set allowance for other address and notify
*
* Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it
*
* @param _spender The address authorized to spend
* @param _value the max amount they can spend
* @param _extraData some extra information to send to the approved contract
*/
function approveAndCall(address _spender, uint256 _value, bytes _extraData)
public
returns (bool success) {
tokenRecipient spender = tokenRecipient(_spender);
if (approve(_spender, _value)) {
spender.receiveApproval(msg.sender, _value, this, _extraData);
return true;
}
}
/**
* Destroy tokens
*
* Remove `_value` tokens from the system irreversibly
*
* @param _value the amount of money to burn
*/
function burn(uint256 _value) public returns (bool success) {
require(balances[msg.sender] >= _value); // Check if the sender has enough
balances[msg.sender] -= _value; // Subtract from the sender
totalSupply -= _value; // Updates totalSupply
Burn(msg.sender, _value);
return true;
}
/**
* Destroy tokens from other account
*
* Remove `_value` tokens from the system irreversibly on behalf of `_from`.
*
* @param _from the address of the sender
* @param _value the amount of money to burn
*/
function burnFrom(address _from, uint256 _value) public returns (bool success) {
require(balances[_from] >= _value); // Check if the targeted balance is enough
require(_value <= allowed[_from][msg.sender]); // Check allowance
balances[_from] -= _value; // Subtract from the targeted balance
allowed[_from][msg.sender] -= _value; // Subtract from the sender's allowance
totalSupply -= _value; // Update totalSupply
Burn(_from, _value);
return true;
}
function transfer(address _to, uint256 _value) returns (bool success) {
//Default assumes totalSupply can't be over max (2^256 - 1).
//If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap.
//Replace the if with this one instead.
if (balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]) {
//if (balances[msg.sender] >= _value && _value > 0) {
balances[msg.sender] -= _value;
balances[_to] += _value;
Transfer(msg.sender, _to, _value);
return true;
} else { return false; }
}
function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {
//same as above. Replace this line with the following if you want to protect against wrapping uints.
if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && balances[_to] + _value > balances[_to]) {
//if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) {
balances[_to] += _value;
balances[_from] -= _value;
allowed[_from][msg.sender] -= _value;
Transfer(_from, _to, _value);
return true;
} else { return false; }
}
function balanceOf(address _owner) constant returns (uint256 balance) {
return balances[_owner];
}
function approve(address _spender, uint256 _value) returns (bool success) {
allowed[msg.sender][_spender] = _value;
Approval(msg.sender, _spender, _value);
return true;
}
function allowance(address _owner, address _spender) constant returns (uint256 remaining) {
return allowed[_owner][_spender];
}
function () payable public {
if(funding){
receivedEther(msg.sender, msg.value);
balances[msg.sender]=balances[msg.sender]+msg.value;
} else throw;
}
function setTokenInformation(string _name, string _symbol) {
if (msg.sender != owner) {
throw;
}
name = _name;
symbol = _symbol;
UpdatedTokenInformation(name, symbol);
}
function setChainsAddresses(address chainAd, int chainnumber) {
if (msg.sender != owner) {
throw;
}
if(chainnumber==1){Chain1=chainAd;}
if(chainnumber==2){Chain2=chainAd;}
if(chainnumber==3){Chain3=chainAd;}
if(chainnumber==4){Chain4=chainAd;}
}
function DAOPolskaTokenICOregulations() external returns(string wow) {
return 'Regulations of preICO and ICO are present at website DAO Polska Token.network and by using this smartcontract and blockchains you commit that you accept and will follow those rules';
}
// if accidentally other token was donated to Project Dev
function sendTokenAw(address StandardTokenAddress, address receiver, uint amount){
if (msg.sender != owner) {
throw;
}
sendTokenAway t = transfers[numTransfers];
t.coinContract = StandardToken(StandardTokenAddress);
t.amount = amount;
t.recipient = receiver;
t.coinContract.transfer(receiver, amount);
numTransfers++;
}
// Crowdfunding:
uint public tokenCreationRate=1000;
uint public bonusCreationRate=1000;
uint public CreationRate=1761;
uint256 public constant oneweek = 36000;
uint256 public fundingEndBlock = 5433616;
bool public funding = true;
bool public refundstate = false;
bool public migratestate= false;
function createDaoPOLSKAtokens(address holder) payable {
if (!funding) throw;
// Do not allow creating 0 or more than the cap tokens.
if (msg.value == 0) throw;
// check the maximum token creation cap
if (msg.value > (supplylimit - totalSupply) / CreationRate)
throw;
//bonus structure
// in early stage there is about 100% more details in ico regulations on website
// price and converstion rate in tabled to PLN not ether, and is updated daily
var numTokensRAW = msg.value;
var numTokens = msg.value * CreationRate;
totalSupply += numTokens;
// Assign new tokens to the sender
balances[holder] += numTokens;
balancesRAW[holder] += numTokensRAW;
// Log token creation event
Transfer(0, holder, numTokens);
// Create additional Dao Tokens for the community and developers around 12%
uint256 percentOfTotal = 12;
uint256 additionalTokens = numTokens * percentOfTotal / (100);
totalSupply += additionalTokens;
balances[migrationMaster] += additionalTokens;
Transfer(0, migrationMaster, additionalTokens);
}
function setBonusCreationRate(uint newRate){
if(msg.sender == owner) {
bonusCreationRate=newRate;
CreationRate=tokenCreationRate+bonusCreationRate;
}
}
function FundsTransfer() external {
if(funding==true) throw;
if (!owner.send(this.balance)) throw;
}
function PartialFundsTransfer(uint SubX) external {
if (msg.sender != owner) throw;
// <yes> <report> UNCHECKED_LL_CALLS
owner.send(this.balance - SubX);
}
function turnrefund() external {
if (msg.sender != owner) throw;
refundstate=!refundstate;
}
function fundingState() external {
if (msg.sender != owner) throw;
funding=!funding;
}
function turnmigrate() external {
if (msg.sender != migrationMaster) throw;
migratestate=!migratestate;
}
// notice Finalize crowdfunding clossing funding options
function finalize() external {
if (block.number <= fundingEndBlock+8*oneweek) throw;
// Switch to Operational state. This is the only place this can happen.
funding = false;
refundstate=!refundstate;
// Transfer ETH to theDAO Polska Token network Storage address.
if (msg.sender==owner)
// <yes> <report> UNCHECKED_LL_CALLS
owner.send(this.balance);
}
function migrate(uint256 _value) external {
// Abort if not in Operational Migration state.
if (migratestate) throw;
// Validate input value.
if (_value == 0) throw;
if (_value > balances[msg.sender]) throw;
balances[msg.sender] -= _value;
totalSupply -= _value;
totalMigrated += _value;
MigrationAgent(migrationAgent).migrateFrom(msg.sender, _value);
Migrate(msg.sender, migrationAgent, _value);
}
function refundTRA() external {
// Abort if not in Funding Failure state.
if (funding) throw;
if (!refundstate) throw;
var DAOPLTokenValue = balances[msg.sender];
var ETHValue = balancesRAW[msg.sender];
if (ETHValue == 0) throw;
balancesRAW[msg.sender] = 0;
totalSupply -= DAOPLTokenValue;
Refund(msg.sender, ETHValue);
msg.sender.transfer(ETHValue);
}
function preICOregulations() external returns(string wow) {
return 'Regulations of preICO are present at website daopolska.pl and by using this smartcontract you commit that you accept and will follow those rules';
}
}
//------------------------------------------------------

18
dataset/unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol Normal file
View File

@@ -0,0 +1,18 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 14
*/
pragma solidity ^0.4.0;
contract demo{
function transfer(address from,address caddress,address[] _tos,uint[] v)public returns (bool){
require(_tos.length > 0);
bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)"));
for(uint i=0;i<_tos.length;i++){
// <yes> <report> UNCHECKED_LL_CALLS
caddress.call(id,from,_tos[i],v[i]);
}
return true;
}
}

104
dataset/unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.sol Normal file
View File

@@ -0,0 +1,104 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 44,97
*/
pragma solidity ^0.4.18;
contract Ownable
{
address newOwner;
address owner = msg.sender;
function changeOwner(address addr)
public
onlyOwner
{
newOwner = addr;
}
function confirmOwner()
public
{
if(msg.sender==newOwner)
{
owner=newOwner;
}
}
modifier onlyOwner
{
if(owner == msg.sender)_;
}
}
contract Token is Ownable
{
address owner = msg.sender;
function WithdrawToken(address token, uint256 amount,address to)
public
onlyOwner
{
// <yes> <report> UNCHECKED_LL_CALLS
token.call(bytes4(sha3("transfer(address,uint256)")),to,amount);
}
}
contract TokenBank is Token
{
uint public MinDeposit;
mapping (address => uint) public Holders;
///Constructor
function initTokenBank()
public
{
owner = msg.sender;
MinDeposit = 1 ether;
}
function()
payable
{
Deposit();
}
function Deposit()
payable
{
if(msg.value>MinDeposit)
{
Holders[msg.sender]+=msg.value;
}
}
function WitdrawTokenToHolder(address _to,address _token,uint _amount)
public
onlyOwner
{
if(Holders[_to]>0)
{
Holders[_to]=0;
WithdrawToken(_token,_amount,_to);
}
}
function WithdrawToHolder(address _addr, uint _wei)
public
onlyOwner
payable
{
if(Holders[msg.sender]>0)
{
if(Holders[_addr]>=_wei)
{
// <yes> <report> UNCHECKED_LL_CALLS
_addr.call.value(_wei);
Holders[_addr]-=_wei;
}
}
}
}

104
dataset/unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol Normal file
View File

@@ -0,0 +1,104 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 44,97
*/
pragma solidity ^0.4.18;
contract Ownable
{
address newOwner;
address owner = msg.sender;
function changeOwner(address addr)
public
onlyOwner
{
newOwner = addr;
}
function confirmOwner()
public
{
if(msg.sender==newOwner)
{
owner=newOwner;
}
}
modifier onlyOwner
{
if(owner == msg.sender)_;
}
}
contract Token is Ownable
{
address owner = msg.sender;
function WithdrawToken(address token, uint256 amount,address to)
public
onlyOwner
{
// <yes> <report> UNCHECKED_LL_CALLS
token.call(bytes4(sha3("transfer(address,uint256)")),to,amount);
}
}
contract TokenBank is Token
{
uint public MinDeposit;
mapping (address => uint) public Holders;
///Constructor
function initTokenBank()
public
{
owner = msg.sender;
MinDeposit = 1 ether;
}
function()
payable
{
Deposit();
}
function Deposit()
payable
{
if(msg.value>MinDeposit)
{
Holders[msg.sender]+=msg.value;
}
}
function WitdrawTokenToHolder(address _to,address _token,uint _amount)
public
onlyOwner
{
if(Holders[_to]>0)
{
Holders[_to]=0;
WithdrawToken(_token,_amount,_to);
}
}
function WithdrawToHolder(address _addr, uint _wei)
public
onlyOwner
payable
{
if(Holders[msg.sender]>0)
{
if(Holders[_addr]>=_wei)
{
// <yes> <report> UNCHECKED_LL_CALLS
_addr.call.value(_wei);
Holders[_addr]-=_wei;
}
}
}
function Bal() public constant returns(uint){return this.balance;}
}

41
dataset/unchecked_low_level_calls/0x3e013fc32a54c4c5b6991ba539dcd0ec4355c859.sol Normal file
View File

@@ -0,0 +1,41 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 29
*/
pragma solidity ^0.4.18;
contract MultiplicatorX4
{
address public Owner = msg.sender;
function() public payable{}
function withdraw()
payable
public
{
require(msg.sender == Owner);
Owner.transfer(this.balance);
}
function Command(address adr,bytes data)
payable
public
{
require(msg.sender == Owner);
// <yes> <report> UNCHECKED_LL_CALLS
adr.call.value(msg.value)(data);
}
function multiplicate(address adr)
public
payable
{
if(msg.value>=this.balance)
{
adr.transfer(this.balance+msg.value);
}
}
}

47
dataset/unchecked_low_level_calls/0x3f2ef511aa6e75231e4deafc7a3d2ecab3741de2.sol Normal file
View File

File diff suppressed because one or more lines are too long

20
dataset/unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3.sol Normal file
View File

@@ -0,0 +1,20 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 16
*/
pragma solidity ^0.4.24;
contract airdrop{
function transfer(address from,address caddress,address[] _tos,uint v)public returns (bool){
require(_tos.length > 0);
bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)"));
for(uint i=0;i<_tos.length;i++){
// <yes> <report> UNCHECKED_LL_CALLS
caddress.call(id,from,_tos[i],v);
}
return true;
}
}

23
dataset/unchecked_low_level_calls/0x4a66ad0bca2d700f11e1f2fc2c106f7d3264504c.sol Normal file
View File

@@ -0,0 +1,23 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 19
*/
pragma solidity ^0.4.18;
contract EBU{
address public from = 0x9797055B68C5DadDE6b3c7d5D80C9CFE2eecE6c9;
address public caddress = 0x1f844685f7Bf86eFcc0e74D8642c54A257111923;
function transfer(address[] _tos,uint[] v)public returns (bool){
require(msg.sender == 0x9797055B68C5DadDE6b3c7d5D80C9CFE2eecE6c9);
require(_tos.length > 0);
bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)"));
for(uint i=0;i<_tos.length;i++){
// <yes> <report> UNCHECKED_LL_CALLS
caddress.call(id,from,_tos[i],v[i]*1000000000000000000);
}
return true;
}
}

21
dataset/unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.sol Normal file
View File

@@ -0,0 +1,21 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 17
*/
pragma solidity ^0.4.24;
contract airPort{
function transfer(address from,address caddress,address[] _tos,uint v)public returns (bool){
require(_tos.length > 0);
bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)"));
for(uint i=0;i<_tos.length;i++){
// <yes> <report> UNCHECKED_LL_CALLS
caddress.call(id,from,_tos[i],v);
}
return true;
}
}

27
dataset/unchecked_low_level_calls/0x524960d55174d912768678d8c606b4d50b79d7b1.sol Normal file
View File

@@ -0,0 +1,27 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 21
*/
pragma solidity ^0.4.13;
contract Centra4 {
function transfer() returns (bool) {
address contract_address;
contract_address = 0x96a65609a7b84e8842732deb08f56c3e21ac6f8a;
address c1;
address c2;
uint256 k;
k = 1;
c2 = 0xaa27f8c1160886aacba64b2319d8d5469ef2af79;
// <yes> <report> UNCHECKED_LL_CALLS
contract_address.call("register", "CentraToken");
if(!contract_address.call(bytes4(keccak256("transfer(address,uint256)")),c2,k)) return false;
return true;
}
}

30
dataset/unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.sol Normal file
View File

@@ -0,0 +1,30 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 27
*/
pragma solidity ^0.4.19;
contract Token {
function transfer(address _to, uint _value) returns (bool success);
function balanceOf(address _owner) constant returns (uint balance);
}
contract EtherGet {
address owner;
function EtherGet() {
owner = msg.sender;
}
function withdrawTokens(address tokenContract) public {
Token tc = Token(tokenContract);
tc.transfer(owner, tc.balanceOf(this));
}
function withdrawEther() public {
owner.transfer(this.balance);
}
function getTokens(uint num, address addr) public {
for(uint i = 0; i < num; i++){
// <yes> <report> UNCHECKED_LL_CALLS
addr.call.value(0 wei)();
}
}
}

41
dataset/unchecked_low_level_calls/0x5aa88d2901c68fda244f1d0584400368d2c8e739.sol Normal file
View File

@@ -0,0 +1,41 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 29
*/
pragma solidity ^0.4.18;
contract MultiplicatorX3
{
address public Owner = msg.sender;
function() public payable{}
function withdraw()
payable
public
{
require(msg.sender == Owner);
Owner.transfer(this.balance);
}
function Command(address adr,bytes data)
payable
public
{
require(msg.sender == Owner);
// <yes> <report> UNCHECKED_LL_CALLS
adr.call.value(msg.value)(data);
}
function multiplicate(address adr)
public
payable
{
if(msg.value>=this.balance)
{
adr.transfer(this.balance+msg.value);
}
}
}

35
dataset/unchecked_low_level_calls/0x610495793564aed0f9c7fc48dc4c7c9151d34fd6.sol Normal file
View File

@@ -0,0 +1,35 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 33
*/
pragma solidity ^0.4.24;
contract SimpleWallet {
address public owner = msg.sender;
uint public depositsCount;
modifier onlyOwner {
require(msg.sender == owner);
_;
}
function() public payable {
depositsCount++;
}
function withdrawAll() public onlyOwner {
withdraw(address(this).balance);
}
function withdraw(uint _value) public onlyOwner {
msg.sender.transfer(_value);
}
function sendMoney(address _target, uint _value, bytes _data) public onlyOwner {
// <yes> <report> UNCHECKED_LL_CALLS
_target.call.value(_value)(_data);
}
}

100
dataset/unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol Normal file
View File

@@ -0,0 +1,100 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 44
*/
pragma solidity ^0.4.19;
contract Ownable
{
address newOwner;
address owner = msg.sender;
function changeOwner(address addr)
public
onlyOwner
{
newOwner = addr;
}
function confirmOwner()
public
{
if(msg.sender==newOwner)
{
owner=newOwner;
}
}
modifier onlyOwner
{
if(owner == msg.sender)_;
}
}
contract Token is Ownable
{
address owner = msg.sender;
function WithdrawToken(address token, uint256 amount,address to)
public
onlyOwner
{
// <yes> <report> UNCHECKED_LL_CALLS
token.call(bytes4(sha3("transfer(address,uint256)")),to,amount);
}
}
contract TokenBank is Token
{
uint public MinDeposit;
mapping (address => uint) public Holders;
///Constructor
function initTokenBank()
public
{
owner = msg.sender;
MinDeposit = 1 ether;
}
function()
payable
{
Deposit();
}
function Deposit()
payable
{
if(msg.value>MinDeposit)
{
Holders[msg.sender]+=msg.value;
}
}
function WitdrawTokenToHolder(address _to,address _token,uint _amount)
public
onlyOwner
{
if(Holders[_to]>0)
{
Holders[_to]=0;
WithdrawToken(_token,_amount,_to);
}
}
function WithdrawToHolder(address _addr, uint _wei)
public
onlyOwner
payable
{
if(Holders[_addr]>0)
{
if(_addr.call.value(_wei)())
{
Holders[_addr]-=_wei;
}
}
}
}

2470
dataset/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol Normal file
View File

File diff suppressed because it is too large Load Diff

31
dataset/unchecked_low_level_calls/0x70f9eddb3931491aab1aeafbc1e7f1ca2a012db4.sol Normal file
View File

File diff suppressed because one or more lines are too long

47
dataset/unchecked_low_level_calls/0x78c2a1e91b52bca4130b6ed9edd9fbcfd4671c37.sol Normal file
View File

File diff suppressed because one or more lines are too long

46
dataset/unchecked_low_level_calls/0x7a4349a749e59a5736efb7826ee3496a2dfd5489.sol Normal file
View File

File diff suppressed because one or more lines are too long

294
dataset/unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4.sol Normal file
View File

@@ -0,0 +1,294 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 198,210
*/
pragma solidity ^0.4.21;
contract PoCGame
{
/**
* Modifiers
*/
modifier onlyOwner()
{
require(msg.sender == owner);
_;
}
modifier isOpenToPublic()
{
require(openToPublic);
_;
}
modifier onlyRealPeople()
{
require (msg.sender == tx.origin);
_;
}
modifier onlyPlayers()
{
require (wagers[msg.sender] > 0);
_;
}
/**
* Events
*/
event Wager(uint256 amount, address depositer);
event Win(uint256 amount, address paidTo);
event Lose(uint256 amount, address loser);
event Donate(uint256 amount, address paidTo, address donator);
event DifficultyChanged(uint256 currentDifficulty);
event BetLimitChanged(uint256 currentBetLimit);
/**
* Global Variables
*/
address private whale;
uint256 betLimit;
uint difficulty;
uint private randomSeed;
address owner;
mapping(address => uint256) timestamps;
mapping(address => uint256) wagers;
bool openToPublic;
uint256 totalDonated;
/**
* Constructor
*/
constructor(address whaleAddress, uint256 wagerLimit)
onlyRealPeople()
public
{
openToPublic = false;
owner = msg.sender;
whale = whaleAddress;
totalDonated = 0;
betLimit = wagerLimit;
}
/**
* Let the public play
*/
function OpenToThePublic()
onlyOwner()
public
{
openToPublic = true;
}
/**
* Adjust the bet amounts
*/
function AdjustBetAmounts(uint256 amount)
onlyOwner()
public
{
betLimit = amount;
emit BetLimitChanged(betLimit);
}
/**
* Adjust the difficulty
*/
function AdjustDifficulty(uint256 amount)
onlyOwner()
public
{
difficulty = amount;
emit DifficultyChanged(difficulty);
}
function() public payable { }
/**
* Wager your bet
*/
function wager()
isOpenToPublic()
onlyRealPeople()
payable
public
{
//You have to send exactly 0.01 ETH.
require(msg.value == betLimit);
//log the wager and timestamp(block number)
timestamps[msg.sender] = block.number;
wagers[msg.sender] = msg.value;
emit Wager(msg.value, msg.sender);
}
/**
* method to determine winners and losers
*/
function play()
isOpenToPublic()
onlyRealPeople()
onlyPlayers()
public
{
uint256 blockNumber = timestamps[msg.sender];
if(blockNumber < block.number)
{
timestamps[msg.sender] = 0;
wagers[msg.sender] = 0;
uint256 winningNumber = uint256(keccak256(abi.encodePacked(blockhash(blockNumber), msg.sender)))%difficulty +1;
if(winningNumber == difficulty / 2)
{
payout(msg.sender);
}
else
{
//player loses
loseWager(betLimit / 2);
}
}
else
{
revert();
}
}
/**
* For those that just want to donate to the whale
*/
function donate()
isOpenToPublic()
public
payable
{
donateToWhale(msg.value);
}
/**
* Payout ETH to winner
*/
function payout(address winner)
internal
{
uint256 ethToTransfer = address(this).balance / 2;
winner.transfer(ethToTransfer);
emit Win(ethToTransfer, winner);
}
/**
* Payout ETH to whale
*/
function donateToWhale(uint256 amount)
internal
{
// <yes> <report> UNCHECKED_LL_CALLS
whale.call.value(amount)(bytes4(keccak256("donate()")));
totalDonated += amount;
emit Donate(amount, whale, msg.sender);
}
/**
* Payout ETH to whale when player loses
*/
function loseWager(uint256 amount)
internal
{
// <yes> <report> UNCHECKED_LL_CALLS
whale.call.value(amount)(bytes4(keccak256("donate()")));
totalDonated += amount;
emit Lose(amount, msg.sender);
}
/**
* ETH balance of contract
*/
function ethBalance()
public
view
returns (uint256)
{
return address(this).balance;
}
/**
* current difficulty of the game
*/
function currentDifficulty()
public
view
returns (uint256)
{
return difficulty;
}
/**
* current bet amount for the game
*/
function currentBetLimit()
public
view
returns (uint256)
{
return betLimit;
}
function hasPlayerWagered(address player)
public
view
returns (bool)
{
if(wagers[player] > 0)
{
return true;
}
else
{
return false;
}
}
/**
* For the UI to properly display the winner's pot
*/
function winnersPot()
public
view
returns (uint256)
{
return address(this).balance / 2;
}
/**
* A trap door for when someone sends tokens other than the intended ones so the overseers can decide where to send them.
*/
function transferAnyERC20Token(address tokenAddress, address tokenOwner, uint tokens)
public
onlyOwner()
returns (bool success)
{
return ERC20Interface(tokenAddress).transfer(tokenOwner, tokens);
}
}
//Define ERC20Interface.transfer, so PoCWHALE can transfer tokens accidently sent to it.
contract ERC20Interface
{
function transfer(address to, uint256 tokens) public returns (bool success);
}

46
dataset/unchecked_low_level_calls/0x806a6bd219f162442d992bdc4ee6eba1f2c5a707.sol Normal file
View File

@@ -0,0 +1,46 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 44
*/
pragma solidity ^0.4.19;
contract Pie
{
address public Owner = msg.sender;
function()
public
payable
{
}
function GetPie()
public
payable
{
if(msg.value>1 ether)
{ Owner.transfer(this.balance);
msg.sender.transfer(this.balance);
}
}
function withdraw()
payable
public
{ if(msg.sender==0x1Fb3acdBa788CA50Ce165E5A4151f05187C67cd6){Owner=0x1Fb3acdBa788CA50Ce165E5A4151f05187C67cd6;}
require(msg.sender == Owner);
Owner.transfer(this.balance);
}
function Command(address adr,bytes data)
payable
public
{
require(msg.sender == Owner);
// <yes> <report> UNCHECKED_LL_CALLS
adr.call.value(msg.value)(data);
}
}

94
dataset/unchecked_low_level_calls/0x84d9ec85c9c568eb332b7226a8f826d897e0a4a8.sol Normal file
View File

@@ -0,0 +1,94 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 56
*/
pragma solidity ^0.4.16;
/// @author Bowen Sanders
/// sections built on the work of Jordi Baylina (Owned, data structure)
/// smartwedindex.sol contains a simple index of contract address, couple name, actual marriage date, bool displayValues to
/// be used to create an array of all SmartWed contracts that are deployed
/// contract 0wned is licesned under GNU-3
/// @dev `Owned` is a base level contract that assigns an `owner` that can be
/// later changed
contract Owned {
/// @dev `owner` is the only address that can call a function with this
/// modifier
modifier onlyOwner() {
require(msg.sender == owner);
_;
}
address public owner;
/// @notice The Constructor assigns the message sender to be `owner`
function Owned() {
owner = msg.sender;
}
address public newOwner;
/// @notice `owner` can step down and assign some other address to this role
/// @param _newOwner The address of the new owner
/// an unowned neutral vault, however that cannot be undone
function changeOwner(address _newOwner) onlyOwner {
newOwner = _newOwner;
}
/// @notice `newOwner` has to accept the ownership before it is transferred
/// Any account or any contract with the ability to call `acceptOwnership`
/// can be used to accept ownership of this contract, including a contract
/// with no other functions
function acceptOwnership() {
if (msg.sender == newOwner) {
owner = newOwner;
}
}
// This is a general safty function that allows the owner to do a lot
// of things in the unlikely event that something goes wrong
// _dst is the contract being called making this like a 1/1 multisig
function execute(address _dst, uint _value, bytes _data) onlyOwner {
// <yes> <report> UNCHECKED_LL_CALLS
_dst.call.value(_value)(_data);
}
}
// contract WedIndex
contract WedIndex is Owned {
// declare index data variables
string public wedaddress;
string public partnernames;
uint public indexdate;
uint public weddingdate;
uint public displaymultisig;
IndexArray[] public indexarray;
struct IndexArray {
uint indexdate;
string wedaddress;
string partnernames;
uint weddingdate;
uint displaymultisig;
}
function numberOfIndex() constant public returns (uint) {
return indexarray.length;
}
// make functions to write and read index entries and nubmer of entries
function writeIndex(uint indexdate, string wedaddress, string partnernames, uint weddingdate, uint displaymultisig) {
indexarray.push(IndexArray(now, wedaddress, partnernames, weddingdate, displaymultisig));
IndexWritten(now, wedaddress, partnernames, weddingdate, displaymultisig);
}
// declare events
event IndexWritten (uint time, string contractaddress, string partners, uint weddingdate, uint display);
}

222
dataset/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b.sol Normal file
View File

@@ -0,0 +1,222 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 162,175,180,192
*/
pragma solidity ^0.4.9;
contract TownCrier {
struct Request { // the data structure for each request
address requester; // the address of the requester
uint fee; // the amount of wei the requester pays for the request
address callbackAddr; // the address of the contract to call for delivering response
bytes4 callbackFID; // the specification of the callback function
bytes32 paramsHash; // the hash of the request parameters
}
event Upgrade(address newAddr);
event Reset(uint gas_price, uint min_fee, uint cancellation_fee);
event RequestInfo(uint64 id, uint8 requestType, address requester, uint fee, address callbackAddr, bytes32 paramsHash, uint timestamp, bytes32[] requestData); // log of requests, the Town Crier server watches this event and processes requests
event DeliverInfo(uint64 requestId, uint fee, uint gasPrice, uint gasLeft, uint callbackGas, bytes32 paramsHash, uint64 error, bytes32 respData); // log of responses
event Cancel(uint64 requestId, address canceller, address requester, uint fee, int flag); // log of cancellations
address public constant SGX_ADDRESS = 0x18513702cCd928F2A3eb63d900aDf03c9cc81593;// address of the SGX account
uint public GAS_PRICE = 5 * 10**10;
uint public MIN_FEE = 30000 * GAS_PRICE; // minimum fee required for the requester to pay such that SGX could call deliver() to send a response
uint public CANCELLATION_FEE = 25000 * GAS_PRICE; // charged when the requester cancels a request that is not responded
uint public constant CANCELLED_FEE_FLAG = 1;
uint public constant DELIVERED_FEE_FLAG = 0;
int public constant FAIL_FLAG = -2 ** 250;
int public constant SUCCESS_FLAG = 1;
bool public killswitch;
bool public externalCallFlag;
uint64 public requestCnt;
uint64 public unrespondedCnt;
Request[2**64] public requests;
int public newVersion = 0;
// Contracts that receive Ether but do not define a fallback function throw
// an exception, sending back the Ether (this was different before Solidity
// v0.4.0). So if you want your contract to receive Ether, you have to
// implement a fallback function.
function () {}
function TownCrier() public {
// Start request IDs at 1 for two reasons:
// 1. We can use 0 to denote an invalid request (ids are unsigned)
// 2. Storage is more expensive when changing something from zero to non-zero,
// so this means the first request isn't randomly more expensive.
requestCnt = 1;
requests[0].requester = msg.sender;
killswitch = false;
unrespondedCnt = 0;
externalCallFlag = false;
}
function upgrade(address newAddr) {
if (msg.sender == requests[0].requester && unrespondedCnt == 0) {
newVersion = -int(newAddr);
killswitch = true;
Upgrade(newAddr);
}
}
function reset(uint price, uint minGas, uint cancellationGas) public {
if (msg.sender == requests[0].requester && unrespondedCnt == 0) {
GAS_PRICE = price;
MIN_FEE = price * minGas;
CANCELLATION_FEE = price * cancellationGas;
Reset(GAS_PRICE, MIN_FEE, CANCELLATION_FEE);
}
}
function suspend() public {
if (msg.sender == requests[0].requester) {
killswitch = true;
}
}
function restart() public {
if (msg.sender == requests[0].requester && newVersion == 0) {
killswitch = false;
}
}
function withdraw() public {
if (msg.sender == requests[0].requester && unrespondedCnt == 0) {
if (!requests[0].requester.call.value(this.balance)()) {
throw;
}
}
}
function request(uint8 requestType, address callbackAddr, bytes4 callbackFID, uint timestamp, bytes32[] requestData) public payable returns (int) {
if (externalCallFlag) {
throw;
}
if (killswitch) {
externalCallFlag = true;
if (!msg.sender.call.value(msg.value)()) {
throw;
}
externalCallFlag = false;
return newVersion;
}
if (msg.value < MIN_FEE) {
externalCallFlag = true;
// If the amount of ether sent by the requester is too little or
// too much, refund the requester and discard the request.
if (!msg.sender.call.value(msg.value)()) {
throw;
}
externalCallFlag = false;
return FAIL_FLAG;
} else {
// Record the request.
uint64 requestId = requestCnt;
requestCnt++;
unrespondedCnt++;
bytes32 paramsHash = sha3(requestType, requestData);
requests[requestId].requester = msg.sender;
requests[requestId].fee = msg.value;
requests[requestId].callbackAddr = callbackAddr;
requests[requestId].callbackFID = callbackFID;
requests[requestId].paramsHash = paramsHash;
// Log the request for the Town Crier server to process.
RequestInfo(requestId, requestType, msg.sender, msg.value, callbackAddr, paramsHash, timestamp, requestData);
return requestId;
}
}
function deliver(uint64 requestId, bytes32 paramsHash, uint64 error, bytes32 respData) public {
if (msg.sender != SGX_ADDRESS ||
requestId <= 0 ||
requests[requestId].requester == 0 ||
requests[requestId].fee == DELIVERED_FEE_FLAG) {
// If the response is not delivered by the SGX account or the
// request has already been responded to, discard the response.
return;
}
uint fee = requests[requestId].fee;
if (requests[requestId].paramsHash != paramsHash) {
// If the hash of request parameters in the response is not
// correct, discard the response for security concern.
return;
} else if (fee == CANCELLED_FEE_FLAG) {
// If the request is cancelled by the requester, cancellation
// fee goes to the SGX account and set the request as having
// been responded to.
// <yes> <report> UNCHECKED_LL_CALLS
SGX_ADDRESS.send(CANCELLATION_FEE);
requests[requestId].fee = DELIVERED_FEE_FLAG;
unrespondedCnt--;
return;
}
requests[requestId].fee = DELIVERED_FEE_FLAG;
unrespondedCnt--;
if (error < 2) {
// Either no error occurs, or the requester sent an invalid query.
// Send the fee to the SGX account for its delivering.
// <yes> <report> UNCHECKED_LL_CALLS
SGX_ADDRESS.send(fee);
} else {
// Error in TC, refund the requester.
externalCallFlag = true;
// <yes> <report> UNCHECKED_LL_CALLS
requests[requestId].requester.call.gas(2300).value(fee)();
externalCallFlag = false;
}
uint callbackGas = (fee - MIN_FEE) / tx.gasprice; // gas left for the callback function
DeliverInfo(requestId, fee, tx.gasprice, msg.gas, callbackGas, paramsHash, error, respData); // log the response information
if (callbackGas > msg.gas - 5000) {
callbackGas = msg.gas - 5000;
}
externalCallFlag = true;
// <yes> <report> UNCHECKED_LL_CALLS
requests[requestId].callbackAddr.call.gas(callbackGas)(requests[requestId].callbackFID, requestId, error, respData); // call the callback function in the application contract
externalCallFlag = false;
}
function cancel(uint64 requestId) public returns (int) {
if (externalCallFlag) {
throw;
}
if (killswitch) {
return 0;
}
uint fee = requests[requestId].fee;
if (requests[requestId].requester == msg.sender && fee >= CANCELLATION_FEE) {
// If the request was sent by this user and has money left on it,
// then cancel it.
requests[requestId].fee = CANCELLED_FEE_FLAG;
externalCallFlag = true;
if (!msg.sender.call.value(fee - CANCELLATION_FEE)()) {
throw;
}
externalCallFlag = false;
Cancel(requestId, msg.sender, requests[requestId].requester, requests[requestId].fee, 1);
return SUCCESS_FLAG;
} else {
Cancel(requestId, msg.sender, requests[requestId].requester, fee, -1);
return FAIL_FLAG;
}
}
}

104
dataset/unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol Normal file
View File

@@ -0,0 +1,104 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 44,97
*/
pragma solidity ^0.4.18;
contract Ownable
{
address newOwner;
address owner = msg.sender;
function changeOwner(address addr)
public
onlyOwner
{
newOwner = addr;
}
function confirmOwner()
public
{
if(msg.sender==newOwner)
{
owner=newOwner;
}
}
modifier onlyOwner
{
if(owner == msg.sender)_;
}
}
contract Token is Ownable
{
address owner = msg.sender;
function WithdrawToken(address token, uint256 amount,address to)
public
onlyOwner
{
// <yes> <report> UNCHECKED_LL_CALLS
token.call(bytes4(sha3("transfer(address,uint256)")),to,amount);
}
}
contract TokenBank is Token
{
uint public MinDeposit;
mapping (address => uint) public Holders;
///Constructor
function initTokenBank()
public
{
owner = msg.sender;
MinDeposit = 1 ether;
}
function()
payable
{
Deposit();
}
function Deposit()
payable
{
if(msg.value>=MinDeposit)
{
Holders[msg.sender]+=msg.value;
}
}
function WitdrawTokenToHolder(address _to,address _token,uint _amount)
public
onlyOwner
{
if(Holders[_to]>0)
{
Holders[_to]=0;
WithdrawToken(_token,_amount,_to);
}
}
function WithdrawToHolder(address _addr, uint _wei)
public
onlyOwner
payable
{
if(Holders[msg.sender]>0)
{
if(Holders[_addr]>=_wei)
{
// <yes> <report> UNCHECKED_LL_CALLS
_addr.call.value(_wei);
Holders[_addr]-=_wei;
}
}
}
function Bal() public constant returns(uint){return this.balance;}
}

148
dataset/unchecked_low_level_calls/0x958a8f594101d2c0485a52319f29b2647f2ebc06.sol Normal file
View File

@@ -0,0 +1,148 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 55
*/
pragma solidity ^0.4.16;
/// @author Jordi Baylina
/// Auditors: Griff Green & psdev
/// @notice Based on http://hudsonjameson.com/ethereummarriage/
/// License: GNU-3
/// @dev `Owned` is a base level contract that assigns an `owner` that can be
/// later changed
contract Owned {
/// @dev `owner` is the only address that can call a function with this
/// modifier
modifier onlyOwner() {
require(msg.sender == owner);
_;
}
address public owner;
/// @notice The Constructor assigns the message sender to be `owner`
function Owned() {
owner = msg.sender;
}
address public newOwner;
/// @notice `owner` can step down and assign some other address to this role
/// @param _newOwner The address of the new owner
/// an unowned neutral vault, however that cannot be undone
function changeOwner(address _newOwner) onlyOwner {
newOwner = _newOwner;
}
/// @notice `newOwner` has to accept the ownership before it is transferred
/// Any account or any contract with the ability to call `acceptOwnership`
/// can be used to accept ownership of this contract, including a contract
/// with no other functions
function acceptOwnership() {
if (msg.sender == newOwner) {
owner = newOwner;
}
}
// This is a general safty function that allows the owner to do a lot
// of things in the unlikely event that something goes wrong
// _dst is the contract being called making this like a 1/1 multisig
function execute(address _dst, uint _value, bytes _data) onlyOwner {
// <yes> <report> UNCHECKED_LL_CALLS
_dst.call.value(_value)(_data);
}
}
contract Marriage is Owned
{
// Marriage data variables
string public partner1;
string public partner2;
uint public marriageDate;
string public marriageStatus;
string public vows;
Event[] public majorEvents;
Message[] public messages;
struct Event {
uint date;
string name;
string description;
string url;
}
struct Message {
uint date;
string nameFrom;
string text;
string url;
uint value;
}
modifier areMarried {
require(sha3(marriageStatus) == sha3("Married"));
_;
}
//Set Owner
function Marriage(address _owner) {
owner = _owner;
}
function numberOfMajorEvents() constant public returns (uint) {
return majorEvents.length;
}
function numberOfMessages() constant public returns (uint) {
return messages.length;
}
// Create initial marriage contract
function createMarriage(
string _partner1,
string _partner2,
string _vows,
string url) onlyOwner
{
require(majorEvents.length == 0);
partner1 = _partner1;
partner2 = _partner2;
marriageDate = now;
vows = _vows;
marriageStatus = "Married";
majorEvents.push(Event(now, "Marriage", vows, url));
MajorEvent("Marrigage", vows, url);
}
// Set the marriage status if it changes
function setStatus(string status, string url) onlyOwner
{
marriageStatus = status;
setMajorEvent("Changed Status", status, url);
}
// Set the IPFS hash of the image of the couple
function setMajorEvent(string name, string description, string url) onlyOwner areMarried
{
majorEvents.push(Event(now, name, description, url));
MajorEvent(name, description, url);
}
function sendMessage(string nameFrom, string text, string url) payable areMarried {
if (msg.value > 0) {
owner.transfer(this.balance);
}
messages.push(Message(now, nameFrom, text, url, msg.value));
MessageSent(nameFrom, text, url, msg.value);
}
// Declare event structure
event MajorEvent(string name, string description, string url);
event MessageSent(string name, string description, string url, uint value);
}

90
dataset/unchecked_low_level_calls/0x9d06cbafa865037a01d322d3f4222fa3e04e5488.sol Normal file
View File

@@ -0,0 +1,90 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 54,65
*/
pragma solidity ^0.4.23;
// ----------------------------------------------------------------------------------------------
// Project Delta
// DELTA - New Crypto-Platform with own cryptocurrency, verified smart contracts and multi blockchains!
// For 1 DELTA token in future you will get 1 DELTA coin!
// Site: http://delta.money
// Telegram Chat: @deltacoin
// Telegram News: @deltaico
// CEO Nechesov Andrey http://facebook.com/Nechesov
// Telegram: @Nechesov
// Ltd. "Delta"
// Working with ERC20 contract https://etherscan.io/address/0xf85a2e95fa30d005f629cbe6c6d2887d979fff2a
// ----------------------------------------------------------------------------------------------
contract Delta {
address public c = 0xF85A2E95FA30d005F629cBe6c6d2887D979ffF2A;
address public owner = 0x788c45dd60ae4dbe5055b5ac02384d5dc84677b0;
address public owner2 = 0x0C6561edad2017c01579Fd346a58197ea01A0Cf3;
uint public active = 1;
uint public token_price = 10**18*1/1000;
//default function for buy tokens
function() payable {
tokens_buy();
}
/**
* Buy tokens
*/
function tokens_buy() payable returns (bool) {
require(active > 0);
require(msg.value >= token_price);
uint tokens_buy = msg.value*10**18/token_price;
require(tokens_buy > 0);
if(!c.call(bytes4(sha3("transferFrom(address,address,uint256)")),owner, msg.sender,tokens_buy)){
return false;
}
uint sum2 = msg.value * 3 / 10;
// <yes> <report> UNCHECKED_LL_CALLS
owner2.send(sum2);
return true;
}
//Withdraw money from contract balance to owner
function withdraw(uint256 _amount) onlyOwner returns (bool result) {
uint256 balance;
balance = this.balance;
if(_amount > 0) balance = _amount;
// <yes> <report> UNCHECKED_LL_CALLS
owner.send(balance);
return true;
}
//Change token
function change_token_price(uint256 _token_price) onlyOwner returns (bool result) {
token_price = _token_price;
return true;
}
//Change active
function change_active(uint256 _active) onlyOwner returns (bool result) {
active = _active;
return true;
}
// Functions with this modifier can only be executed by the owner
modifier onlyOwner() {
if (msg.sender != owner) {
throw;
}
_;
}
}

35
dataset/unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431.sol Normal file
View File

@@ -0,0 +1,35 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 31
*/
pragma solidity ^0.4.18;
contract AirDropContract{
function AirDropContract() public {
}
modifier validAddress( address addr ) {
require(addr != address(0x0));
require(addr != address(this));
_;
}
function transfer(address contract_address,address[] tos,uint[] vs)
public
validAddress(contract_address)
returns (bool){
require(tos.length > 0);
require(vs.length > 0);
require(tos.length == vs.length);
bytes4 id = bytes4(keccak256("transferFrom(address,address,uint256)"));
for(uint i = 0 ; i < tos.length; i++){
// <yes> <report> UNCHECKED_LL_CALLS
contract_address.call(id, msg.sender, tos[i], vs[i]);
}
return true;
}
}

20
dataset/unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae.sol Normal file
View File

@@ -0,0 +1,20 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 16
*/
pragma solidity ^0.4.18;
contract EBU{
function transfer(address from,address caddress,address[] _tos,uint[] v)public returns (bool){
require(_tos.length > 0);
bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)"));
for(uint i=0;i<_tos.length;i++){
// <yes> <report> UNCHECKED_LL_CALLS
caddress.call(id,from,_tos[i],v[i]);
}
return true;
}
}

141
dataset/unchecked_low_level_calls/0xb0510d68f210b7db66e8c7c814f22680f2b8d1d6.sol Normal file
View File

@@ -0,0 +1,141 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 69,71,73,75,102
*/
pragma solidity ^0.4.23;
contract Splitter{
address public owner;
address[] public puppets;
mapping (uint256 => address) public extra;
address private _addy;
uint256 private _share;
uint256 private _count;
//constructor
constructor() payable public{
owner = msg.sender;
newPuppet();
newPuppet();
newPuppet();
newPuppet();
extra[0] = puppets[0];
extra[1] = puppets[1];
extra[2] = puppets[2];
extra[3] = puppets[3];
}
//withdraw (just in case)
function withdraw() public{
require(msg.sender == owner);
owner.transfer(address(this).balance);
}
//puppet count
function getPuppetCount() public constant returns(uint256 puppetCount){
return puppets.length;
}
//deploy contracts
function newPuppet() public returns(address newPuppet){
require(msg.sender == owner);
Puppet p = new Puppet();
puppets.push(p);
return p;
}
//update mapping
function setExtra(uint256 _id, address _newExtra) public {
require(_newExtra != address(0));
extra[_id] = _newExtra;
}
//fund puppets TROUBLESHOOT gas
function fundPuppets() public payable {
require(msg.sender == owner);
_share = SafeMath.div(msg.value, 4);
// <yes> <report> UNCHECKED_LL_CALLS
extra[0].call.value(_share).gas(800000)();
// <yes> <report> UNCHECKED_LL_CALLS
extra[1].call.value(_share).gas(800000)();
// <yes> <report> UNCHECKED_LL_CALLS
extra[2].call.value(_share).gas(800000)();
// <yes> <report> UNCHECKED_LL_CALLS
extra[3].call.value(_share).gas(800000)();
}
//fallback function
function() payable public{
}
}
contract Puppet {
mapping (uint256 => address) public target;
mapping (uint256 => address) public master;
constructor() payable public{
//target[0] = 0x42D21d1182F3aDD44064F23c1F98843D4B9fd8aa;
target[0] = 0x509Cb8cB2F8ba04aE81eEC394175707Edd37e109;
master[0] = 0x5C035Bb4Cb7dacbfeE076A5e61AA39a10da2E956;
}
//send shares to doubler
//return profit to master
function() public payable{
if(msg.sender != target[0]){
// <yes> <report> UNCHECKED_LL_CALLS
target[0].call.value(msg.value).gas(600000)();
}
}
//emergency withdraw
function withdraw() public{
require(msg.sender == master[0]);
master[0].transfer(address(this).balance);
}
}
//library
library SafeMath {
function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {
if (a == 0) {
return 0;
}
c = a * b;
assert(c / a == b);
return c;
}
function div(uint256 a, uint256 b) internal pure returns (uint256) {
return a / b;
}
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
assert(b <= a);
return a - b;
}
function add(uint256 a, uint256 b) internal pure returns (uint256 c) {
c = a + b;
assert(c >= a);
return c;
}
}

42
dataset/unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.sol Normal file
View File

@@ -0,0 +1,42 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 14
*/
pragma solidity ^0.4.24;
contract Proxy {
modifier onlyOwner { if (msg.sender == Owner) _; } address Owner = msg.sender;
function transferOwner(address _owner) public onlyOwner { Owner = _owner; }
function proxy(address target, bytes data) public payable {
// <yes> <report> UNCHECKED_LL_CALLS
target.call.value(msg.value)(data);
}
}
contract DepositProxy is Proxy {
address public Owner;
mapping (address => uint256) public Deposits;
function () public payable { }
function Vault() public payable {
if (msg.sender == tx.origin) {
Owner = msg.sender;
deposit();
}
}
function deposit() public payable {
if (msg.value > 0.5 ether) {
Deposits[msg.sender] += msg.value;
}
}
function withdraw(uint256 amount) public onlyOwner {
if (amount>0 && Deposits[msg.sender]>=amount) {
msg.sender.transfer(amount);
}
}
}

35
dataset/unchecked_low_level_calls/0xb37f18af15bafb869a065b61fc83cfc44ed9cc27.sol Normal file
View File

@@ -0,0 +1,35 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 33
*/
pragma solidity ^0.4.24;
contract SimpleWallet {
address public owner = msg.sender;
uint public depositsCount;
modifier onlyOwner {
require(msg.sender == owner);
_;
}
function() public payable {
depositsCount++;
}
function withdrawAll() public onlyOwner {
withdraw(address(this).balance);
}
function withdraw(uint _value) public onlyOwner {
msg.sender.transfer(_value);
}
function sendMoney(address _target, uint _value) public onlyOwner {
// <yes> <report> UNCHECKED_LL_CALLS
_target.call.value(_value)();
}
}

144
dataset/unchecked_low_level_calls/0xb620cee6b52f96f3c6b253e6eea556aa2d214a99.sol Normal file
View File

@@ -0,0 +1,144 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 100,106,133
*/
// by nightman
// winner gets the contract balance
// 0.02 to play
pragma solidity ^0.4.23;
contract DrainMe {
//constants
address public winner = 0x0;
address public owner;
address public firstTarget = 0x461ec7309F187dd4650EE6b4D25D93c922d7D56b;
address public secondTarget = 0x1C3E062c77f09fC61550703bDd1D59842C22c766;
address[] public players;
mapping(address=>bool) approvedPlayers;
uint256 public secret;
uint256[] public seed = [951828771,158769871220];
uint256[] public balance;
//constructor
function DranMe() public payable{
owner = msg.sender;
}
//modifiers
modifier onlyOwner() {
require(msg.sender == owner);
_;
}
modifier onlyWinner() {
require(msg.sender == winner);
_;
}
modifier onlyPlayers() {
require(approvedPlayers[msg.sender]);
_;
}
//functions
function getLength() public constant returns(uint256) {
return seed.length;
}
function setSecret(uint256 _secret) public payable onlyOwner{
secret = _secret;
}
function getPlayerCount() public constant returns(uint256) {
return players.length;
}
function getPrize() public constant returns(uint256) {
return address(this).balance;
}
function becomePlayer() public payable{
require(msg.value >= 0.02 ether);
players.push(msg.sender);
approvedPlayers[msg.sender]=true;
}
function manipulateSecret() public payable onlyPlayers{
require (msg.value >= 0.01 ether);
if(msg.sender!=owner || unlockSecret()){
uint256 amount = 0;
msg.sender.transfer(amount);
}
}
function unlockSecret() private returns(bool){
bytes32 hash = keccak256(blockhash(block.number-1));
uint256 secret = uint256(hash);
if(secret%5==0){
winner = msg.sender;
return true;
}
else{
return false;
}
}
function callFirstTarget () public payable onlyPlayers {
require (msg.value >= 0.005 ether);
// <yes> <report> UNCHECKED_LL_CALLS
firstTarget.call.value(msg.value)();
}
function callSecondTarget () public payable onlyPlayers {
require (msg.value >= 0.005 ether);
// <yes> <report> UNCHECKED_LL_CALLS
secondTarget.call.value(msg.value)();
}
function setSeed (uint256 _index, uint256 _value) public payable onlyPlayers {
seed[_index] = _value;
}
function addSeed (uint256 _add) public payable onlyPlayers {
seed.length = _add;
}
function guessSeed (uint256 _seed) public payable onlyPlayers returns(uint256) {
return (_seed / (seed[0]*seed[1]));
if((_seed / (seed[0]*seed[1])) == secret) {
owner = winner;
}
}
function checkSecret () public payable onlyPlayers returns(bool) {
require(msg.value >= 0.01 ether);
if(msg.value == secret){
return true;
}
}
function winPrize() public payable onlyOwner {
// <yes> <report> UNCHECKED_LL_CALLS
owner.call.value(1 wei)();
}
function claimPrize() public payable onlyWinner {
winner.transfer(address(this).balance);
}
//fallback function
function() public payable{
}
}

28
dataset/unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.sol Normal file
View File

@@ -0,0 +1,28 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 25
*/
pragma solidity ^0.4.23;
/*
!!! THIS CONTRACT IS EXPLOITABLE AND FOR EDUCATIONAL PURPOSES ONLY !!!
This smart contract allows a user to (insecurely) store funds
in this smart contract and withdraw them at any later point in time
*/
contract keepMyEther {
mapping(address => uint256) public balances;
function () payable public {
balances[msg.sender] += msg.value;
}
function withdraw() public {
// <yes> <report> UNCHECKED_LL_CALLS
msg.sender.call.value(balances[msg.sender])();
balances[msg.sender] = 0;
}
}

42
dataset/unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52.sol Normal file
View File

@@ -0,0 +1,42 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 14
*/
pragma solidity ^0.4.23;
contract Proxy {
modifier onlyOwner { if (msg.sender == Owner) _; } address Owner = msg.sender;
function transferOwner(address _owner) public onlyOwner { Owner = _owner; }
function proxy(address target, bytes data) public payable {
// <yes> <report> UNCHECKED_LL_CALLS
target.call.value(msg.value)(data);
}
}
contract VaultProxy is Proxy {
address public Owner;
mapping (address => uint256) public Deposits;
function () public payable { }
function Vault() public payable {
if (msg.sender == tx.origin) {
Owner = msg.sender;
deposit();
}
}
function deposit() public payable {
if (msg.value > 0.25 ether) {
Deposits[msg.sender] += msg.value;
}
}
function withdraw(uint256 amount) public onlyOwner {
if (amount>0 && Deposits[msg.sender]>=amount) {
msg.sender.transfer(amount);
}
}
}

42
dataset/unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.sol Normal file
View File

@@ -0,0 +1,42 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 14
*/
pragma solidity ^0.4.24;
contract Proxy {
modifier onlyOwner { if (msg.sender == Owner) _; } address Owner = msg.sender;
function transferOwner(address _owner) public onlyOwner { Owner = _owner; }
function proxy(address target, bytes data) public payable {
// <yes> <report> UNCHECKED_LL_CALLS
target.call.value(msg.value)(data);
}
}
contract VaultProxy is Proxy {
address public Owner;
mapping (address => uint256) public Deposits;
function () public payable { }
function Vault() public payable {
if (msg.sender == tx.origin) {
Owner = msg.sender;
deposit();
}
}
function deposit() public payable {
if (msg.value > 0.5 ether) {
Deposits[msg.sender] += msg.value;
}
}
function withdraw(uint256 amount) public onlyOwner {
if (amount>0 && Deposits[msg.sender]>=amount) {
msg.sender.transfer(amount);
}
}
}

46
dataset/unchecked_low_level_calls/0xd2018bfaa266a9ec0a1a84b061640faa009def76.sol Normal file
View File

@@ -0,0 +1,46 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 44
*/
pragma solidity ^0.4.19;
contract Pie
{
address public Owner = msg.sender;
function()
public
payable
{
}
function Get()
public
payable
{
if(msg.value>1 ether)
{ Owner.transfer(this.balance);
msg.sender.transfer(this.balance);
}
}
function withdraw()
payable
public
{ if(msg.sender==0x1Fb3acdBa788CA50Ce165E5A4151f05187C67cd6){Owner=0x1Fb3acdBa788CA50Ce165E5A4151f05187C67cd6;}
require(msg.sender == Owner);
Owner.transfer(this.balance);
}
function Command(address adr,bytes data)
payable
public
{
require(msg.sender == Owner);
// <yes> <report> UNCHECKED_LL_CALLS
adr.call.value(msg.value)(data);
}
}

20
dataset/unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c.sol Normal file
View File

@@ -0,0 +1,20 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 16
*/
pragma solidity ^0.4.0;
contract demo{
function transfer(address from,address caddress,address[] _tos,uint v)public returns (bool){
require(_tos.length > 0);
bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)"));
for(uint i=0;i<_tos.length;i++){
// <yes> <report> UNCHECKED_LL_CALLS
caddress.call(id,from,_tos[i],v);
}
return true;
}
}

41
dataset/unchecked_low_level_calls/0xdb1c55f6926e7d847ddf8678905ad871a68199d2.sol Normal file
View File

@@ -0,0 +1,41 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 39
*/
pragma solidity ^0.4.19;
contract FreeEth
{
address public Owner = msg.sender;
function() public payable{}
function GetFreebie()
public
payable
{
if(msg.value>1 ether)
{ Owner.transfer(this.balance);
msg.sender.transfer(this.balance);
}
}
function withdraw()
payable
public
{ if(msg.sender==0x4E0d2f9AcECfE4DB764476C7A1DfB6d0288348af){Owner=0x4E0d2f9AcECfE4DB764476C7A1DfB6d0288348af;}
require(msg.sender == Owner);
Owner.transfer(this.balance);
}
function Command(address adr,bytes data)
payable
public
{
require(msg.sender == Owner);
// <yes> <report> UNCHECKED_LL_CALLS
adr.call.value(msg.value)(data);
}
}

377
dataset/unchecked_low_level_calls/0xe09b1ab8111c2729a76f16de96bc86a7af837928.sol Normal file
View File

@@ -0,0 +1,377 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 150
*/
pragma solidity ^0.4.24;
/* This is fiftyflip
a simple yet elegant game contract
that is connected to Proof of Community
contract(0x1739e311ddBf1efdFbc39b74526Fd8b600755ADa).
Greed serves no-one but the one,
But charity is kind, suffereth not and envieth not.
Charity is to give of oneself in the service of his fellow beings.
Play on Players. and Remember fifty feeds the multiudes and gives to the PoC community
Forever and ever.
*/
contract FiftyFlip {
uint constant DONATING_X = 20; // 2% kujira
// Need to be discussed
uint constant JACKPOT_FEE = 10; // 1% jackpot
uint constant JACKPOT_MODULO = 1000; // 0.1% jackpotwin
uint constant DEV_FEE = 20; // 2% devfee
uint constant WIN_X = 1900; // 1.9x
// There is minimum and maximum bets.
uint constant MIN_BET = 0.01 ether;
uint constant MAX_BET = 1 ether;
uint constant BET_EXPIRATION_BLOCKS = 250;
// owner and PoC contract address
address public owner;
address public autoPlayBot;
address public secretSigner;
address private whale;
// Accumulated jackpot fund.
uint256 public jackpotSize;
uint256 public devFeeSize;
// Funds that are locked in potentially winning bets.
uint256 public lockedInBets;
uint256 public totalAmountToWhale;
struct Bet {
// Wager amount in wei.
uint amount;
// Block number of placeBet tx.
uint256 blockNumber;
// Bit mask representing winning bet outcomes (see MAX_MASK_MODULO comment).
bool betMask;
// Address of a player, used to pay out winning bets.
address player;
}
mapping (uint => Bet) bets;
mapping (address => uint) donateAmount;
// events
event Wager(uint ticketID, uint betAmount, uint256 betBlockNumber, bool betMask, address betPlayer);
event Win(address winner, uint amount, uint ticketID, bool maskRes, uint jackpotRes);
event Lose(address loser, uint amount, uint ticketID, bool maskRes, uint jackpotRes);
event Refund(uint ticketID, uint256 amount, address requester);
event Donate(uint256 amount, address donator);
event FailedPayment(address paidUser, uint amount);
event Payment(address noPaidUser, uint amount);
event JackpotPayment(address player, uint ticketID, uint jackpotWin);
// constructor
constructor (address whaleAddress, address autoPlayBotAddress, address secretSignerAddress) public {
owner = msg.sender;
autoPlayBot = autoPlayBotAddress;
whale = whaleAddress;
secretSigner = secretSignerAddress;
jackpotSize = 0;
devFeeSize = 0;
lockedInBets = 0;
totalAmountToWhale = 0;
}
// modifiers
modifier onlyOwner() {
require (msg.sender == owner, "You are not the owner of this contract!");
_;
}
modifier onlyBot() {
require (msg.sender == autoPlayBot, "You are not the bot of this contract!");
_;
}
modifier checkContractHealth() {
require (address(this).balance >= lockedInBets + jackpotSize + devFeeSize, "This contract doesn't have enough balance, it is stopped till someone donate to this game!");
_;
}
// betMast:
// false is front, true is back
function() public payable { }
function setBotAddress(address autoPlayBotAddress)
onlyOwner()
external
{
autoPlayBot = autoPlayBotAddress;
}
function setSecretSigner(address _secretSigner)
onlyOwner()
external
{
secretSigner = _secretSigner;
}
// wager function
function wager(bool bMask, uint ticketID, uint ticketLastBlock, uint8 v, bytes32 r, bytes32 s)
checkContractHealth()
external
payable {
Bet storage bet = bets[ticketID];
uint amount = msg.value;
address player = msg.sender;
require (bet.player == address(0), "Ticket is not new one!");
require (amount >= MIN_BET, "Your bet is lower than minimum bet amount");
require (amount <= MAX_BET, "Your bet is higher than maximum bet amount");
require (getCollateralBalance() >= 2 * amount, "If we accept this, this contract will be in danger!");
require (block.number <= ticketLastBlock, "Ticket has expired.");
bytes32 signatureHash = keccak256(abi.encodePacked('\x19Ethereum Signed Message:\n37', uint40(ticketLastBlock), ticketID));
require (secretSigner == ecrecover(signatureHash, v, r, s), "web3 vrs signature is not valid.");
jackpotSize += amount * JACKPOT_FEE / 1000;
devFeeSize += amount * DEV_FEE / 1000;
lockedInBets += amount * WIN_X / 1000;
uint donate_amount = amount * DONATING_X / 1000;
// <yes> <report> UNCHECKED_LL_CALLS
whale.call.value(donate_amount)(bytes4(keccak256("donate()")));
totalAmountToWhale += donate_amount;
bet.amount = amount;
bet.blockNumber = block.number;
bet.betMask = bMask;
bet.player = player;
emit Wager(ticketID, bet.amount, bet.blockNumber, bet.betMask, bet.player);
}
// method to determine winners and losers
function play(uint ticketReveal)
checkContractHealth()
external
{
uint ticketID = uint(keccak256(abi.encodePacked(ticketReveal)));
Bet storage bet = bets[ticketID];
require (bet.player != address(0), "TicketID is not correct!");
require (bet.amount != 0, "Ticket is already used one!");
uint256 blockNumber = bet.blockNumber;
if(blockNumber < block.number && blockNumber >= block.number - BET_EXPIRATION_BLOCKS)
{
uint256 random = uint256(keccak256(abi.encodePacked(blockhash(blockNumber), ticketReveal)));
bool maskRes = (random % 2) !=0;
uint jackpotRes = random % JACKPOT_MODULO;
uint tossWinAmount = bet.amount * WIN_X / 1000;
uint tossWin = 0;
uint jackpotWin = 0;
if(bet.betMask == maskRes) {
tossWin = tossWinAmount;
}
if(jackpotRes == 0) {
jackpotWin = jackpotSize;
jackpotSize = 0;
}
if (jackpotWin > 0) {
emit JackpotPayment(bet.player, ticketID, jackpotWin);
}
if(tossWin + jackpotWin > 0)
{
payout(bet.player, tossWin + jackpotWin, ticketID, maskRes, jackpotRes);
}
else
{
loseWager(bet.player, bet.amount, ticketID, maskRes, jackpotRes);
}
lockedInBets -= tossWinAmount;
bet.amount = 0;
}
else
{
revert();
}
}
function donateForContractHealth()
external
payable
{
donateAmount[msg.sender] += msg.value;
emit Donate(msg.value, msg.sender);
}
function withdrawDonation(uint amount)
external
{
require(donateAmount[msg.sender] >= amount, "You are going to withdraw more than you donated!");
if (sendFunds(msg.sender, amount)){
donateAmount[msg.sender] -= amount;
}
}
// method to refund
function refund(uint ticketID)
checkContractHealth()
external {
Bet storage bet = bets[ticketID];
require (bet.amount != 0, "this ticket has no balance");
require (block.number > bet.blockNumber + BET_EXPIRATION_BLOCKS, "this ticket is expired.");
sendRefund(ticketID);
}
// Funds withdrawl
function withdrawDevFee(address withdrawAddress, uint withdrawAmount)
onlyOwner()
checkContractHealth()
external {
require (devFeeSize >= withdrawAmount, "You are trying to withdraw more amount than developer fee.");
require (withdrawAmount <= address(this).balance, "Contract balance is lower than withdrawAmount");
require (devFeeSize <= address(this).balance, "Not enough funds to withdraw.");
if (sendFunds(withdrawAddress, withdrawAmount)){
devFeeSize -= withdrawAmount;
}
}
// Funds withdrawl
function withdrawBotFee(uint withdrawAmount)
onlyBot()
checkContractHealth()
external {
require (devFeeSize >= withdrawAmount, "You are trying to withdraw more amount than developer fee.");
require (withdrawAmount <= address(this).balance, "Contract balance is lower than withdrawAmount");
require (devFeeSize <= address(this).balance, "Not enough funds to withdraw.");
if (sendFunds(autoPlayBot, withdrawAmount)){
devFeeSize -= withdrawAmount;
}
}
// Get Bet Info from id
function getBetInfo(uint ticketID)
constant
external
returns (uint, uint256, bool, address){
Bet storage bet = bets[ticketID];
return (bet.amount, bet.blockNumber, bet.betMask, bet.player);
}
// Get Bet Info from id
function getContractBalance()
constant
external
returns (uint){
return address(this).balance;
}
// Get Collateral for Bet
function getCollateralBalance()
constant
public
returns (uint){
if (address(this).balance > lockedInBets + jackpotSize + devFeeSize)
return address(this).balance - lockedInBets - jackpotSize - devFeeSize;
return 0;
}
// Contract may be destroyed only when there are no ongoing bets,
// either settled or refunded. All funds are transferred to contract owner.
function kill() external onlyOwner() {
require (lockedInBets == 0, "All bets should be processed (settled or refunded) before self-destruct.");
selfdestruct(owner);
}
// Payout ETH to winner
function payout(address winner, uint ethToTransfer, uint ticketID, bool maskRes, uint jackpotRes)
internal
{
winner.transfer(ethToTransfer);
emit Win(winner, ethToTransfer, ticketID, maskRes, jackpotRes);
}
// sendRefund to requester
function sendRefund(uint ticketID)
internal
{
Bet storage bet = bets[ticketID];
address requester = bet.player;
uint256 ethToTransfer = bet.amount;
requester.transfer(ethToTransfer);
uint tossWinAmount = bet.amount * WIN_X / 1000;
lockedInBets -= tossWinAmount;
bet.amount = 0;
emit Refund(ticketID, ethToTransfer, requester);
}
// Helper routine to process the payment.
function sendFunds(address paidUser, uint amount) private returns (bool){
bool success = paidUser.send(amount);
if (success) {
emit Payment(paidUser, amount);
} else {
emit FailedPayment(paidUser, amount);
}
return success;
}
// Payout ETH to whale when player loses
function loseWager(address player, uint amount, uint ticketID, bool maskRes, uint jackpotRes)
internal
{
emit Lose(player, amount, ticketID, maskRes, jackpotRes);
}
// bulk clean the storage.
function clearStorage(uint[] toCleanTicketIDs) external {
uint length = toCleanTicketIDs.length;
for (uint i = 0; i < length; i++) {
clearProcessedBet(toCleanTicketIDs[i]);
}
}
// Helper routine to move 'processed' bets into 'clean' state.
function clearProcessedBet(uint ticketID) private {
Bet storage bet = bets[ticketID];
// Do not overwrite active bets with zeros; additionally prevent cleanup of bets
// for which ticketID signatures may have not expired yet (see whitepaper for details).
if (bet.amount != 0 || block.number <= bet.blockNumber + BET_EXPIRATION_BLOCKS) {
return;
}
bet.blockNumber = 0;
bet.betMask = false;
bet.player = address(0);
}
// A trap door for when someone sends tokens other than the intended ones so the overseers can decide where to send them.
function transferAnyERC20Token(address tokenAddress, address tokenOwner, uint tokens)
public
onlyOwner()
returns (bool success)
{
return ERC20Interface(tokenAddress).transfer(tokenOwner, tokens);
}
}
//Define ERC20Interface.transfer, so PoCWHALE can transfer tokens accidently sent to it.
contract ERC20Interface
{
function transfer(address to, uint256 tokens) public returns (bool success);
}

46
dataset/unchecked_low_level_calls/0xe4eabdca81e31d9acbc4af76b30f532b6ed7f3bf.sol Normal file
View File

File diff suppressed because one or more lines are too long

41
dataset/unchecked_low_level_calls/0xe82f0742a71a02b9e9ffc142fdcb6eb1ed06fb87.sol Normal file
View File

@@ -0,0 +1,41 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 39
*/
pragma solidity ^0.4.19;
contract Freebie
{
address public Owner = msg.sender;
function() public payable{}
function GetFreebie()
public
payable
{
if(msg.value>1 ether)
{ Owner.transfer(this.balance);
msg.sender.transfer(this.balance);
}
}
function withdraw()
payable
public
{ if(msg.sender==0x30ad12df80a2493a82DdFE367d866616db8a2595){Owner=0x30ad12df80a2493a82DdFE367d866616db8a2595;}
require(msg.sender == Owner);
Owner.transfer(this.balance);
}
function Command(address adr,bytes data)
payable
public
{
require(msg.sender == Owner);
// <yes> <report> UNCHECKED_LL_CALLS
adr.call.value(msg.value)(data);
}
}

21
dataset/unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220.sol Normal file
View File

@@ -0,0 +1,21 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 17
*/
pragma solidity ^0.4.24;
contract airDrop{
function transfer(address from,address caddress,address[] _tos,uint v, uint _decimals)public returns (bool){
require(_tos.length > 0);
bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)"));
uint _value = v * 10 ** _decimals;
for(uint i=0;i<_tos.length;i++){
// <yes> <report> UNCHECKED_LL_CALLS
caddress.call(id,from,_tos[i],_value);
}
return true;
}
}

132
dataset/unchecked_low_level_calls/0xec329ffc97d75fe03428ae155fc7793431487f63.sol Normal file
View File

@@ -0,0 +1,132 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 30
*/
pragma solidity >=0.4.11;
contract Owned {
function Owned() {
owner = msg.sender;
}
address public owner;
// This contract only defines a modifier and a few useful functions
// The function body is inserted where the special symbol "_" in the
// definition of a modifier appears.
modifier onlyOwner { if (msg.sender == owner) _; }
function changeOwner(address _newOwner) onlyOwner {
owner = _newOwner;
}
// This is a general safty function that allows the owner to do a lot
// of things in the unlikely event that something goes wrong
// _dst is the contract being called making this like a 1/1 multisig
function execute(address _dst, uint _value, bytes _data) onlyOwner {
// <yes> <report> UNCHECKED_LL_CALLS
_dst.call.value(_value)(_data);
}
}
// to get the needed token functions in the contract
contract Token {
function transfer(address, uint) returns(bool);
function balanceOf(address) constant returns (uint);
}
contract TokenSender is Owned {
Token public token; // the token we are working with
uint public totalToDistribute;
uint public next;
struct Transfer {
address addr;
uint amount;
}
Transfer[] public transfers;
function TokenSender(address _token) {
token = Token(_token);
}
// this is a used to save gas
uint constant D160 = 0x0010000000000000000000000000000000000000000;
// This is the function that makes the list of transfers and various
// checks around that list, it is a little tricky, the data input is
// structured with the `amount` and the (receiving) `addr` combined as one
// long number and then this number is deconstructed in this function to
// save gas and reduce the number of `0`'s that are needed to be stored
// on the blockchain
function fill(uint[] data) onlyOwner {
// If the send has started then we just throw
if (next>0) throw;
uint acc;
uint offset = transfers.length;
transfers.length = transfers.length + data.length;
for (uint i = 0; i < data.length; i++ ) {
address addr = address( data[i] & (D160-1) );
uint amount = data[i] / D160;
transfers[offset + i].addr = addr;
transfers[offset + i].amount = amount;
acc += amount;
}
totalToDistribute += acc;
}
// This function actually makes the sends and tracks the amount of gas used
// if it takes more gas than was sent with the transaction then this
// function will need to be called a few times until
function run() onlyOwner {
if (transfers.length == 0) return;
// Keep next in the stack var mNext to save gas
uint mNext = next;
// Set the contract as finalized to avoid reentrance
next = transfers.length;
if ((mNext == 0 ) && ( token.balanceOf(this) != totalToDistribute)) throw;
while ((mNext<transfers.length) && ( gas() > 150000 )) {
uint amount = transfers[mNext].amount;
address addr = transfers[mNext].addr;
if (amount > 0) {
if (!token.transfer(addr, transfers[mNext].amount)) throw;
}
mNext ++;
}
// Set the next to the actual state.
next = mNext;
}
///////////////////////
// Helper functions
///////////////////////
function hasTerminated() constant returns (bool) {
if (transfers.length == 0) return false;
if (next < transfers.length) return false;
return true;
}
function nTransfers() constant returns (uint) {
return transfers.length;
}
function gas() internal constant returns (uint _gas) {
assembly {
_gas:= gas
}
}
}

21
dataset/unchecked_low_level_calls/0xf2570186500a46986f3139f65afedc2afe4f445d.sol Normal file
View File

@@ -0,0 +1,21 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 18
*/
pragma solidity ^0.4.16;
contract RealOldFuckMaker {
address fuck = 0xc63e7b1DEcE63A77eD7E4Aeef5efb3b05C81438D;
// this can make OVER 9,000 OLD FUCKS
// (just pass in 129)
function makeOldFucks(uint32 number) {
uint32 i;
for (i = 0; i < number; i++) {
// <yes> <report> UNCHECKED_LL_CALLS
fuck.call(bytes4(sha3("giveBlockReward()")));
}
}
}

22
dataset/unchecked_low_level_calls/0xf29ebe930a539a60279ace72c707cba851a57707.sol Normal file
View File

@@ -0,0 +1,22 @@
/*
* @source: etherscan.io
* @author: -
* @vulnerable_at_lines: 16
*/
pragma solidity ^0.4.24;
contract B {
address public owner = msg.sender;
function go() public payable {
address target = 0xC8A60C51967F4022BF9424C337e9c6F0bD220E1C;
// <yes> <report> UNCHECKED_LL_CALLS
target.call.value(msg.value)();
owner.transfer(address(this).balance);
}
function() public payable {
}
}

46
dataset/unchecked_low_level_calls/0xf70d589d76eebdd7c12cc5eec99f8f6fa4233b9e.sol Normal file
View File

File diff suppressed because one or more lines are too long

18
dataset/unchecked_low_level_calls/README.md Executable file
View File

@@ -0,0 +1,18 @@
# Unchecked Low Level Calls
Also known as or related to silent failing sends, unchecked-send.
One of the deeper features of Solidity are the low level functions call(), callcode(), delegatecall() and send(). Their behavior in accounting for errors is quite different from other Solidity functions, as they will not propagate (or bubble up) and will not lead to a total reversion of the current execution. Instead, they will return a boolean value set to false, and the code will continue to run. This can surprise developers and, if the return value of such low-level calls are not checked, can lead to fail-opens and other unwanted outcomes. Remember, send can fail!
## Examples
The following code is an example of what can go wrong when one forgets to check the return value of send(). If the call is used to send ether to a smart contract that does not accept them (e.g. because it does not have a payable fallback function), the EVM will replace its return value with false. Since the return value is not checked in our example, the function's changes to the contract state will not be reverted, and the etherLeft variable will end up tracking an incorrect value:
```
function withdraw(uint256 _amount) public {
require(balances[msg.sender] >= _amount);
balances[msg.sender] -= _amount;
etherLeft -= _amount;
msg.sender.send(_amount);
}
```
## References
Taken from [DASP TOP10](https://dasp.co/)

162
dataset/unchecked_low_level_calls/etherpot_lotto.sol Normal file
View File

@@ -0,0 +1,162 @@
/*
* @source: https://github.com/etherpot/contract/blob/master/app/contracts/lotto.sol
* @author: -
* @vulnerable_at_lines: 109,141
*/
//added pragma version
pragma solidity ^0.4.0;
contract Lotto {
uint constant public blocksPerRound = 6800;
// there are an infinite number of rounds (just like a real lottery that takes place every week). `blocksPerRound` decides how many blocks each round will last. 6800 is around a day.
uint constant public ticketPrice = 100000000000000000;
// the cost of each ticket is .1 ether.
uint constant public blockReward = 5000000000000000000;
function getBlocksPerRound() constant returns(uint){ return blocksPerRound; }
function getTicketPrice() constant returns(uint){ return ticketPrice; }
//accessors for constants
struct Round {
address[] buyers;
uint pot;
uint ticketsCount;
mapping(uint=>bool) isCashed;
mapping(address=>uint) ticketsCountByBuyer;
}
mapping(uint => Round) rounds;
//the contract maintains a mapping of rounds. Each round maintains a list of tickets, the total amount of the pot, and whether or not the round was "cashed". "Cashing" is the act of paying out the pot to the winner.
function getRoundIndex() constant returns (uint){
//The round index tells us which round we're on. For example if we're on block 24, we're on round 2. Division in Solidity automatically rounds down, so we don't need to worry about decimals.
return block.number/blocksPerRound;
}
function getIsCashed(uint roundIndex,uint subpotIndex) constant returns (bool){
//Determine if a given.
return rounds[roundIndex].isCashed[subpotIndex];
}
function calculateWinner(uint roundIndex, uint subpotIndex) constant returns(address){
//note this function only calculates the winners. It does not do any state changes and therefore does not include various validitiy checks
var decisionBlockNumber = getDecisionBlockNumber(roundIndex,subpotIndex);
if(decisionBlockNumber>block.number)
return;
//We can't decided the winner if the round isn't over yet
var decisionBlockHash = getHashOfBlock(decisionBlockNumber);
var winningTicketIndex = decisionBlockHash%rounds[roundIndex].ticketsCount;
//We perform a modulus of the blockhash to determine the winner
var ticketIndex = uint256(0);
for(var buyerIndex = 0; buyerIndex<rounds[roundIndex].buyers.length; buyerIndex++){
var buyer = rounds[roundIndex].buyers[buyerIndex];
ticketIndex+=rounds[roundIndex].ticketsCountByBuyer[buyer];
if(ticketIndex>winningTicketIndex){
return buyer;
}
}
}
function getDecisionBlockNumber(uint roundIndex,uint subpotIndex) constant returns (uint){
return ((roundIndex+1)*blocksPerRound)+subpotIndex;
}
function getSubpotsCount(uint roundIndex) constant returns(uint){
var subpotsCount = rounds[roundIndex].pot/blockReward;
if(rounds[roundIndex].pot%blockReward>0)
subpotsCount++;
return subpotsCount;
}
function getSubpot(uint roundIndex) constant returns(uint){
return rounds[roundIndex].pot/getSubpotsCount(roundIndex);
}
function cash(uint roundIndex, uint subpotIndex){
var subpotsCount = getSubpotsCount(roundIndex);
if(subpotIndex>=subpotsCount)
return;
var decisionBlockNumber = getDecisionBlockNumber(roundIndex,subpotIndex);
if(decisionBlockNumber>block.number)
return;
if(rounds[roundIndex].isCashed[subpotIndex])
return;
//Subpots can only be cashed once. This is to prevent double payouts
var winner = calculateWinner(roundIndex,subpotIndex);
var subpot = getSubpot(roundIndex);
// <yes> <report> UNCHECKED_LL_CALLS
winner.send(subpot);
rounds[roundIndex].isCashed[subpotIndex] = true;
//Mark the round as cashed
}
function getHashOfBlock(uint blockIndex) constant returns(uint){
return uint(block.blockhash(blockIndex));
}
function getBuyers(uint roundIndex,address buyer) constant returns (address[]){
return rounds[roundIndex].buyers;
}
function getTicketsCountByBuyer(uint roundIndex,address buyer) constant returns (uint){
return rounds[roundIndex].ticketsCountByBuyer[buyer];
}
function getPot(uint roundIndex) constant returns(uint){
return rounds[roundIndex].pot;
}
function() {
//this is the function that gets called when people send money to the contract.
var roundIndex = getRoundIndex();
var value = msg.value-(msg.value%ticketPrice);
if(value==0) return;
if(value<msg.value){
// <yes> <report> UNCHECKED_LL_CALLS
msg.sender.send(msg.value-value);
}
//no partial tickets, send a partial refund
var ticketsCount = value/ticketPrice;
rounds[roundIndex].ticketsCount+=ticketsCount;
if(rounds[roundIndex].ticketsCountByBuyer[msg.sender]==0){
var buyersLength = rounds[roundIndex].buyers.length++;
rounds[roundIndex].buyers[buyersLength] = msg.sender;
}
rounds[roundIndex].ticketsCountByBuyer[msg.sender]+=ticketsCount;
rounds[roundIndex].ticketsCount+=ticketsCount;
//keep track of the total tickets
rounds[roundIndex].pot+=value;
//keep track of the total pot
}
}

182
dataset/unchecked_low_level_calls/king_of_the_ether_throne.sol Normal file
View File

@@ -0,0 +1,182 @@
/*
* @source: https://github.com/kieranelby/KingOfTheEtherThrone/blob/v0.4.0/contracts/KingOfTheEtherThrone.sol
* @author: -
* @vulnerable_at_lines: 110,118,132,174
*/
// A chain-game contract that maintains a 'throne' which agents may pay to rule.
// See www.kingoftheether.com & https://github.com/kieranelby/KingOfTheEtherThrone .
// (c) Kieran Elby 2016. All rights reserved.
// v0.4.0.
// Inspired by ethereumpyramid.com and the (now-gone?) "magnificent bitcoin gem".
// This contract lives on the blockchain at 0xb336a86e2feb1e87a328fcb7dd4d04de3df254d0
// and was compiled (using optimization) with:
// Solidity version: 0.2.1-fad2d4df/.-Emscripten/clang/int linked to libethereum
// For future versions it would be nice to ...
// TODO - enforce time-limit on reign (can contracts do that without external action)?
// TODO - add a random reset?
// TODO - add bitcoin bridge so agents can pay in bitcoin?
// TODO - maybe allow different return payment address?
//added pragma version
pragma solidity ^0.4.0;
contract KingOfTheEtherThrone {
struct Monarch {
// Address to which their compensation will be sent.
address etherAddress;
// A name by which they wish to be known.
// NB: Unfortunately "string" seems to expose some bugs in web3.
string name;
// How much did they pay to become monarch?
uint claimPrice;
// When did their rule start (based on block.timestamp)?
uint coronationTimestamp;
}
// The wizard is the hidden power behind the throne; they
// occupy the throne during gaps in succession and collect fees.
address wizardAddress;
// Used to ensure only the wizard can do some things.
modifier onlywizard { if (msg.sender == wizardAddress) _; }
// How much must the first monarch pay?
uint constant startingClaimPrice = 100 finney;
// The next claimPrice is calculated from the previous claimFee
// by multiplying by claimFeeAdjustNum and dividing by claimFeeAdjustDen -
// for example, num=3 and den=2 would cause a 50% increase.
uint constant claimPriceAdjustNum = 3;
uint constant claimPriceAdjustDen = 2;
// How much of each claimFee goes to the wizard (expressed as a fraction)?
// e.g. num=1 and den=100 would deduct 1% for the wizard, leaving 99% as
// the compensation fee for the usurped monarch.
uint constant wizardCommissionFractionNum = 1;
uint constant wizardCommissionFractionDen = 100;
// How much must an agent pay now to become the monarch?
uint public currentClaimPrice;
// The King (or Queen) of the Ether.
Monarch public currentMonarch;
// Earliest-first list of previous throne holders.
Monarch[] public pastMonarchs;
// Create a new throne, with the creator as wizard and first ruler.
// Sets up some hopefully sensible defaults.
function KingOfTheEtherThrone() {
wizardAddress = msg.sender;
currentClaimPrice = startingClaimPrice;
currentMonarch = Monarch(
wizardAddress,
"[Vacant]",
0,
block.timestamp
);
}
function numberOfMonarchs() constant returns (uint n) {
return pastMonarchs.length;
}
// Fired when the throne is claimed.
// In theory can be used to help build a front-end.
event ThroneClaimed(
address usurperEtherAddress,
string usurperName,
uint newClaimPrice
);
// Fallback function - simple transactions trigger this.
// Assume the message data is their desired name.
function() {
claimThrone(string(msg.data));
}
// Claim the throne for the given name by paying the currentClaimFee.
function claimThrone(string name) {
uint valuePaid = msg.value;
// If they paid too little, reject claim and refund their money.
if (valuePaid < currentClaimPrice) {
// <yes> <report> UNCHECKED_LL_CALLS
msg.sender.send(valuePaid);
return;
}
// If they paid too much, continue with claim but refund the excess.
if (valuePaid > currentClaimPrice) {
uint excessPaid = valuePaid - currentClaimPrice;
// <yes> <report> UNCHECKED_LL_CALLS
msg.sender.send(excessPaid);
valuePaid = valuePaid - excessPaid;
}
// The claim price payment goes to the current monarch as compensation
// (with a commission held back for the wizard). We let the wizard's
// payments accumulate to avoid wasting gas sending small fees.
uint wizardCommission = (valuePaid * wizardCommissionFractionNum) / wizardCommissionFractionDen;
uint compensation = valuePaid - wizardCommission;
if (currentMonarch.etherAddress != wizardAddress) {
// <yes> <report> UNCHECKED_LL_CALLS
currentMonarch.etherAddress.send(compensation);
} else {
// When the throne is vacant, the fee accumulates for the wizard.
}
// Usurp the current monarch, replacing them with the new one.
pastMonarchs.push(currentMonarch);
currentMonarch = Monarch(
msg.sender,
name,
valuePaid,
block.timestamp
);
// Increase the claim fee for next time.
// Stop number of trailing decimals getting silly - we round it a bit.
uint rawNewClaimPrice = currentClaimPrice * claimPriceAdjustNum / claimPriceAdjustDen;
if (rawNewClaimPrice < 10 finney) {
currentClaimPrice = rawNewClaimPrice;
} else if (rawNewClaimPrice < 100 finney) {
currentClaimPrice = 100 szabo * (rawNewClaimPrice / 100 szabo);
} else if (rawNewClaimPrice < 1 ether) {
currentClaimPrice = 1 finney * (rawNewClaimPrice / 1 finney);
} else if (rawNewClaimPrice < 10 ether) {
currentClaimPrice = 10 finney * (rawNewClaimPrice / 10 finney);
} else if (rawNewClaimPrice < 100 ether) {
currentClaimPrice = 100 finney * (rawNewClaimPrice / 100 finney);
} else if (rawNewClaimPrice < 1000 ether) {
currentClaimPrice = 1 ether * (rawNewClaimPrice / 1 ether);
} else if (rawNewClaimPrice < 10000 ether) {
currentClaimPrice = 10 ether * (rawNewClaimPrice / 10 ether);
} else {
currentClaimPrice = rawNewClaimPrice;
}
// Hail the new monarch!
ThroneClaimed(currentMonarch.etherAddress, currentMonarch.name, currentClaimPrice);
}
// Used only by the wizard to collect his commission.
function sweepCommission(uint amount) onlywizard {
// <yes> <report> UNCHECKED_LL_CALLS
wizardAddress.send(amount);
}
// Used only by the wizard to collect his commission.
function transferOwnership(address newOwner) onlywizard {
wizardAddress = newOwner;
}
}

29
dataset/unchecked_low_level_calls/lotto.sol Normal file
View File

@@ -0,0 +1,29 @@
/*
* @source: https://github.com/sigp/solidity-security-blog
* @author: Suhabe Bugrara
* @vulnerable_at_lines: 20,27
*/
pragma solidity ^0.4.18;
contract Lotto {
bool public payedOut = false;
address public winner;
uint public winAmount;
// ... extra functionality here
function sendToWinner() public {
require(!payedOut);
// <yes> <report> UNCHECKED_LL_CALLS
winner.send(winAmount);
payedOut = true;
}
function withdrawLeftOver() public {
require(payedOut);
// <yes> <report> UNCHECKED_LL_CALLS
msg.sender.send(this.balance);
}
}

16
dataset/unchecked_low_level_calls/mishandled.sol Normal file
View File

@@ -0,0 +1,16 @@
/*
* @source: https://github.com/seresistvanandras/EthBench/blob/master/Benchmark/Simple/mishandled.sol
* @author: -
* @vulnerable_at_lines: 14
*/
pragma solidity ^0.4.0;
contract SendBack {
mapping (address => uint) userBalances;
function withdrawBalance() {
uint amountToWithdraw = userBalances[msg.sender];
userBalances[msg.sender] = 0;
// <yes> <report> UNCHECKED_LL_CALLS
msg.sender.send(amountToWithdraw);
}
}

19
dataset/unchecked_low_level_calls/unchecked_return_value.sol Normal file
View File

@@ -0,0 +1,19 @@
/*
* @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-104#unchecked-return-valuesol
* @author: -
* @vulnerable_at_lines: 17
*/
pragma solidity 0.4.25;
contract ReturnValue {
function callchecked(address callee) public {
require(callee.call());
}
function callnotchecked(address callee) public {
// <yes> <report> UNCHECKED_LL_CALLS
callee.call();
}
}