COMP90088: Cryptocurrencies and decentralised ledgers
Tutorial Sheet, Week 8 Week of April 25, 2022
1. Contract calls. Consider the following two contracts: contract A {
address other;
Copyright By PowCoder代写 加微信 powcoder
function foo(uint y) public{
x += (y * 2);
Semester 1 2022
(bool result, bytes memory newZ) =
other._____(abi.encodeWithSignature(“bar(uint)”,
x -= abi.decode(newZ, (uint));
function bar(uint y) public returns (uint z){
x += (y * 3);
(bool result, ) =
other.call(abi.encodeWithSignature(“baz(uint)”, x+2));
z = x – 10;
function baz(uint y) public{
Assume that two contracts A1 and A2 have been created with this code, and initialized so that A1.other = A2 and A2.other = A1, and A1.x = 2 and A2.x = 3.
a. If the blank line in foo() is filled in with call, what would A1.x and A2.x be after calling A1.foo(7)?
b. If the blank line in foo() is filled in with delegatecall, what would A1.x and A2.x be after calling A1.foo(7)?
c. What would happen if the blank line in foo() is filled in with staticcall?
2. Cross-function re-entrancy. Consider a contract A with the following functions: bool transferLock;
bool withdrawLock;
function transfer(address to, uint amount) external {
if(!transferLock) {
transferLock = True;
if (balances[msg.sender] >= amount) {
balances[to] += amount;
balances[msg.sender] -= amount;
transferLock = False;
function withdraw() external {
if(!withdrawLock) {
withdrawLock = True;
uint256 amount = balances[msg.sender];
(bool result, ) =
payable(msg.sender).call{value: amount}();
require(result);
balances[msg.sender] = 0;
withdrawLock = False;
Assume that an attacker has an account with this contract with a balance of 100 eth.
a. Explain how, despite the use of the locks, this contract is still vulnerable to re-entrancy. Write pseudocode for the attacker¡¯s fallback which would attack this contract. How much can the attacker steal in a re-entrancy attack?
b. Write a fix for this contract by modifying only the transfer function.
c. Write a fix for this contract by modifying only the withdraw function.
3. Parity bug. Recall the Parity bug, in which many contracts relied on the Parity multisig wallet to implement functionality via delegatecall.
a. One fix would be to not delegate, but simply copy all of the relevant code into your own contract. What is the downside of this approach?
b. Another fix is to store the address of the Parity contract as a variable which can be updated. What is the downside of this approach? How could that be addressed?
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com