何方圜的博客

Java代码import javax.swing.JButton;import javax.swing.JFrame;import javax.swing.JLabel;import javax.swing.JPanel;import javax.swing.JPasswordField;import javax.swing.JTextField;import javax.swing.*;import java.awt.*;import java.sql.*;import java.util.List;import java.util.ArrayList;import javax.swing.table.DefaultTableModel;import org.jfree.chart.*;import org.jfree.chart.plot.*;import org.jfree.data.category.DefaultCategoryDataset;import java.io.*;import java.text.DecimalFormat;// 主类public class s ...

CTF-OwnerBuy题目源码有很多文件。就看一个最关键的 // 0.5.1-c8a2// Enable optimizationpragma solidity ^0.5.0;import "./contracts/ERC20.sol";import "./contracts/IERC20.sol";import "./contracts/ERC20Detailed.sol";interface Changing { function isOwner(address) external returns (bool);}contract Ownable { address public _owner; address public _previousOwner; event OwnershipTransferred( address indexed previousOwner, address indexed newOwner ); ...

CTF-Merkle题目原代码： // SPDX-License-Identifier: GPL-3.0pragma solidity ^0.8.13;library MerkleProof { function verify( bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) { return processProof(proof, leaf) == root; } function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) { bytes32 computedHash = leaf; for (uint256 i = 0; i < proof.length; i++) { bytes32 proofEleme ...

CTF-SVip首先先看题目代码 // pragma solidity 0.4.24; //这是原来的版本，很奇怪不知道为啥无法在foundry编译，所以换成以下版本pragma solidity ^0.8.13;contract SVip { // 一个地址记录一个分数 mapping(address => uint) public points; // 查看某地址是不是超级VIP mapping(address => bool) public isSuperVip; uint256 public numOfFree; // 用户成为超级VIP需要999分数 function promotionSVip() public { require(points[msg.sender] >= 999, "Sorry, you don't have enough points"); isSuperVip[msg.sender] = true;  ...

CTF-TrusterLenderPool这个题很经典。又是假装还款的存在 有用到swap交换，而且还是address(this)来检查token0的地址，所以就更加可以用来假装还款了 题目源码： // SPDX-License-Identifier: MITpragma solidity ^0.8.0;import "@openzeppelin/contracts/token/ERC20/IERC20.sol";import "@openzeppelin/contracts/utils/Address.sol";import "@openzeppelin/contracts/security/ReentrancyGuard.sol";contract Cert is IERC20 { mapping(address => uint256) private _balances; mapping(address => mapping(address => uint256)) private ...

一SummaryDue to the lack of access control on the stopFunding function, anyone can monitor the blockchain, identify a program with an active funding process, and maliciously call the stopFunding function to stop the program, resulting in improper fund allocation.I know you have already described ithttps://github.com/sherlock-audit/2024-11-superfluid-locking-contract-HeYuan-33?tab=readme-ov-file#q-please-discuss-any-design-choices-you-madeBut can you be sure that the participant is not an attacker ...

一SummaryThere is no verification of the incentives recipient, which allows anyone to impersonate other borrowers and claim their incentives. Root CauseVulnerable code: 2024-11-debita-finance-v3-HeYuan-33/Debita-V3-Contracts/contracts/DebitaIncentives.sol Line 203 in 1465ba6 IERC20(token).transfer(msg.sender, amountToClaim); Using msg.sender to send rewards to the caller without performing a check allows an attacker to impersonate a borrower and claim their incentives . Additiona ...

攻击介绍Palmswap由于其蹩脚的业务逻辑，导致了价格被黑客操控，导致被黑客盗取了大约$900K 攻击分析我们通过phalcon来分析。 通过调用栈发现，攻击者先贷了3,000,000的USDT，然后质押1,000,000的USDT来获得大约996,324的PLP，然后用剩下的2,000,000的USDT，去购买了USDP，然后攻击者销毁了持有的所有的PLP，但得到了大约1,947,570的USTD。最后卖出USDP,大约得到1,947,570的USDT。 显然，攻击者在通过购买USDP操纵了PLP的价格。 function getPrice(bool _maximise) external view returns (uint256) { uint256 aum = getAum(_maximise); uint256 supply = IERC20Upgradeable(plp).totalSupply(); return (aum * PLP_PRECISION) / supply; } funct ...

题目源代码： // SPDX-License-Identifier: UNLICENSEDpragma solidity ^0.8.13;contract Factorial { bool public solved = false; function run(uint256 number) internal view returns (uint256) { uint256 res = 1; for (uint256 index = 0; index < number; index++) { (, bytes memory data) = msg.sender.staticcall(abi.encodeWithSignature("factorial(uint256)", number)); res = res * abi.decode(data, (uint256)); } return res; &# ...