I love Ethereum smart contracts.
Now, etherscan.io site has lots of advantages and just one disadvantage: they trust authors. You want to publish the source code - go ahead. Not every one is aware that Solidity has no decompiler though... So nothing prevents you from making small changes to the code.
As the result, people began building traps to catch hackers. Here is one I found - it is such a candy:
pragma solidity ^0.4.18;
contract MultiplicatorX2
{
address public Owner = msg.sender;
function() public payable{}
function withdraw() payable public
{
require(msg.sender == Owner);
Owner.transfer(this.balance);
}
function multiplicate(address adr) public payable
{
if(msg.value>=this.balance)
{
adr.transfer(this.balance+msg.value);
}
}
}
A contract is very simple. It has one ether on it. Now, if you want to get it, you should send equal amount - and get it all: "if(msg.value>=this.balance)".
Well... as I said, a trap. A code published isn't identical to bitcode in a blockchain.
Here is an address:
https://etherscan.io/address/0xe26e90598190a98c92c75204c9a4ecfe5983f8e0#codeIf you follow the link, you can see that:
the first payment (1 ether) was made by a creator
a second payment was made by an unknown hacker
then a creator took the money and disappeared in a thin air
Disappeared? Did I say - disappeared?
Nope, he created a new contract:
https://etherscan.io/address/0x5aA88d2901C68fdA244f1D0584400368d2C8e739I love Ethereum smart contracts and popcorn: they go well together.
