-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathVulnerableContract.sol
60 lines (50 loc) · 2.07 KB
/
VulnerableContract.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
// Author: Saurabh Singh
pragma solidity ^0.8.0;
contract VulnerableContract {
mapping(address => uint256) private balances;
function deposit() external payable {
// Vulnerability 1: Lack of input validation (SWC-101)
balances[msg.sender] += msg.value;
}
function withdraw(uint256 amount) external {
// Vulnerability 2: Reentrancy (SWC-107)
if (balances[msg.sender] >= amount) {
balances[msg.sender] -= amount;
(bool success, ) = msg.sender.call{value: amount}("");
require(success, "Withdrawal failed");
}
}
function transfer(address payable recipient, uint256 amount) external {
// Vulnerability 3: Unchecked Call Return Value (SWC-114)
(bool success, ) = recipient.call{value: amount}("");
require(success, "Transfer failed");
}
function destroy() external {
// Vulnerability 4: Use of Deprecated Solidity Functions (SWC-105)
selfdestruct(payable(msg.sender));
}
// Vulnerability 5: Unprotected fallback function (SWC-116)
fallback() external payable {
balances[msg.sender] += msg.value;
}
// Vulnerability 6: Unprotected receive function (SWC-116)
receive() external payable {
balances[msg.sender] += msg.value;
}
// Vulnerability 7: Insecure Randomness (SWC-114)
function generateRandomNumber() external view returns (uint256) {
return uint256(keccak256(abi.encodePacked(block.timestamp, block.difficulty)));
}
// Vulnerability 9: Unprotected Ether Withdrawal (SWC-118)
function withdrawBalance() external {
require(balances[msg.sender] > 0, "No balance to withdraw");
uint256 amount = balances[msg.sender];
balances[msg.sender] = 0;
(bool success, ) = msg.sender.call{value: amount}("");
require(success, "Withdrawal failed");
}
// Vulnerability 10: Integer Overflow or Underflow (SWC-101)
function increment(uint256 value) external pure returns (uint256) {
return value + 1;
}
}