not-so-smart-contracts icon indicating copy to clipboard operation
not-so-smart-contracts copied to clipboard

Published 20 hours ago verified publisher icon crytic

tx.origin misuse example

Open adamskrodzki opened this issue 7 years ago • 10 comments

adamskrodzki avatar Oct 12 '18 15:10 adamskrodzki

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
2 out of 3 committers have signed the CLA.

:white_check_mark: disconnect3d
:white_check_mark: montyly
:x: adamskrodzki
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Oct 12 '18 15:10 CLAassistant

looks like something is broken in license/cla I've clicked sign and form redirected me by check is still pending

adamskrodzki avatar Oct 12 '18 15:10 adamskrodzki

@adamskrodzki as the bot says:

Your Name seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.

It seems you fired more or less such command on ur machine:

git config --global user.name "Your name"

And then made commits and pushed them.

Please change your name in your git config so it corresponds to your github account:

git config --global user.name adamskrodzki

And then fix (change) your commits as described here: https://stackoverflow.com/questions/3042437/how-to-change-the-commit-author-for-one-specific-commit

You will have to re-push the commits with force afterwards. I recommend git push --force-with-lease for that (in this case you can also use git push --force but see https://developer.atlassian.com/blog/2015/04/force-with-lease/).

disconnect3d avatar Oct 13 '18 09:10 disconnect3d

@disconnect3d Thank You for your help, looks like now it works

adamskrodzki avatar Oct 13 '18 14:10 adamskrodzki

Thanks for the PR! Can you include some more detail in your writeup. We want to have the following sections for all of our writeups:

  • [ ] Description of the unique vulnerability type
  • [ ] Attack scenario(s) to exploit the vulnerability
  • [ ] Recommendations to eliminate or mitigate the vulnerability
  • [ ] Real-world contracts that exhibit the flaw
  • [ ] References to third-party resources with more information

Please also keep the writeup focused on the technical details, and not the state of mind of the developer:

Some incompetent developer creates a service FreeSuperSecuredWalletsFactory (Let's call him Danny)

dguido avatar Oct 13 '18 20:10 dguido

Please also keep the writeup focused on the technical details, and not the state of mind of the developer:

Some incompetent developer creates a service FreeSuperSecuredWalletsFactory (Let's call him Danny)

Intention was to indroduce real life scenarion. I believe this particular attack is tricky because one creating code with it might be neither victim nor attacker and victim might be harmed interacting with some totally different contract.

Anyway I've edited Readme, please review

adamskrodzki avatar Oct 14 '18 05:10 adamskrodzki

Honestly I'm not to much used to use Markdown so it might be misused, now should have been better

@montyly @disconnect3d

Please review

adamskrodzki avatar Oct 24 '18 21:10 adamskrodzki

@montyly @disconnect3d

Please review I applied Your advices 11 days ago

adamskrodzki avatar Nov 04 '18 20:11 adamskrodzki

Hi @montyly @disconnect3d Vivek from Gitcoin here, are you able to review this one this week? Just checking in on behalf of @adamskrodzki 🙂

vs77bb avatar Nov 08 '18 15:11 vs77bb

@adamskrodzki hey William from Gitcoin here - are you still working on this issue? there are some requested changes from @disconnect3d :)

willsputra avatar Nov 20 '18 15:11 willsputra