Introduction to Ethereum Contracts

By example

Paweł Bylica

pawel.bylica@imapp.pl

What will be used?

Scenario

​Contract to manage pocket money

  • exploit Wallet contract
  • 2 owners - parent and child
  • small daily payout limit

Creating Wallet Contract

What happened so far?

class SharedWallet(contract):
   
  owner1
  owner2
  daily_limit

  def init():
    owner1 = msg.sender       # creator of the contract
    owner2 = 0xB46d3B4A359D301143B3DF86D56e135768946782
    daily_limit = 1 * 10**18  # 1 ETH

Contract initialization

Endow the Pocket Money

Transfer without confirmation

class SharedWallet(contract):
   
  owner1
  owner2
  daily_limit

  day          # number of the day being tracked
  transferred  # money transferred that day

  def get_day_number():
    return block.timestamp / (60 * 60 * 24)

  def transfer(to, value):
    if msg.sender != owner1 and msg.sender != owner2:
      return
    
    d = get_day_number()
    if d != day:
      day = d                 # new day!
      transferred = 0         # reset daily counter

    if value + transferred <= daily_limit:
      if to.send(value):      # try sending value
        transferred += value  # increase daily counter

Transfer with confirmation

class SharedWallet(contract):
   
  owner1, owner2, daily_limit

  day          # number of the day being tracked
  transferred  # money transferred that day

  pending      # transfer that needs confirmation

  def transfer(to, value):
    if msg.sender != owner1 and msg.sender != owner2:
      return
    
    # check for new day

    if value + transferred <= daily_limit:
      if to.send(value):      # try sending value
        transferred += value  # increase daily counter
    else:
      pending = (to, value, msg.sender)  # save for confirmation

Confirmation​

class SharedWallet(contract):
   
  owner1, owner2, daily_limit

  day          # number of the day being tracked
  transferred  # money transferred that day

  pending      # transfer that needs confirmation

  def transfer(to, value):    
    # (...)

    else:
      pending = (to, value, msg.sender)  # save for confirmation

  def confirm():
    if msg.sender != owner1 and msg.sender != owner2:
      return
    
    to, value, payer = pending  # unpack pending
    if msg.sender != payer:     # the other owner
      if to.send(value):        # try sending value
        pending = ()            # clear pending

Full pseudocode

class SharedWallet(contract):
   
  owner1, owner2, daily_limit

  day          # number of the day being tracked
  transferred  # money transferred that day

  pending      # transfer that needs confirmation

  def init():
    owner1 = msg.sender       # creator of the contract
    owner2 = 0xB46d3B4A359D301143B3DF86D56e135768946782
    daily_limit = 1 * 10**18  # 1 ETH

  def get_day_number():
    return block.timestamp / (60 * 60 * 24)

  def transfer(to, value):
    if msg.sender != owner1 and msg.sender != owner2:
      return
    
    d = get_day_number()
    if d != day:
      day = d                 # new day!
      transferred = 0         # reset daily counter

    if value + transferred <= daily_limit:
      if to.send(value):      # try sending value
        transferred += value  # increase daily counter
    else:
      pending = (to, value, msg.sender)  # save for confirmation

  def confirm():
    if msg.sender != owner1 and msg.sender != owner2:
      return
    
    to, value, payer = pending  # unpack pending
    if msg.sender != payer:     # the other owner
      if to.send(value):        # try sending value
        pending = ()            # clear pending

Introduction to Ethereum Contracts

By example

Questions?

Paweł Bylica

Thank you

Introduction to Ethereum Contracts

By The Golem Project

Introduction to Ethereum Contracts

  • 746
Loading comments...

More from The Golem Project