CSSE 490 (Blockchain)

Lab 3 - Get on the List, Again

They said "only put your name once." Did I listen?

Just like in lab 2, your task in this lab is once again an advertising task: you are trying to put your name on a list more times than all the other students. You'll do this by writing a smart contract to exploit a vulnerability in the Leaderboard smart contract that allows you to bypass the "only on the list once" rule.

Automate this! Create a new smart contract that runs on your behalf.

The New Leaderboard Smart Contract

This contract allows you to "register" your smart contract with the system, then you send it Ether to get put on the list. Once you're on the list, the contract refunds your Ether. It attempts to limit you to one entry on the list; if you re-register, it removes you from the list.

• initialize (address studentAlias)
  When called, this function identifies the msg.sender as your smart contract, then enables you to add your name and removes you from the board. The studentAlias you send should be the account you created for class (the one in MetaMask).
• getLeaderboardEntryByAlias (address studentAlias)
  You call this function with an address, and it finds the number of entries on the board that correspond to the contracts owned by that address. The input argument should be a student's RoseChain address, and the output will be the number of that students' contracts' entries.
• getLeaderboardEntryByCaller (address caller)
  You call this function with an address, and it finds the number of entries on the board recorded under that address. The input argument should be a student's contract address, and the output will be the number of that contracts' entries.
• addName (uint key) payable
  Your smart contract should call this function and provide it with the "secret" key and some Ether. If you provide the right key, it will add your contract's name to the board once, then refund your Ether.
• addNameOnce (uint sentValueCheck) payable
  This is a new method that attempts to make the name adding "atomic", after the "enough $ deposited" validation happens. This method will fail unless addName has previously set inAddProcess[your contract address].

Exploiting the System

Your job is to find and exploit a vulnerability in the system that bypasses the "already on the list" check, and get the code to put you on the list more than once without re-calling initialize().

The contract runs on the Rose Chain, and your job is to deploy a smart contract that exploits the Leaderboard contract to use a re-entrancy vulnerability to get a bigger number next to your name on the list.

It is recommended that you begin by deploying the contract on your own local blockchain and test your exploit there before you deploy to the Rose Chain and exploit the contract for real. You can verify list entries by using methods on the LeaderBoard contract, or you can download the source code for the leaderboard web page and modify it for your purposes.

When you are ready to test out your work on the real RoseRent contract, you can find Leaderboard deployed on the Rose Chain at this address: 0x0c1F56147d5FBE870Ff96c56a0638444497bA65B.

Minimum Requirements

1. You must create a smart contract that can:
   • Accept Ether from your wallet (we will loan you some to play with)
   • Reference Leaderboard.sol contract functions by address and ABI
   • Call initialize() and other methods as necessary to get onto the list.
   • Accept Ether from the LeaderBoard contract (addName() sends your Ether back)
   • Transfer Ether back to your wallet
2. You must test your techniques on your local blockchain and show your TA or instructor your code before you try to execute it on the Rose chain.
3. Your contract interactions on the rose chain must be with the Leaderboard contract at the address provided by your instructor.
4. You must be able to withdraw any funds you put into your malicious contract and refund your TA or instructor at the end of the lab.

Grading

You will earn one coder token for completing the minimum requirements (getting on the list).

You will earn one hacker token for maliciously interacting with the Leaderboard contract deployed on the Rose chain and get on the list more than once (have a value > 1 next to your address).

You may earn one more coder token for creating a new version of Lab3_Leaderboard.sol that is not vulnerable to your attack.

You may earn one more hacker token for maliciously interacting with the Leaderboard contract deployed on the Rose chain and get on the list more than ONE HUNDRED TIMES (have a value > 100 next to your address).

You may earn up to one presenter token (max one across the four labs) for demonstrating your hack and fix to the class after everyone is done. You may only demonstrate one of the four labs for this token (you can't get more than one for demonstrating labs).