第一部分
第二部分
第三部分
simplestorage合约
这是simplestorage
,该智能合约可以实现简单的对变量store和load。
在remix中打开编辑器,选择0.4.0版本,编译后获得js脚本。
var simlpestorageContract = web3.eth.contract([{"constant":false,"inputs":[{"name":"x","type":"uint256"}],"name":"set","outputs":[],"payable":false,"type":"function","stateMutability":"nonpayable"},{"constant":true,"inputs":[],"name":"get","outputs":[{"name":"retVal","type":"uint256"}],"payable":false,"type":"function","stateMutability":"view"}]);
var simlpestorage = simlpestorageContract.new(
{
from: web3.eth.accounts[0],
data: '0x606060405260a18060106000396000f360606040526000357c01000000000000000000000000000000000000000000000000000000009004806360fe47b11460435780636d4ce63c14605d57603f565b6002565b34600257605b60048080359060200190919050506082565b005b34600257606c60048050506090565b6040518082815260200191505060405180910390f35b806000600050819055505b50565b60006000600050549050609e565b9056',
gas: '470000'
}, function (e, contract){
console.log(e, contract);
if (typeof contract.address !== 'undefined') {
console.log('Contract mined! address: ' + contract.address + ' transactionHash: ' + contract.transactionHash);
}
})
load成功后该脚本,并在remix中编译后abi中获取相应的abi,并将abi写入storage,这是写入完成效果。
simplestorage.abi = [
{
"constant": false,
"inputs": [
{
"name": "x",
"type": "uint256"
}
],
"name": "set",
"outputs": [],
"payable": false,
"type": "function",
"stateMutability": "nonpayable"
},
{
"constant": true,
"inputs": [],
"name": "get",
"outputs": [
{
"name": "retVal",
"type": "uint256"
}
],
"payable": false,
"type": "function",
"stateMutability": "view"
}
]
simplestorage对变量set(1)
挖矿后,simplestorage成功获取设置变量
telephone合约及attack
获取telephone owner地址(默认为eth.accounts[0])
执行attack调用telephone中的changeowner函数,将币转给攻击者设置的账户
交易 transaction 可以包含1个或多个合约 contract。
- 一个合约时,对于合约本身来说,tx.origin 和 msg.sender 是同一个地址。
- 多个合约时,如: 用户、合约A、合约B。用户通过合约A ,调合约B。此时对于合约A:tx.origin 和 msg.sender 都是用户。对于合约B:tx.origin 是用户。msg.sender 是合约A。
使用tx.orgin来验证时,通过验证tx.orgin,他会得到初始地址,可能会遇到攻击。