diff --git a/data/CVE/2018-13071.sol b/data/CVE/2018-13071.sol new file mode 100644 index 0000000000000000000000000000000000000000..66840e87030a9cb2b68fec6946a77a1ad680ad63 --- /dev/null +++ b/data/CVE/2018-13071.sol @@ -0,0 +1,231 @@ +/** + *Submitted for verification at Etherscan.io on 2017-11-18 +*/ + +//ERC20 Token +pragma solidity ^0.4.17; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = "T10 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /*************************************************/ + mapping(address=>uint256) public indexes; + mapping(uint256=>address) public addresses; + uint256 public lastIndex = 0; + /*************************************************/ + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + /*****************************************/ + addresses[1] = msg.sender; + indexes[msg.sender] = 1; + lastIndex = 1; + /*****************************************/ + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts _ to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract CCindexToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping(address=>bool) public frozenAccount; + + + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + uint256 public constant initialSupply = 40000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "CCindex10"; + string public tokenSymbol = "T10"; + function CCindexToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + /* Send coins */ + function transfer(address _to, uint256 _value) { + // if(!canHolderTransfer()) throw; + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + if(_value > 0){ + if(balanceOf[msg.sender] == 0){ + addresses[indexes[msg.sender]] = addresses[lastIndex]; + indexes[addresses[lastIndex]] = indexes[msg.sender]; + indexes[msg.sender] = 0; + delete addresses[lastIndex]; + lastIndex--; + } + if(indexes[_to]==0){ + lastIndex++; + addresses[lastIndex] = _to; + indexes[_to] = lastIndex; + } + } + } + + function getAddresses() constant returns (address[]){ + address[] memory addrs = new address[](lastIndex); + for(uint i = 0; i < lastIndex; i++){ + addrs[i] = addresses[i+1]; + } + return addrs; + } + + function distributeTokens(uint startIndex,uint endIndex) onlyOwner returns (uint) { + // if(balanceOf[owner] < _amount) throw; + uint distributed = 0; + require(startIndex < endIndex); + + for(uint i = startIndex; i < lastIndex; i++){ + address holder = addresses[i+1]; + uint reward = balanceOf[holder] * 3 / 100; + balanceOf[holder] += reward; + distributed += reward; + Transfer(0, holder, reward); + } + + // balanceOf[owner] -= distributed; + totalSupply += distributed; + return distributed; + } + + /************************************************************************/ + + /************************************************************************/ + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data/CVE_clean/2018-13071.sol b/data/CVE_clean/2018-13071.sol new file mode 100644 index 0000000000000000000000000000000000000000..1d178d1489be811639c7798fdd82f912d5b39e42 --- /dev/null +++ b/data/CVE_clean/2018-13071.sol @@ -0,0 +1,171 @@ +pragma solidity ^0.4.17; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = "T10 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + mapping(address=>uint256) public indexes; + mapping(uint256=>address) public addresses; + uint256 public lastIndex = 0; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + addresses[1] = msg.sender; + indexes[msg.sender] = 1; + lastIndex = 1; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract CCindexToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping(address=>bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + uint256 public constant initialSupply = 40000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "CCindex10"; + string public tokenSymbol = "T10"; + function CCindexToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + if(_value > 0){ + if(balanceOf[msg.sender] == 0){ + addresses[indexes[msg.sender]] = addresses[lastIndex]; + indexes[addresses[lastIndex]] = indexes[msg.sender]; + indexes[msg.sender] = 0; + delete addresses[lastIndex]; + lastIndex--; + } + if(indexes[_to]==0){ + lastIndex++; + addresses[lastIndex] = _to; + indexes[_to] = lastIndex; + } + } + } + function getAddresses() constant returns (address[]){ + address[] memory addrs = new address[](lastIndex); + for(uint i = 0; i < lastIndex; i++){ + addrs[i] = addresses[i+1]; + } + return addrs; + } + function distributeTokens(uint startIndex,uint endIndex) onlyOwner returns (uint) { + uint distributed = 0; + require(startIndex < endIndex); + for(uint i = startIndex; i < lastIndex; i++){ + address holder = addresses[i+1]; + uint reward = balanceOf[holder] * 3 / 100; + balanceOf[holder] += reward; + distributed += reward; + Transfer(0, holder, reward); + } + totalSupply += distributed; + return distributed; + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data/CVE_label/CVE2description.json b/data/CVE_label/CVE2description.json new file mode 100644 index 0000000000000000000000000000000000000000..e05f122c9ca459e427113bc1982b5236434710d1 --- /dev/null +++ b/data/CVE_label/CVE2description.json @@ -0,0 +1,564 @@ +{ + "CVE-2023-41052": "Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.", + "CVE-2023-40015": "Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.", + "CVE-2023-40014": "OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.", + "CVE-2023-39363": "Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.", + "CVE-2023-34459": "OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for verification and the merkle tree that is processed includes a node with value 0 at depth 1 (just under the root). This could happen inadvertedly for balanced trees with 3 leaves or less, if the leaves are not hashed. This could happen deliberately if a malicious tree builder includes such a node in the tree. A contract is not vulnerable if it uses single-leaf proving (`verify`, `verifyCalldata`, `processProof`, or `processProofCalldata`), or if it uses multiproofs with a known tree that has hashed leaves. Standard merkle trees produced or validated with the @openzeppelin/merkle-tree library are safe. The problem has been patched in version 4.9.2. Some workarounds are available. For those using multiproofs: When constructing merkle trees hash the leaves and do not insert empty nodes in your trees. Using the @openzeppelin/merkle-tree package eliminates this issue. Do not accept user-provided merkle roots without reconstructing at least the first level of the tree. Verify the merkle tree structure by reconstructing it from the leaves.", + "CVE-2023-34449": "ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch.", + "CVE-2023-34234": "OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround.", + "CVE-2023-32675": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.", + "CVE-2023-32059": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.", + "CVE-2023-32058": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.", + "CVE-2023-31146": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.", + "CVE-2023-30837": "Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.", + "CVE-2023-30629": "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.", + "CVE-2023-30542": "OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would eventually execute without any calldata. The `ProposalCreated` event correctly represents what will eventually execute, but the proposal parameters as queried through `getActions` appear to respect the original intended calldata. This issue has been patched in 4.8.3. As a workaround, ensure that all proposals that pass through governance have equal length `signatures` and `calldatas` parameters.", + "CVE-2023-30541": "OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from calldata. The probability of an accidental clash is negligible, but one could be caused deliberately and could cause a reduction in availability. The issue has been fixed in version 4.8.3. As a workaround if a function appears to be inaccessible for this reason, it may be possible to craft the calldata such that ABI decoding does not fail at the proxy and the function is properly proxied through.", + "CVE-2023-26488": "OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2.", + "CVE-2023-23940": "OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1.", + "CVE-2022-46173": "Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between the transaction caches and the processing component. If the above-mentioned transaction was sent with more gas than required, the smart contract result (SCR transaction) that should have returned the leftover gas, would have been wrongly added to a cache that the processing unit did not consider. The node stopped notarizing metachain blocks. The fix was actually to extend the SCR transaction search in all other caches if it wasn't found in the correct (expected) sharded-cache. There are no known workarounds at this time. This issue has been patched in version 1.3.50.", + "CVE-2022-39384": "OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization.", + "CVE-2022-36061": "Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.", + "CVE-2022-35961": "OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a single `bytes` argument, and not the functions that take `r, v, s` or `r, vs` as separate arguments. The potentially affected contracts are those that implement signature reuse or replay protection by marking the signature itself as used rather than the signed message or a nonce included in it. A user may take a signature that has already been submitted, submit it again in a different form, and bypass this protection. The issue has been patched in 4.7.3.", + "CVE-2022-35916": "OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.", + "CVE-2022-35915": "OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.", + "CVE-2022-31198": "OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum.", + "CVE-2022-31172": "OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. `SignatureChecker.isValidSignatureNow` is not expected to revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected. The contracts that may be affected are those that use `SignatureChecker` to check the validity of a signature and handle invalid signatures in a way other than reverting. The issue was patched in version 4.7.1.", + "CVE-2022-31170": "OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1. The contracts that may be affected are those that use `ERC165Checker` to check for support for an interface and then handle the lack of support in a way other than reverting. The issue was patched in version 4.7.1.", + "CVE-2022-29255": "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.", + "CVE-2022-27134": "EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string memo` parameter.", + "CVE-2022-24845": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.", + "CVE-2022-24788": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.", + "CVE-2022-24787": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `\"\\x00\"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.", + "CVE-2021-41264": "OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301).", + "CVE-2021-41122": "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.", + "CVE-2021-41121": "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.", + "CVE-2021-39168": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.", + "CVE-2021-39167": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.", + "CVE-2021-34273": "A security flaw in the 'owned' function of a smart contract implementation for BTC2X (B2X), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets.", + "CVE-2021-34272": "A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets.", + "CVE-2021-34270": "An integer overflow in the mintToken function of a smart contract implementation for Doftcoin Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses.", + "CVE-2021-33403": "An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large accounts during a transaction.", + "CVE-2021-3006": "The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021.", + "CVE-2021-3004": "The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.", + "CVE-2020-35962": "The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.", + "CVE-2020-17753": "An issue was discovered in function addMeByRC in the smart contract implementation for RC, an Ethereum token, allows attackers to transfer an arbitrary amount of tokens to an arbitrary address.", + "CVE-2020-17752": "Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON).", + "CVE-2019-15080": "An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack.", + "CVE-2019-15079": "A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free.", + "CVE-2019-15078": "An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free.", + "CVE-2018-19834": "The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19833": "The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19832": "The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19831": "The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19830": "The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity.", + "CVE-2018-18425": "The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency. (Increasing the total supply by using 'doAirdrop' ignores the hard cap written in the contract and devalues the token.)", + "CVE-2018-17987": "The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile.", + "CVE-2018-17968": "A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.", + "CVE-2018-17882": "An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.", + "CVE-2018-17877": "A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-17111": "The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect.", + "CVE-2018-17071": "The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-17050": "The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-15552": "The \"PayWinner\" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable \"maxTickets\" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-14715": "The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.", + "CVE-2018-14576": "The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.", + "CVE-2018-14089": "An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition.", + "CVE-2018-14088": "An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the \"amount * 1000000000000000\" will cause an integer overflow in withdrawToFounders().", + "CVE-2018-14087": "An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the \"msg.value * buyPrice\" will cause an integer overflow in the fallback function.", + "CVE-2018-14086": "An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the \"amount * sellPrice\" will cause an integer overflow in sell().", + "CVE-2018-14085": "An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit { uint public start; function sweep(address _token, uint _amount) returns (bool) { start = 0x123456789; return true;} }. Then, when one calls the function sweep() in the UserWallet contract, it will change the sweeperList to 0X123456789.", + "CVE-2018-14084": "An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the \"amount * sellPrice\" will cause an integer overflow in sell().", + "CVE-2018-14063": "The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow.", + "CVE-2018-14006": "An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14005": "An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14004": "An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14003": "An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14002": "An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14001": "An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-13877": "The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land, users cannot buy lands near that contract's land, because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors.", + "CVE-2018-13836": "An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-13783": "The mintToken function of a smart contract implementation for JiucaiToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13782": "The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13781": "The mintToken function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13780": "The mintToken function of a smart contract implementation for ESH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13779": "The mintToken function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13778": "The mintToken function of a smart contract implementation for CGCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13777": "The mintToken function of a smart contract implementation for RRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13776": "The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13775": "The mintToken function of a smart contract implementation for RCKT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13774": "The mintToken function of a smart contract implementation for Bitstarti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13773": "The mintToken function of a smart contract implementation for Enterprise Token Ecosystem (ETE) (Contract Name: NetkillerToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13772": "The mintToken function of a smart contract implementation for TheFlashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13771": "The mintToken function of a smart contract implementation for ExacoreContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13770": "The mintToken function of a smart contract implementation for UltimateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13769": "The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13768": "The mintToken function of a smart contract implementation for ZToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13767": "The mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13766": "The mintToken function of a smart contract implementation for Easticoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13765": "The mintToken function of a smart contract implementation for LandCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13764": "The mintToken function of a smart contract implementation for BiquToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13763": "The mintToken function of a smart contract implementation for Ublasti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13762": "The mintToken function of a smart contract implementation for Yumerium, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13761": "The mintToken function of a smart contract implementation for NetkillerAdvancedTokenAirDrop, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13760": "The mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13759": "The mintToken function of a smart contract implementation for BIGCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13758": "The mintToken function of a smart contract implementation for LoliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13757": "The mintToken function of a smart contract implementation for Coinquer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13756": "The mintToken function of a smart contract implementation for CherryCoinFoundation, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13755": "The mintToken function of a smart contract implementation for OTAKUToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13754": "The mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13753": "The mintToken function of a smart contract implementation for DeWeiSecurityServiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13752": "The mintToken function of a smart contract implementation for Thread, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13751": "The mintToken function of a smart contract implementation for JustWallet, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13750": "The mintToken function of a smart contract implementation for RichiumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13749": "The mintToken function of a smart contract implementation for FinalToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13748": "The mintToken function of a smart contract implementation for CarToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13747": "The mintToken function of a smart contract implementation for VanMinhCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13746": "The mintToken function of a smart contract implementation for kBit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13745": "The mintToken function of a smart contract implementation for STCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13744": "The mintToken function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13743": "The mintToken function of a smart contract implementation for SuperEnergy (SEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13742": "The mintToken function of a smart contract implementation for tickets (TKT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13741": "The mintToken function of a smart contract implementation for ABLGenesisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13740": "The mintToken function of a smart contract implementation for OneChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13739": "The mintToken function of a smart contract implementation for dopnetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13738": "The mintToken function of a smart contract implementation for PELOCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13737": "The mintToken function of a smart contract implementation for AnovaBace, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13736": "The mintToken function of a smart contract implementation for ELearningCoinERC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13735": "The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13734": "The mintToken function of a smart contract implementation for AZTToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13733": "The mintToken function of a smart contract implementation for ProjectJ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13732": "The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13731": "The mintToken function of a smart contract implementation for TokenMACHU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13730": "The mintToken function of a smart contract implementation for HEY, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13729": "The mintToken function of a smart contract implementation for JPMD100B, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13728": "The mintToken function of a smart contract implementation for JixoCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13727": "The mintToken function of a smart contract implementation for Eastcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13726": "The mintToken function of a smart contract implementation for ISeeVoiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13725": "The mintToken function of a smart contract implementation for GlobalSuperGameToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13724": "The mint function of a smart contract implementation for HYIPCrowdsale1, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13723": "The mintToken function of a smart contract implementation for SERVVIZIOToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13722": "The mint function of a smart contract implementation for HYIPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13721": "The mintToken function of a smart contract implementation for GoMineWorld, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13720": "The mintToken function of a smart contract implementation for Antoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13719": "The mintToken function of a smart contract implementation for BiteduToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13718": "The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13717": "The mintToken function of a smart contract implementation for HormitechToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13716": "The mintToken function of a smart contract implementation for sexhdsolo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13715": "The mintToken function of a smart contract implementation for BpsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13714": "The mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13713": "The mintToken function of a smart contract implementation for Tradesman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13712": "The mintToken function of a smart contract implementation for PMET, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13711": "The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13710": "The mintToken function of a smart contract implementation for Mjolnir, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13709": "The mintToken function of a smart contract implementation for Tube, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13708": "The mintToken function of a smart contract implementation for Order (ETH) (Contract Name: BuyToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13707": "The mintToken function of a smart contract implementation for YSS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13706": "The mintToken function of a smart contract implementation for IdeaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13705": "The mintToken function of a smart contract implementation for PMHToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13704": "The mintToken function of a smart contract implementation for eddToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13703": "The mintToken function of a smart contract implementation for CERB_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13702": "The mintToken function of a smart contract implementation for Essence, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13701": "The mintToken function of a smart contract implementation for KissMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13700": "The mintToken function of a smart contract implementation for IPMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13699": "The mintToken function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13698": "The mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13697": "The mintToken function of a smart contract implementation for RobotBTC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13696": "The mintToken function of a smart contract implementation for RedTicket, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13695": "The mint function of a smart contract implementation for CTest7, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13694": "The mintToken function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13693": "The mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13692": "The mintToken function of a smart contract implementation for MehdiTAZIToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13691": "The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13690": "The mintToken function of a smart contract implementation for Instacocoa, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13689": "The mintToken function of a smart contract implementation for CJXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13688": "The mintToken function of a smart contract implementation for MallToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13687": "The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13686": "The mintToken function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13685": "The mintToken function of a smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13684": "The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13683": "The mintToken function of a smart contract implementation for exsulcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13682": "The mintToken function of a smart contract implementation for ViteMoneyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13681": "The mintToken function of a smart contract implementation for SOSCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13680": "The mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13679": "The mintToken function of a smart contract implementation for ZPEcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13678": "The mintToken function of a smart contract implementation for Lottery, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13677": "The mintToken function of a smart contract implementation for Goochain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13676": "The mintToken function of a smart contract implementation for Orderbook Presale Token (OBP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13675": "The mintToken function of a smart contract implementation for YAMBYO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13674": "The mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13673": "The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13672": "The mintToken function of a smart contract implementation for OBTCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13671": "The mintToken function of a smart contract implementation for DinsteinCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13670": "The mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13669": "The mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13668": "The mintToken function of a smart contract implementation for BTPCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13667": "The mintToken function of a smart contract implementation for UTBTokenTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13666": "The mintToken function of a smart contract implementation for EristicaICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13665": "The mintToken function of a smart contract implementation for BCaaS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13664": "The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13663": "The mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13662": "The mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13661": "The mintToken function of a smart contract implementation for APP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13660": "The mint function of a smart contract implementation for BillionRewardsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13659": "The mintToken function of a smart contract implementation for BrianCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13658": "The mintToken function of a smart contract implementation for TheGoDgital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13657": "The mintToken function of a smart contract implementation for Rice, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13656": "The mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13655": "The mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13654": "The mintToken function of a smart contract implementation for ESTSToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13653": "The mintToken function of a smart contract implementation for ipshoots, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13652": "The mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13651": "The mintToken function of a smart contract implementation for MicoinNetworkToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13650": "The mintToken function of a smart contract implementation for BitmaxerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13649": "The mintToken function of a smart contract implementation for Deploy, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13648": "The mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13647": "The mintToken function of a smart contract implementation for TrueGoldCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13646": "The mintToken function of a smart contract implementation for Datiac, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13645": "The mintToken function of a smart contract implementation for Fiocoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13644": "The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13643": "The mintToken function of a smart contract implementation for GCRTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13642": "The mintToken function of a smart contract implementation for SECoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13641": "The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13640": "The mintToken function of a smart contract implementation for EthereumSmart, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13639": "The mintToken function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13638": "The mintToken function of a smart contract implementation for Bitpark, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13637": "The mintToken function of a smart contract implementation for CikkaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13636": "The mintToken function of a smart contract implementation for TurdCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13635": "The mintToken function of a smart contract implementation for HBCM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13634": "The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13633": "The mintToken function of a smart contract implementation for Martcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13632": "The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13631": "The mintToken function of a smart contract implementation for doccoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13630": "The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13629": "The mintToken function of a smart contract implementation for CrimsonShilling, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13628": "The mintToken function of a smart contract implementation for MomentumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13627": "The mintToken function of a smart contract implementation for MyOffer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13626": "The mintToken function of a smart contract implementation for SemainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13625": "The mintlvlToken function of a smart contract implementation for Krown, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13624": "The mintToken function of a smart contract implementation for WXSLToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13623": "The mintToken function of a smart contract implementation for AirdropperCryptics, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13622": "The mintToken function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13621": "The mintToken function of a smart contract implementation for SoundTribeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13620": "The mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13619": "The mintToken function of a smart contract implementation for MicoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13618": "The mintToken function of a smart contract implementation for VICETOKEN_ICO_IS_A_SCAM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13617": "The mintToken function of a smart contract implementation for CAPTOZ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13616": "The mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13615": "The mintToken function of a smart contract implementation for MJCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13614": "The mintToken function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13613": "The mintToken function of a smart contract implementation for CON0217, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13612": "The mintToken function of a smart contract implementation for Robincoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13611": "The mintToken function of a smart contract implementation for CDcurrency, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13610": "The mintToken function of a smart contract implementation for MedicayunLink, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13609": "The mintToken function of a smart contract implementation for CSAToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13608": "The mintToken function of a smart contract implementation for archercoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13607": "The mintToken function of a smart contract implementation for ResidualShare, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13606": "The mintToken function of a smart contract implementation for ARChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13605": "The mintToken function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13604": "The mintToken function of a smart contract implementation for wellieat, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13603": "The mintToken function of a smart contract implementation for Briant2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13602": "The mint function of a smart contract implementation for MiningToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13601": "The mintToken function of a smart contract implementation for GalacticX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13600": "The mintToken function of a smart contract implementation for AMToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13599": "The mintToken function of a smart contract implementation for ResidualValue, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13598": "The mintToken function of a smart contract implementation for SendMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13597": "The mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13596": "The mintToken function of a smart contract implementation for TESTAhihi, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13595": "The mintToken function of a smart contract implementation for BitStore, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13594": "The mintToken function of a smart contract implementation for CardFactory, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13593": "The mintToken function of a smart contract implementation for CardToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13592": "The mintToken function of a smart contract implementation for RajTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13591": "The mintToken function of a smart contract implementation for KAPcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13590": "The mintToken function of a smart contract implementation for SIPCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13589": "The mintToken function of a smart contract implementation for MooAdvToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13588": "The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13587": "The mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13586": "The mintToken function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13585": "The mintToken function of a smart contract implementation for CHERRYCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13584": "The mintToken function of a smart contract implementation for yasudem, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13583": "The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13582": "The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13581": "The mintToken function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13580": "The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13579": "The mintToken function of a smart contract implementation for ForeverCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13578": "The mintToken function of a smart contract implementation for GalaxyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13577": "The mintToken function of a smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13576": "The mintToken function of a smart contract implementation for Escut (ESCT) (Contract Name: JuntsPerCreixer), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13575": "The mintToken function of a smart contract implementation for YESToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13574": "The mintToken function of a smart contract implementation for DataShieldCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13573": "The mintToken function of a smart contract implementation for TripPay, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13572": "The mintToken function of a smart contract implementation for PGM_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13571": "The mintToken function of a smart contract implementation for GoramCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13570": "The mint function of a smart contract implementation for kkTestCoin1 (KTC1), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13569": "The mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13568": "The mintToken function of a smart contract implementation for MktCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13567": "The mintToken function of a smart contract implementation for SDR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13566": "The mintToken function of a smart contract implementation for RETNToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13565": "The mintToken function of a smart contract implementation for Co2Bit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13564": "The mintToken function of a smart contract implementation for GATcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13563": "The mintToken function of a smart contract implementation for UPayToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13562": "The mintToken function of a smart contract implementation for BMVCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13561": "The mintToken function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13560": "The mintToken function of a smart contract implementation for KelvinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13559": "The mintToken function of a smart contract implementation for UTCT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13558": "The mintToken function of a smart contract implementation for rhovit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13557": "The mintToken function of a smart contract implementation for Trabet_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13556": "The mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13555": "The mintToken function of a smart contract implementation for JaxBox, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13554": "The mintToken function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13553": "The mintToken function of a smart contract implementation for Micro BTC (MBTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13552": "The mintToken function of a smart contract implementation for Trabet_Coin_PreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13551": "The mintToken function of a smart contract implementation for Bgamecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13550": "The mintToken function of a smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13549": "The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13548": "The mintToken function of a smart contract implementation for Mimicoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13547": "The mintToken function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13546": "The mintToken function of a smart contract implementation for CCASH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13545": "The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13544": "The mintToken function of a smart contract implementation for Numisma, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13543": "The mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13542": "The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13541": "The mintToken function of a smart contract implementation for CryptoLeu, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13540": "The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13539": "The mintToken function of a smart contract implementation for Bcxss, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13538": "The mintToken function of a smart contract implementation for SIPCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13537": "The mintToken function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13536": "The mintToken function of a smart contract implementation for ERC20_ICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13535": "The mintToken function of a smart contract implementation for PACCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13534": "The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13533": "The mintToken function of a smart contract implementation for ALUXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13532": "The mintToken function of a smart contract implementation for Mindexcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13531": "The mintToken function of a smart contract implementation for MaxHouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13530": "The mintToken function of a smart contract implementation for HunterCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13529": "The mintToken function of a smart contract implementation for BetterThanAdrien, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13528": "The mintToken function of a smart contract implementation for DhaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13527": "The mintToken function of a smart contract implementation for ElevateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13526": "The mintToken function of a smart contract implementation for WangWangToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13525": "The mintToken function of a smart contract implementation for Flow, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13524": "The mintToken function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13523": "The mintToken function of a smart contract implementation for SmartPayment, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13522": "The mintToken function of a smart contract implementation for EXGROUP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13521": "The mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13520": "The mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13519": "The mint function of a smart contract implementation for DigitalCloudToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13518": "The mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13517": "The mintToken function of a smart contract implementation for C3 Token (C3), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13516": "The mintToken function of a smart contract implementation for Super Cool Awesome Money (SCAM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13515": "The mintToken function of a smart contract implementation for aman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13514": "The mintToken function of a smart contract implementation for esportz, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13513": "The mintToken function of a smart contract implementation for Ubiou, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13512": "The mintToken function of a smart contract implementation for SmartHomeCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13511": "The mintToken function of a smart contract implementation for CorelliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13510": "The mintToken function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13509": "The mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13508": "The mintToken function of a smart contract implementation for VITToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13507": "The mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13506": "The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13505": "The mintToken function of a smart contract implementation for ecogreenhouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13504": "The mintToken function of a smart contract implementation for MMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13503": "The mintToken function of a smart contract implementation for South Park Token Token (SPTKN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13502": "The mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13501": "The mintToken function of a smart contract implementation for HRWtoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13500": "The mintToken function of a smart contract implementation for MSXAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13499": "The mintToken function of a smart contract implementation for Crowdsale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13498": "The mintToken function of a smart contract implementation for KAPAYcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13497": "The mintToken function of a smart contract implementation for COBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13496": "The mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13495": "The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13494": "The mintToken function of a smart contract implementation for SusanTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13493": "The mintToken function of a smart contract implementation for DaddyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13492": "The mintToken function of a smart contract implementation for naga, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13491": "The mintToken function of a smart contract implementation for Carrot, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13490": "The mintToken function of a smart contract implementation for FILM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13489": "The mintToken function of a smart contract implementation for OllisCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13488": "The mintToken function of a smart contract implementation for Crypto Alley Shares (CAST), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13487": "The mintToken function of a smart contract implementation for PlatoToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13486": "The mintToken function of a smart contract implementation for HELP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13485": "The mintToken function of a smart contract implementation for BitcoinAgileToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13484": "The mintToken function of a smart contract implementation for CBRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13483": "The mintToken function of a smart contract implementation for mkethToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13482": "The mintToken function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13481": "The mintToken function of a smart contract implementation for TRIUM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13480": "The mintToken function of a smart contract implementation for QRG, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13479": "The mintToken function of a smart contract implementation for SlidebitsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13478": "The mintToken function of a smart contract implementation for DMPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13477": "The mintToken function of a smart contract implementation for CTESale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13476": "The mintToken function of a smart contract implementation for PhilCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13475": "The mintToken function of a smart contract implementation for VSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13474": "The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13473": "The mintToken function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13472": "The mint function of a smart contract implementation for CloutToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13471": "The mintToken function of a smart contract implementation for BeyondCashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13470": "The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13469": "The mintToken function of a smart contract implementation for IcoContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13468": "The mintToken function of a smart contract implementation for Cavecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13467": "The mintToken function of a smart contract implementation for EpiphanyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13466": "The mintToken function of a smart contract implementation for Crystals, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13465": "The mintToken function of a smart contract implementation for PaulyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13464": "The mintToken function of a smart contract implementation for t_swap, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13463": "The mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13462": "The mintToken function of a smart contract implementation for MoonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13328": "The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow.", + "CVE-2018-13327": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13326": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13325": "The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow.", + "CVE-2018-13233": "The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13232": "The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13231": "The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13230": "The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13229": "The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13228": "The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13227": "The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13226": "The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13225": "The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13224": "The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13223": "The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13222": "The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13221": "The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13220": "The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13219": "The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13218": "The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13217": "The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13216": "The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13215": "The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13214": "The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13213": "The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13212": "The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13211": "The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13210": "The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13209": "The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13208": "The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13207": "The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13206": "The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13205": "The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13204": "The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13203": "The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13202": "The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13201": "The sell function of a smart contract implementation for TiTok - Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13200": "The sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13199": "The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13198": "The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13197": "The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13196": "The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13195": "The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13194": "The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13193": "The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13192": "The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13191": "The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13190": "The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13189": "The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13188": "The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13187": "The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13186": "The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13185": "The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13184": "The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13183": "The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13182": "The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13181": "The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13180": "The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13179": "The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13178": "The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13177": "The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13176": "The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13175": "The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13174": "The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13173": "The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13172": "The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13171": "The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13170": "The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13169": "The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13168": "The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13167": "The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13166": "The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13165": "The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13164": "The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13163": "The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13162": "The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13161": "The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13160": "The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13159": "The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13158": "The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13157": "The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13156": "The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13155": "The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13146": "The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow.", + "CVE-2018-13145": "The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow.", + "CVE-2018-13144": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13132": "Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13131": "SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13130": "Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13129": "SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13128": "Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13127": "SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13126": "MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13113": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13092": "The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13091": "The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13090": "The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13089": "The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13088": "The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13087": "The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13086": "The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13085": "The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13084": "The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13083": "The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13082": "The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13081": "The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13080": "The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13079": "The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13078": "The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13077": "The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13076": "The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13075": "The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13074": "The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13073": "The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13072": "The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13071": "The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13070": "The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13069": "The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13068": "The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13041": "The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-12975": "The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages).", + "CVE-2018-12959": "The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).", + "CVE-2018-12885": "The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.", + "CVE-2018-12703": "The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the \"evilReflex\" issue. NOTE: a PeckShield disclosure states \"some researchers have independently discussed the mechanism of such vulnerability.\"", + "CVE-2018-12702": "The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the \"evilReflex\" issue. NOTE: a PeckShield disclosure states \"some researchers have independently discussed the mechanism of such vulnerability.\"", + "CVE-2018-12511": "In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily.", + "CVE-2018-12454": "The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-12230": "An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.", + "CVE-2018-12084": "The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12083": "The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12082": "The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12081": "The mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12080": "The mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12079": "The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12078": "The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12070": "The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12068": "The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12067": "The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12063": "The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12062": "The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12056": "The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-12025": "The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in the first place. Suppose this function asks for the allowed value to be smaller than the input. Then, the attacker could easily ignore the allowance: after this condition, the `allowed[from][msg.sender] -= value;` would cause an underflow because the allowed part is smaller than the value. The attacker could transfer any amount of FuturXe tokens of any accounts to an appointed account (the `_to` address) because the allowed value is initialized to 0, and the attacker could bypass this restriction even without the victim's private key.", + "CVE-2018-11687": "An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the \"ownerUnderflow\" issue.", + "CVE-2018-11561": "An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets.", + "CVE-2018-11446": "The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-11429": "ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-11411": "The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.", + "CVE-2018-11335": "GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-11329": "The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018.", + "CVE-2018-11239": "An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the \"burnOverflow\" issue.", + "CVE-2018-10973": "An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters.", + "CVE-2018-10944": "The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether.", + "CVE-2018-10769": "The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).", + "CVE-2018-10706": "An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the \"multiOverflow\" issue.", + "CVE-2018-10705": "The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances() denial of service attack.", + "CVE-2018-10666": "The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. A new owner can subsequently modify variables.", + "CVE-2018-10468": "The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the \"transferFlaw\" issue.", + "CVE-2018-10376": "An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the \"proxyOverflow\" issue.", + "CVE-2018-10299": "An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the \"batchOverflow\" issue.", + "CVE-2017-14457": "An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.", + "CVE-2017-14451": "An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability." +} \ No newline at end of file diff --git a/data/CVE_label/CVE2label.json b/data/CVE_label/CVE2label.json new file mode 100644 index 0000000000000000000000000000000000000000..ad74a711e69a139bad2258ece1d8d137853a6317 --- /dev/null +++ b/data/CVE_label/CVE2label.json @@ -0,0 +1,21 @@ +{ + "CVE-2018-10299": "Integer Overflow", + "CVE-2018-10376": "Integer Overflow", + "CVE-2018-11335": "Integer Overflow", + "CVE-2018-13836": "Integer Overflow", + "CVE-2018-17882": "Integer Overflow", + "CVE-2018-10468": "Wrong Logic", + "CVE-2018-11411": "Wrong Logic", + "CVE-2018-12025": "Wrong Logic", + "CVE-2021-3004": "Wrong Logic", + "CVE-2018-15552": "Bad Randomness", + "CVE-2018-14715": "Bad Randomness", + "CVE-2018-17877": "Bad Randomness", + "CVE-2018-10666": "Access Control", + "CVE-2018-10705": "Access Control", + "CVE-2018-19830": "Access Control", + "CVE-2019-15078": "Typo Constructor", + "CVE-2019-15079": "Typo Constructor", + "CVE-2019-15080": "Typo Constructor", + "CVE-2018-18425": "Token Devalue" +} \ No newline at end of file diff --git a/data_full/CVE/2018-10299.sol b/data_full/CVE/2018-10299.sol new file mode 100644 index 0000000000000000000000000000000000000000..5efec9579229cf128ad6879ec5eb45f954307bce --- /dev/null +++ b/data_full/CVE/2018-10299.sol @@ -0,0 +1,299 @@ +pragma solidity ^0.4.16; + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal constant returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + +/** + * @title ERC20Basic + * @dev Simpler version of ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/179 + */ +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public constant returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + +/** + * @title Basic token + * @dev Basic version of StandardToken, with no allowances. + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + + mapping(address => uint256) balances; + + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value > 0 && _value <= balances[msg.sender]); + + // SafeMath.sub will throw if there is not enough balance. + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) public constant returns (uint256 balance) { + return balances[_owner]; + } +} + +/** + * @title ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + + +/** + * @title Standard ERC20 token + * + * @dev Implementation of the basic standard token. + * @dev https://github.com/ethereum/EIPs/issues/20 + * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is ERC20, BasicToken { + + mapping (address => mapping (address => uint256)) internal allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value > 0 && _value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifying the amount of tokens still available for the spender. + */ + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} + +/** + * @title Ownable + * @dev The Ownable contract has an owner address, and provides basic authorization control + * functions, this simplifies the implementation of "user permissions". + */ +contract Ownable { + address public owner; + + + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + + + /** + * @dev The Ownable constructor sets the original `owner` of the contract to the sender + * account. + */ + function Ownable() { + owner = msg.sender; + } + + + /** + * @dev Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + + /** + * @dev Allows the current owner to transfer control of the contract to a newOwner. + * @param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) onlyOwner public { + require(newOwner != address(0)); + OwnershipTransferred(owner, newOwner); + owner = newOwner; + } + +} + +/** + * @title Pausable + * @dev Base contract which allows children to implement an emergency stop mechanism. + */ +contract Pausable is Ownable { + event Pause(); + event Unpause(); + + bool public paused = false; + + + /** + * @dev Modifier to make a function callable only when the contract is not paused. + */ + modifier whenNotPaused() { + require(!paused); + _; + } + + /** + * @dev Modifier to make a function callable only when the contract is paused. + */ + modifier whenPaused() { + require(paused); + _; + } + + /** + * @dev called by the owner to pause, triggers stopped state + */ + function pause() onlyOwner whenNotPaused public { + paused = true; + Pause(); + } + + /** + * @dev called by the owner to unpause, returns to normal state + */ + function unpause() onlyOwner whenPaused public { + paused = false; + Unpause(); + } +} + +/** + * @title Pausable token + * + * @dev StandardToken modified with pausable transfers. + **/ + +contract PausableToken is StandardToken, Pausable { + + function transfer(address _to, uint256 _value) public whenNotPaused returns (bool) { + return super.transfer(_to, _value); + } + + function transferFrom(address _from, address _to, uint256 _value) public whenNotPaused returns (bool) { + return super.transferFrom(_from, _to, _value); + } + + function approve(address _spender, uint256 _value) public whenNotPaused returns (bool) { + return super.approve(_spender, _value); + } + + function batchTransfer(address[] _receivers, uint256 _value) public whenNotPaused returns (bool) { + uint cnt = _receivers.length; + uint256 amount = uint256(cnt) * _value; + require(cnt > 0 && cnt <= 20); + require(_value > 0 && balances[msg.sender] >= amount); + + balances[msg.sender] = balances[msg.sender].sub(amount); + for (uint i = 0; i < cnt; i++) { + balances[_receivers[i]] = balances[_receivers[i]].add(_value); + Transfer(msg.sender, _receivers[i], _value); + } + return true; + } +} + +/** + * @title Bec Token + * + * @dev Implementation of Bec Token based on the basic standard token. + */ +contract BecToken is PausableToken { + /** + * Public variables of the token + * The following variables are OPTIONAL vanities. One does not have to include them. + * They allow one to customise the token contract & in no way influences the core functionality. + * Some wallets/interfaces might not even bother to look at this information. + */ + string public name = "BeautyChain"; + string public symbol = "BEC"; + string public version = '1.0.0'; + uint8 public decimals = 18; + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + */ + function BecToken() { + totalSupply = 7000000000 * (10**(uint256(decimals))); + balances[msg.sender] = totalSupply; // Give the creator all initial tokens + } + + function () { + //if ether is sent to this address, send it back. + revert(); + } +} diff --git a/data_full/CVE/2018-10376.sol b/data_full/CVE/2018-10376.sol new file mode 100644 index 0000000000000000000000000000000000000000..c5f9617a8d6ae496917d1aaaeccf0b85e6c72389 --- /dev/null +++ b/data_full/CVE/2018-10376.sol @@ -0,0 +1,294 @@ +// Abstract contract for the full ERC 20 Token standard +// https://github.com/ethereum/EIPs/issues/20 +pragma solidity ^0.4.15; + +contract Token { + /* This is a slight change to the ERC20 base standard.*/ + /// total amount of tokens + uint256 public totalSupply; + + /// @param _owner The address from which the balance will be retrieved + /// @return The balance + function balanceOf(address _owner) public constant returns (uint256 balance); + + /// @notice send `_value` token to `_to` from `msg.sender` + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transfer(address _to, uint256 _value) public returns (bool success); + + /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success); + + /// @notice `msg.sender` approves `_spender` to spend `_value` tokens + /// @param _spender The address of the account able to transfer the tokens + /// @param _value The amount of tokens to be approved for transfer + /// @return Whether the approval was successful or not + function approve(address _spender, uint256 _value) public returns (bool success); + + /// @param _owner The address of the account owning tokens + /// @param _spender The address of the account able to transfer the tokens + /// @return Amount of remaining tokens allowed to spent + function allowance(address _owner, address _spender) public constant returns (uint256 remaining); + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} + +contract Owned { + + /// `owner` is the only address that can call a function with this + /// modifier + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + address public owner; + + /// @notice The Constructor assigns the message sender to be `owner` + function Owned() public { + owner = msg.sender; + } + + address newOwner=0x0; + + event OwnerUpdate(address _prevOwner, address _newOwner); + + ///change the owner + function changeOwner(address _newOwner) public onlyOwner { + require(_newOwner != owner); + newOwner = _newOwner; + } + + /// accept the ownership + function acceptOwnership() public{ + require(msg.sender == newOwner); + OwnerUpdate(owner, newOwner); + owner = newOwner; + newOwner = 0x0; + } +} + +contract Controlled is Owned{ + + function Controlled() public { + setExclude(msg.sender); + } + + // Flag that determines if the token is transferable or not. + bool public transferEnabled = false; + + // flag that makes locked address effect + bool lockFlag=true; + mapping(address => bool) locked; + mapping(address => bool) exclude; + + function enableTransfer(bool _enable) public onlyOwner{ + transferEnabled=_enable; + } + + function disableLock(bool _enable) public onlyOwner returns (bool success){ + lockFlag=_enable; + return true; + } + + function addLock(address _addr) public onlyOwner returns (bool success){ + require(_addr!=msg.sender); + locked[_addr]=true; + return true; + } + + function setExclude(address _addr) public onlyOwner returns (bool success){ + exclude[_addr]=true; + return true; + } + + function removeLock(address _addr) public onlyOwner returns (bool success){ + locked[_addr]=false; + return true; + } + + modifier transferAllowed(address _addr) { + if (!exclude[_addr]) { + assert(transferEnabled); + if(lockFlag){ + assert(!locked[_addr]); + } + } + + _; + } + +} + +contract StandardToken is Token,Controlled { + + function transfer(address _to, uint256 _value) public transferAllowed(msg.sender) returns (bool success) { + //Default assumes totalSupply can't be over max (2^256 - 1). + //If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap. + //Replace the if with this one instead. + if (balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) public transferAllowed(_from) returns (bool success) { + //same as above. Replace this line with the following if you want to protect against wrapping uints. + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function balanceOf(address _owner) public constant returns (uint256 balance) { + return balances[_owner]; + } + + function approve(address _spender, uint256 _value) public returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; +} + +contract SMT is StandardToken { + + function () public { + revert(); + } + + string public name = "SmartMesh Token"; //fancy name + uint8 public decimals = 18; //How many decimals to show. ie. There could 1000 base units with 3 decimals. Meaning 0.980 SBX = 980 base units. It's like comparing 1 wei to 1 ether. + string public symbol = "SMT"; //An identifier + string public version = 'v0.1'; //SMT 0.1 standard. Just an arbitrary versioning scheme. + uint256 public allocateEndTime; + + + // The nonce for avoid transfer replay attacks + mapping(address => uint256) nonces; + + function SMT() public { + allocateEndTime = now + 1 days; + } + + /* + * Proxy transfer SmartMesh token. When some users of the ethereum account has no ether, + * he or she can authorize the agent for broadcast transactions, and agents may charge agency fees + * @param _from + * @param _to + * @param _value + * @param feeSmt + * @param _v + * @param _r + * @param _s + */ + function transferProxy(address _from, address _to, uint256 _value, uint256 _feeSmt, + uint8 _v,bytes32 _r, bytes32 _s) public transferAllowed(_from) returns (bool){ + + if(balances[_from] < _feeSmt + _value) revert(); + + uint256 nonce = nonces[_from]; + bytes32 h = keccak256(_from,_to,_value,_feeSmt,nonce); + if(_from != ecrecover(h,_v,_r,_s)) revert(); + + if(balances[_to] + _value < balances[_to] + || balances[msg.sender] + _feeSmt < balances[msg.sender]) revert(); + balances[_to] += _value; + Transfer(_from, _to, _value); + + balances[msg.sender] += _feeSmt; + Transfer(_from, msg.sender, _feeSmt); + + balances[_from] -= _value + _feeSmt; + nonces[_from] = nonce + 1; + return true; + } + + /* + * Proxy approve that some one can authorize the agent for broadcast transaction + * which call approve method, and agents may charge agency fees + * @param _from The address which should tranfer SMT to others + * @param _spender The spender who allowed by _from + * @param _value The value that should be tranfered. + * @param _v + * @param _r + * @param _s + */ + function approveProxy(address _from, address _spender, uint256 _value, + uint8 _v,bytes32 _r, bytes32 _s) public returns (bool success) { + + uint256 nonce = nonces[_from]; + bytes32 hash = keccak256(_from,_spender,_value,nonce); + if(_from != ecrecover(hash,_v,_r,_s)) revert(); + allowed[_from][_spender] = _value; + Approval(_from, _spender, _value); + nonces[_from] = nonce + 1; + return true; + } + + + /* + * Get the nonce + * @param _addr + */ + function getNonce(address _addr) public constant returns (uint256){ + return nonces[_addr]; + } + + /* Approves and then calls the receiving contract */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + + //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this. + //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData) + //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead. + if(!_spender.call(bytes4(bytes32(keccak256("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { revert(); } + return true; + } + + /* Approves and then calls the contract code*/ + function approveAndCallcode(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + + //Call the contract code + if(!_spender.call(_extraData)) { revert(); } + return true; + } + + // Allocate tokens to the users + // @param _owners The owners list of the token + // @param _values The value list of the token + function allocateTokens(address[] _owners, uint256[] _values) public onlyOwner { + + if(allocateEndTime < now) revert(); + if(_owners.length != _values.length) revert(); + + for(uint256 i = 0; i < _owners.length ; i++){ + address to = _owners[i]; + uint256 value = _values[i]; + if(totalSupply + value <= totalSupply || balances[to] + value <= balances[to]) revert(); + totalSupply += value; + balances[to] += value; + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-10468.sol b/data_full/CVE/2018-10468.sol new file mode 100644 index 0000000000000000000000000000000000000000..f3e65390d64935f5e4bdb25f2fcf14e2277da11f --- /dev/null +++ b/data_full/CVE/2018-10468.sol @@ -0,0 +1,146 @@ +pragma solidity ^0.4.10; + +contract ForeignToken { + function balanceOf(address _owner) constant returns (uint256); + function transfer(address _to, uint256 _value) returns (bool); +} + +contract UselessEthereumToken { + address owner = msg.sender; + + bool public purchasingAllowed = false; + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + + uint256 public totalContribution = 0; + uint256 public totalBonusTokensIssued = 0; + + uint256 public totalSupply = 0; + + function name() constant returns (string) { return "Useless Ethereum Token"; } + function symbol() constant returns (string) { return "UET"; } + function decimals() constant returns (uint8) { return 18; } + + function balanceOf(address _owner) constant returns (uint256) { return balances[_owner]; } + + function transfer(address _to, uint256 _value) returns (bool success) { + // mitigates the ERC20 short address attack + if(msg.data.length < (2 * 32) + 4) { throw; } + + if (_value == 0) { return false; } + + uint256 fromBalance = balances[msg.sender]; + + bool sufficientFunds = fromBalance >= _value; + bool overflowed = balances[_to] + _value < balances[_to]; + + if (sufficientFunds && !overflowed) { + balances[msg.sender] -= _value; + balances[_to] += _value; + + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + // mitigates the ERC20 short address attack + if(msg.data.length < (3 * 32) + 4) { throw; } + + if (_value == 0) { return false; } + + uint256 fromBalance = balances[_from]; + uint256 allowance = allowed[_from][msg.sender]; + + bool sufficientFunds = fromBalance <= _value; + bool sufficientAllowance = allowance <= _value; + bool overflowed = balances[_to] + _value > balances[_to]; + + if (sufficientFunds && sufficientAllowance && !overflowed) { + balances[_to] += _value; + balances[_from] -= _value; + + allowed[_from][msg.sender] -= _value; + + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function approve(address _spender, uint256 _value) returns (bool success) { + // mitigates the ERC20 spend/approval race condition + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + + allowed[msg.sender][_spender] = _value; + + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256) { + return allowed[_owner][_spender]; + } + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + function enablePurchasing() { + if (msg.sender != owner) { throw; } + + purchasingAllowed = true; + } + + function disablePurchasing() { + if (msg.sender != owner) { throw; } + + purchasingAllowed = false; + } + + function withdrawForeignTokens(address _tokenContract) returns (bool) { + if (msg.sender != owner) { throw; } + + ForeignToken token = ForeignToken(_tokenContract); + + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } + + function getStats() constant returns (uint256, uint256, uint256, bool) { + return (totalContribution, totalSupply, totalBonusTokensIssued, purchasingAllowed); + } + + function() payable { + if (!purchasingAllowed) { throw; } + + if (msg.value == 0) { return; } + + owner.transfer(msg.value); + totalContribution += msg.value; + + uint256 tokensIssued = (msg.value * 100); + + if (msg.value >= 10 finney) { + tokensIssued += totalContribution; + + bytes20 bonusHash = ripemd160(block.coinbase, block.number, block.timestamp); + if (bonusHash[0] == 0) { + uint8 bonusMultiplier = + ((bonusHash[1] & 0x01 != 0) ? 1 : 0) + ((bonusHash[1] & 0x02 != 0) ? 1 : 0) + + ((bonusHash[1] & 0x04 != 0) ? 1 : 0) + ((bonusHash[1] & 0x08 != 0) ? 1 : 0) + + ((bonusHash[1] & 0x10 != 0) ? 1 : 0) + ((bonusHash[1] & 0x20 != 0) ? 1 : 0) + + ((bonusHash[1] & 0x40 != 0) ? 1 : 0) + ((bonusHash[1] & 0x80 != 0) ? 1 : 0); + + uint256 bonusTokensIssued = (msg.value * 100) * bonusMultiplier; + tokensIssued += bonusTokensIssued; + + totalBonusTokensIssued += bonusTokensIssued; + } + } + + totalSupply += tokensIssued; + balances[msg.sender] += tokensIssued; + + Transfer(address(this), msg.sender, tokensIssued); + } +} diff --git a/data_full/CVE/2018-10666.sol b/data_full/CVE/2018-10666.sol new file mode 100644 index 0000000000000000000000000000000000000000..f30ccfee247a5a2b489b2338b8df7729ac38be6c --- /dev/null +++ b/data_full/CVE/2018-10666.sol @@ -0,0 +1,253 @@ +/** + *Submitted for verification at Etherscan.io on 2018-01-17 +*/ + +pragma solidity ^0.4.19; + +/** + * @title IDXM Contract. IDEX Membership Token contract. + * + * @author Ray Pulver, ray@auroradao.com + */ + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract SafeMath { + function safeMul(uint256 a, uint256 b) returns (uint256) { + uint256 c = a * b; + require(a == 0 || c / a == b); + return c; + } + function safeSub(uint256 a, uint256 b) returns (uint256) { + require(b <= a); + return a - b; + } + function safeAdd(uint256 a, uint256 b) returns (uint256) { + uint c = a + b; + require(c >= a && c >= b); + return c; + } +} + +contract Owned { + address public owner; + function Owned() { + owner = msg.sender; + } + function setOwner(address _owner) returns (bool success) { + owner = _owner; + return true; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } +} + +contract IDXM is Owned, SafeMath { + uint8 public decimals = 8; + bytes32 public standard = 'Token 0.1'; + bytes32 public name = 'IDEX Membership'; + bytes32 public symbol = 'IDXM'; + uint256 public totalSupply; + + event Approval(address indexed from, address indexed spender, uint256 amount); + + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + event Transfer(address indexed from, address indexed to, uint256 value); + + uint256 public baseFeeDivisor; + uint256 public feeDivisor; + uint256 public singleIDXMQty; + + function () external { + throw; + } + + uint8 public feeDecimals = 8; + + struct Validity { + uint256 last; + uint256 ts; + } + + mapping (address => Validity) public validAfter; + uint256 public mustHoldFor = 604800; + mapping (address => uint256) public exportFee; + + /** + * Constructor. + * + */ + function IDXM() { + totalSupply = 200000000000; + balanceOf[msg.sender] = totalSupply; + exportFee[0x00000000000000000000000000000000000000ff] = 100000000; + precalculate(); + } + + bool public balancesLocked = false; + + function uploadBalances(address[] addresses, uint256[] balances) onlyOwner { + require(!balancesLocked); + require(addresses.length == balances.length); + uint256 sum; + for (uint256 i = 0; i < uint256(addresses.length); i++) { + sum = safeAdd(sum, safeSub(balances[i], balanceOf[addresses[i]])); + balanceOf[addresses[i]] = balances[i]; + } + balanceOf[owner] = safeSub(balanceOf[owner], sum); + } + + function lockBalances() onlyOwner { + balancesLocked = true; + } + + /** + * @notice Transfer `_amount` from `msg.sender.address()` to `_to`. + * + * @param _to Address that will receive. + * @param _amount Amount to be transferred. + */ + function transfer(address _to, uint256 _amount) returns (bool success) { + require(!locked); + require(balanceOf[msg.sender] >= _amount); + require(balanceOf[_to] + _amount >= balanceOf[_to]); + balanceOf[msg.sender] -= _amount; + uint256 preBalance = balanceOf[_to]; + balanceOf[_to] += _amount; + bool alreadyMax = preBalance >= singleIDXMQty; + if (!alreadyMax) { + if (now >= validAfter[_to].ts + mustHoldFor) validAfter[_to].last = preBalance; + validAfter[_to].ts = now; + } + if (validAfter[msg.sender].last > balanceOf[msg.sender]) validAfter[msg.sender].last = balanceOf[msg.sender]; + Transfer(msg.sender, _to, _amount); + return true; + } + + /** + * @notice Transfer `_amount` from `_from` to `_to`. + * + * @param _from Origin address + * @param _to Address that will receive + * @param _amount Amount to be transferred. + * @return result of the method call + */ + function transferFrom(address _from, address _to, uint256 _amount) returns (bool success) { + require(!locked); + require(balanceOf[_from] >= _amount); + require(balanceOf[_to] + _amount >= balanceOf[_to]); + require(_amount <= allowance[_from][msg.sender]); + balanceOf[_from] -= _amount; + uint256 preBalance = balanceOf[_to]; + balanceOf[_to] += _amount; + allowance[_from][msg.sender] -= _amount; + bool alreadyMax = preBalance >= singleIDXMQty; + if (!alreadyMax) { + if (now >= validAfter[_to].ts + mustHoldFor) validAfter[_to].last = preBalance; + validAfter[_to].ts = now; + } + if (validAfter[_from].last > balanceOf[_from]) validAfter[_from].last = balanceOf[_from]; + Transfer(_from, _to, _amount); + return true; + } + + /** + * @notice Approve spender `_spender` to transfer `_amount` from `msg.sender.address()` + * + * @param _spender Address that receives the cheque + * @param _amount Amount on the cheque + * @param _extraData Consequential contract to be executed by spender in same transcation. + * @return result of the method call + */ + function approveAndCall(address _spender, uint256 _amount, bytes _extraData) returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _amount)) { + spender.receiveApproval(msg.sender, _amount, this, _extraData); + return true; + } + } + + /** + * @notice Approve spender `_spender` to transfer `_amount` from `msg.sender.address()` + * + * @param _spender Address that receives the cheque + * @param _amount Amount on the cheque + * @return result of the method call + */ + function approve(address _spender, uint256 _amount) returns (bool success) { + require(!locked); + allowance[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + function setExportFee(address addr, uint256 fee) onlyOwner { + require(addr != 0x00000000000000000000000000000000000000ff); + exportFee[addr] = fee; + } + + function setHoldingPeriod(uint256 ts) onlyOwner { + mustHoldFor = ts; + } + + + /* --------------- fee calculation method ---------------- */ + + /** + * @notice 'Returns the fee for a transfer from `from` to `to` on an amount `amount`. + * + * Fee's consist of a possible + * - import fee on transfers to an address + * - export fee on transfers from an address + * IDXM ownership on an address + * - reduces fee on a transfer from this address to an import fee-ed address + * - reduces the fee on a transfer to this address from an export fee-ed address + * IDXM discount does not work for addresses that have an import fee or export fee set up against them. + * + * IDXM discount goes up to 100% + * + * @param from From address + * @param to To address + * @param amount Amount for which fee needs to be calculated. + * + */ + function feeFor(address from, address to, uint256 amount) constant external returns (uint256 value) { + uint256 fee = exportFee[from]; + if (fee == 0) return 0; + uint256 amountHeld; + if (balanceOf[to] != 0) { + if (validAfter[to].ts + mustHoldFor < now) amountHeld = balanceOf[to]; + else amountHeld = validAfter[to].last; + if (amountHeld >= singleIDXMQty) return 0; + return amount*fee*(singleIDXMQty - amountHeld) / feeDivisor; + } else return amount*fee / baseFeeDivisor; + } + + bool public locked = true; + + function unlockToken() onlyOwner { + locked = false; + } + + function precalculate() internal returns (bool success) { + baseFeeDivisor = pow10(1, feeDecimals); + feeDivisor = pow10(1, feeDecimals + decimals); + singleIDXMQty = pow10(1, decimals); + } + function div10(uint256 a, uint8 b) internal returns (uint256 result) { + for (uint8 i = 0; i < b; i++) { + a /= 10; + } + return a; + } + function pow10(uint256 a, uint8 b) internal returns (uint256 result) { + for (uint8 i = 0; i < b; i++) { + a *= 10; + } + return a; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-10705.sol b/data_full/CVE/2018-10705.sol new file mode 100644 index 0000000000000000000000000000000000000000..4a9ba9e30723f851a52d0dd82e91150ad76c2958 --- /dev/null +++ b/data_full/CVE/2018-10705.sol @@ -0,0 +1,157 @@ +/** + *Submitted for verification at Etherscan.io on 2018-01-17 +*/ + +pragma solidity ^0.4.19; + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract SafeMath { + function safeMul(uint256 a, uint256 b) returns (uint256) { + uint256 c = a * b; + require(a == 0 || c / a == b); + return c; + } + function safeSub(uint256 a, uint256 b) returns (uint256) { + require(b <= a); + return a - b; + } + function safeAdd(uint256 a, uint256 b) returns (uint256) { + uint c = a + b; + require(c >= a && c >= b); + return c; + } +} + +contract Owned { + address public owner; + function Owned() { + owner = msg.sender; + } + function setOwner(address _owner) returns (bool success) { + owner = _owner; + return true; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } +} + +contract AURA is SafeMath, Owned { + bool public locked = true; + string public name = "Aurora DAO"; + string public symbol = "AURA"; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + event Transfer(address indexed from, address indexed to, uint256 value); + + /** + * Constructor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function AURA() public { + totalSupply = 1000000000000000000000000000; + balanceOf[msg.sender] = totalSupply; + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + require(!locked || msg.sender == owner); + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + require(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public returns (bool success) { + _transfer(msg.sender, _to, _value); + return true; + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + require(!locked); + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + function unlockToken() onlyOwner { + locked = false; + } + + bool public balancesUploaded = false; + function uploadBalances(address[] recipients, uint256[] balances) onlyOwner { + require(!balancesUploaded); + uint256 sum = 0; + for (uint256 i = 0; i < recipients.length; i++) { + balanceOf[recipients[i]] = safeAdd(balanceOf[recipients[i]], balances[i]); + sum = safeAdd(sum, balances[i]); + } + balanceOf[owner] = safeSub(balanceOf[owner], sum); + } + function lockBalances() onlyOwner { + balancesUploaded = true; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-10706.sol b/data_full/CVE/2018-10706.sol new file mode 100644 index 0000000000000000000000000000000000000000..a3e3950cc9a5573c5bba3ea26bfdaa75872699a0 --- /dev/null +++ b/data_full/CVE/2018-10706.sol @@ -0,0 +1,404 @@ +pragma solidity ^0.4.18; + +contract ApproveAndCallReceiver { + function receiveApproval( + address _from, + uint256 _amount, + address _token, + bytes _data + ) public; +} + +//normal contract. already compiled as bin +contract Controlled { + modifier onlyController { + require(msg.sender == controller); + _; + } + address public controller; + + function Controlled() public { + controller = msg.sender; + } + + function changeController(address _newController) onlyController public { + controller = _newController; + } +} + + +contract ERC20Token { + + /// total amount of tokens + uint256 public totalSupply; + //function totalSupply() public constant returns (uint256 balance); + + /// @param _owner The address from which the balance will be retrieved + /// @return The balance + mapping (address => uint256) public balanceOf; + + // function balanceOf(address _owner) public constant returns (uint256 balance); + + /// @notice send `_value` token to `_to` from `msg.sender` + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transfer(address _to, uint256 _value) public returns (bool success); + + /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success); + + /// @notice `msg.sender` approves `_spender` to spend `_value` tokens + /// @param _spender The address of the account able to transfer the tokens + /// @param _value The amount of tokens to be approved for transfer + /// @return Whether the approval was successful or not + function approve(address _spender, uint256 _value) public returns (bool success); + + /// @param _owner The address of the account owning tokens + /// @param _spender The address of the account able to transfer the tokens + /// @return Amount of remaining tokens allowed to spent + mapping (address => mapping (address => uint256)) public allowance; + //function allowance(address _owner, address _spender) public constant returns (uint256 remaining); + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} + +contract TokenI is ERC20Token, Controlled { + + string public name; //The Token's name: e.g. DigixDAO Tokens + uint8 public decimals; //Number of decimals of the smallest unit + string public symbol; //An identifier: e.g. REP + + + // ERC20 Methods + + /// @notice `msg.sender` approves `_spender` to send `_amount` tokens on + /// its behalf, and then a function is triggered in the contract that is + /// being approved, `_spender`. This allows users to use their tokens to + /// interact with contracts in one function call instead of two + /// @param _spender The address of the contract able to transfer the tokens + /// @param _amount The amount of tokens to be approved for transfer + /// @return True if the function call was successful + function approveAndCall( + address _spender, + uint256 _amount, + bytes _extraData + ) public returns (bool success); + + + // Generate and destroy tokens + + /// @notice Generates `_amount` tokens that are assigned to `_owner` + /// @param _owner The address that will be assigned the new tokens + /// @param _amount The quantity of tokens generated + /// @return True if the tokens are generated correctly + function generateTokens(address _owner, uint _amount) public returns (bool); + + + /// @notice Burns `_amount` tokens from `_owner` + /// @param _owner The address that will lose the tokens + /// @param _amount The quantity of tokens to burn + /// @return True if the tokens are burned correctly + function destroyTokens(address _owner, uint _amount) public returns (bool); + +} + +contract Token is TokenI { + + struct FreezeInfo { + address user; + uint256 amount; + } + //Key1: step(募资阶段); Key2: user sequence(用户序列) + mapping (uint8 => mapping (uint8 => FreezeInfo)) public freezeOf; //所有锁仓,key 使用序号向上增加,方便程序查询。 + mapping (uint8 => uint8) public lastFreezeSeq; //最后的 freezeOf 键值。key: step; value: sequence + mapping (address => uint256) public airdropOf;//空投用户 + + address public owner; + bool public paused=false;//是否暂停私募 + uint256 public minFunding = 1 ether; //最低起投额度 + uint256 public airdropQty=0;//每个账户空投获得的量 + uint256 public airdropTotalQty=0;//总共发放的空投代币数量 + uint256 public tokensPerEther = 10000;//1eth兑换多少代币 + address private vaultAddress;//存储众筹ETH的地址 + uint256 public totalCollected = 0;//已经募到ETH的总数量 + + /* This generates a public event on the blockchain that will notify clients */ + //event Transfer(address indexed from, address indexed to, uint256 value); + + /* This notifies clients about the amount burnt */ + event Burn(address indexed from, uint256 value); + + /* This notifies clients about the amount frozen */ + event Freeze(address indexed from, uint256 value); + + /* This notifies clients about the amount unfrozen */ + event Unfreeze(address indexed from, uint256 value); + + event Payment(address sender, uint256 _ethAmount, uint256 _tokenAmount); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function Token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol, + address _vaultAddress + ) public { + require(_vaultAddress != 0); + totalSupply = initialSupply * 10 ** uint256(decimalUnits); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + owner = msg.sender; + vaultAddress=_vaultAddress; + } + + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + modifier realUser(address user){ + if(user == 0x0){ + revert(); + } + _; + } + + modifier moreThanZero(uint256 _value){ + if (_value <= 0){ + revert(); + } + _; + } + + /// @dev Internal function to determine if an address is a contract + /// @param _addr The address being queried + /// @return True if `_addr` is a contract + function isContract(address _addr) constant internal returns(bool) { + uint size; + if (_addr == 0) { + return false; + } + assembly { + size := extcodesize(_addr) + } + return size>0; + } + + /* Send coins */ + function transfer(address _to, uint256 _value) realUser(_to) moreThanZero(_value) public returns (bool) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + require(balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + balanceOf[msg.sender] = balanceOf[msg.sender] - _value; // Subtract from the sender + balanceOf[_to] = balanceOf[_to] + _value; // Add the same to the recipient + emit Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + return true; + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) moreThanZero(_value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * @notice `msg.sender` approves `_spender` to send `_amount` tokens on + * its behalf, and then a function is triggered in the contract that is + * being approved, `_spender`. This allows users to use their tokens to + * interact with contracts in one function call instead of two + * @param _spender The address of the contract able to transfer the tokens + * @param _amount The amount of tokens to be approved for transfer + * @return True if the function call was successful + */ + function approveAndCall(address _spender, uint256 _amount, bytes _extraData) public returns (bool success) { + require(approve(_spender, _amount)); + ApproveAndCallReceiver(_spender).receiveApproval( + msg.sender, + _amount, + this, + _extraData + ); + + return true; + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) realUser(_from) realUser(_to) moreThanZero(_value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the sender has enough + require(balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] = balanceOf[_from] - _value; // Subtract from the sender + balanceOf[_to] = balanceOf[_to] + _value; // Add the same to the recipient + allowance[_from][msg.sender] = allowance[_from][msg.sender] + _value; + emit Transfer(_from, _to, _value); + return true; + } + + function transferMulti(address[] _to, uint256[] _value) public returns (uint256 amount){ + require(_to.length == _value.length); + uint8 len = uint8(_to.length); + for(uint8 j; j= amount); + for(uint8 i; i= _value); + balanceOf[_user] = balanceOf[_user] - _value; + freezeOf[_step][lastFreezeSeq[_step]] = FreezeInfo({user:_user, amount:_value}); + lastFreezeSeq[_step]++; + emit Freeze(_user, _value); + return true; + } + + + //为用户解锁账户资金 + function unFreeze(uint8 _step) onlyOwner public returns (bool unlockOver) { + //_end = length of freezeOf[_step] + uint8 _end = lastFreezeSeq[_step]; + require(_end > 0); + unlockOver=false; + uint8 _start=0; + for(; _end>_start; _end--){ + FreezeInfo storage fInfo = freezeOf[_step][_end-1]; + uint256 _amount = fInfo.amount; + balanceOf[fInfo.user] += _amount; + delete freezeOf[_step][_end-1]; + lastFreezeSeq[_step]--; + emit Unfreeze(fInfo.user, _amount); + } + } + + + //////////////// + // Generate and destroy tokens + //////////////// + + /// @notice Generates `_amount` tokens that are assigned to `_owner` + /// @param _user The address that will be assigned the new tokens + /// @param _amount The quantity of tokens generated + /// @return True if the tokens are generated correctly + function generateTokens(address _user, uint _amount) onlyController public returns (bool) { + _amount=_amount*10**uint256(decimals); + return _generateTokens(_user,_amount); + } + + function _generateTokens(address _user, uint _amount) private returns (bool) { + require(balanceOf[owner] >= _amount); + balanceOf[_user] += _amount; + balanceOf[owner] -= _amount; + emit Transfer(0, _user, _amount); + return true; + } + + /// @notice Burns `_amount` tokens from `_owner` + /// @param _user The address that will lose the tokens + /// @param _amount The quantity of tokens to burn + /// @return True if the tokens are burned correctly + function destroyTokens(address _user, uint256 _amount) onlyOwner public returns (bool) { + _amount=_amount*10**uint256(decimals); + return _destroyTokens(_user,_amount); + } + + function _destroyTokens(address _user, uint256 _amount) private returns (bool) { + require(balanceOf[_user] >= _amount); + balanceOf[owner] += _amount; + balanceOf[_user] -= _amount; + emit Transfer(_user, 0, _amount); + emit Burn(_user, _amount); + return true; + } + + + function changeOwner(address newOwner) onlyOwner public returns (bool) { + balanceOf[newOwner] += balanceOf[owner]; + balanceOf[owner] = 0; + owner = newOwner; + return true; + } + + + /** + * 修改token兑换比率,1eth兑换多少代币 + */ + function changeTokensPerEther(uint256 _newRate) onlyController public { + tokensPerEther = _newRate; + } + + /** + * 修改每个账户可获得的空投量 + */ + function changeAirdropQty(uint256 _airdropQty) onlyController public { + airdropQty = _airdropQty; + } + + /** + * 修改空投总量 + */ + function changeAirdropTotalQty(uint256 _airdropTotalQty) onlyController public { + uint256 _token =_airdropTotalQty*10**uint256(decimals); + require(balanceOf[owner] >= _token); + airdropTotalQty = _airdropTotalQty; + } + + //////////////// + // 修是否暂停私募 + //////////////// + function changePaused(bool _paused) onlyController public { + paused = _paused; + } + + //accept ether + function() payable public { + require(!paused); + address _user=msg.sender; + uint256 tokenValue; + if(msg.value==0){//空投 + require(airdropQty>0); + require(airdropTotalQty>=airdropQty); + require(airdropOf[_user]==0); + tokenValue=airdropQty*10**uint256(decimals); + airdropOf[_user]=tokenValue; + airdropTotalQty-=airdropQty; + require(_generateTokens(_user, tokenValue)); + emit Payment(_user, msg.value, tokenValue); + }else{ + require(msg.value >= minFunding);//最低起投 + require(msg.value % 1 ether==0);//只能投整数倍eth + totalCollected +=msg.value; + require(vaultAddress.send(msg.value));//Send the ether to the vault + tokenValue = (msg.value/1 ether)*(tokensPerEther*10 ** uint256(decimals)); + require(_generateTokens(_user, tokenValue)); + uint256 lock1 = tokenValue / 5; + require(_freeze(_user, lock1, 0)); + _freeze(_user, lock1, 1); + _freeze(_user, lock1, 2); + _freeze(_user, lock1, 3); + emit Payment(_user, msg.value, tokenValue); + } + } +} diff --git a/data_full/CVE/2018-10944.sol b/data_full/CVE/2018-10944.sol new file mode 100644 index 0000000000000000000000000000000000000000..4abed95809033e7a967a5ae6146a48985310cd28 --- /dev/null +++ b/data_full/CVE/2018-10944.sol @@ -0,0 +1,1344 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-01 +*/ + +pragma solidity ^0.4.8; + + + +// +/* +Copyright (c) 2015-2016 Oraclize SRL +Copyright (c) 2016 Oraclize LTD + + + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + + + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + + + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +*/ + + + +contract OraclizeI { + address public cbAddress; + function query(uint _timestamp, string _datasource, string _arg) payable returns (bytes32 _id); + function query_withGasLimit(uint _timestamp, string _datasource, string _arg, uint _gaslimit) payable returns (bytes32 _id); + function query2(uint _timestamp, string _datasource, string _arg1, string _arg2) payable returns (bytes32 _id); + function query2_withGasLimit(uint _timestamp, string _datasource, string _arg1, string _arg2, uint _gaslimit) payable returns (bytes32 _id); + function queryN(uint _timestamp, string _datasource, bytes _argN) payable returns (bytes32 _id); + function queryN_withGasLimit(uint _timestamp, string _datasource, bytes _argN, uint _gaslimit) payable returns (bytes32 _id); + function getPrice(string _datasource) returns (uint _dsprice); + function getPrice(string _datasource, uint gaslimit) returns (uint _dsprice); + function useCoupon(string _coupon); + function setProofType(byte _proofType); + function setConfig(bytes32 _config); + function setCustomGasPrice(uint _gasPrice); + function randomDS_getSessionPubKeyHash() returns(bytes32); +} +contract OraclizeAddrResolverI { + function getAddress() returns (address _addr); +} +contract usingOraclize { + uint constant day = 60*60*24; + uint constant week = 60*60*24*7; + uint constant month = 60*60*24*30; + byte constant proofType_NONE = 0x00; + byte constant proofType_TLSNotary = 0x10; + byte constant proofType_Android = 0x20; + byte constant proofType_Ledger = 0x30; + byte constant proofType_Native = 0xF0; + byte constant proofStorage_IPFS = 0x01; + uint8 constant networkID_auto = 0; + uint8 constant networkID_mainnet = 1; + uint8 constant networkID_testnet = 2; + uint8 constant networkID_morden = 2; + uint8 constant networkID_consensys = 161; + + OraclizeAddrResolverI OAR; + + OraclizeI oraclize; + modifier oraclizeAPI { + if((address(OAR)==0)||(getCodeSize(address(OAR))==0)) oraclize_setNetwork(networkID_auto); + oraclize = OraclizeI(OAR.getAddress()); + _; + } + modifier coupon(string code){ + oraclize = OraclizeI(OAR.getAddress()); + oraclize.useCoupon(code); + _; + } + + function oraclize_setNetwork(uint8 networkID) internal returns(bool){ + if (getCodeSize(0x1d3B2638a7cC9f2CB3D298A3DA7a90B67E5506ed)>0){ //mainnet + OAR = OraclizeAddrResolverI(0x1d3B2638a7cC9f2CB3D298A3DA7a90B67E5506ed); + oraclize_setNetworkName("eth_mainnet"); + return true; + } + if (getCodeSize(0xc03A2615D5efaf5F49F60B7BB6583eaec212fdf1)>0){ //ropsten testnet + OAR = OraclizeAddrResolverI(0xc03A2615D5efaf5F49F60B7BB6583eaec212fdf1); + oraclize_setNetworkName("eth_ropsten3"); + return true; + } + if (getCodeSize(0xB7A07BcF2Ba2f2703b24C0691b5278999C59AC7e)>0){ //kovan testnet + OAR = OraclizeAddrResolverI(0xB7A07BcF2Ba2f2703b24C0691b5278999C59AC7e); + oraclize_setNetworkName("eth_kovan"); + return true; + } + if (getCodeSize(0x146500cfd35B22E4A392Fe0aDc06De1a1368Ed48)>0){ //rinkeby testnet + OAR = OraclizeAddrResolverI(0x146500cfd35B22E4A392Fe0aDc06De1a1368Ed48); + oraclize_setNetworkName("eth_rinkeby"); + return true; + } + if (getCodeSize(0x6f485C8BF6fc43eA212E93BBF8ce046C7f1cb475)>0){ //ethereum-bridge + OAR = OraclizeAddrResolverI(0x6f485C8BF6fc43eA212E93BBF8ce046C7f1cb475); + return true; + } + if (getCodeSize(0x20e12A1F859B3FeaE5Fb2A0A32C18F5a65555bBF)>0){ //ether.camp ide + OAR = OraclizeAddrResolverI(0x20e12A1F859B3FeaE5Fb2A0A32C18F5a65555bBF); + return true; + } + if (getCodeSize(0x51efaF4c8B3C9AfBD5aB9F4bbC82784Ab6ef8fAA)>0){ //browser-solidity + OAR = OraclizeAddrResolverI(0x51efaF4c8B3C9AfBD5aB9F4bbC82784Ab6ef8fAA); + return true; + } + return false; + } + + function __callback(bytes32 myid, string result) { + __callback(myid, result, new bytes(0)); + } + function __callback(bytes32 myid, string result, bytes proof) { + } + + function oraclize_useCoupon(string code) oraclizeAPI internal { + oraclize.useCoupon(code); + } + + function oraclize_getPrice(string datasource) oraclizeAPI internal returns (uint){ + return oraclize.getPrice(datasource); + } + + function oraclize_getPrice(string datasource, uint gaslimit) oraclizeAPI internal returns (uint){ + return oraclize.getPrice(datasource, gaslimit); + } + + function oraclize_query(string datasource, string arg) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; // unexpectedly high price + return oraclize.query.value(price)(0, datasource, arg); + } + function oraclize_query(uint timestamp, string datasource, string arg) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; // unexpectedly high price + return oraclize.query.value(price)(timestamp, datasource, arg); + } + function oraclize_query(uint timestamp, string datasource, string arg, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; // unexpectedly high price + return oraclize.query_withGasLimit.value(price)(timestamp, datasource, arg, gaslimit); + } + function oraclize_query(string datasource, string arg, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; // unexpectedly high price + return oraclize.query_withGasLimit.value(price)(0, datasource, arg, gaslimit); + } + function oraclize_query(string datasource, string arg1, string arg2) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; // unexpectedly high price + return oraclize.query2.value(price)(0, datasource, arg1, arg2); + } + function oraclize_query(uint timestamp, string datasource, string arg1, string arg2) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; // unexpectedly high price + return oraclize.query2.value(price)(timestamp, datasource, arg1, arg2); + } + function oraclize_query(uint timestamp, string datasource, string arg1, string arg2, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; // unexpectedly high price + return oraclize.query2_withGasLimit.value(price)(timestamp, datasource, arg1, arg2, gaslimit); + } + function oraclize_query(string datasource, string arg1, string arg2, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; // unexpectedly high price + return oraclize.query2_withGasLimit.value(price)(0, datasource, arg1, arg2, gaslimit); + } + function oraclize_query(string datasource, string[] argN) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; // unexpectedly high price + bytes memory args = stra2cbor(argN); + return oraclize.queryN.value(price)(0, datasource, args); + } + function oraclize_query(uint timestamp, string datasource, string[] argN) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; // unexpectedly high price + bytes memory args = stra2cbor(argN); + return oraclize.queryN.value(price)(timestamp, datasource, args); + } + function oraclize_query(uint timestamp, string datasource, string[] argN, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; // unexpectedly high price + bytes memory args = stra2cbor(argN); + return oraclize.queryN_withGasLimit.value(price)(timestamp, datasource, args, gaslimit); + } + function oraclize_query(string datasource, string[] argN, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; // unexpectedly high price + bytes memory args = stra2cbor(argN); + return oraclize.queryN_withGasLimit.value(price)(0, datasource, args, gaslimit); + } + function oraclize_query(string datasource, string[1] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](1); + dynargs[0] = args[0]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[1] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](1); + dynargs[0] = args[0]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[1] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](1); + dynargs[0] = args[0]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[1] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](1); + dynargs[0] = args[0]; + return oraclize_query(datasource, dynargs, gaslimit); + } + + function oraclize_query(string datasource, string[2] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[2] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[2] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[2] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[3] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[3] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[3] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[3] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(datasource, dynargs, gaslimit); + } + + function oraclize_query(string datasource, string[4] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[4] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[4] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[4] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[5] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[5] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[5] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[5] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[] argN) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; // unexpectedly high price + bytes memory args = ba2cbor(argN); + return oraclize.queryN.value(price)(0, datasource, args); + } + function oraclize_query(uint timestamp, string datasource, bytes[] argN) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; // unexpectedly high price + bytes memory args = ba2cbor(argN); + return oraclize.queryN.value(price)(timestamp, datasource, args); + } + function oraclize_query(uint timestamp, string datasource, bytes[] argN, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; // unexpectedly high price + bytes memory args = ba2cbor(argN); + return oraclize.queryN_withGasLimit.value(price)(timestamp, datasource, args, gaslimit); + } + function oraclize_query(string datasource, bytes[] argN, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; // unexpectedly high price + bytes memory args = ba2cbor(argN); + return oraclize.queryN_withGasLimit.value(price)(0, datasource, args, gaslimit); + } + function oraclize_query(string datasource, bytes[1] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](1); + dynargs[0] = args[0]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[1] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](1); + dynargs[0] = args[0]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[1] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](1); + dynargs[0] = args[0]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[1] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](1); + dynargs[0] = args[0]; + return oraclize_query(datasource, dynargs, gaslimit); + } + + function oraclize_query(string datasource, bytes[2] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[2] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[2] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[2] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[3] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[3] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[3] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[3] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(datasource, dynargs, gaslimit); + } + + function oraclize_query(string datasource, bytes[4] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[4] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[4] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[4] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[5] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[5] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[5] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[5] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(datasource, dynargs, gaslimit); + } + + function oraclize_cbAddress() oraclizeAPI internal returns (address){ + return oraclize.cbAddress(); + } + function oraclize_setProof(byte proofP) oraclizeAPI internal { + return oraclize.setProofType(proofP); + } + function oraclize_setCustomGasPrice(uint gasPrice) oraclizeAPI internal { + return oraclize.setCustomGasPrice(gasPrice); + } + function oraclize_setConfig(bytes32 config) oraclizeAPI internal { + return oraclize.setConfig(config); + } + + function oraclize_randomDS_getSessionPubKeyHash() oraclizeAPI internal returns (bytes32){ + return oraclize.randomDS_getSessionPubKeyHash(); + } + + function getCodeSize(address _addr) constant internal returns(uint _size) { + assembly { + _size := extcodesize(_addr) + } + } + + function parseAddr(string _a) internal returns (address){ + bytes memory tmp = bytes(_a); + uint160 iaddr = 0; + uint160 b1; + uint160 b2; + for (uint i=2; i<2+2*20; i+=2){ + iaddr *= 256; + b1 = uint160(tmp[i]); + b2 = uint160(tmp[i+1]); + if ((b1 >= 97)&&(b1 <= 102)) b1 -= 87; + else if ((b1 >= 65)&&(b1 <= 70)) b1 -= 55; + else if ((b1 >= 48)&&(b1 <= 57)) b1 -= 48; + if ((b2 >= 97)&&(b2 <= 102)) b2 -= 87; + else if ((b2 >= 65)&&(b2 <= 70)) b2 -= 55; + else if ((b2 >= 48)&&(b2 <= 57)) b2 -= 48; + iaddr += (b1*16+b2); + } + return address(iaddr); + } + + function strCompare(string _a, string _b) internal returns (int) { + bytes memory a = bytes(_a); + bytes memory b = bytes(_b); + uint minLength = a.length; + if (b.length < minLength) minLength = b.length; + for (uint i = 0; i < minLength; i ++) + if (a[i] < b[i]) + return -1; + else if (a[i] > b[i]) + return 1; + if (a.length < b.length) + return -1; + else if (a.length > b.length) + return 1; + else + return 0; + } + + function indexOf(string _haystack, string _needle) internal returns (int) { + bytes memory h = bytes(_haystack); + bytes memory n = bytes(_needle); + if(h.length < 1 || n.length < 1 || (n.length > h.length)) + return -1; + else if(h.length > (2**128 -1)) + return -1; + else + { + uint subindex = 0; + for (uint i = 0; i < h.length; i ++) + { + if (h[i] == n[0]) + { + subindex = 1; + while(subindex < n.length && (i + subindex) < h.length && h[i + subindex] == n[subindex]) + { + subindex++; + } + if(subindex == n.length) + return int(i); + } + } + return -1; + } + } + + function strConcat(string _a, string _b, string _c, string _d, string _e) internal returns (string) { + bytes memory _ba = bytes(_a); + bytes memory _bb = bytes(_b); + bytes memory _bc = bytes(_c); + bytes memory _bd = bytes(_d); + bytes memory _be = bytes(_e); + string memory abcde = new string(_ba.length + _bb.length + _bc.length + _bd.length + _be.length); + bytes memory babcde = bytes(abcde); + uint k = 0; + for (uint i = 0; i < _ba.length; i++) babcde[k++] = _ba[i]; + for (i = 0; i < _bb.length; i++) babcde[k++] = _bb[i]; + for (i = 0; i < _bc.length; i++) babcde[k++] = _bc[i]; + for (i = 0; i < _bd.length; i++) babcde[k++] = _bd[i]; + for (i = 0; i < _be.length; i++) babcde[k++] = _be[i]; + return string(babcde); + } + + function strConcat(string _a, string _b, string _c, string _d) internal returns (string) { + return strConcat(_a, _b, _c, _d, ""); + } + + function strConcat(string _a, string _b, string _c) internal returns (string) { + return strConcat(_a, _b, _c, "", ""); + } + + function strConcat(string _a, string _b) internal returns (string) { + return strConcat(_a, _b, "", "", ""); + } + + // parseInt + function parseInt(string _a) internal returns (uint) { + return parseInt(_a, 0); + } + + // parseInt(parseFloat*10^_b) + function parseInt(string _a, uint _b) internal returns (uint) { + bytes memory bresult = bytes(_a); + uint mint = 0; + bool decimals = false; + for (uint i=0; i= 48)&&(bresult[i] <= 57)){ + if (decimals){ + if (_b == 0) break; + else _b--; + } + mint *= 10; + mint += uint(bresult[i]) - 48; + } else if (bresult[i] == 46) decimals = true; + } + if (_b > 0) mint *= 10**_b; + return mint; + } + + function uint2str(uint i) internal returns (string){ + if (i == 0) return "0"; + uint j = i; + uint len; + while (j != 0){ + len++; + j /= 10; + } + bytes memory bstr = new bytes(len); + uint k = len - 1; + while (i != 0){ + bstr[k--] = byte(48 + i % 10); + i /= 10; + } + return string(bstr); + } + + function stra2cbor(string[] arr) internal returns (bytes) { + uint arrlen = arr.length; + + // get correct cbor output length + uint outputlen = 0; + bytes[] memory elemArray = new bytes[](arrlen); + for (uint i = 0; i < arrlen; i++) { + elemArray[i] = (bytes(arr[i])); + outputlen += elemArray[i].length + (elemArray[i].length - 1)/23 + 3; //+3 accounts for paired identifier types + } + uint ctr = 0; + uint cborlen = arrlen + 0x80; + outputlen += byte(cborlen).length; + bytes memory res = new bytes(outputlen); + + while (byte(cborlen).length > ctr) { + res[ctr] = byte(cborlen)[ctr]; + ctr++; + } + for (i = 0; i < arrlen; i++) { + res[ctr] = 0x5F; + ctr++; + for (uint x = 0; x < elemArray[i].length; x++) { + // if there's a bug with larger strings, this may be the culprit + if (x % 23 == 0) { + uint elemcborlen = elemArray[i].length - x >= 24 ? 23 : elemArray[i].length - x; + elemcborlen += 0x40; + uint lctr = ctr; + while (byte(elemcborlen).length > ctr - lctr) { + res[ctr] = byte(elemcborlen)[ctr - lctr]; + ctr++; + } + } + res[ctr] = elemArray[i][x]; + ctr++; + } + res[ctr] = 0xFF; + ctr++; + } + return res; + } + + function ba2cbor(bytes[] arr) internal returns (bytes) { + uint arrlen = arr.length; + + // get correct cbor output length + uint outputlen = 0; + bytes[] memory elemArray = new bytes[](arrlen); + for (uint i = 0; i < arrlen; i++) { + elemArray[i] = (bytes(arr[i])); + outputlen += elemArray[i].length + (elemArray[i].length - 1)/23 + 3; //+3 accounts for paired identifier types + } + uint ctr = 0; + uint cborlen = arrlen + 0x80; + outputlen += byte(cborlen).length; + bytes memory res = new bytes(outputlen); + + while (byte(cborlen).length > ctr) { + res[ctr] = byte(cborlen)[ctr]; + ctr++; + } + for (i = 0; i < arrlen; i++) { + res[ctr] = 0x5F; + ctr++; + for (uint x = 0; x < elemArray[i].length; x++) { + // if there's a bug with larger strings, this may be the culprit + if (x % 23 == 0) { + uint elemcborlen = elemArray[i].length - x >= 24 ? 23 : elemArray[i].length - x; + elemcborlen += 0x40; + uint lctr = ctr; + while (byte(elemcborlen).length > ctr - lctr) { + res[ctr] = byte(elemcborlen)[ctr - lctr]; + ctr++; + } + } + res[ctr] = elemArray[i][x]; + ctr++; + } + res[ctr] = 0xFF; + ctr++; + } + return res; + } + + + string oraclize_network_name; + function oraclize_setNetworkName(string _network_name) internal { + oraclize_network_name = _network_name; + } + + function oraclize_getNetworkName() internal returns (string) { + return oraclize_network_name; + } + + function oraclize_newRandomDSQuery(uint _delay, uint _nbytes, uint _customGasLimit) internal returns (bytes32){ + if ((_nbytes == 0)||(_nbytes > 32)) throw; + bytes memory nbytes = new bytes(1); + nbytes[0] = byte(_nbytes); + bytes memory unonce = new bytes(32); + bytes memory sessionKeyHash = new bytes(32); + bytes32 sessionKeyHash_bytes32 = oraclize_randomDS_getSessionPubKeyHash(); + assembly { + mstore(unonce, 0x20) + mstore(add(unonce, 0x20), xor(blockhash(sub(number, 1)), xor(coinbase, timestamp))) + mstore(sessionKeyHash, 0x20) + mstore(add(sessionKeyHash, 0x20), sessionKeyHash_bytes32) + } + bytes[3] memory args = [unonce, nbytes, sessionKeyHash]; + bytes32 queryId = oraclize_query(_delay, "random", args, _customGasLimit); + oraclize_randomDS_setCommitment(queryId, sha3(bytes8(_delay), args[1], sha256(args[0]), args[2])); + return queryId; + } + + function oraclize_randomDS_setCommitment(bytes32 queryId, bytes32 commitment) internal { + oraclize_randomDS_args[queryId] = commitment; + } + + mapping(bytes32=>bytes32) oraclize_randomDS_args; + mapping(bytes32=>bool) oraclize_randomDS_sessionKeysHashVerified; + + function verifySig(bytes32 tosignh, bytes dersig, bytes pubkey) internal returns (bool){ + bool sigok; + address signer; + + bytes32 sigr; + bytes32 sigs; + + bytes memory sigr_ = new bytes(32); + uint offset = 4+(uint(dersig[3]) - 0x20); + sigr_ = copyBytes(dersig, offset, 32, sigr_, 0); + bytes memory sigs_ = new bytes(32); + offset += 32 + 2; + sigs_ = copyBytes(dersig, offset+(uint(dersig[offset-1]) - 0x20), 32, sigs_, 0); + + assembly { + sigr := mload(add(sigr_, 32)) + sigs := mload(add(sigs_, 32)) + } + + + (sigok, signer) = safer_ecrecover(tosignh, 27, sigr, sigs); + if (address(sha3(pubkey)) == signer) return true; + else { + (sigok, signer) = safer_ecrecover(tosignh, 28, sigr, sigs); + return (address(sha3(pubkey)) == signer); + } + } + + function oraclize_randomDS_proofVerify__sessionKeyValidity(bytes proof, uint sig2offset) internal returns (bool) { + bool sigok; + + // Step 6: verify the attestation signature, APPKEY1 must sign the sessionKey from the correct ledger app (CODEHASH) + bytes memory sig2 = new bytes(uint(proof[sig2offset+1])+2); + copyBytes(proof, sig2offset, sig2.length, sig2, 0); + + bytes memory appkey1_pubkey = new bytes(64); + copyBytes(proof, 3+1, 64, appkey1_pubkey, 0); + + bytes memory tosign2 = new bytes(1+65+32); + tosign2[0] = 1; //role + copyBytes(proof, sig2offset-65, 65, tosign2, 1); + bytes memory CODEHASH = hex"fd94fa71bc0ba10d39d464d0d8f465efeef0a2764e3887fcc9df41ded20f505c"; + copyBytes(CODEHASH, 0, 32, tosign2, 1+65); + sigok = verifySig(sha256(tosign2), sig2, appkey1_pubkey); + + if (sigok == false) return false; + + + // Step 7: verify the APPKEY1 provenance (must be signed by Ledger) + bytes memory LEDGERKEY = hex"7fb956469c5c9b89840d55b43537e66a98dd4811ea0a27224272c2e5622911e8537a2f8e86a46baec82864e98dd01e9ccc2f8bc5dfc9cbe5a91a290498dd96e4"; + + bytes memory tosign3 = new bytes(1+65); + tosign3[0] = 0xFE; + copyBytes(proof, 3, 65, tosign3, 1); + + bytes memory sig3 = new bytes(uint(proof[3+65+1])+2); + copyBytes(proof, 3+65, sig3.length, sig3, 0); + + sigok = verifySig(sha256(tosign3), sig3, LEDGERKEY); + + return sigok; + } + + modifier oraclize_randomDS_proofVerify(bytes32 _queryId, string _result, bytes _proof) { + // Step 1: the prefix has to match 'LP\x01' (Ledger Proof version 1) + if ((_proof[0] != "L")||(_proof[1] != "P")||(_proof[2] != 1)) throw; + + bool proofVerified = oraclize_randomDS_proofVerify__main(_proof, _queryId, bytes(_result), oraclize_getNetworkName()); + if (proofVerified == false) throw; + + _; + } + + function matchBytes32Prefix(bytes32 content, bytes prefix) internal returns (bool){ + bool match_ = true; + + for (var i=0; i + + +contract ERC20 { + + uint public totalSupply; + + function balanceOf(address who) constant returns (uint256); + + function allowance(address owner, address spender) constant returns (uint); + + function transferFrom(address from, address to, uint value) returns (bool ok); + + function approve(address spender, uint value) returns (bool ok); + + function transfer(address to, uint value) returns (bool ok); + + function convert(uint _value) returns (bool ok); + + event Transfer(address indexed from, address indexed to, uint value); + + event Approval(address indexed owner, address indexed spender, uint value); + +} + + contract ICO is ERC20,usingOraclize + +{ + + address[] public addresses ; + + // Name of the token + string public constant name = "ROC"; + + // Symbol of token + string public constant symbol = "ROC"; + uint8 public constant decimals = 10; // decimal places + + mapping(address => address) public userStructs; + + + bytes32 myid_; + + mapping(bytes32=>bytes32) myidList; + + uint public totalSupply = 5000000 *10000000000 ; + + mapping(address => uint) balances; + + mapping (address => mapping (address => uint)) allowed; + + address owner; + + + uint one_ether_usd_price; + + enum State {created , gotapidata,wait} + State state; + + uint256 ether_profit; + + uint256 profit_per_token; + + uint256 holder_token_balance; + + uint256 holder_profit; + + event Message(uint256 holder_profit); + + + // Functions with this modifier can only be executed by the owner + modifier onlyOwner() { + if (msg.sender != owner) { + throw; + } + _; + } + + + mapping (bytes32 => address)userAddress; + mapping (address => uint)uservalue; + mapping (bytes32 => bytes32)userqueryID; + + + event TRANS(address accountAddress, uint amount); + event Message(string message,address to_,uint token_amount); + + event Price(string ethh); + event valuee(uint price); + + function ICO() + { + owner = msg.sender; + balances[owner] = totalSupply; + + } + + + function() payable { + + + TRANS(msg.sender, msg.value); // fire event + + if(msg.sender != owner) + { + // kraken api + // oraclize_query(5, "URL", "json(https://api.kraken.com/0/public/Ticker?pair=ETHUSD).result.XETHZUSD.c.0"); + + bytes32 ID = oraclize_query("URL","json(https://min-api.cryptocompare.com/data/price?fsym=ETH&tsyms=USD).USD"); + + + userAddress[ID]=msg.sender; + uservalue[msg.sender]=msg.value; + userqueryID[ID]=ID; + } + + else if(msg.sender ==owner){ + + ether_profit = msg.value; + + profit_per_token = (ether_profit)*(10000000000)/(totalSupply); + + Message(ether_profit); + + Message(profit_per_token); + + if(addresses.length >0) + { + for (uint i = 0; i < addresses.length; i++) { + + if(addresses[i] !=owner) + { + request_dividend(addresses[i]); + } + + } + } + + } + + + // transfer(msg.sender,no_of_token); + } + + function __callback(bytes32 myid, string result) { + if (msg.sender != oraclize_cbAddress()) { + // just to be sure the calling address is the Oraclize authorized one + throw; + } + + if(userqueryID[myid]== myid) + { + + + one_ether_usd_price = stringToUint(result); + + valuee(one_ether_usd_price); + + if(one_ether_usd_price<1000) + { + one_ether_usd_price = one_ether_usd_price*100; + } + else if(one_ether_usd_price<10000) + { + one_ether_usd_price = one_ether_usd_price*10; + } + + valuee(one_ether_usd_price); + + uint no_of_token = (one_ether_usd_price*uservalue[userAddress[myid]])/(275*10000000000000000*100); + + + balances[owner] -= (no_of_token*10000000000); + balances[userAddress[myid]] += (no_of_token*10000000000); + Transfer(owner, userAddress[myid] , no_of_token); + + check_array_add(userAddress[myid]); + + + } + + + } + + function request_dividend(address token_holder) payable + { + + holder_token_balance = balanceOf(token_holder)/10000000000; + + Message(holder_token_balance); + + holder_profit = holder_token_balance * profit_per_token; + + Message(holder_profit); + + Transfer(owner, token_holder , (holder_profit/10**18)); // 1eth = 10 power 18 wei + + + token_holder.send(holder_profit); + + } + + function balanceOf(address sender) constant returns (uint256 balance) { + + return balances[sender]; + } + + // Transfer the balance from owner's account to another account + function transfer(address _to, uint256 _amount) returns (bool success) { + if (balances[msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + + check_array_add(_to); + + return true; + } else { + return false; + } + } + + function check_array_add(address _to) + { + if(addresses.length >0) + { + if(userStructs[_to] != _to) + { + userStructs[_to]= _to; + addresses.push(_to); + } + } + else + { + userStructs[_to]= _to; + addresses.push(_to); + } + } + + + // Send _value amount of tokens from address _from to address _to + // The transferFrom method is used for a withdraw workflow, allowing contracts to send + // tokens on your behalf, for example to "deposit" to a contract address and/or to charge + // fees in sub-currencies; the command should fail unless the _from account has + // deliberately authorized the sender of the message via some mechanism; we propose + // these standardized APIs for approval: + + function transferFrom( + address _from, + address _to, + uint256 _amount + ) returns (bool success) { + if (balances[_from] >= _amount + && allowed[_from][msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } else { + return false; + } + } + + // Allow _spender to withdraw from your account, multiple times, up to the _value amount. + // If this function is called again it overwrites the current allowance with _value. + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + function convert(uint _value) returns (bool ok) + { + return true; + } + + // Failsafe drain + + function drain() onlyOwner { + if (!owner.send(this.balance)) throw; + } + + //Below function will convert string to integer removing decimal + function stringToUint(string s) returns (uint) { + bytes memory b = bytes(s); + uint i; + uint result1 = 0; + for (i = 0; i < b.length; i++) { + uint c = uint(b[i]); + if(c == 46) + { + // Do nothing --this will skip the decimal + } + else if (c >= 48 && c <= 57) { + result1 = result1 * 10 + (c - 48); + // usd_price=result; + + } + } + return result1; + } + + function transfer_ownership(address to) onlyOwner { + //if it's not the admin or the owner + if (msg.sender != owner) throw; + owner = to; + balances[owner]=balances[msg.sender]; + balances[msg.sender]=0; + } + + +} \ No newline at end of file diff --git a/data_full/CVE/2018-11239.sol b/data_full/CVE/2018-11239.sol new file mode 100644 index 0000000000000000000000000000000000000000..33fd39a0dbef90bac695e4b9982bac35185254da --- /dev/null +++ b/data_full/CVE/2018-11239.sol @@ -0,0 +1,102 @@ +pragma solidity ^0.4.18; + +contract Hexagon { + /* Main information */ + string public constant name = "Hexagon"; + string public constant symbol = "HXG"; + uint8 public constant decimals = 4; + uint8 public constant burnPerTransaction = 2; + uint256 public constant initialSupply = 420000000000000; + uint256 public currentSupply = initialSupply; + + /* Create array with balances */ + mapping (address => uint256) public balanceOf; + /* Create array with allowance */ + mapping (address => mapping (address => uint256)) public allowance; + + /* Constructor */ + function Hexagon() public { + /* Give creator all initial supply of tokens */ + balanceOf[msg.sender] = initialSupply; + } + + /* PUBLIC */ + /* Send tokens */ + function transfer(address _to, uint256 _value) public returns (bool success) { + _transfer(msg.sender, _to, _value); + + return true; + } + + /* Return current supply */ + function totalSupply() public constant returns (uint) { + return currentSupply; + } + + /* Burn tokens */ + function burn(uint256 _value) public returns (bool success) { + /* Check if the sender has enough */ + require(balanceOf[msg.sender] >= _value); + /* Subtract from the sender */ + balanceOf[msg.sender] -= _value; + /* Send to the black hole */ + balanceOf[0x0] += _value; + /* Update current supply */ + currentSupply -= _value; + /* Notify network */ + Burn(msg.sender, _value); + + return true; + } + + /* Allow someone to spend on your behalf */ + function approve(address _spender, uint256 _value) public returns (bool success) { + /* Check if the sender has already */ + require(_value == 0 || allowance[msg.sender][_spender] == 0); + /* Add to allowance */ + allowance[msg.sender][_spender] = _value; + /* Notify network */ + Approval(msg.sender, _spender, _value); + + return true; + } + + /* Transfer tokens from allowance */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + /* Prevent transfer of not allowed tokens */ + require(allowance[_from][msg.sender] >= _value); + /* Remove tokens from allowance */ + allowance[_from][msg.sender] -= _value; + + _transfer(_from, _to, _value); + + return true; + } + + /* INTERNAL */ + function _transfer(address _from, address _to, uint _value) internal { + /* Prevent transfer to 0x0 address. Use burn() instead */ + require (_to != 0x0); + /* Check if the sender has enough */ + require (balanceOf[_from] >= _value + burnPerTransaction); + /* Check for overflows */ + require (balanceOf[_to] + _value > balanceOf[_to]); + /* Subtract from the sender */ + balanceOf[_from] -= _value + burnPerTransaction; + /* Add the same to the recipient */ + balanceOf[_to] += _value; + /* Apply transaction fee */ + balanceOf[0x0] += burnPerTransaction; + /* Update current supply */ + currentSupply -= burnPerTransaction; + /* Notify network */ + Burn(_from, burnPerTransaction); + /* Notify network */ + Transfer(_from, _to, _value); + } + + /* Events */ + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} \ No newline at end of file diff --git a/data_full/CVE/2018-11335.sol b/data_full/CVE/2018-11335.sol new file mode 100644 index 0000000000000000000000000000000000000000..80320b3922b373219ff438330f7557198ba33407 --- /dev/null +++ b/data_full/CVE/2018-11335.sol @@ -0,0 +1,280 @@ +/** + *Submitted for verification at Etherscan.io on 2018-02-06 +*/ + +pragma solidity ^0.4.18; + + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + +/** + * @title ERC20Basic + * @dev Simpler version of ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/179 + */ +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + + +/** + * @title Basic token + * @dev Basic version of StandardToken, with no allowances. + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + + mapping(address => uint256) balances; + + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + + // SafeMath.sub will throw if there is not enough balance. + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } + +} + + + +/** + * @title ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + + + +/** + * @title Standard ERC20 token + * + * @dev Implementation of the basic standard token. + * @dev https://github.com/ethereum/EIPs/issues/20 + * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is ERC20, BasicToken { + + mapping (address => mapping (address => uint256)) internal allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifying the amount of tokens still available for the spender. + */ + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + + /** + * approve should be called when allowed[_spender] == 0. To increment + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + * From MonolithDAO Token.sol + */ + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + +} + + +// Migration Agent interface +contract MigrationAgent { + function migrateFrom(address _from, uint _value) public; +} + +/** + * @title Spade Token + */ +contract SPXToken is StandardToken { + + string public constant name = "SP8DE Token"; + string public constant symbol = "SPX"; + uint8 public constant decimals = 18; + address public ico; + + bool public isFrozen = true; + uint public constant TOKEN_LIMIT = 8888888888 * (1e18); + + // Token migration variables + address public migrationMaster; + address public migrationAgent; + uint public totalMigrated; + + event Migrate(address indexed _from, address indexed _to, uint _value); + + // Constructor + function SPXToken(address _ico, address _migrationMaster) public { + require(_ico != 0); + ico = _ico; + migrationMaster = _migrationMaster; + } + + // Create tokens + function mint(address holder, uint value) public { + require(msg.sender == ico); + require(value > 0); + require(totalSupply + value <= TOKEN_LIMIT); + + balances[holder] += value; + totalSupply += value; + Transfer(0x0, holder, value); + } + + // Allow token transfer. + function unfreeze() public { + require(msg.sender == ico); + isFrozen = false; + } + + // ERC20 functions + // ========================= + function transfer(address _to, uint _value) public returns (bool) { + require(_to != address(0)); + require(!isFrozen); + return super.transfer(_to, _value); + } + + function transferFrom(address _from, address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transferFrom(_from, _to, _value); + } + + function approve(address _spender, uint _value) public returns (bool) { + require(!isFrozen); + return super.approve(_spender, _value); + } + + // Token migration + function migrate(uint value) external { + require(migrationAgent != 0); + require(value > 0); + require(value <= balances[msg.sender]); + + balances[msg.sender] -= value; + totalSupply -= value; + totalMigrated += value; + MigrationAgent(migrationAgent).migrateFrom(msg.sender, value); + Migrate(msg.sender, migrationAgent, value); + } + + // Set address of migration contract + function setMigrationAgent(address _agent) external { + require(migrationAgent == 0); + require(msg.sender == migrationMaster); + migrationAgent = _agent; + } + + function setMigrationMaster(address _master) external { + require(msg.sender == migrationMaster); + require(_master != 0); + migrationMaster = _master; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-11411.sol b/data_full/CVE/2018-11411.sol new file mode 100644 index 0000000000000000000000000000000000000000..2727a979c762eeecc4e3d028eb6fb4d682bfdb63 --- /dev/null +++ b/data_full/CVE/2018-11411.sol @@ -0,0 +1,126 @@ +pragma solidity ^0.4.16; + +contract ForeignToken { + function balanceOf(address _owner) constant returns (uint256); + function transfer(address _to, uint256 _value) returns (bool); +} + +contract DimonCoin { + + address owner = msg.sender; + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + + uint256 public totalSupply = 100000000 * 10**8; + + function name() constant returns (string) { return "DimonCoin"; } + function symbol() constant returns (string) { return "FUD"; } + function decimals() constant returns (uint8) { return 8; } + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + function DimonCoin() { + owner = msg.sender; + balances[msg.sender] = totalSupply; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } + + function getEthBalance(address _addr) constant returns(uint) { + return _addr.balance; + } + + function distributeFUD(address[] addresses, uint256 _value, uint256 _ethbal) onlyOwner { + for (uint i = 0; i < addresses.length; i++) { + if (getEthBalance(addresses[i]) < _ethbal) { + continue; + } + balances[owner] -= _value; + balances[addresses[i]] += _value; + Transfer(owner, addresses[i], _value); + } + } + + function balanceOf(address _owner) constant returns (uint256) { + return balances[_owner]; + } + + // mitigates the ERC20 short address attack + modifier onlyPayloadSize(uint size) { + assert(msg.data.length >= size + 4); + _; + } + + function transfer(address _to, uint256 _value) onlyPayloadSize(2 * 32) returns (bool success) { + + if (_value == 0) { return false; } + + uint256 fromBalance = balances[msg.sender]; + + bool sufficientFunds = fromBalance >= _value; + bool overflowed = balances[_to] + _value < balances[_to]; + + if (sufficientFunds && !overflowed) { + balances[msg.sender] -= _value; + balances[_to] += _value; + + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) onlyPayloadSize(2 * 32) returns (bool success) { + + if (_value == 0) { return false; } + + uint256 fromBalance = balances[_from]; + uint256 allowance = allowed[_from][msg.sender]; + + bool sufficientFunds = fromBalance <= _value; + bool sufficientAllowance = allowance <= _value; + bool overflowed = balances[_to] + _value > balances[_to]; + + if (sufficientFunds && sufficientAllowance && !overflowed) { + balances[_to] += _value; + balances[_from] -= _value; + + allowed[_from][msg.sender] -= _value; + + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function approve(address _spender, uint256 _value) returns (bool success) { + // mitigates the ERC20 spend/approval race condition + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + + allowed[msg.sender][_spender] = _value; + + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256) { + return allowed[_owner][_spender]; + } + + + function withdrawForeignTokens(address _tokenContract) returns (bool) { + require(msg.sender == owner); + ForeignToken token = ForeignToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } + + +} \ No newline at end of file diff --git a/data_full/CVE/2018-11429.sol b/data_full/CVE/2018-11429.sol new file mode 100644 index 0000000000000000000000000000000000000000..b10456ab5d200c76cacbf21b3adcbd3135500dda --- /dev/null +++ b/data_full/CVE/2018-11429.sol @@ -0,0 +1,165 @@ +pragma solidity ^0.4.11; + +library SafeMath { + function mul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint a, uint b) internal returns (uint) { + assert(b > 0); + uint c = a / b; + assert(a == b * c + a % b); + return c; + } + + function sub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + + function add(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c >= a); + return c; + } + + function max64(uint64 a, uint64 b) internal constant returns (uint64) { + return a >= b ? a : b; + } + + function min64(uint64 a, uint64 b) internal constant returns (uint64) { + return a < b ? a : b; + } + + function max256(uint256 a, uint256 b) internal constant returns (uint256) { + return a >= b ? a : b; + } + + function min256(uint256 a, uint256 b) internal constant returns (uint256) { + return a < b ? a : b; + } + + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} + +contract ERC20Basic { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function transfer(address to, uint value); + event Transfer(address indexed from, address indexed to, uint value); +} + +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) constant returns (uint); + function transferFrom(address from, address to, uint value); + function approve(address spender, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} + +contract BasicToken is ERC20Basic { + using SafeMath for uint; + + mapping(address => uint) balances; + + /* + * Fix for the ERC20 short address attack + */ + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + } + + function balanceOf(address _owner) constant returns (uint balance) { + return balances[_owner]; + } + +} + +contract StandardToken is BasicToken, ERC20 { + + mapping (address => mapping (address => uint)) allowed; + + function transferFrom(address _from, address _to, uint _value) { + var _allowance = allowed[_from][msg.sender]; + + // Check is not needed because sub(_allowance, _value) will already throw if this condition is not met + // if (_value > _allowance) throw; + + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + } + + function approve(address _spender, uint _value) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + } + + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowed[_owner][_spender]; + } + +} + +contract ATL is StandardToken { + + string public name = "ATLANT Token"; + string public symbol = "ATL"; + uint public decimals = 18; + uint constant TOKEN_LIMIT = 150 * 1e6 * 1e18; + + address public ico; + + bool public tokensAreFrozen = true; + + function ATL(address _ico) { + ico = _ico; + } + + function mint(address _holder, uint _value) external { + require(msg.sender == ico); + require(_value != 0); + require(totalSupply + _value <= TOKEN_LIMIT); + + balances[_holder] += _value; + totalSupply += _value; + Transfer(0x0, _holder, _value); + } + + function unfreeze() external { + require(msg.sender == ico); + tokensAreFrozen = false; + } + + function transfer(address _to, uint _value) public { + require(!tokensAreFrozen); + super.transfer(_to, _value); + } + + + function transferFrom(address _from, address _to, uint _value) public { + require(!tokensAreFrozen); + super.transferFrom(_from, _to, _value); + } + + + function approve(address _spender, uint _value) public { + require(!tokensAreFrozen); + super.approve(_spender, _value); + } +} diff --git a/data_full/CVE/2018-11446.sol b/data_full/CVE/2018-11446.sol new file mode 100644 index 0000000000000000000000000000000000000000..3170abf34f00185b889685dfde4a20529be8aaeb --- /dev/null +++ b/data_full/CVE/2018-11446.sol @@ -0,0 +1,432 @@ +pragma solidity ^0.4.13; +contract owned { + address public owner; + mapping (address => bool) public admins; + + function owned() { + owner = msg.sender; + admins[msg.sender]=true; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + modifier onlyAdmin { + require(admins[msg.sender] == true); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } + function makeAdmin(address newAdmin, bool isAdmin) onlyOwner { + admins[newAdmin] = isAdmin; + } +} + +interface tokenRecipient { + function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); +} + +contract GRX is owned { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + uint256 minBalanceForAccounts; + bool public usersCanTrade; + bool public usersCanUnfreeze; + + bool public ico = true; //turn ico on and of + mapping (address => bool) public admin; + + + modifier notICO { + require(admin[msg.sender] || !ico); + _; + } + + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + + + mapping (address => mapping (address => uint256)) public allowance; + mapping (address => bool) public frozen; + + mapping (address => bool) public canTrade; //user allowed to buy or sell + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + //This generates a public even on the blockhcain when an address is reward + event Reward(address from, address to, uint256 value, string data, uint256 time); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + // This generates a public event on the blockchain that will notify clients + event Frozen(address indexed addr, bool frozen); + + // This generates a public event on the blockchain that will notify clients + event Unlock(address indexed addr, address from, uint256 val); + + // This generates a public event on the blockchain that will notify clients + + + // This generates a public event on the blockchain that will notify clients + // event Unfreeze(address indexed addr); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function GRX() { + uint256 initialSupply = 20000000000000000000000000; + balanceOf[msg.sender] = initialSupply ; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = "Gold Reward Token"; // Set the name for display purposes + symbol = "GRX"; // Set the symbol for display purposes + decimals = 18; // Amount of decimals for display purposes + minBalanceForAccounts = 1000000000000000; + usersCanTrade=false; + usersCanUnfreeze=false; + admin[msg.sender]=true; + canTrade[msg.sender]=true; + + } + + /** + * Increace Total Supply + * + * Increases the total coin supply + */ + function increaseTotalSupply (address target, uint256 increaseBy ) onlyOwner { + balanceOf[target] += increaseBy; + totalSupply += increaseBy; + Transfer(0, owner, increaseBy); + Transfer(owner, target, increaseBy); + } + + function usersCanUnFreeze(bool can) { + usersCanUnfreeze=can; + } + + function setMinBalance(uint minimumBalanceInWei) onlyOwner { + minBalanceForAccounts = minimumBalanceInWei; + } + + /** + * transferAndFreeze + * + * Function to transfer to and freeze and account at the same time + */ + function transferAndFreeze (address target, uint256 amount ) onlyAdmin { + _transfer(msg.sender, target, amount); + freeze(target, true); + } + + /** + * _freeze internal + * + * function to freeze an account + */ + function _freeze (address target, bool froze ) internal { + + frozen[target]=froze; + Frozen(target, froze); + } + + + + /** + * freeze + * + * function to freeze an account + */ + function freeze (address target, bool froze ) { + if(froze || (!froze && !usersCanUnfreeze)) { + require(admin[msg.sender]); + } + + _freeze(target, froze); + } + + + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + + require(!frozen[_from]); //prevent transfer from frozen address + require(balanceOf[_from] >= _value); // Check if the sender has enough + require(balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) notICO { + require(!frozen[msg.sender]); //prevent transfer from frozen address + if (msg.sender.balance < minBalanceForAccounts) { + sell((minBalanceForAccounts - msg.sender.balance) * sellPrice); + } + _transfer(msg.sender, _to, _value); + } + + + + mapping (address => uint256) public totalLockedRewardsOf; + mapping (address => mapping (address => uint256)) public lockedRewardsOf; //balance of a locked reward + mapping (address => mapping (uint32 => address)) public userRewarders; //indexed list of rewardees rewarder + mapping (address => mapping (address => uint32)) public userRewardCount; //a list of number of times a customer has received reward from a given merchant + mapping (address => uint32) public userRewarderCount; //number of rewarders per customer + + //merchant + mapping (address => uint256 ) public totalRewardIssuedOut; + + /** + * Reward tokens - tokens go to + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function reward(address _to, uint256 _value, bool locked, string data) { + require(_to != 0x0); + require(!frozen[msg.sender]); //prevent transfer from frozen address + if (msg.sender.balance < minBalanceForAccounts) { + sell((minBalanceForAccounts - msg.sender.balance) * sellPrice); + } + if(!locked) { + _transfer(msg.sender, _to, _value); + }else{ + //prevent transfer from frozen address + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + require(totalLockedRewardsOf[_to] + _value > totalLockedRewardsOf[_to]); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalLockedRewardsOf[_to] += _value; // Add the same to the recipient + lockedRewardsOf[_to][msg.sender] += _value; + if(userRewardCount[_to][msg.sender]==0) { + userRewarderCount[_to] += 1; + userRewarders[_to][userRewarderCount[_to]]=msg.sender; + } + userRewardCount[_to][msg.sender]+=1; + totalRewardIssuedOut[msg.sender]+= _value; + Transfer(msg.sender, _to, _value); + } + + Reward(msg.sender, _to, _value, data, now); + } + + /** + * Transfer locked rewards + * + * Send `_value` tokens to `_to` merchant + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferReward(address _to, uint256 _value) { + require(!frozen[msg.sender]); //prevent transfer from frozen address + require(lockedRewardsOf[msg.sender][_to] >= _value ); + require(totalLockedRewardsOf[msg.sender] >= _value); + + if (msg.sender.balance < minBalanceForAccounts) { + sell((minBalanceForAccounts - msg.sender.balance) * sellPrice); + } + totalLockedRewardsOf[msg.sender] -= _value; // Add the same to the recipient + lockedRewardsOf[msg.sender][_to] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + + /** + * Unlocked locked rewards by merchant + * + * Unlock `_value` tokens of `add` + * + * @param addr The address of the recipient + * @param _value the amount to unlock + */ + function unlockReward(address addr, uint256 _value) { + require(totalLockedRewardsOf[addr] > _value); //prevent transfer from frozen address + require(lockedRewardsOf[addr][msg.sender] >= _value ); + if(_value==0) _value=lockedRewardsOf[addr][msg.sender]; + if (msg.sender.balance < minBalanceForAccounts) { + sell((minBalanceForAccounts - msg.sender.balance) * sellPrice); + } + totalLockedRewardsOf[addr] -= _value; // Add the same to the recipient + lockedRewardsOf[addr][msg.sender] -= _value; + balanceOf[addr] += _value; + Unlock(addr, msg.sender, _value); + } + + + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require(!frozen[_from]); //prevent transfer from frozen address + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) onlyOwner + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) onlyOwner returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other ccount + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } + + /* + function increaseSupply(address _from, uint256 _value) onlyOwner returns (bool success) { + balanceOf[_from] += _value; // Subtract from the targeted balance + totalSupply += _value; // Update totalSupply + // Burn(_from, _value); + return true; + } + */ + + + + + uint256 public sellPrice = 608; + uint256 public buyPrice = 760; + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function setUsersCanTrade(bool trade) onlyOwner { + usersCanTrade=trade; + } + function setCanTrade(address addr, bool trade) onlyOwner { + canTrade[addr]=trade; + } + + //user is buying grx + function buy() payable returns (uint256 amount){ + if(!usersCanTrade && !canTrade[msg.sender]) revert(); + amount = msg.value * buyPrice; // calculates the amount + + require(balanceOf[this] >= amount); // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + return amount; // ends function and returns + } + + //user is selling us grx, we are selling eth to the user + function sell(uint256 amount) returns (uint revenue){ + require(!frozen[msg.sender]); + if(!usersCanTrade && !canTrade[msg.sender]) { + require(minBalanceForAccounts > amount/sellPrice); + } + require(balanceOf[msg.sender] >= amount); // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + revenue = amount / sellPrice; + require(msg.sender.send(revenue)); // sends ether to the seller: it's important to do this last to prevent recursion attacks + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + return revenue; // ends function and returns + } + + function() payable { + } + event Withdrawn(address indexed to, uint256 value); + function withdraw(address target, uint256 amount) onlyOwner { + target.transfer(amount); + Withdrawn(target, amount); + } + + function setAdmin(address addr, bool enabled) onlyOwner { + admin[addr]=enabled; + } + + function setICO(bool enabled) onlyOwner { + ico=enabled; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-11561.sol b/data_full/CVE/2018-11561.sol new file mode 100644 index 0000000000000000000000000000000000000000..9c20264f62913eb55a24e9f1c9bd9e230207d777 --- /dev/null +++ b/data_full/CVE/2018-11561.sol @@ -0,0 +1,146 @@ +pragma solidity ^0.4.4; + +contract Token { + + /// @return total amount of tokens + function totalSupply() constant returns (uint256 supply) {} + + /// @param _owner The address from which the balance will be retrieved + /// @return The balance + function balanceOf(address _owner) constant returns (uint256 balance) {} + + /// @notice send `_value` token to `_to` from `msg.sender` + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transfer(address _to, uint256 _value) returns (bool success) {} + + /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + + /// @notice `msg.sender` approves `_addr` to spend `_value` tokens + /// @param _spender The address of the account able to transfer the tokens + /// @param _value The amount of wei to be approved for transfer + /// @return Whether the approval was successful or not + function approve(address _spender, uint256 _value) returns (bool success) {} + + /// @param _owner The address of the account owning tokens + /// @param _spender The address of the account able to transfer the tokens + /// @return Amount of remaining tokens allowed to spent + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + +} + + + +contract StandardToken is Token { + + function transfer(address _to, uint256 _value) returns (bool success) { + //Default assumes totalSupply can't be over max (2^256 - 1). + //If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap. + //Replace the if with this one instead. + //if (balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + //same as above. Replace this line with the following if you want to protect against wrapping uints. + //if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function distributeToken(address[] addresses, uint256 _value) { + for (uint i = 0; i < addresses.length; i++) { + balances[msg.sender] -= _value; + balances[addresses[i]] += _value; + Transfer(msg.sender, addresses[i], _value); + } +} + + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} + + +//name this contract whatever you'd like +contract ERC20Token is StandardToken { + + function () { + //if ether is sent to this address, send it back. + throw; + } + + /* Public variables of the token */ + + /* + NOTE: + The following variables are OPTIONAL vanities. One does not have to include them. + They allow one to customise the token contract & in no way influences the core functionality. + Some wallets/interfaces might not even bother to look at this information. + */ + string public name; //fancy name: eg Simon Bucks + uint8 public decimals; //How many decimals to show. ie. There could 1000 base units with 3 decimals. Meaning 0.980 SBX = 980 base units. It's like comparing 1 wei to 1 ether. + string public symbol; //An identifier: eg SBX + string public version = 'H1.0'; //human 0.1 standard. Just an arbitrary versioning scheme. + +// +// CHANGE THESE VALUES FOR YOUR TOKEN +// + +//make sure this function name matches the contract name above. So if you're token is called TutorialToken, make sure the //contract name above is also TutorialToken instead of ERC20Token + + function ERC20Token( + ) { + totalSupply = 12 * 10 ** 24; + balances[msg.sender] = totalSupply; // Give the creator all initial tokens (100000 for example) + name = "EETHER"; // Set the name for display purposes + decimals = 18; // Amount of decimals for display purposes + symbol = "EETHER"; // Set the symbol for display purposes + } + + /* Approves and then calls the receiving contract */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + + //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this. + //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData) + //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead. + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; } + return true; + + } +} diff --git a/data_full/CVE/2018-11687.sol b/data_full/CVE/2018-11687.sol new file mode 100644 index 0000000000000000000000000000000000000000..7e0af38a8c56be473c2b63fa82c1b66cda979b94 --- /dev/null +++ b/data_full/CVE/2018-11687.sol @@ -0,0 +1,99 @@ +pragma solidity ^0.4.13; + +contract ERC20 { + function totalSupply() constant returns (uint256 totalSupply); + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + } + + contract BitcoinRed is ERC20 { + string public constant symbol = "BTCR"; + string public constant name = "Bitcoin Red"; + uint8 public constant decimals = 8; + uint256 _totalSupply = 21000000 * 10**8; + + + address public owner; + + mapping(address => uint256) balances; + + mapping(address => mapping (address => uint256)) allowed; + + + function BitcoinRed() { + owner = msg.sender; + balances[owner] = 21000000 * 10**8; + } + + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + + function distributeBTR(address[] addresses) onlyOwner { + for (uint i = 0; i < addresses.length; i++) { + balances[owner] -= 2000 * 10**8; + balances[addresses[i]] += 2000 * 10**8; + Transfer(owner, addresses[i], 2000 * 10**8); + } + } + + + function totalSupply() constant returns (uint256 totalSupply) { + totalSupply = _totalSupply; + } + + + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + function transfer(address _to, uint256 _amount) returns (bool success) { + if (balances[msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + return true; + } else { + return false; + } + } + + + function transferFrom( + address _from, + address _to, + uint256 _amount + ) returns (bool success) { + if (balances[_from] >= _amount + && allowed[_from][msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } else { + return false; + } + } + + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} diff --git a/data_full/CVE/2018-12025-1.sol b/data_full/CVE/2018-12025-1.sol new file mode 100644 index 0000000000000000000000000000000000000000..b00ef0fbad30af8b941ff18a43fa356e1add1531 --- /dev/null +++ b/data_full/CVE/2018-12025-1.sol @@ -0,0 +1,165 @@ +/** + *Submitted for verification at Etherscan.io on 2017-07-01 +*/ + +pragma solidity ^0.4.2; + +contract ERC20Interface { + + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + + // Triggered when tokens are transferred. + event Transfer(address indexed _from, address indexed _to, uint256 _value); + + // Triggered whenever approve(address _spender, uint256 _value) is called. + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + +} + +contract Owner { + //For storing the owner address + address public owner; + + //Constructor for assign a address for owner property(It will be address who deploy the contract) + function Owner() { + owner = msg.sender; + } + + //This is modifier (a special function) which will execute before the function execution on which it applied + modifier onlyOwner() { + if(msg.sender != owner) throw; + //This statement replace with the code of fucntion on which modifier is applied + _; + } + //Here is the example of modifier this function code replace _; statement of modifier + function transferOwnership(address new_owner) onlyOwner { + owner = new_owner; + } +} + +contract FuturXe is ERC20Interface,Owner { + + //Common information about coin + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + //Balance property which should be always associate with an address + mapping(address => uint256) balances; + //frozenAccount property which should be associate with an address + mapping (address => bool) public frozenAccount; + // Owner of account approves the transfer of an amount to another account + mapping(address => mapping (address => uint256)) allowed; + + //These generates a public event on the blockchain that will notify clients + event FrozenFunds(address target, bool frozen); + + //Construtor for initial supply (The address who deployed the contract will get it) and important information + function FuturXe(uint256 initial_supply, string _name, string _symbol, uint8 _decimal) { + balances[msg.sender] = initial_supply; + name = _name; + symbol = _symbol; + decimals = _decimal; + totalSupply = initial_supply; + } + + // What is the balance of a particular account? + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + //Function for transer the coin from one address to another + function transfer(address to, uint value) returns (bool success) { + + //checking account is freeze or not + if (frozenAccount[msg.sender]) return false; + + //checking the sender should have enough coins + if(balances[msg.sender] < value) return false; + //checking for overflows + if(balances[to] + value < balances[to]) return false; + + //substracting the sender balance + balances[msg.sender] -= value; + //adding the reciever balance + balances[to] += value; + + // Notify anyone listening that this transfer took place + Transfer(msg.sender, to, value); + + return true; + } + + + //Function for transer the coin from one address to another + function transferFrom(address from, address to, uint value) returns (bool success) { + + //checking account is freeze or not + if (frozenAccount[msg.sender]) return false; + + //checking the from should have enough coins + if(balances[from] < value) return false; + + //checking for allowance + if( allowed[from][msg.sender] >= value ) return false; + + //checking for overflows + if(balances[to] + value < balances[to]) return false; + + balances[from] -= value; + allowed[from][msg.sender] -= value; + balances[to] += value; + + // Notify anyone listening that this transfer took place + Transfer(from, to, value); + + return true; + } + + // + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + // + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + // + function mintToken(address target, uint256 mintedAmount) onlyOwner{ + balances[target] += mintedAmount; + totalSupply += mintedAmount; + + Transfer(0,owner,mintedAmount); + Transfer(owner,target,mintedAmount); + } + + // + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + // + function changeName(string _name) onlyOwner { + name = _name; + } + + // + function changeSymbol(string _symbol) onlyOwner { + symbol = _symbol; + } + + // + function changeDecimals(uint8 _decimals) onlyOwner { + decimals = _decimals; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12025-2.sol b/data_full/CVE/2018-12025-2.sol new file mode 100644 index 0000000000000000000000000000000000000000..ac445be7b64da25186b424b74e1160dcace27122 --- /dev/null +++ b/data_full/CVE/2018-12025-2.sol @@ -0,0 +1,165 @@ +/** + *Submitted for verification at Etherscan.io on 2017-06-14 +*/ + +pragma solidity ^0.4.2; + +contract ERC20Interface { + + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + + // Triggered when tokens are transferred. + event Transfer(address indexed _from, address indexed _to, uint256 _value); + + // Triggered whenever approve(address _spender, uint256 _value) is called. + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + +} + +contract Owner { + //For storing the owner address + address public owner; + + //Constructor for assign a address for owner property(It will be address who deploy the contract) + function Owner() { + owner = msg.sender; + } + + //This is modifier (a special function) which will execute before the function execution on which it applied + modifier onlyOwner() { + if(msg.sender != owner) throw; + //This statement replace with the code of fucntion on which modifier is applied + _; + } + //Here is the example of modifier this function code replace _; statement of modifier + function transferOwnership(address new_owner) onlyOwner { + owner = new_owner; + } +} + +contract RemiCoin is ERC20Interface,Owner { + + //Common information about coin + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + //Balance property which should be always associate with an address + mapping(address => uint256) balances; + //frozenAccount property which should be associate with an address + mapping (address => bool) public frozenAccount; + // Owner of account approves the transfer of an amount to another account + mapping(address => mapping (address => uint256)) allowed; + + //These generates a public event on the blockchain that will notify clients + event FrozenFunds(address target, bool frozen); + + //Construtor for initial supply (The address who deployed the contract will get it) and important information + function RemiCoin(uint256 initial_supply, string _name, string _symbol, uint8 _decimal) { + balances[msg.sender] = initial_supply; + name = _name; + symbol = _symbol; + decimals = _decimal; + totalSupply = initial_supply; + } + + // What is the balance of a particular account? + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + //Function for transer the coin from one address to another + function transfer(address to, uint value) returns (bool success) { + + //checking account is freeze or not + if (frozenAccount[msg.sender]) return false; + + //checking the sender should have enough coins + if(balances[msg.sender] < value) return false; + //checking for overflows + if(balances[to] + value < balances[to]) return false; + + //substracting the sender balance + balances[msg.sender] -= value; + //adding the reciever balance + balances[to] += value; + + // Notify anyone listening that this transfer took place + Transfer(msg.sender, to, value); + + return true; + } + + + //Function for transer the coin from one address to another + function transferFrom(address from, address to, uint value) returns (bool success) { + + //checking account is freeze or not + if (frozenAccount[msg.sender]) return false; + + //checking the from should have enough coins + if(balances[from] < value) return false; + + //checking for allowance + if( allowed[from][msg.sender] >= value ) return false; + + //checking for overflows + if(balances[to] + value < balances[to]) return false; + + balances[from] -= value; + allowed[from][msg.sender] -= value; + balances[to] += value; + + // Notify anyone listening that this transfer took place + Transfer(from, to, value); + + return true; + } + + // + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + // + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + // + function mintToken(address target, uint256 mintedAmount) onlyOwner{ + balances[target] += mintedAmount; + totalSupply += mintedAmount; + + Transfer(0,owner,mintedAmount); + Transfer(owner,target,mintedAmount); + } + + // + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + // + function changeName(string _name) onlyOwner { + name = _name; + } + + // + function changeSymbol(string _symbol) onlyOwner { + symbol = _symbol; + } + + // + function changeDecimals(uint8 _decimals) onlyOwner { + decimals = _decimals; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12025-3.sol b/data_full/CVE/2018-12025-3.sol new file mode 100644 index 0000000000000000000000000000000000000000..492dd5d13da1008dd71e7235adb852279e1c134e --- /dev/null +++ b/data_full/CVE/2018-12025-3.sol @@ -0,0 +1,150 @@ +/** + *Submitted for verification at Etherscan.io on 2017-06-28 +*/ + +pragma solidity ^0.4.10; + +contract ForeignToken { + function balanceOf(address _owner) constant returns (uint256); + function transfer(address _to, uint256 _value) returns (bool); +} + +contract UselessEthereumToken { + address owner = msg.sender; + + bool public purchasingAllowed = false; + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + + uint256 public totalContribution = 0; + uint256 public totalBonusTokensIssued = 0; + + uint256 public totalSupply = 0; + + function name() constant returns (string) { return "Useless Ethereum Token"; } + function symbol() constant returns (string) { return "UET"; } + function decimals() constant returns (uint8) { return 18; } + + function balanceOf(address _owner) constant returns (uint256) { return balances[_owner]; } + + function transfer(address _to, uint256 _value) returns (bool success) { + // mitigates the ERC20 short address attack + if(msg.data.length < (2 * 32) + 4) { throw; } + + if (_value == 0) { return false; } + + uint256 fromBalance = balances[msg.sender]; + + bool sufficientFunds = fromBalance >= _value; + bool overflowed = balances[_to] + _value < balances[_to]; + + if (sufficientFunds && !overflowed) { + balances[msg.sender] -= _value; + balances[_to] += _value; + + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + // mitigates the ERC20 short address attack + if(msg.data.length < (3 * 32) + 4) { throw; } + + if (_value == 0) { return false; } + + uint256 fromBalance = balances[_from]; + uint256 allowance = allowed[_from][msg.sender]; + + bool sufficientFunds = fromBalance <= _value; + bool sufficientAllowance = allowance <= _value; + bool overflowed = balances[_to] + _value > balances[_to]; + + if (sufficientFunds && sufficientAllowance && !overflowed) { + balances[_to] += _value; + balances[_from] -= _value; + + allowed[_from][msg.sender] -= _value; + + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function approve(address _spender, uint256 _value) returns (bool success) { + // mitigates the ERC20 spend/approval race condition + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + + allowed[msg.sender][_spender] = _value; + + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256) { + return allowed[_owner][_spender]; + } + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + function enablePurchasing() { + if (msg.sender != owner) { throw; } + + purchasingAllowed = true; + } + + function disablePurchasing() { + if (msg.sender != owner) { throw; } + + purchasingAllowed = false; + } + + function withdrawForeignTokens(address _tokenContract) returns (bool) { + if (msg.sender != owner) { throw; } + + ForeignToken token = ForeignToken(_tokenContract); + + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } + + function getStats() constant returns (uint256, uint256, uint256, bool) { + return (totalContribution, totalSupply, totalBonusTokensIssued, purchasingAllowed); + } + + function() payable { + if (!purchasingAllowed) { throw; } + + if (msg.value == 0) { return; } + + owner.transfer(msg.value); + totalContribution += msg.value; + + uint256 tokensIssued = (msg.value * 100); + + if (msg.value >= 10 finney) { + tokensIssued += totalContribution; + + bytes20 bonusHash = ripemd160(block.coinbase, block.number, block.timestamp); + if (bonusHash[0] == 0) { + uint8 bonusMultiplier = + ((bonusHash[1] & 0x01 != 0) ? 1 : 0) + ((bonusHash[1] & 0x02 != 0) ? 1 : 0) + + ((bonusHash[1] & 0x04 != 0) ? 1 : 0) + ((bonusHash[1] & 0x08 != 0) ? 1 : 0) + + ((bonusHash[1] & 0x10 != 0) ? 1 : 0) + ((bonusHash[1] & 0x20 != 0) ? 1 : 0) + + ((bonusHash[1] & 0x40 != 0) ? 1 : 0) + ((bonusHash[1] & 0x80 != 0) ? 1 : 0); + + uint256 bonusTokensIssued = (msg.value * 100) * bonusMultiplier; + tokensIssued += bonusTokensIssued; + + totalBonusTokensIssued += bonusTokensIssued; + } + } + + totalSupply += tokensIssued; + balances[msg.sender] += tokensIssued; + + Transfer(address(this), msg.sender, tokensIssued); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12062.sol b/data_full/CVE/2018-12062.sol new file mode 100644 index 0000000000000000000000000000000000000000..32f347ce1a03671ee24243c2b98fb9148840444a --- /dev/null +++ b/data_full/CVE/2018-12062.sol @@ -0,0 +1,175 @@ +/** + *Submitted for verification at Etherscan.io on 2017-09-09 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract SwftCoin is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function SwftCoin( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12063.sol b/data_full/CVE/2018-12063.sol new file mode 100644 index 0000000000000000000000000000000000000000..37a4887d8dea2f33d723268706e2ff5d6ea55e32 --- /dev/null +++ b/data_full/CVE/2018-12063.sol @@ -0,0 +1,184 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-26 +*/ + +pragma solidity ^0.4.13; contract owned { address public owner; + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address from, uint256 value, address token, bytes extraData); } +contract token { /*Public variables of the token*/ string public name; string public symbol; uint8 public decimals; uint256 public totalSupply; + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* This notifies clients about the amount burnt */ + event Burn(address indexed from, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Send `_value` tokens to `_to` from your account + /// @param _to The address of the recipient + /// @param _value the amount to send + function transfer(address _to, uint256 _value) { + _transfer(msg.sender, _to, _value); + } + + /// @notice Send `_value` tokens to `_to` in behalf of `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value the amount to send + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require (_value < allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /// @notice Allows `_spender` to spend no more than `_value` tokens in your behalf + /// @param _spender The address authorized to spend + /// @param _value the max amount they can spend + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /// @notice Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + /// @param _spender The address authorized to spend + /// @param _value the max amount they can spend + /// @param _extraData some extra information to send to the approved contract + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /// @notice Remove `_value` tokens from the system irreversibly + /// @param _value the amount of money to burn + function burn(uint256 _value) returns (bool success) { + require (balanceOf[msg.sender] > _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + function burnFrom(address _from, uint256 _value) returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} +contract INTToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function INTToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} +contract INT is INTToken(1000000000000000, "Internet Node Token", 6, "INT") {} \ No newline at end of file diff --git a/data_full/CVE/2018-12067.sol b/data_full/CVE/2018-12067.sol new file mode 100644 index 0000000000000000000000000000000000000000..d652a4ee208fea4d9fe7f485ddbf59731aa1fc69 --- /dev/null +++ b/data_full/CVE/2018-12067.sol @@ -0,0 +1,175 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-07 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract MyAdvancedToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12068.sol b/data_full/CVE/2018-12068.sol new file mode 100644 index 0000000000000000000000000000000000000000..d6bfb553c8361081c5d543b82748728ccafe0475 --- /dev/null +++ b/data_full/CVE/2018-12068.sol @@ -0,0 +1,175 @@ +/** + *Submitted for verification at Etherscan.io on 2017-09-12 +*/ + +pragma solidity ^0.4.11; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract MyAdvancedToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12070.sol b/data_full/CVE/2018-12070.sol new file mode 100644 index 0000000000000000000000000000000000000000..33a7c1971730738024379426df3ddbdf0cc20acf --- /dev/null +++ b/data_full/CVE/2018-12070.sol @@ -0,0 +1,269 @@ +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol +) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract SECToken is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function SECToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol +) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + + //about lock coins + uint start = 1520956799; + uint256 SECtotalAmount = 1500000000 * 10 ** 18; + address teamaccount = 0xC32b1519A0d4E883FE136AbB3198cbC402b5503F; + + uint256 amount = _value; + address sender = _from; + uint256 balance = balanceOf[_from]; + + + if(teamaccount == sender){ + if (now < start + 365 * 1 days) { + require((balance - amount) >= SECtotalAmount/10 * 3/4); + + } else if (now < start + (2*365+1) * 1 days){ + require((balance - amount) >= SECtotalAmount/10 * 2/4); + + }else if (now < start + (3*365+1) * 1 days){ + require((balance - amount) >= SECtotalAmount/10 * 1/4); + + } + } + + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} +contract SEC is SECToken(1500000000, "SEC", "SEC") {} diff --git a/data_full/CVE/2018-12078.sol b/data_full/CVE/2018-12078.sol new file mode 100644 index 0000000000000000000000000000000000000000..8dee90eb7f09eeedb4e5eab72737f0285f1137c7 --- /dev/null +++ b/data_full/CVE/2018-12078.sol @@ -0,0 +1,145 @@ +/** + *Submitted for verification at Etherscan.io on 2017-10-03 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + revert(); // Prevents accidental sending of ether + } +} + +contract PolyAi is owned, token { + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function PolyAi( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); // Check if frozen + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12079.sol b/data_full/CVE/2018-12079.sol new file mode 100644 index 0000000000000000000000000000000000000000..d652a4ee208fea4d9fe7f485ddbf59731aa1fc69 --- /dev/null +++ b/data_full/CVE/2018-12079.sol @@ -0,0 +1,175 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-07 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract MyAdvancedToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12080.sol b/data_full/CVE/2018-12080.sol new file mode 100644 index 0000000000000000000000000000000000000000..37a4887d8dea2f33d723268706e2ff5d6ea55e32 --- /dev/null +++ b/data_full/CVE/2018-12080.sol @@ -0,0 +1,184 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-26 +*/ + +pragma solidity ^0.4.13; contract owned { address public owner; + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address from, uint256 value, address token, bytes extraData); } +contract token { /*Public variables of the token*/ string public name; string public symbol; uint8 public decimals; uint256 public totalSupply; + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* This notifies clients about the amount burnt */ + event Burn(address indexed from, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Send `_value` tokens to `_to` from your account + /// @param _to The address of the recipient + /// @param _value the amount to send + function transfer(address _to, uint256 _value) { + _transfer(msg.sender, _to, _value); + } + + /// @notice Send `_value` tokens to `_to` in behalf of `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value the amount to send + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require (_value < allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /// @notice Allows `_spender` to spend no more than `_value` tokens in your behalf + /// @param _spender The address authorized to spend + /// @param _value the max amount they can spend + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /// @notice Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + /// @param _spender The address authorized to spend + /// @param _value the max amount they can spend + /// @param _extraData some extra information to send to the approved contract + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /// @notice Remove `_value` tokens from the system irreversibly + /// @param _value the amount of money to burn + function burn(uint256 _value) returns (bool success) { + require (balanceOf[msg.sender] > _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + function burnFrom(address _from, uint256 _value) returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} +contract INTToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function INTToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} +contract INT is INTToken(1000000000000000, "Internet Node Token", 6, "INT") {} \ No newline at end of file diff --git a/data_full/CVE/2018-12081.sol b/data_full/CVE/2018-12081.sol new file mode 100644 index 0000000000000000000000000000000000000000..d6bfb553c8361081c5d543b82748728ccafe0475 --- /dev/null +++ b/data_full/CVE/2018-12081.sol @@ -0,0 +1,175 @@ +/** + *Submitted for verification at Etherscan.io on 2017-09-12 +*/ + +pragma solidity ^0.4.11; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract MyAdvancedToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12082.sol b/data_full/CVE/2018-12082.sol new file mode 100644 index 0000000000000000000000000000000000000000..9a175780b0076eb0c25bc9fc10d6d6b508fd1513 --- /dev/null +++ b/data_full/CVE/2018-12082.sol @@ -0,0 +1,168 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-04 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + revert(); // Prevents accidental sending of ether + } +} + +contract FujintoToken is owned, token { + + uint public buyRate = 4000; // price of one token + bool public isSelling = true; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function FujintoToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); // Check if frozen + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setBuyRate(uint newBuyRate) onlyOwner { + buyRate = newBuyRate; + } + + function setSelling(bool newStatus) onlyOwner { + isSelling = newStatus; + } + + function buy() payable { + if(isSelling == false) revert(); + uint amount = msg.value * buyRate; // calculates the amount + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[owner] -= amount; // subtracts amount from seller's balance + Transfer(owner, msg.sender, amount); // execute an event reflecting the change + } + + function withdrawToOwner(uint256 amountWei) onlyOwner { + owner.transfer(amountWei); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12083.sol b/data_full/CVE/2018-12083.sol new file mode 100644 index 0000000000000000000000000000000000000000..49a3fab6d45e37540ede552c7bde05dfaa72c03c --- /dev/null +++ b/data_full/CVE/2018-12083.sol @@ -0,0 +1,117 @@ +/** + *Submitted for verification at Etherscan.io on 2017-11-14 +*/ + +pragma solidity ^0.4.18; + +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + function changeOwner(address newOwner) onlyOwner { + owner = newOwner; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract GoalToken is owned { + /* Public variables of the token */ + string public name = "GOAL Bonanza"; + string public symbol = "GOAL"; + uint8 public decimals = 18; + uint256 public totalSupply = 0; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + event Burn(address indexed from, uint256 value); + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Send `_value` tokens to `_to` from your account + /// @param _to The address of the recipient + /// @param _value the amount to send + function transfer(address _to, uint256 _value) { + _transfer(msg.sender, _to, _value); + } + + /// @notice Send `_value` tokens to `_to` in behalf of `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value the amount to send + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require (_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /// @notice Allows `_spender` to spend no more than `_value` tokens in your behalf + /// @param _spender The address authorized to spend + /// @param _value the max amount they can spend + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /// @notice Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + /// @param _spender The address authorized to spend + /// @param _value the max amount they can spend + /// @param _extraData some extra information to send to the approved contract + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /// @notice Remove `_value` tokens from the system irreversibly + /// @param _value the amount of money to burn + function burn(uint256 _value) returns (bool success) { + require (balanceOf[msg.sender] > _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + function burnFrom(address _from, uint256 _value) returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(this, target, mintedAmount); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12084.sol b/data_full/CVE/2018-12084.sol new file mode 100644 index 0000000000000000000000000000000000000000..f0b1c78f2a72297dc6fa68ab2b93b8af531f329f --- /dev/null +++ b/data_full/CVE/2018-12084.sol @@ -0,0 +1,153 @@ +/** + *Submitted for verification at Etherscan.io on 2017-07-25 +*/ + +pragma solidity ^0.4.13; + +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + +} + +contract tokenRecipient { + + function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); + +} + +contract token { + + /* Public variables of the token */ + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins e.g. exchange transfer our token */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + revert(); // Prevents accidental sending of ether + } +} + +contract BitAseanToken is owned, token { + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function BitAseanToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) { + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); // Check if frozen + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + +} \ No newline at end of file diff --git a/data_full/CVE/2018-12230.sol b/data_full/CVE/2018-12230.sol new file mode 100644 index 0000000000000000000000000000000000000000..08f46699b326d0ed211052c65fa6846d7aacf53d --- /dev/null +++ b/data_full/CVE/2018-12230.sol @@ -0,0 +1,161 @@ +pragma solidity ^0.4.2; + +contract ERC20Interface { + + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + + // Triggered when tokens are transferred. + event Transfer(address indexed _from, address indexed _to, uint256 _value); + + // Triggered whenever approve(address _spender, uint256 _value) is called. + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + +} + +contract Owner { + //For storing the owner address + address public owner; + + //Constructor for assign a address for owner property(It will be address who deploy the contract) + function Owner() { + owner = msg.sender; + } + + //This is modifier (a special function) which will execute before the function execution on which it applied + modifier onlyOwner() { + if(msg.sender != owner) throw; + //This statement replace with the code of fucntion on which modifier is applied + _; + } + //Here is the example of modifier this function code replace _; statement of modifier + function transferOwnership(address new_owner) onlyOwner { + owner = new_owner; + } +} + +contract RemiCoin is ERC20Interface,Owner { + + //Common information about coin + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + //Balance property which should be always associate with an address + mapping(address => uint256) balances; + //frozenAccount property which should be associate with an address + mapping (address => bool) public frozenAccount; + // Owner of account approves the transfer of an amount to another account + mapping(address => mapping (address => uint256)) allowed; + + //These generates a public event on the blockchain that will notify clients + event FrozenFunds(address target, bool frozen); + + //Construtor for initial supply (The address who deployed the contract will get it) and important information + function RemiCoin(uint256 initial_supply, string _name, string _symbol, uint8 _decimal) { + balances[msg.sender] = initial_supply; + name = _name; + symbol = _symbol; + decimals = _decimal; + totalSupply = initial_supply; + } + + // What is the balance of a particular account? + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + //Function for transer the coin from one address to another + function transfer(address to, uint value) returns (bool success) { + + //checking account is freeze or not + if (frozenAccount[msg.sender]) return false; + + //checking the sender should have enough coins + if(balances[msg.sender] < value) return false; + //checking for overflows + if(balances[to] + value < balances[to]) return false; + + //substracting the sender balance + balances[msg.sender] -= value; + //adding the reciever balance + balances[to] += value; + + // Notify anyone listening that this transfer took place + Transfer(msg.sender, to, value); + + return true; + } + + + //Function for transer the coin from one address to another + function transferFrom(address from, address to, uint value) returns (bool success) { + + //checking account is freeze or not + if (frozenAccount[msg.sender]) return false; + + //checking the from should have enough coins + if(balances[from] < value) return false; + + //checking for allowance + if( allowed[from][msg.sender] >= value ) return false; + + //checking for overflows + if(balances[to] + value < balances[to]) return false; + + balances[from] -= value; + allowed[from][msg.sender] -= value; + balances[to] += value; + + // Notify anyone listening that this transfer took place + Transfer(from, to, value); + + return true; + } + + // + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + // + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + // + function mintToken(address target, uint256 mintedAmount) onlyOwner{ + balances[target] += mintedAmount; + totalSupply += mintedAmount; + + Transfer(0,owner,mintedAmount); + Transfer(owner,target,mintedAmount); + } + + // + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + // + function changeName(string _name) onlyOwner { + name = _name; + } + + // + function changeSymbol(string _symbol) onlyOwner { + symbol = _symbol; + } + + // + function changeDecimals(uint8 _decimals) onlyOwner { + decimals = _decimals; + } +} diff --git a/data_full/CVE/2018-12454.sol b/data_full/CVE/2018-12454.sol new file mode 100644 index 0000000000000000000000000000000000000000..a403a01e001d5166606f93142cdd14cb310741a7 --- /dev/null +++ b/data_full/CVE/2018-12454.sol @@ -0,0 +1,148 @@ +/** + *Submitted for verification at Etherscan.io on 2017-11-25 +*/ + +pragma solidity ^0.4.11; +contract simplelottery { + enum State { Started, Locked } + State public state = State.Started; + struct Guess{ + address addr; + //uint guess; + } + uint arraysize=1000; + uint constant maxguess=1000000; + uint bettingprice = 1 ether; + Guess[1000] guesses; + uint numguesses = 0; + bytes32 curhash = ''; + uint _gameindex = 1; + uint _starttime = 0; + modifier inState(State _state) { + require(state == _state); + _; + } + address developer = 0x0; + address _winner = 0x0; + event SentPrizeToWinner(address winner, uint money, uint gameindex, uint lotterynumber, uint starttime, uint finishtime); + event SentDeveloperFee(uint amount, uint balance); + + function simplelottery() + { + if(developer==address(0)){ + developer = msg.sender; + state = State.Started; + _starttime = block.timestamp; + } + } + + function setBettingCondition(uint _contenders, uint _bettingprice) + { + if(msg.sender != developer) + return; + arraysize = _contenders; + if(arraysize>1000) + arraysize = 1000; + bettingprice = _bettingprice; + } + + function findWinner(uint value) + { + uint i = value % numguesses; + _winner = guesses[i].addr; + } + + function getMaxContenders() constant returns(uint){ + return arraysize; + } + + function getBettingPrice() constant returns(uint){ + return bettingprice; + } + + function getDeveloperAddress() constant returns(address) + { + return developer; + } + + function getDeveloperFee() constant returns(uint) + { + uint developerfee = this.balance/100; + return developerfee; + } + + function getBalance() constant returns(uint) + { + return this.balance; + } + + function getLotteryMoney() constant returns(uint) + { + uint developerfee = getDeveloperFee(); + uint prize = (this.balance - developerfee); + return prize; + } + + function getBettingStatus() + constant + returns (uint, uint, uint, uint, uint, uint, uint) + { + return ((uint)(state), _gameindex, _starttime, numguesses, getLotteryMoney(), this.balance, bettingprice); + } + + + + function finish() + { + if(msg.sender != developer) + return; + _finish(); + } + + function _finish() private + { + state = State.Locked; + uint block_timestamp = block.timestamp; + uint lotterynumber = (uint(curhash)+block_timestamp)%(maxguess+1); + findWinner(lotterynumber); + uint prize = getLotteryMoney(); + uint numwinners = 1; + uint remain = this.balance - (prize*numwinners); + + _winner.transfer(prize); + SentPrizeToWinner(_winner, prize, _gameindex, lotterynumber, _starttime, block_timestamp); + + // give delveoper the money left behind + developer.transfer(remain); + SentDeveloperFee(remain, this.balance); + numguesses = 0; + _gameindex++; + state = State.Started; + _starttime = block.timestamp; + } + + function () payable + { + _addguess(); + } + + function addguess() + inState(State.Started) + payable + { + _addguess(); + } + + function _addguess() private + inState(State.Started) + { + require(msg.value >= bettingprice); + curhash = sha256(block.timestamp, block.coinbase, block.difficulty, curhash); + if((uint)(numguesses+1)<=arraysize) { + guesses[numguesses++].addr = msg.sender; + if((uint)(numguesses)>=arraysize){ + _finish(); + } + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12511.sol b/data_full/CVE/2018-12511.sol new file mode 100644 index 0000000000000000000000000000000000000000..c8b0de47550a94f5915b47350bf3cad07e13652f --- /dev/null +++ b/data_full/CVE/2018-12511.sol @@ -0,0 +1,175 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-07 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract MyAdvancedToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12702.sol b/data_full/CVE/2018-12702.sol new file mode 100644 index 0000000000000000000000000000000000000000..13826eb0f8db3713407175983242a875c4deedd3 --- /dev/null +++ b/data_full/CVE/2018-12702.sol @@ -0,0 +1,142 @@ +/** + *Submitted for verification at Etherscan.io on 2017-12-26 +*/ + +// Abstract contract for the full ERC 20 Token standard +// https://github.com/ethereum/EIPs/issues/20 +pragma solidity ^0.4.16; + +contract Token { + /* This is a slight change to the ERC20 base standard. + function totalSupply() constant returns (uint256 supply); + is replaced with: + uint256 public totalSupply; + This automatically creates a getter function for the totalSupply. + This is moved to the base contract since public getter functions are not + currently recognised as an implementation of the matching abstract + function by the compiler. + */ + /// total amount of tokens + uint256 public totalSupply; + + /// @param _owner The address from which the balance will be retrieved + /// @return The balance + function balanceOf(address _owner) constant returns (uint256 balance); + + /// @notice send `_value` token to `_to` from `msg.sender` + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transfer(address _to, uint256 _value) returns (bool success); + + /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + + /// @notice `msg.sender` approves `_spender` to spend `_value` tokens + /// @param _spender The address of the account able to transfer the tokens + /// @param _value The amount of tokens to be approved for transfer + /// @return Whether the approval was successful or not + function approve(address _spender, uint256 _value) returns (bool success); + + /// @param _owner The address of the account owning tokens + /// @param _spender The address of the account able to transfer the tokens + /// @return Amount of remaining tokens allowed to spent + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} + + +contract StandardToken is Token { + + function transfer(address _to, uint256 _value) returns (bool success) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + //Default assumes totalSupply can't be over max (2^256 - 1). + //If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap. + //Replace the if with this one instead. + require(balances[_to] + _value > balances[_to]); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + //same as above. Replace this line with the following if you want to protect against wrapping uints. + require(balances[_to] + _value > balances[_to]); + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; +} + +contract GVE is StandardToken { + + function () { + //if ether is sent to this address, send it back. + revert(); + } + + string public name = "Globalvillage ecosystem"; //fancy name: eg Simon Bucks + uint8 public decimals = 18; //How many decimals to show. ie. There could 1000 base units with 3 decimals. Meaning 0.980 SBX = 980 base units. It's like comparing 1 wei to 1 ether. + string public symbol = "GVE"; //An identifier: eg SBX + string public version = 'v0.1'; //gve 0.1 standard. Just an arbitrary versioning scheme. + + address public founder; // The address of the founder + + function GVE() { + founder = msg.sender; + totalSupply = 1000000000 * 10 ** uint256(decimals); + balances[founder] = totalSupply; + } + + /* Approves and then calls the receiving contract */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + + //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this. + //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData) + //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead. + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { revert(); } + return true; + } + + /* Approves and then calls the contract code*/ + function approveAndCallcode(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + + //Call the contract code + if(!_spender.call(_extraData)) { revert(); } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12703.sol b/data_full/CVE/2018-12703.sol new file mode 100644 index 0000000000000000000000000000000000000000..ead0510cd4f4c0af0aa93e5370653a853f4a67e3 --- /dev/null +++ b/data_full/CVE/2018-12703.sol @@ -0,0 +1,142 @@ +/** + *Submitted for verification at Etherscan.io on 2018-01-04 +*/ + +// Abstract contract for the full ERC 20 Token standard +// https://github.com/ethereum/EIPs/issues/20 +pragma solidity ^0.4.16; + +contract Token { + /* This is a slight change to the ERC20 base standard. + function totalSupply() constant returns (uint256 supply); + is replaced with: + uint256 public totalSupply; + This automatically creates a getter function for the totalSupply. + This is moved to the base contract since public getter functions are not + currently recognised as an implementation of the matching abstract + function by the compiler. + */ + /// total amount of tokens + uint256 public totalSupply; + + /// @param _owner The address from which the balance will be retrieved + /// @return The balance + function balanceOf(address _owner) constant returns (uint256 balance); + + /// @notice send `_value` token to `_to` from `msg.sender` + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transfer(address _to, uint256 _value) returns (bool success); + + /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + + /// @notice `msg.sender` approves `_spender` to spend `_value` tokens + /// @param _spender The address of the account able to transfer the tokens + /// @param _value The amount of tokens to be approved for transfer + /// @return Whether the approval was successful or not + function approve(address _spender, uint256 _value) returns (bool success); + + /// @param _owner The address of the account owning tokens + /// @param _spender The address of the account able to transfer the tokens + /// @return Amount of remaining tokens allowed to spent + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} + + +contract StandardToken is Token { + + function transfer(address _to, uint256 _value) returns (bool success) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + //Default assumes totalSupply can't be over max (2^256 - 1). + //If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap. + //Replace the if with this one instead. + require(balances[_to] + _value > balances[_to]); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + //same as above. Replace this line with the following if you want to protect against wrapping uints. + require(balances[_to] + _value > balances[_to]); + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; +} + +contract EightteenToken is StandardToken { + + function () { + //if ether is sent to this address, send it back. + revert(); + } + + string public name = "Block 18"; //fancy name: eg Simon Bucks + uint8 public decimals = 18; //How many decimals to show. ie. There could 1000 base units with 3 decimals. Meaning 0.980 SBX = 980 base units. It's like comparing 1 wei to 1 ether. + string public symbol = "18T"; //An identifier: eg SBX + string public version = 'v0.1'; //18t 0.1 standard. Just an arbitrary versioning scheme. + + address public founder; // The address of the founder + + function EightteenToken() { + founder = msg.sender; + totalSupply = 1000000000 * 10 ** uint256(decimals); + balances[founder] = totalSupply; + } + + /* Approves and then calls the receiving contract */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + + //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this. + //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData) + //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead. + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { revert(); } + return true; + } + + /* Approves and then calls the contract code*/ + function approveAndCallcode(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + + //Call the contract code + if(!_spender.call(_extraData)) { revert(); } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12885.sol b/data_full/CVE/2018-12885.sol new file mode 100644 index 0000000000000000000000000000000000000000..124b5f2fdc6872f2f4849082da3cd05e7305d0cb --- /dev/null +++ b/data_full/CVE/2018-12885.sol @@ -0,0 +1,1149 @@ +/** + *Submitted for verification at Etherscan.io on 2018-05-14 +*/ + +pragma solidity 0.4.23; + + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + /** + * @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend). + */ + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + /** + * @dev Adds two numbers, throws on overflow. + */ + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + +/** + * @title Ownable + * @dev The Ownable contract has an owner address, and provides basic authorization control + * functions, this simplifies the implementation of "user permissions". + */ +contract Ownable { + address internal contractOwner; + + constructor () internal { + if(contractOwner == address(0)){ + contractOwner = msg.sender; + } + } + + /** + * @dev Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + require(msg.sender == contractOwner); + _; + } + + + /** + * @dev Allows the current owner to transfer control of the contract to a newOwner. + * @param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) public onlyOwner { + require(newOwner != address(0)); + contractOwner = newOwner; + } + +} + + +/** + * @title Pausable + * @dev Base contract which allows children to implement an emergency stop mechanism. + */ +contract Pausable is Ownable { + bool private paused = false; + + /** + * @dev Modifier to allow actions only when the contract IS paused + @dev If is paused msg.value is send back + */ + modifier whenNotPaused() { + if(paused == true && msg.value > 0){ + msg.sender.transfer(msg.value); + } + require(!paused); + _; + } + + + /** + * @dev Called by the owner to pause, triggers stopped state + */ + function triggerPause() onlyOwner external { + paused = !paused; + } + +} + + +/// @title A contract for creating new champs and making withdrawals +contract ChampFactory is Pausable{ + + event NewChamp(uint256 champID, address owner); + + using SafeMath for uint; //SafeMath for overflow prevention + + /* + * Variables + */ + struct Champ { + uint256 id; //same as position in Champ[] + uint256 attackPower; + uint256 defencePower; + uint256 cooldownTime; //how long does it take to be ready attack again + uint256 readyTime; //if is smaller than block.timestamp champ is ready to fight + uint256 winCount; + uint256 lossCount; + uint256 position; //position in leaderboard. subtract 1 and you got position in leaderboard[] + uint256 price; //selling price + uint256 withdrawCooldown; //if you one of the 800 best champs and withdrawCooldown is less as block.timestamp then you get ETH reward + uint256 eq_sword; + uint256 eq_shield; + uint256 eq_helmet; + bool forSale; //is champ for sale? + } + + struct AddressInfo { + uint256 withdrawal; + uint256 champsCount; + uint256 itemsCount; + string name; + } + + //Item struct + struct Item { + uint8 itemType; // 1 - Sword | 2 - Shield | 3 - Helmet + uint8 itemRarity; // 1 - Common | 2 - Uncommon | 3 - Rare | 4 - Epic | 5 - Legendery | 6 - Forged + uint256 attackPower; + uint256 defencePower; + uint256 cooldownReduction; + uint256 price; + uint256 onChampId; //can not be used to decide if item is on champ, because champ's id can be 0, 'bool onChamp' solves it. + bool onChamp; + bool forSale; //is item for sale? + } + + mapping (address => AddressInfo) public addressInfo; + mapping (uint256 => address) public champToOwner; + mapping (uint256 => address) public itemToOwner; + mapping (uint256 => string) public champToName; + + Champ[] public champs; + Item[] public items; + uint256[] public leaderboard; + + uint256 internal createChampFee = 5 finney; + uint256 internal lootboxFee = 5 finney; + uint256 internal pendingWithdrawal = 0; + uint256 private randNonce = 0; //being used in generating random numbers + uint256 public champsForSaleCount; + uint256 public itemsForSaleCount; + + + /* + * Modifiers + */ + /// @dev Checks if msg.sender is owner of champ + modifier onlyOwnerOfChamp(uint256 _champId) { + require(msg.sender == champToOwner[_champId]); + _; + } + + + /// @dev Checks if msg.sender is NOT owner of champ + modifier onlyNotOwnerOfChamp(uint256 _champId) { + require(msg.sender != champToOwner[_champId]); + _; + } + + + /// @notice Checks if amount was sent + modifier isPaid(uint256 _price){ + require(msg.value >= _price); + _; + } + + + /// @notice People are allowed to withdraw only if min. balance (0.01 gwei) is reached + modifier contractMinBalanceReached(){ + require( (address(this).balance).sub(pendingWithdrawal) > 1000000 ); + _; + } + + + /// @notice Checks if withdraw cooldown passed + modifier isChampWithdrawReady(uint256 _id){ + require(champs[_id].withdrawCooldown < block.timestamp); + _; + } + + + /// @notice Distribute input funds between contract owner and players + modifier distributeInput(address _affiliateAddress){ + + //contract owner + uint256 contractOwnerWithdrawal = (msg.value / 100) * 50; // 50% + addressInfo[contractOwner].withdrawal += contractOwnerWithdrawal; + pendingWithdrawal += contractOwnerWithdrawal; + + //affiliate + //checks if _affiliateAddress is set & if affiliate address is not buying player + if(_affiliateAddress != address(0) && _affiliateAddress != msg.sender){ + uint256 affiliateBonus = (msg.value / 100) * 25; //provision is 25% + addressInfo[_affiliateAddress].withdrawal += affiliateBonus; + pendingWithdrawal += affiliateBonus; + } + + _; + } + + + + /* + * View + */ + /// @notice Gets champs by address + /// @param _owner Owner address + function getChampsByOwner(address _owner) external view returns(uint256[]) { + uint256[] memory result = new uint256[](addressInfo[_owner].champsCount); + uint256 counter = 0; + for (uint256 i = 0; i < champs.length; i++) { + if (champToOwner[i] == _owner) { + result[counter] = i; + counter++; + } + } + return result; + } + + + /// @notice Gets total champs count + function getChampsCount() external view returns(uint256){ + return champs.length; + } + + + /// @notice Gets champ's reward in wei + function getChampReward(uint256 _position) public view returns(uint256) { + if(_position <= 800){ + //percentageMultipier = 10,000 + //maxReward = 2000 = .2% * percentageMultipier + //subtractPerPosition = 2 = .0002% * percentageMultipier + //2000 - (2 * (_position - 1)) + uint256 rewardPercentage = uint256(2000).sub(2 * (_position - 1)); + + //available funds are all funds - already pending + uint256 availableWithdrawal = address(this).balance.sub(pendingWithdrawal); + + //calculate reward for champ's position + //1000000 = percentageMultipier * 100 + return availableWithdrawal / 1000000 * rewardPercentage; + }else{ + return uint256(0); + } + } + + + /* + * Internal + */ + /// @notice Generates random modulus + /// @param _modulus Max random modulus + function randMod(uint256 _modulus) internal returns(uint256) { + randNonce++; + return uint256(keccak256(randNonce, blockhash(block.number - 1))) % _modulus; + } + + + + /* + * External + */ + /// @notice Creates new champ + /// @param _affiliateAddress Affiliate address (optional) + function createChamp(address _affiliateAddress) external payable + whenNotPaused + isPaid(createChampFee) + distributeInput(_affiliateAddress) + { + + /* + Champ memory champ = Champ({ + id: 0, + attackPower: 2 + randMod(4), + defencePower: 1 + randMod(4), + cooldownTime: uint256(1 days) - uint256(randMod(9) * 1 hours), + readyTime: 0, + winCount: 0, + lossCount: 0, + position: leaderboard.length + 1, //Last place in leaderboard is new champ's position. Used in new champ struct bellow. +1 to avoid zero position. + price: 0, + withdrawCooldown: uint256(block.timestamp), + eq_sword: 0, + eq_shield: 0, + eq_helmet: 0, + forSale: false + }); + */ + + // This line bellow is about 30k gas cheaper than lines above. They are the same. Lines above are just more readable. + uint256 id = champs.push(Champ(0, 2 + randMod(4), 1 + randMod(4), uint256(1 days) - uint256(randMod(9) * 1 hours), 0, 0, 0, leaderboard.length + 1, 0, uint256(block.timestamp), 0,0,0, false)) - 1; + + + champs[id].id = id; //sets id in Champ struct + leaderboard.push(id); //push champ on the last place in leaderboard + champToOwner[id] = msg.sender; //sets owner of this champ - msg.sender + addressInfo[msg.sender].champsCount++; + + emit NewChamp(id, msg.sender); + + } + + + /// @notice Change "CreateChampFee". If ETH price will grow up it can expensive to create new champ. + /// @param _fee New "CreateChampFee" + /// @dev Only owner of contract can change "CreateChampFee" + function setCreateChampFee(uint256 _fee) external onlyOwner { + createChampFee = _fee; + } + + + /// @notice Change champ's name + function changeChampsName(uint _champId, string _name) external + onlyOwnerOfChamp(_champId){ + champToName[_champId] = _name; + } + + + /// @notice Change players's name + function changePlayersName(string _name) external { + addressInfo[msg.sender].name = _name; + } + + + /// @notice Withdraw champ's reward + /// @param _id Champ id + /// @dev Move champ reward to pending withdrawal to his wallet. + function withdrawChamp(uint _id) external + onlyOwnerOfChamp(_id) + contractMinBalanceReached + isChampWithdrawReady(_id) + whenNotPaused { + Champ storage champ = champs[_id]; + require(champ.position <= 800); + + champ.withdrawCooldown = block.timestamp + 1 days; //one withdrawal 1 per day + + uint256 withdrawal = getChampReward(champ.position); + addressInfo[msg.sender].withdrawal += withdrawal; + pendingWithdrawal += withdrawal; + } + + + /// @dev Send all pending funds of caller's address + function withdrawToAddress(address _address) external + whenNotPaused { + address playerAddress = _address; + if(playerAddress == address(0)){ playerAddress = msg.sender; } + uint256 share = addressInfo[playerAddress].withdrawal; //gets pending funds + require(share > 0); //is it more than 0? + + //first sets players withdrawal pending to 0 and subtract amount from playerWithdrawals then transfer funds to avoid reentrancy + addressInfo[playerAddress].withdrawal = 0; //set player's withdrawal pendings to 0 + pendingWithdrawal = pendingWithdrawal.sub(share); //subtract share from total pendings + + playerAddress.transfer(share); //transfer + } + +} + + + +/// @title Moderates items and creates new ones +contract Items is ChampFactory { + + event NewItem(uint256 itemID, address owner); + + constructor () internal { + //item -> nothing + items.push(Item(0, 0, 0, 0, 0, 0, 0, false, false)); + } + + /* + * Modifiers + */ + /// @notice Checks if sender is owner of item + modifier onlyOwnerOfItem(uint256 _itemId) { + require(_itemId != 0); + require(msg.sender == itemToOwner[_itemId]); + _; + } + + + /// @notice Checks if sender is NOT owner of item + modifier onlyNotOwnerOfItem(uint256 _itemId) { + require(msg.sender != itemToOwner[_itemId]); + _; + } + + + /* + * View + */ + ///@notice Check if champ has something on + ///@param _type Sword, shield or helmet + function hasChampSomethingOn(uint _champId, uint8 _type) internal view returns(bool){ + Champ storage champ = champs[_champId]; + if(_type == 1){ + return (champ.eq_sword == 0) ? false : true; + } + if(_type == 2){ + return (champ.eq_shield == 0) ? false : true; + } + if(_type == 3){ + return (champ.eq_helmet == 0) ? false : true; + } + } + + + /// @notice Gets items by address + /// @param _owner Owner address + function getItemsByOwner(address _owner) external view returns(uint256[]) { + uint256[] memory result = new uint256[](addressInfo[_owner].itemsCount); + uint256 counter = 0; + for (uint256 i = 0; i < items.length; i++) { + if (itemToOwner[i] == _owner) { + result[counter] = i; + counter++; + } + } + return result; + } + + + /* + * Public + */ + ///@notice Takes item off champ + function takeOffItem(uint _champId, uint8 _type) public + onlyOwnerOfChamp(_champId) { + uint256 itemId; + Champ storage champ = champs[_champId]; + if(_type == 1){ + itemId = champ.eq_sword; //Get item ID + if (itemId > 0) { //0 = nothing + champ.eq_sword = 0; //take off sword + } + } + if(_type == 2){ + itemId = champ.eq_shield; //Get item ID + if(itemId > 0) {//0 = nothing + champ.eq_shield = 0; //take off shield + } + } + if(_type == 3){ + itemId = champ.eq_helmet; //Get item ID + if(itemId > 0) { //0 = nothing + champ.eq_helmet = 0; //take off + } + } + if(itemId > 0){ + items[itemId].onChamp = false; //item is free to use, is not on champ + } + } + + + + /* + * External + */ + ///@notice Puts item on champ + function putOn(uint256 _champId, uint256 _itemId) external + onlyOwnerOfChamp(_champId) + onlyOwnerOfItem(_itemId) { + Champ storage champ = champs[_champId]; + Item storage item = items[_itemId]; + + //checks if items is on some other champ + if(item.onChamp){ + takeOffItem(item.onChampId, item.itemType); //take off from champ + } + + item.onChamp = true; //item is on champ + item.onChampId = _champId; //champ's id + + //put on + if(item.itemType == 1){ + //take off actual sword + if(champ.eq_sword > 0){ + takeOffItem(champ.id, 1); + } + champ.eq_sword = _itemId; //put on sword + } + if(item.itemType == 2){ + //take off actual shield + if(champ.eq_shield > 0){ + takeOffItem(champ.id, 2); + } + champ.eq_shield = _itemId; //put on shield + } + if(item.itemType == 3){ + //take off actual helmet + if(champ.eq_helmet > 0){ + takeOffItem(champ.id, 3); + } + champ.eq_helmet = _itemId; //put on helmet + } + } + + + + /// @notice Opens loot box and generates new item + function openLootbox(address _affiliateAddress) external payable + whenNotPaused + isPaid(lootboxFee) + distributeInput(_affiliateAddress) { + + uint256 pointToCooldownReduction; + uint256 randNum = randMod(1001); //random number <= 1000 + uint256 pointsToShare; //total points given + uint256 itemID; + + //sets up item + Item memory item = Item({ + itemType: uint8(uint256(randMod(3) + 1)), //generates item type - max num is 2 -> 0 + 1 SWORD | 1 + 1 SHIELD | 2 + 1 HELMET; + itemRarity: uint8(0), + attackPower: 0, + defencePower: 0, + cooldownReduction: 0, + price: 0, + onChampId: 0, + onChamp: false, + forSale: false + }); + + // Gets Rarity of item + // 45% common + // 27% uncommon + // 19% rare + // 7% epic + // 2% legendary + if(450 > randNum){ + pointsToShare = 25 + randMod(9); //25 basic + random number max to 8 + item.itemRarity = uint8(1); + }else if(720 > randNum){ + pointsToShare = 42 + randMod(17); //42 basic + random number max to 16 + item.itemRarity = uint8(2); + }else if(910 > randNum){ + pointsToShare = 71 + randMod(25); //71 basic + random number max to 24 + item.itemRarity = uint8(3); + }else if(980 > randNum){ + pointsToShare = 119 + randMod(33); //119 basic + random number max to 32 + item.itemRarity = uint8(4); + }else{ + pointsToShare = 235 + randMod(41); //235 basic + random number max to 40 + item.itemRarity = uint8(5); + } + + + //Gets type of item + if(item.itemType == uint8(1)){ //ITEM IS SWORDS + item.attackPower = pointsToShare / 10 * 7; //70% attackPower + pointsToShare -= item.attackPower; //points left; + + item.defencePower = pointsToShare / 10 * randMod(6); //up to 15% defencePower + pointsToShare -= item.defencePower; //points left; + + item.cooldownReduction = pointsToShare * uint256(1 minutes); //rest of points is cooldown reduction + item.itemType = uint8(1); + } + + if(item.itemType == uint8(2)){ //ITEM IS SHIELD + item.defencePower = pointsToShare / 10 * 7; //70% defencePower + pointsToShare -= item.defencePower; //points left; + + item.attackPower = pointsToShare / 10 * randMod(6); //up to 15% attackPowerPower + pointsToShare -= item.attackPower; //points left; + + item.cooldownReduction = pointsToShare * uint256(1 minutes); //rest of points is cooldown reduction + item.itemType = uint8(2); + } + + if(item.itemType == uint8(3)){ //ITEM IS HELMET + pointToCooldownReduction = pointsToShare / 10 * 7; //70% cooldown reduction + item.cooldownReduction = pointToCooldownReduction * uint256(1 minutes); //points to time + pointsToShare -= pointToCooldownReduction; //points left; + + item.attackPower = pointsToShare / 10 * randMod(6); //up to 15% attackPower + pointsToShare -= item.attackPower; //points left; + + item.defencePower = pointsToShare; //rest of points is defencePower + item.itemType = uint8(3); + } + + itemID = items.push(item) - 1; + + itemToOwner[itemID] = msg.sender; //sets owner of this item - msg.sender + addressInfo[msg.sender].itemsCount++; //every address has count of items + + emit NewItem(itemID, msg.sender); + + } + + /// @notice Change "lootboxFee". + /// @param _fee New "lootboxFee" + /// @dev Only owner of contract can change "lootboxFee" + function setLootboxFee(uint _fee) external onlyOwner { + lootboxFee = _fee; + } +} + + + +/// @title Moderates buying and selling items +contract ItemMarket is Items { + + event TransferItem(address from, address to, uint256 itemID); + + /* + * Modifiers + */ + ///@notice Checks if item is for sale + modifier itemIsForSale(uint256 _id){ + require(items[_id].forSale); + _; + } + + ///@notice Checks if item is NOT for sale + modifier itemIsNotForSale(uint256 _id){ + require(items[_id].forSale == false); + _; + } + + ///@notice If item is for sale then cancel sale + modifier ifItemForSaleThenCancelSale(uint256 _itemID){ + Item storage item = items[_itemID]; + if(item.forSale){ + _cancelItemSale(item); + } + _; + } + + + ///@notice Distribute sale eth input + modifier distributeSaleInput(address _owner) { + uint256 contractOwnerCommision; //1% + uint256 playerShare; //99% + + if(msg.value > 100){ + contractOwnerCommision = (msg.value / 100); + playerShare = msg.value - contractOwnerCommision; + }else{ + contractOwnerCommision = 0; + playerShare = msg.value; + } + + addressInfo[_owner].withdrawal += playerShare; + addressInfo[contractOwner].withdrawal += contractOwnerCommision; + pendingWithdrawal += playerShare + contractOwnerCommision; + _; + } + + + + /* + * View + */ + function getItemsForSale() view external returns(uint256[]){ + uint256[] memory result = new uint256[](itemsForSaleCount); + if(itemsForSaleCount > 0){ + uint256 counter = 0; + for (uint256 i = 0; i < items.length; i++) { + if (items[i].forSale == true) { + result[counter]=i; + counter++; + } + } + } + return result; + } + + /* + * Private + */ + ///@notice Cancel sale. Should not be called without checking if item is really for sale. + function _cancelItemSale(Item storage item) private { + //No need to overwrite item's price + item.forSale = false; + itemsForSaleCount--; + } + + + /* + * Internal + */ + /// @notice Transfer item + function transferItem(address _from, address _to, uint256 _itemID) internal + ifItemForSaleThenCancelSale(_itemID) { + Item storage item = items[_itemID]; + + //take off + if(item.onChamp && _to != champToOwner[item.onChampId]){ + takeOffItem(item.onChampId, item.itemType); + } + + addressInfo[_to].itemsCount++; + addressInfo[_from].itemsCount--; + itemToOwner[_itemID] = _to; + + emit TransferItem(_from, _to, _itemID); + } + + + + /* + * Public + */ + /// @notice Calls transfer item + /// @notice Address _from is msg.sender. Cannot be used is market, bc msg.sender is buyer + function giveItem(address _to, uint256 _itemID) public + onlyOwnerOfItem(_itemID) { + transferItem(msg.sender, _to, _itemID); + } + + + /// @notice Calcels item's sale + function cancelItemSale(uint256 _id) public + itemIsForSale(_id) + onlyOwnerOfItem(_id){ + Item storage item = items[_id]; + _cancelItemSale(item); + } + + + /* + * External + */ + /// @notice Sets item for sale + function setItemForSale(uint256 _id, uint256 _price) external + onlyOwnerOfItem(_id) + itemIsNotForSale(_id) { + Item storage item = items[_id]; + item.forSale = true; + item.price = _price; + itemsForSaleCount++; + } + + + /// @notice Buys item + function buyItem(uint256 _id) external payable + whenNotPaused + onlyNotOwnerOfItem(_id) + itemIsForSale(_id) + isPaid(items[_id].price) + distributeSaleInput(itemToOwner[_id]) + { + transferItem(itemToOwner[_id], msg.sender, _id); + } + +} + + + +/// @title Manages forging +contract ItemForge is ItemMarket { + + event Forge(uint256 forgedItemID); + + ///@notice Forge items together + function forgeItems(uint256 _parentItemID, uint256 _childItemID) external + onlyOwnerOfItem(_parentItemID) + onlyOwnerOfItem(_childItemID) + ifItemForSaleThenCancelSale(_parentItemID) + ifItemForSaleThenCancelSale(_childItemID) { + + //checks if items are not the same + require(_parentItemID != _childItemID); + + Item storage parentItem = items[_parentItemID]; + Item storage childItem = items[_childItemID]; + + //take child item off, because child item will be burned + if(childItem.onChamp){ + takeOffItem(childItem.onChampId, childItem.itemType); + } + + //update parent item + parentItem.attackPower = (parentItem.attackPower > childItem.attackPower) ? parentItem.attackPower : childItem.attackPower; + parentItem.defencePower = (parentItem.defencePower > childItem.defencePower) ? parentItem.defencePower : childItem.defencePower; + parentItem.cooldownReduction = (parentItem.cooldownReduction > childItem.cooldownReduction) ? parentItem.cooldownReduction : childItem.cooldownReduction; + parentItem.itemRarity = uint8(6); + + //burn child item + transferItem(msg.sender, address(0), _childItemID); + + emit Forge(_parentItemID); + } + +} + + +/// @title Manages attacks in game +contract ChampAttack is ItemForge { + + event Attack(uint256 winnerChampID, uint256 defeatedChampID, bool didAttackerWin); + + /* + * Modifiers + */ + /// @notice Is champ ready to fight again? + modifier isChampReady(uint256 _champId) { + require (champs[_champId].readyTime <= block.timestamp); + _; + } + + + /// @notice Prevents from self-attack + modifier notSelfAttack(uint256 _champId, uint256 _targetId) { + require(_champId != _targetId); + _; + } + + + /// @notice Checks if champ does exist + modifier targetExists(uint256 _targetId){ + require(champToOwner[_targetId] != address(0)); + _; + } + + + /* + * View + */ + /// @notice Gets champ's attack power, defence power and cooldown reduction with items on + function getChampStats(uint256 _champId) public view returns(uint256,uint256,uint256){ + Champ storage champ = champs[_champId]; + Item storage sword = items[champ.eq_sword]; + Item storage shield = items[champ.eq_shield]; + Item storage helmet = items[champ.eq_helmet]; + + //AP + uint256 totalAttackPower = champ.attackPower + sword.attackPower + shield.attackPower + helmet.attackPower; //Gets champs AP + + //DP + uint256 totalDefencePower = champ.defencePower + sword.defencePower + shield.defencePower + helmet.defencePower; //Gets champs DP + + //CR + uint256 totalCooldownReduction = sword.cooldownReduction + shield.cooldownReduction + helmet.cooldownReduction; //Gets CR + + return (totalAttackPower, totalDefencePower, totalCooldownReduction); + } + + + /* + * Pure + */ + /// @notice Subtracts ability points. Helps to not cross minimal attack ability points -> 2 + /// @param _playerAttackPoints Actual player's attack points + /// @param _x Amount to subtract + function subAttack(uint256 _playerAttackPoints, uint256 _x) internal pure returns (uint256) { + return (_playerAttackPoints <= _x + 2) ? 2 : _playerAttackPoints - _x; + } + + + /// @notice Subtracts ability points. Helps to not cross minimal defence ability points -> 1 + /// @param _playerDefencePoints Actual player's defence points + /// @param _x Amount to subtract + function subDefence(uint256 _playerDefencePoints, uint256 _x) internal pure returns (uint256) { + return (_playerDefencePoints <= _x) ? 1 : _playerDefencePoints - _x; + } + + + /* + * Private + */ + /// @dev Is called from from Attack function after the winner is already chosen + /// @dev Updates abilities, champ's stats and swaps positions + function _attackCompleted(Champ storage _winnerChamp, Champ storage _defeatedChamp, uint256 _pointsGiven, uint256 _pointsToAttackPower) private { + /* + * Updates abilities after fight + */ + //winner abilities update + _winnerChamp.attackPower += _pointsToAttackPower; //increase attack power + _winnerChamp.defencePower += _pointsGiven - _pointsToAttackPower; //max point that was given - already given to AP + + //defeated champ's abilities update + //checks for not cross minimal AP & DP points + _defeatedChamp.attackPower = subAttack(_defeatedChamp.attackPower, _pointsToAttackPower); //decrease attack power + _defeatedChamp.defencePower = subDefence(_defeatedChamp.defencePower, _pointsGiven - _pointsToAttackPower); // decrease defence power + + + + /* + * Update champs' wins and losses + */ + _winnerChamp.winCount++; + _defeatedChamp.lossCount++; + + + + /* + * Swap positions + */ + if(_winnerChamp.position > _defeatedChamp.position) { //require loser to has better (lower) postion than attacker + uint256 winnerPosition = _winnerChamp.position; + uint256 loserPosition = _defeatedChamp.position; + + _defeatedChamp.position = winnerPosition; + _winnerChamp.position = loserPosition; + + //position in champ struct is always one point bigger than in leaderboard array + leaderboard[winnerPosition - 1] = _defeatedChamp.id; + leaderboard[loserPosition - 1] = _winnerChamp.id; + } + } + + + /// @dev Gets pointsGiven and pointsToAttackPower + function _getPoints(uint256 _pointsGiven) private returns (uint256 pointsGiven, uint256 pointsToAttackPower){ + return (_pointsGiven, randMod(_pointsGiven+1)); + } + + + + /* + * External + */ + /// @notice Attack function + /// @param _champId Attacker champ + /// @param _targetId Target champ + function attack(uint256 _champId, uint256 _targetId) external + onlyOwnerOfChamp(_champId) + isChampReady(_champId) + notSelfAttack(_champId, _targetId) + targetExists(_targetId) { + Champ storage myChamp = champs[_champId]; + Champ storage enemyChamp = champs[_targetId]; + uint256 pointsGiven; //total points that will be divided between AP and DP + uint256 pointsToAttackPower; //part of points that will be added to attack power, the rest of points go to defence power + uint256 myChampAttackPower; + uint256 enemyChampDefencePower; + uint256 myChampCooldownReduction; + + (myChampAttackPower,,myChampCooldownReduction) = getChampStats(_champId); + (,enemyChampDefencePower,) = getChampStats(_targetId); + + + //if attacker's AP is more than target's DP then attacker wins + if (myChampAttackPower > enemyChampDefencePower) { + + //this should demotivate players from farming on way weaker champs than they are + //the bigger difference between AP & DP is, the reward is smaller + if(myChampAttackPower - enemyChampDefencePower < 5){ + + //big experience - 3 ability points + (pointsGiven, pointsToAttackPower) = _getPoints(3); + + + }else if(myChampAttackPower - enemyChampDefencePower < 10){ + + //medium experience - 2 ability points + (pointsGiven, pointsToAttackPower) = _getPoints(2); + + }else{ + + //small experience - 1 ability point to random ability (attack power or defence power) + (pointsGiven, pointsToAttackPower) = _getPoints(1); + + } + + _attackCompleted(myChamp, enemyChamp, pointsGiven, pointsToAttackPower); + + emit Attack(myChamp.id, enemyChamp.id, true); + + } else { + + //1 ability point to random ability (attack power or defence power) + (pointsGiven, pointsToAttackPower) = _getPoints(1); + + _attackCompleted(enemyChamp, myChamp, pointsGiven, pointsToAttackPower); + + emit Attack(enemyChamp.id, myChamp.id, false); + + } + + //Trigger cooldown for attacker + myChamp.readyTime = uint256(block.timestamp + myChamp.cooldownTime - myChampCooldownReduction); + + } + +} + + +/// @title Moderates buying and selling champs +contract ChampMarket is ChampAttack { + + event TransferChamp(address from, address to, uint256 champID); + + /* + * Modifiers + */ + ///@notice Require champ to be sale + modifier champIsForSale(uint256 _id){ + require(champs[_id].forSale); + _; + } + + + ///@notice Require champ NOT to be for sale + modifier champIsNotForSale(uint256 _id){ + require(champs[_id].forSale == false); + _; + } + + + ///@notice If champ is for sale then cancel sale + modifier ifChampForSaleThenCancelSale(uint256 _champID){ + Champ storage champ = champs[_champID]; + if(champ.forSale){ + _cancelChampSale(champ); + } + _; + } + + + /* + * View + */ + ///@notice Gets all champs for sale + function getChampsForSale() view external returns(uint256[]){ + uint256[] memory result = new uint256[](champsForSaleCount); + if(champsForSaleCount > 0){ + uint256 counter = 0; + for (uint256 i = 0; i < champs.length; i++) { + if (champs[i].forSale == true) { + result[counter]=i; + counter++; + } + } + } + return result; + } + + + /* + * Private + */ + ///@dev Cancel sale. Should not be called without checking if champ is really for sale. + function _cancelChampSale(Champ storage champ) private { + //cancel champ's sale + //no need waste gas to overwrite his price. + champ.forSale = false; + champsForSaleCount--; + } + + + /* + * Internal + */ + /// @notice Transfer champ + function transferChamp(address _from, address _to, uint256 _champId) internal ifChampForSaleThenCancelSale(_champId){ + Champ storage champ = champs[_champId]; + + //transfer champ + addressInfo[_to].champsCount++; + addressInfo[_from].champsCount--; + champToOwner[_champId] = _to; + + //transfer items + if(champ.eq_sword != 0) { transferItem(_from, _to, champ.eq_sword); } + if(champ.eq_shield != 0) { transferItem(_from, _to, champ.eq_shield); } + if(champ.eq_helmet != 0) { transferItem(_from, _to, champ.eq_helmet); } + + emit TransferChamp(_from, _to, _champId); + } + + + + /* + * Public + */ + /// @notice Champ is no more for sale + function cancelChampSale(uint256 _id) public + champIsForSale(_id) + onlyOwnerOfChamp(_id) { + Champ storage champ = champs[_id]; + _cancelChampSale(champ); + } + + + /* + * External + */ + /// @notice Gift champ + /// @dev Address _from is msg.sender + function giveChamp(address _to, uint256 _champId) external + onlyOwnerOfChamp(_champId) { + transferChamp(msg.sender, _to, _champId); + } + + + /// @notice Sets champ for sale + function setChampForSale(uint256 _id, uint256 _price) external + onlyOwnerOfChamp(_id) + champIsNotForSale(_id) { + Champ storage champ = champs[_id]; + champ.forSale = true; + champ.price = _price; + champsForSaleCount++; + } + + + /// @notice Buys champ + function buyChamp(uint256 _id) external payable + whenNotPaused + onlyNotOwnerOfChamp(_id) + champIsForSale(_id) + isPaid(champs[_id].price) + distributeSaleInput(champToOwner[_id]) { + transferChamp(champToOwner[_id], msg.sender, _id); + } + +} + + + +/// @title Only used for deploying all contracts +contract MyCryptoChampCore is ChampMarket { + /* + © Copyright 2018 - Patrik Mojzis + Redistributing and modifying is prohibited. + + https://mycryptochamp.io/ + + What is MyCryptoChamp? + - Blockchain game about upgrading champs by fighting, getting better items, + trading them and the best 800 champs are daily rewarded by real Ether. + + Feel free to ask any questions + hello@mycryptochamp.io + */ +} \ No newline at end of file diff --git a/data_full/CVE/2018-12959.sol b/data_full/CVE/2018-12959.sol new file mode 100644 index 0000000000000000000000000000000000000000..ed00627bc4605de81ee6fe1cf9a616deb534b1f7 --- /dev/null +++ b/data_full/CVE/2018-12959.sol @@ -0,0 +1,127 @@ +/** + *Submitted for verification at Etherscan.io on 2017-12-27 +*/ + +pragma solidity ^0.4.4; + +contract Token { + + /// @return total amount of tokens + function totalSupply() constant returns (uint256 supply) {} + + /// @param _owner The address from which the balance will be retrieved + /// @return The balance + function balanceOf(address _owner) constant returns (uint256 balance) {} + + /// @notice send `_value` token to `_to` from `msg.sender` + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transfer(address _to, uint256 _value) returns (bool success) {} + + /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + + /// @notice `msg.sender` approves `_addr` to spend `_value` tokens + /// @param _spender The address of the account able to transfer the tokens + /// @param _value The amount of wei to be approved for transfer + /// @return Whether the approval was successful or not + function approve(address _spender, uint256 _value) returns (bool success) {} + + /// @param _owner The address of the account owning tokens + /// @param _spender The address of the account able to transfer the tokens + /// @return Amount of remaining tokens allowed to spent + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + +} + + + +contract StandardToken is Token { + + function transfer(address _to, uint256 _value) returns (bool success) { + //Default assumes totalSupply can't be over max (2^256 - 1). + //If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap. + //Replace the if with this one instead. + //if (balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + //same as above. Replace this line with the following if you want to protect against wrapping uints. + //if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} + +contract AditusToken is StandardToken { + + function () { + //if ether is sent to this address, send it back. + throw; + } + + /* Public variables of the token */ + + string public name; + uint8 public decimals; + string public symbol; + string public version = 'A1.0'; + + function AditusToken( + ) { + balances[msg.sender] = 1000000000000000000000000000; // Give the creator all initial tokens (100000 for example) + totalSupply = 1000000000000000000000000000; // Update total supply (100000 for example) + name = "Aditus"; // Set the name for display purposes + decimals = 18; // Amount of decimals for display purposes + symbol = "ADI"; // Set the symbol for display purposes + } + + /* Approves and then calls the receiving contract */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + + //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this. + //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData) + //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead. + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-12975.sol b/data_full/CVE/2018-12975.sol new file mode 100644 index 0000000000000000000000000000000000000000..2ade75bcd943a78a905ed7c9ecf410ebc23af0fa --- /dev/null +++ b/data_full/CVE/2018-12975.sol @@ -0,0 +1,1234 @@ +/** + *Submitted for verification at Etherscan.io on 2018-02-14 +*/ + +pragma solidity ^0.4.18; + +/** + * @title Ownable + * @dev The Ownable contract has an owner address, and provides basic authorization control + * functions, this simplifies the implementation of "user permissions". + */ +contract Ownable { + address public owner; + + + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + + + /** + * @dev The Ownable constructor sets the original `owner` of the contract to the sender + * account. + */ + function Ownable() public { + owner = msg.sender; + } + + /** + * @dev Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + /** + * @dev Allows the current owner to transfer control of the contract to a newOwner. + * @param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) public onlyOwner { + require(newOwner != address(0)); + OwnershipTransferred(owner, newOwner); + owner = newOwner; + } + +} + + +/** + * @title Claimable + * @dev Extension for the Ownable contract, where the ownership needs to be claimed. + * This allows the new owner to accept the transfer. + */ +contract Claimable is Ownable { + address public pendingOwner; + + /** + * @dev Modifier throws if called by any account other than the pendingOwner. + */ + modifier onlyPendingOwner() { + require(msg.sender == pendingOwner); + _; + } + + /** + * @dev Allows the current owner to set the pendingOwner address. + * @param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) onlyOwner public { + pendingOwner = newOwner; + } + + /** + * @dev Allows the pendingOwner address to finalize the transfer. + */ + function claimOwnership() onlyPendingOwner public { + OwnershipTransferred(owner, pendingOwner); + owner = pendingOwner; + pendingOwner = address(0); + } +} + + +/** + * @title Pausable + * @dev Base contract which allows children to implement an emergency stop mechanism. + */ +contract Pausable is Ownable { + event Pause(); + event Unpause(); + + bool public paused = false; + + + /** + * @dev Modifier to make a function callable only when the contract is not paused. + */ + modifier whenNotPaused() { + require(!paused); + _; + } + + /** + * @dev Modifier to make a function callable only when the contract is paused. + */ + modifier whenPaused() { + require(paused); + _; + } + + /** + * @dev called by the owner to pause, triggers stopped state + */ + function pause() onlyOwner whenNotPaused public { + paused = true; + Pause(); + } + + /** + * @dev called by the owner to unpause, returns to normal state + */ + function unpause() onlyOwner whenPaused public { + paused = false; + Unpause(); + } +} + + +/** + * @title AccessDeploy + * @dev Adds grant/revoke functions to the contract. + */ +contract AccessDeploy is Claimable { + + // Access for deploying heroes. + mapping(address => bool) private deployAccess; + + // Modifier for accessibility to deploy a hero on a location. + modifier onlyAccessDeploy { + require(msg.sender == owner || deployAccess[msg.sender] == true); + _; + } + + // @dev Grant acess to deploy heroes. + function grantAccessDeploy(address _address) + onlyOwner + public + { + deployAccess[_address] = true; + } + + // @dev Revoke acess to deploy heroes. + function revokeAccessDeploy(address _address) + onlyOwner + public + { + deployAccess[_address] = false; + } + +} + + +/** + * @title AccessDeposit + * @dev Adds grant/revoke functions to the contract. + */ +contract AccessDeposit is Claimable { + + // Access for adding deposit. + mapping(address => bool) private depositAccess; + + // Modifier for accessibility to add deposit. + modifier onlyAccessDeposit { + require(msg.sender == owner || depositAccess[msg.sender] == true); + _; + } + + // @dev Grant acess to deposit heroes. + function grantAccessDeposit(address _address) + onlyOwner + public + { + depositAccess[_address] = true; + } + + // @dev Revoke acess to deposit heroes. + function revokeAccessDeposit(address _address) + onlyOwner + public + { + depositAccess[_address] = false; + } + +} + + +/** + * @title AccessMint + * @dev Adds grant/revoke functions to the contract. + */ +contract AccessMint is Claimable { + + // Access for minting new tokens. + mapping(address => bool) private mintAccess; + + // Modifier for accessibility to define new hero types. + modifier onlyAccessMint { + require(msg.sender == owner || mintAccess[msg.sender] == true); + _; + } + + // @dev Grant acess to mint heroes. + function grantAccessMint(address _address) + onlyOwner + public + { + mintAccess[_address] = true; + } + + // @dev Revoke acess to mint heroes. + function revokeAccessMint(address _address) + onlyOwner + public + { + mintAccess[_address] = false; + } + +} + + +/** + * @title ERC721 interface + * @dev see https://github.com/ethereum/eips/issues/721 + */ +contract ERC721 { + event Transfer(address indexed _from, address indexed _to, uint256 _tokenId); + event Approval(address indexed _owner, address indexed _approved, uint256 _tokenId); + + function balanceOf(address _owner) public view returns (uint256 _balance); + function ownerOf(uint256 _tokenId) public view returns (address _owner); + function transfer(address _to, uint256 _tokenId) public; + function approve(address _to, uint256 _tokenId) public; + function takeOwnership(uint256 _tokenId) public; +} + + +/** + * @title ERC721Token + * Generic implementation for the required functionality of the ERC721 standard + */ +contract ERC721Token is ERC721 { + using SafeMath for uint256; + + // Total amount of tokens + uint256 private totalTokens; + + // Mapping from token ID to owner + mapping (uint256 => address) private tokenOwner; + + // Mapping from token ID to approved address + mapping (uint256 => address) private tokenApprovals; + + // Mapping from owner to list of owned token IDs + mapping (address => uint256[]) private ownedTokens; + + // Mapping from token ID to index of the owner tokens list + mapping(uint256 => uint256) private ownedTokensIndex; + + /** + * @dev Guarantees msg.sender is owner of the given token + * @param _tokenId uint256 ID of the token to validate its ownership belongs to msg.sender + */ + modifier onlyOwnerOf(uint256 _tokenId) { + require(ownerOf(_tokenId) == msg.sender); + _; + } + + /** + * @dev Gets the total amount of tokens stored by the contract + * @return uint256 representing the total amount of tokens + */ + function totalSupply() public view returns (uint256) { + return totalTokens; + } + + /** + * @dev Gets the balance of the specified address + * @param _owner address to query the balance of + * @return uint256 representing the amount owned by the passed address + */ + function balanceOf(address _owner) public view returns (uint256) { + return ownedTokens[_owner].length; + } + + /** + * @dev Gets the list of tokens owned by a given address + * @param _owner address to query the tokens of + * @return uint256[] representing the list of tokens owned by the passed address + */ + function tokensOf(address _owner) public view returns (uint256[]) { + return ownedTokens[_owner]; + } + + /** + * @dev Gets the owner of the specified token ID + * @param _tokenId uint256 ID of the token to query the owner of + * @return owner address currently marked as the owner of the given token ID + */ + function ownerOf(uint256 _tokenId) public view returns (address) { + address owner = tokenOwner[_tokenId]; + require(owner != address(0)); + return owner; + } + + /** + * @dev Gets the approved address to take ownership of a given token ID + * @param _tokenId uint256 ID of the token to query the approval of + * @return address currently approved to take ownership of the given token ID + */ + function approvedFor(uint256 _tokenId) public view returns (address) { + return tokenApprovals[_tokenId]; + } + + /** + * @dev Transfers the ownership of a given token ID to another address + * @param _to address to receive the ownership of the given token ID + * @param _tokenId uint256 ID of the token to be transferred + */ + function transfer(address _to, uint256 _tokenId) public onlyOwnerOf(_tokenId) { + clearApprovalAndTransfer(msg.sender, _to, _tokenId); + } + + /** + * @dev Approves another address to claim for the ownership of the given token ID + * @param _to address to be approved for the given token ID + * @param _tokenId uint256 ID of the token to be approved + */ + function approve(address _to, uint256 _tokenId) public onlyOwnerOf(_tokenId) { + address owner = ownerOf(_tokenId); + require(_to != owner); + if (approvedFor(_tokenId) != 0 || _to != 0) { + tokenApprovals[_tokenId] = _to; + Approval(owner, _to, _tokenId); + } + } + + /** + * @dev Claims the ownership of a given token ID + * @param _tokenId uint256 ID of the token being claimed by the msg.sender + */ + function takeOwnership(uint256 _tokenId) public { + require(isApprovedFor(msg.sender, _tokenId)); + clearApprovalAndTransfer(ownerOf(_tokenId), msg.sender, _tokenId); + } + + /** + * @dev Mint token function + * @param _to The address that will own the minted token + * @param _tokenId uint256 ID of the token to be minted by the msg.sender + */ + function _mint(address _to, uint256 _tokenId) internal { + require(_to != address(0)); + addToken(_to, _tokenId); + Transfer(0x0, _to, _tokenId); + } + + /** + * @dev Burns a specific token + * @param _tokenId uint256 ID of the token being burned by the msg.sender + */ + function _burn(uint256 _tokenId) onlyOwnerOf(_tokenId) internal { + if (approvedFor(_tokenId) != 0) { + clearApproval(msg.sender, _tokenId); + } + removeToken(msg.sender, _tokenId); + Transfer(msg.sender, 0x0, _tokenId); + } + + /** + * @dev Tells whether the msg.sender is approved for the given token ID or not + * This function is not private so it can be extended in further implementations like the operatable ERC721 + * @param _owner address of the owner to query the approval of + * @param _tokenId uint256 ID of the token to query the approval of + * @return bool whether the msg.sender is approved for the given token ID or not + */ + function isApprovedFor(address _owner, uint256 _tokenId) internal view returns (bool) { + return approvedFor(_tokenId) == _owner; + } + + /** + * @dev Internal function to clear current approval and transfer the ownership of a given token ID + * @param _from address which you want to send tokens from + * @param _to address which you want to transfer the token to + * @param _tokenId uint256 ID of the token to be transferred + */ + function clearApprovalAndTransfer(address _from, address _to, uint256 _tokenId) internal { + require(_to != address(0)); + require(_to != ownerOf(_tokenId)); + require(ownerOf(_tokenId) == _from); + + clearApproval(_from, _tokenId); + removeToken(_from, _tokenId); + addToken(_to, _tokenId); + Transfer(_from, _to, _tokenId); + } + + /** + * @dev Internal function to clear current approval of a given token ID + * @param _tokenId uint256 ID of the token to be transferred + */ + function clearApproval(address _owner, uint256 _tokenId) private { + require(ownerOf(_tokenId) == _owner); + tokenApprovals[_tokenId] = 0; + Approval(_owner, 0, _tokenId); + } + + /** + * @dev Internal function to add a token ID to the list of a given address + * @param _to address representing the new owner of the given token ID + * @param _tokenId uint256 ID of the token to be added to the tokens list of the given address + */ + function addToken(address _to, uint256 _tokenId) private { + require(tokenOwner[_tokenId] == address(0)); + tokenOwner[_tokenId] = _to; + uint256 length = balanceOf(_to); + ownedTokens[_to].push(_tokenId); + ownedTokensIndex[_tokenId] = length; + totalTokens = totalTokens.add(1); + } + + /** + * @dev Internal function to remove a token ID from the list of a given address + * @param _from address representing the previous owner of the given token ID + * @param _tokenId uint256 ID of the token to be removed from the tokens list of the given address + */ + function removeToken(address _from, uint256 _tokenId) private { + require(ownerOf(_tokenId) == _from); + + uint256 tokenIndex = ownedTokensIndex[_tokenId]; + uint256 lastTokenIndex = balanceOf(_from).sub(1); + uint256 lastToken = ownedTokens[_from][lastTokenIndex]; + + tokenOwner[_tokenId] = 0; + ownedTokens[_from][tokenIndex] = lastToken; + ownedTokens[_from][lastTokenIndex] = 0; + // Note that this will handle single-element arrays. In that case, both tokenIndex and lastTokenIndex are going to + // be zero. Then we can make sure that we will remove _tokenId from the ownedTokens list since we are first swapping + // the lastToken to the first position, and then dropping the element placed in the last position of the list + + ownedTokens[_from].length--; + ownedTokensIndex[_tokenId] = 0; + ownedTokensIndex[lastToken] = tokenIndex; + totalTokens = totalTokens.sub(1); + } +} + + +/** + * @title ERC20Basic + * @dev Simpler version of ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/179 + */ +contract ERC20Basic { + function totalSupply() public view returns (uint256); + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + + +/** + * @title ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + + /** + * @dev Multiplies two numbers, throws on overflow. + */ + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + + /** + * @dev Integer division of two numbers, truncating the quotient. + */ + function div(uint256 a, uint256 b) internal pure returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + /** + * @dev Substracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend). + */ + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + /** + * @dev Adds two numbers, throws on overflow. + */ + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + +/** + * @title Basic token + * @dev Basic version of StandardToken, with no allowances. + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + + mapping(address => uint256) balances; + + uint256 totalSupply_; + + /** + * @dev total number of tokens in existence + */ + function totalSupply() public view returns (uint256) { + return totalSupply_; + } + + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + + // SafeMath.sub will throw if there is not enough balance. + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } + +} + + +/** + * @title Standard ERC20 token + * + * @dev Implementation of the basic standard token. + * @dev https://github.com/ethereum/EIPs/issues/20 + * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is ERC20, BasicToken { + + mapping (address => mapping (address => uint256)) internal allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifying the amount of tokens still available for the spender. + */ + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + + /** + * @dev Increase the amount of tokens that an owner allowed to a spender. + * + * approve should be called when allowed[_spender] == 0. To increment + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + * From MonolithDAO Token.sol + * @param _spender The address which will spend the funds. + * @param _addedValue The amount of tokens to increase the allowance by. + */ + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + /** + * @dev Decrease the amount of tokens that an owner allowed to a spender. + * + * approve should be called when allowed[_spender] == 0. To decrement + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + * From MonolithDAO Token.sol + * @param _spender The address which will spend the funds. + * @param _subtractedValue The amount of tokens to decrease the allowance by. + */ + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + +} + + +/** + * @title Gold + * @dev ERC20 Token that can be minted. + */ +contract Gold is StandardToken, Claimable, AccessMint { + + string public constant name = "Gold"; + string public constant symbol = "G"; + uint8 public constant decimals = 18; + + // Event that is fired when minted. + event Mint( + address indexed _to, + uint256 indexed _tokenId + ); + + // @dev Mint tokens with _amount to the address. + function mint(address _to, uint256 _amount) + onlyAccessMint + public + returns (bool) + { + totalSupply_ = totalSupply_.add(_amount); + balances[_to] = balances[_to].add(_amount); + Mint(_to, _amount); + Transfer(address(0), _to, _amount); + return true; + } + +} + + +/** + * @title CryptoSagaHero + * @dev The token contract for the hero. + * Also a superset of the ERC721 standard that allows for the minting + * of the non-fungible tokens. + */ +contract CryptoSagaHero is ERC721Token, Claimable, Pausable, AccessMint, AccessDeploy, AccessDeposit { + + string public constant name = "CryptoSaga Hero"; + string public constant symbol = "HERO"; + + struct HeroClass { + // ex) Soldier, Knight, Fighter... + string className; + // 0: Common, 1: Uncommon, 2: Rare, 3: Heroic, 4: Legendary. + uint8 classRank; + // 0: Human, 1: Celestial, 2: Demon, 3: Elf, 4: Dark Elf, 5: Yogoe, 6: Furry, 7: Dragonborn, 8: Undead, 9: Goblin, 10: Troll, 11: Slime, and more to come. + uint8 classRace; + // How old is this hero class? + uint32 classAge; + // 0: Fighter, 1: Rogue, 2: Mage. + uint8 classType; + + // Possible max level of this class. + uint32 maxLevel; + // 0: Water, 1: Fire, 2: Nature, 3: Light, 4: Darkness. + uint8 aura; + + // Base stats of this hero type. + // 0: ATK 1: DEF 2: AGL 3: LUK 4: HP. + uint32[5] baseStats; + // Minimum IVs for stats. + // 0: ATK 1: DEF 2: AGL 3: LUK 4: HP. + uint32[5] minIVForStats; + // Maximum IVs for stats. + // 0: ATK 1: DEF 2: AGL 3: LUK 4: HP. + uint32[5] maxIVForStats; + + // Number of currently instanced heroes. + uint32 currentNumberOfInstancedHeroes; + } + + struct HeroInstance { + // What is this hero's type? ex) John, Sally, Mark... + uint32 heroClassId; + + // Individual hero's name. + string heroName; + + // Current level of this hero. + uint32 currentLevel; + // Current exp of this hero. + uint32 currentExp; + + // Where has this hero been deployed? (0: Never depolyed ever.) ex) Dungeon Floor #1, Arena #5... + uint32 lastLocationId; + // When a hero is deployed, it takes time for the hero to return to the base. This is in Unix epoch. + uint256 availableAt; + + // Current stats of this hero. + // 0: ATK 1: DEF 2: AGL 3: LUK 4: HP. + uint32[5] currentStats; + // The individual value for this hero's stats. + // This will affect the current stats of heroes. + // 0: ATK 1: DEF 2: AGL 3: LUK 4: HP. + uint32[5] ivForStats; + } + + // Required exp for level up will increase when heroes level up. + // This defines how the value will increase. + uint32 public requiredExpIncreaseFactor = 100; + + // Required Gold for level up will increase when heroes level up. + // This defines how the value will increase. + uint256 public requiredGoldIncreaseFactor = 1000000000000000000; + + // Existing hero classes. + mapping(uint32 => HeroClass) public heroClasses; + // The number of hero classes ever defined. + uint32 public numberOfHeroClasses; + + // Existing hero instances. + // The key is _tokenId. + mapping(uint256 => HeroInstance) public tokenIdToHeroInstance; + // The number of tokens ever minted. This works as the serial number. + uint256 public numberOfTokenIds; + + // Gold contract. + Gold public goldContract; + + // Deposit of players (in Gold). + mapping(address => uint256) public addressToGoldDeposit; + + // Random seed. + uint32 private seed = 0; + + // Event that is fired when a hero type defined. + event DefineType( + address indexed _by, + uint32 indexed _typeId, + string _className + ); + + // Event that is fired when a hero is upgraded. + event LevelUp( + address indexed _by, + uint256 indexed _tokenId, + uint32 _newLevel + ); + + // Event that is fired when a hero is deployed. + event Deploy( + address indexed _by, + uint256 indexed _tokenId, + uint32 _locationId, + uint256 _duration + ); + + // @dev Get the class's entire infomation. + function getClassInfo(uint32 _classId) + external view + returns (string className, uint8 classRank, uint8 classRace, uint32 classAge, uint8 classType, uint32 maxLevel, uint8 aura, uint32[5] baseStats, uint32[5] minIVs, uint32[5] maxIVs) + { + var _cl = heroClasses[_classId]; + return (_cl.className, _cl.classRank, _cl.classRace, _cl.classAge, _cl.classType, _cl.maxLevel, _cl.aura, _cl.baseStats, _cl.minIVForStats, _cl.maxIVForStats); + } + + // @dev Get the class's name. + function getClassName(uint32 _classId) + external view + returns (string) + { + return heroClasses[_classId].className; + } + + // @dev Get the class's rank. + function getClassRank(uint32 _classId) + external view + returns (uint8) + { + return heroClasses[_classId].classRank; + } + + // @dev Get the heroes ever minted for the class. + function getClassMintCount(uint32 _classId) + external view + returns (uint32) + { + return heroClasses[_classId].currentNumberOfInstancedHeroes; + } + + // @dev Get the hero's entire infomation. + function getHeroInfo(uint256 _tokenId) + external view + returns (uint32 classId, string heroName, uint32 currentLevel, uint32 currentExp, uint32 lastLocationId, uint256 availableAt, uint32[5] currentStats, uint32[5] ivs, uint32 bp) + { + HeroInstance memory _h = tokenIdToHeroInstance[_tokenId]; + var _bp = _h.currentStats[0] + _h.currentStats[1] + _h.currentStats[2] + _h.currentStats[3] + _h.currentStats[4]; + return (_h.heroClassId, _h.heroName, _h.currentLevel, _h.currentExp, _h.lastLocationId, _h.availableAt, _h.currentStats, _h.ivForStats, _bp); + } + + // @dev Get the hero's class id. + function getHeroClassId(uint256 _tokenId) + external view + returns (uint32) + { + return tokenIdToHeroInstance[_tokenId].heroClassId; + } + + // @dev Get the hero's name. + function getHeroName(uint256 _tokenId) + external view + returns (string) + { + return tokenIdToHeroInstance[_tokenId].heroName; + } + + // @dev Get the hero's level. + function getHeroLevel(uint256 _tokenId) + external view + returns (uint32) + { + return tokenIdToHeroInstance[_tokenId].currentLevel; + } + + // @dev Get the hero's location. + function getHeroLocation(uint256 _tokenId) + external view + returns (uint32) + { + return tokenIdToHeroInstance[_tokenId].lastLocationId; + } + + // @dev Get the time when the hero become available. + function getHeroAvailableAt(uint256 _tokenId) + external view + returns (uint256) + { + return tokenIdToHeroInstance[_tokenId].availableAt; + } + + // @dev Get the hero's BP. + function getHeroBP(uint256 _tokenId) + public view + returns (uint32) + { + var _tmp = tokenIdToHeroInstance[_tokenId].currentStats; + return (_tmp[0] + _tmp[1] + _tmp[2] + _tmp[3] + _tmp[4]); + } + + // @dev Get the hero's required gold for level up. + function getHeroRequiredGoldForLevelUp(uint256 _tokenId) + public view + returns (uint256) + { + return (uint256(2) ** (tokenIdToHeroInstance[_tokenId].currentLevel / 10)) * requiredGoldIncreaseFactor; + } + + // @dev Get the hero's required exp for level up. + function getHeroRequiredExpForLevelUp(uint256 _tokenId) + public view + returns (uint32) + { + return ((tokenIdToHeroInstance[_tokenId].currentLevel + 2) * requiredExpIncreaseFactor); + } + + // @dev Get the deposit of gold of the player. + function getGoldDepositOfAddress(address _address) + external view + returns (uint256) + { + return addressToGoldDeposit[_address]; + } + + // @dev Get the token id of the player's #th token. + function getTokenIdOfAddressAndIndex(address _address, uint256 _index) + external view + returns (uint256) + { + return tokensOf(_address)[_index]; + } + + // @dev Get the total BP of the player. + function getTotalBPOfAddress(address _address) + external view + returns (uint32) + { + var _tokens = tokensOf(_address); + uint32 _totalBP = 0; + for (uint256 i = 0; i < _tokens.length; i ++) { + _totalBP += getHeroBP(_tokens[i]); + } + return _totalBP; + } + + // @dev Set the hero's name. + function setHeroName(uint256 _tokenId, string _name) + onlyOwnerOf(_tokenId) + public + { + tokenIdToHeroInstance[_tokenId].heroName = _name; + } + + // @dev Set the address of the contract that represents ERC20 Gold. + function setGoldContract(address _contractAddress) + onlyOwner + public + { + goldContract = Gold(_contractAddress); + } + + // @dev Set the required golds to level up a hero. + function setRequiredExpIncreaseFactor(uint32 _value) + onlyOwner + public + { + requiredExpIncreaseFactor = _value; + } + + // @dev Set the required golds to level up a hero. + function setRequiredGoldIncreaseFactor(uint256 _value) + onlyOwner + public + { + requiredGoldIncreaseFactor = _value; + } + + // @dev Contructor. + function CryptoSagaHero(address _goldAddress) + public + { + require(_goldAddress != address(0)); + + // Assign Gold contract. + setGoldContract(_goldAddress); + + // Initial heroes. + // Name, Rank, Race, Age, Type, Max Level, Aura, Stats. + defineType("Archangel", 4, 1, 13540, 0, 99, 3, [uint32(74), 75, 57, 99, 95], [uint32(8), 6, 8, 5, 5], [uint32(8), 10, 10, 6, 6]); + defineType("Shadowalker", 3, 4, 134, 1, 75, 4, [uint32(45), 35, 60, 80, 40], [uint32(3), 2, 10, 4, 5], [uint32(5), 5, 10, 7, 5]); + defineType("Pyromancer", 2, 0, 14, 2, 50, 1, [uint32(50), 28, 17, 40, 35], [uint32(5), 3, 2, 3, 3], [uint32(8), 4, 3, 4, 5]); + defineType("Magician", 1, 3, 224, 2, 30, 0, [uint32(35), 15, 25, 25, 30], [uint32(3), 1, 2, 2, 2], [uint32(5), 2, 3, 3, 3]); + defineType("Farmer", 0, 0, 59, 0, 15, 2, [uint32(10), 22, 8, 15, 25], [uint32(1), 2, 1, 1, 2], [uint32(1), 3, 1, 2, 3]); + } + + // @dev Define a new hero type (class). + function defineType(string _className, uint8 _classRank, uint8 _classRace, uint32 _classAge, uint8 _classType, uint32 _maxLevel, uint8 _aura, uint32[5] _baseStats, uint32[5] _minIVForStats, uint32[5] _maxIVForStats) + onlyOwner + public + { + require(_classRank < 5); + require(_classType < 3); + require(_aura < 5); + require(_minIVForStats[0] <= _maxIVForStats[0] && _minIVForStats[1] <= _maxIVForStats[1] && _minIVForStats[2] <= _maxIVForStats[2] && _minIVForStats[3] <= _maxIVForStats[3] && _minIVForStats[4] <= _maxIVForStats[4]); + + HeroClass memory _heroType = HeroClass({ + className: _className, + classRank: _classRank, + classRace: _classRace, + classAge: _classAge, + classType: _classType, + maxLevel: _maxLevel, + aura: _aura, + baseStats: _baseStats, + minIVForStats: _minIVForStats, + maxIVForStats: _maxIVForStats, + currentNumberOfInstancedHeroes: 0 + }); + + // Save the hero class. + heroClasses[numberOfHeroClasses] = _heroType; + + // Fire event. + DefineType(msg.sender, numberOfHeroClasses, _heroType.className); + + // Increment number of hero classes. + numberOfHeroClasses ++; + + } + + // @dev Mint a new hero, with _heroClassId. + function mint(address _owner, uint32 _heroClassId) + onlyAccessMint + public + returns (uint256) + { + require(_owner != address(0)); + require(_heroClassId < numberOfHeroClasses); + + // The information of the hero's class. + var _heroClassInfo = heroClasses[_heroClassId]; + + // Mint ERC721 token. + _mint(_owner, numberOfTokenIds); + + // Build random IVs for this hero instance. + uint32[5] memory _ivForStats; + uint32[5] memory _initialStats; + for (uint8 i = 0; i < 5; i++) { + _ivForStats[i] = (random(_heroClassInfo.maxIVForStats[i] + 1, _heroClassInfo.minIVForStats[i])); + _initialStats[i] = _heroClassInfo.baseStats[i] + _ivForStats[i]; + } + + // Temporary hero instance. + HeroInstance memory _heroInstance = HeroInstance({ + heroClassId: _heroClassId, + heroName: "", + currentLevel: 1, + currentExp: 0, + lastLocationId: 0, + availableAt: now, + currentStats: _initialStats, + ivForStats: _ivForStats + }); + + // Save the hero instance. + tokenIdToHeroInstance[numberOfTokenIds] = _heroInstance; + + // Increment number of token ids. + // This will only increment when new token is minted, and will never be decemented when the token is burned. + numberOfTokenIds ++; + + // Increment instanced number of heroes. + _heroClassInfo.currentNumberOfInstancedHeroes ++; + + return numberOfTokenIds - 1; + } + + // @dev Set where the heroes are deployed, and when they will return. + // This is intended to be called by Dungeon, Arena, Guild contracts. + function deploy(uint256 _tokenId, uint32 _locationId, uint256 _duration) + onlyAccessDeploy + public + returns (bool) + { + // The hero should be possessed by anybody. + require(ownerOf(_tokenId) != address(0)); + + var _heroInstance = tokenIdToHeroInstance[_tokenId]; + + // The character should be avaiable. + require(_heroInstance.availableAt <= now); + + _heroInstance.lastLocationId = _locationId; + _heroInstance.availableAt = now + _duration; + + // As the hero has been deployed to another place, fire event. + Deploy(msg.sender, _tokenId, _locationId, _duration); + } + + // @dev Add exp. + // This is intended to be called by Dungeon, Arena, Guild contracts. + function addExp(uint256 _tokenId, uint32 _exp) + onlyAccessDeploy + public + returns (bool) + { + // The hero should be possessed by anybody. + require(ownerOf(_tokenId) != address(0)); + + var _heroInstance = tokenIdToHeroInstance[_tokenId]; + + var _newExp = _heroInstance.currentExp + _exp; + + // Sanity check to ensure we don't overflow. + require(_newExp == uint256(uint128(_newExp))); + + _heroInstance.currentExp += _newExp; + + } + + // @dev Add deposit. + // This is intended to be called by Dungeon, Arena, Guild contracts. + function addDeposit(address _to, uint256 _amount) + onlyAccessDeposit + public + { + // Increment deposit. + addressToGoldDeposit[_to] += _amount; + } + + // @dev Level up the hero with _tokenId. + // This function is called by the owner of the hero. + function levelUp(uint256 _tokenId) + onlyOwnerOf(_tokenId) whenNotPaused + public + { + + // Hero instance. + var _heroInstance = tokenIdToHeroInstance[_tokenId]; + + // The character should be avaiable. (Should have already returned from the dungeons, arenas, etc.) + require(_heroInstance.availableAt <= now); + + // The information of the hero's class. + var _heroClassInfo = heroClasses[_heroInstance.heroClassId]; + + // Hero shouldn't level up exceed its max level. + require(_heroInstance.currentLevel < _heroClassInfo.maxLevel); + + // Required Exp. + var requiredExp = getHeroRequiredExpForLevelUp(_tokenId); + + // Need to have enough exp. + require(_heroInstance.currentExp >= requiredExp); + + // Required Gold. + var requiredGold = getHeroRequiredGoldForLevelUp(_tokenId); + + // Owner of token. + var _ownerOfToken = ownerOf(_tokenId); + + // Need to have enough Gold balance. + require(addressToGoldDeposit[_ownerOfToken] >= requiredGold); + + // Increase Level. + _heroInstance.currentLevel += 1; + + // Increase Stats. + for (uint8 i = 0; i < 5; i++) { + _heroInstance.currentStats[i] = _heroClassInfo.baseStats[i] + (_heroInstance.currentLevel - 1) * _heroInstance.ivForStats[i]; + } + + // Deduct exp. + _heroInstance.currentExp -= requiredExp; + + // Deduct gold. + addressToGoldDeposit[_ownerOfToken] -= requiredGold; + + // Fire event. + LevelUp(msg.sender, _tokenId, _heroInstance.currentLevel); + } + + // @dev Transfer deposit (with the allowance pattern.) + function transferDeposit(uint256 _amount) + whenNotPaused + public + { + require(goldContract.allowance(msg.sender, this) >= _amount); + + // Send msg.sender's Gold to this contract. + if (goldContract.transferFrom(msg.sender, this, _amount)) { + // Increment deposit. + addressToGoldDeposit[msg.sender] += _amount; + } + } + + // @dev Withdraw deposit. + function withdrawDeposit(uint256 _amount) + public + { + require(addressToGoldDeposit[msg.sender] >= _amount); + + // Send deposit of Golds to msg.sender. (Rather minting...) + if (goldContract.transfer(msg.sender, _amount)) { + // Decrement deposit. + addressToGoldDeposit[msg.sender] -= _amount; + } + } + + // @dev return a pseudo random number between lower and upper bounds + function random(uint32 _upper, uint32 _lower) + private + returns (uint32) + { + require(_upper > _lower); + + seed = uint32(keccak256(keccak256(block.blockhash(block.number), seed), now)); + return seed % (_upper - _lower) + _lower; + } + +} \ No newline at end of file diff --git a/data_full/CVE/2018-13041.sol b/data_full/CVE/2018-13041.sol new file mode 100644 index 0000000000000000000000000000000000000000..e2713b92cd76a3a1d556bbbcc4c40ca2eb5283db --- /dev/null +++ b/data_full/CVE/2018-13041.sol @@ -0,0 +1,194 @@ +/** + *Submitted for verification at Etherscan.io on 2017-06-29 +*/ + +pragma solidity ^0.4.8; + +/// @title Link Token. This Token will remain the cornerstone of the entire organization. It will have an Ethereum address and from the moment that address is publish until the end, it will remain the same, and should. The Token should be as simple as it possibly can be and should not be able to terminate. It's state remains so that those who control their Tokens will continue to do so. +/// @author Riaan F Venter~ RFVenter~ + + +/* + * ERC20Basic + * Simpler version of ERC20 interface + * see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20Basic { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function transfer(address to, uint value); + event Transfer(address indexed from, address indexed to, uint value); +} + +/** + * Math operations with safety checks + */ +library SafeMath { + function mul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint a, uint b) internal returns (uint) { + assert(b > 0); + uint c = a / b; + assert(a == b * c + a % b); + return c; + } + + function sub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + + function add(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c >= a); + return c; + } + + function max64(uint64 a, uint64 b) internal constant returns (uint64) { + return a >= b ? a : b; + } + + function min64(uint64 a, uint64 b) internal constant returns (uint64) { + return a < b ? a : b; + } + + function max256(uint256 a, uint256 b) internal constant returns (uint256) { + return a >= b ? a : b; + } + + function min256(uint256 a, uint256 b) internal constant returns (uint256) { + return a < b ? a : b; + } + + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} + + +/* + * Basic token + * Basic version of StandardToken, with no allowances + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint; + + mapping(address => uint) balances; + + /* + * Fix for the ERC20 short address attack + */ + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + } + + function balanceOf(address _owner) constant returns (uint balance) { + return balances[_owner]; + } + +} + + +/* + * ERC20 interface + * see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) constant returns (uint); + function transferFrom(address from, address to, uint value); + function approve(address spender, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} + + +/** + * Standard ERC20 token + * + * https://github.com/ethereum/EIPs/issues/20 + * Based on code by FirstBlood: + * https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is BasicToken, ERC20 { + + mapping (address => mapping (address => uint)) allowed; + + function transferFrom(address _from, address _to, uint _value) { + var _allowance = allowed[_from][msg.sender]; + + // Check is not needed because sub(_allowance, _value) will already throw if this condition is not met + // if (_value > _allowance) throw; + + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + } + + function approve(address _spender, uint _value) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + } + + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowed[_owner][_spender]; + } +} + +/* + * Ownable + * + * Base contract with an owner. + * Provides onlyOwner modifier, which prevents function from running if it is called by anyone other than the owner. + */ +contract Ownable { + address public owner; + + function Ownable() { + owner = msg.sender; + } + + modifier onlyOwner() { + if (msg.sender != owner) { + throw; + } + _; + } + + function transferOwnership(address newOwner) onlyOwner { + if (newOwner != address(0)) { + owner = newOwner; + } + } + +} + + +contract LinkToken is StandardToken, Ownable { + + string public name = "Link Platform"; // Name of the Token + string public symbol = "LNK"; // ERC20 compliant Token code + uint public decimals = 18; // Token has 18 digit precision + uint public totalSupply; // Total supply + + function mint(address _spender, uint _value) + onlyOwner { + + balances[_spender] += _value; + totalSupply += _value; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13068.sol b/data_full/CVE/2018-13068.sol new file mode 100644 index 0000000000000000000000000000000000000000..f2246fdd4fe87f8a48b96394c69092d27a094ccf --- /dev/null +++ b/data_full/CVE/2018-13068.sol @@ -0,0 +1,166 @@ +/** + *Submitted for verification at Etherscan.io on 2017-10-30 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract AzurionToken is owned { + mapping (address => uint256) public balanceOf; + mapping (address => bool) public frozenAccount; + mapping (address => mapping (address => uint256)) public allowance; + + uint256 public totalSupply; + string public constant name = "Azurion"; + string public constant symbol = "AZU"; + uint8 public constant decimals = 18; + + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + event FrozenFunds(address target, bool frozen); + + function AzurionToken(uint256 initialSupply, address centralMinter) { + if(centralMinter != 0 ) owner = centralMinter; + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + } + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) onlyOwner public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other ccount + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) onlyOwner public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } + + function () { + revert(); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13069.sol b/data_full/CVE/2018-13069.sol new file mode 100644 index 0000000000000000000000000000000000000000..a9aefe6d77149d9d7397126adf961c2be193893b --- /dev/null +++ b/data_full/CVE/2018-13069.sol @@ -0,0 +1,248 @@ +/** + *Submitted for verification at Etherscan.io on 2018-04-03 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract DYC is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function DYC( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13070.sol b/data_full/CVE/2018-13070.sol new file mode 100644 index 0000000000000000000000000000000000000000..2747c71fcbd6f4b912df37b126bd9263f068115a --- /dev/null +++ b/data_full/CVE/2018-13070.sol @@ -0,0 +1,169 @@ +/** + *Submitted for verification at Etherscan.io on 2018-06-29 +*/ + +pragma solidity ^0.4.24; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + + + mapping (address => uint256) public balanceOf; + + + mapping (address => mapping (address => uint256)) public allowance; + + + event Transfer(address indexed from, address indexed to, uint256 value); + + event Burn(address indexed from, uint256 value); + + + function TokenERC20(uint256 initialSupply, string tokenName, string tokenSymbol) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + + + function _transfer(address _from, address _to, uint _value) internal { + + require(_to != 0x0); + + require(balanceOf[_from] >= _value); + + require(balanceOf[_to] + _value > balanceOf[_to]); + + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + + + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +contract EncryptedToken is owned, TokenERC20 { + uint256 INITIAL_SUPPLY = 100000000; + uint256 public buyPrice = 1; + mapping (address => bool) public frozenAccount; + + event FrozenFunds(address target, bool frozen); + + function EncryptedToken() TokenERC20(INITIAL_SUPPLY, 'ECC', 'ECC') payable public {} + + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + emit Transfer(_from, _to, _value); + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newBuyPrice) onlyOwner public { + buyPrice = newBuyPrice; + } + + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + function () payable public { + owner.send(msg.value);// + uint amount = msg.value * buyPrice; // calculates the amount + _transfer(owner, msg.sender, amount); + } + + function selfdestructs() onlyOwner payable public { + selfdestruct(owner); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13071.sol b/data_full/CVE/2018-13071.sol new file mode 100644 index 0000000000000000000000000000000000000000..66840e87030a9cb2b68fec6946a77a1ad680ad63 --- /dev/null +++ b/data_full/CVE/2018-13071.sol @@ -0,0 +1,231 @@ +/** + *Submitted for verification at Etherscan.io on 2017-11-18 +*/ + +//ERC20 Token +pragma solidity ^0.4.17; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = "T10 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /*************************************************/ + mapping(address=>uint256) public indexes; + mapping(uint256=>address) public addresses; + uint256 public lastIndex = 0; + /*************************************************/ + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + /*****************************************/ + addresses[1] = msg.sender; + indexes[msg.sender] = 1; + lastIndex = 1; + /*****************************************/ + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts _ to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract CCindexToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping(address=>bool) public frozenAccount; + + + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + uint256 public constant initialSupply = 40000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "CCindex10"; + string public tokenSymbol = "T10"; + function CCindexToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + /* Send coins */ + function transfer(address _to, uint256 _value) { + // if(!canHolderTransfer()) throw; + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + if(_value > 0){ + if(balanceOf[msg.sender] == 0){ + addresses[indexes[msg.sender]] = addresses[lastIndex]; + indexes[addresses[lastIndex]] = indexes[msg.sender]; + indexes[msg.sender] = 0; + delete addresses[lastIndex]; + lastIndex--; + } + if(indexes[_to]==0){ + lastIndex++; + addresses[lastIndex] = _to; + indexes[_to] = lastIndex; + } + } + } + + function getAddresses() constant returns (address[]){ + address[] memory addrs = new address[](lastIndex); + for(uint i = 0; i < lastIndex; i++){ + addrs[i] = addresses[i+1]; + } + return addrs; + } + + function distributeTokens(uint startIndex,uint endIndex) onlyOwner returns (uint) { + // if(balanceOf[owner] < _amount) throw; + uint distributed = 0; + require(startIndex < endIndex); + + for(uint i = startIndex; i < lastIndex; i++){ + address holder = addresses[i+1]; + uint reward = balanceOf[holder] * 3 / 100; + balanceOf[holder] += reward; + distributed += reward; + Transfer(0, holder, reward); + } + + // balanceOf[owner] -= distributed; + totalSupply += distributed; + return distributed; + } + + /************************************************************************/ + + /************************************************************************/ + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13072.sol b/data_full/CVE/2018-13072.sol new file mode 100644 index 0000000000000000000000000000000000000000..c19de8631d989d6771d750c16943d4ba34c84956 --- /dev/null +++ b/data_full/CVE/2018-13072.sol @@ -0,0 +1,168 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-16 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + revert(); // Prevents accidental sending of ether + } +} + +contract Coffeecoin is owned, token { + + uint public buyRate = 4000; // price of one token + bool public isSelling = true; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function Coffeecoin( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); // Check if frozen + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setBuyRate(uint newBuyRate) onlyOwner { + buyRate = newBuyRate; + } + + function setSelling(bool newStatus) onlyOwner { + isSelling = newStatus; + } + + function buy() payable { + if(isSelling == false) revert(); + uint amount = msg.value * buyRate; // calculates the amount + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[owner] -= amount; // subtracts amount from seller's balance + Transfer(owner, msg.sender, amount); // execute an event reflecting the change + } + + function withdrawToOwner(uint256 amountWei) onlyOwner { + owner.transfer(amountWei); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13073.sol b/data_full/CVE/2018-13073.sol new file mode 100644 index 0000000000000000000000000000000000000000..58a0f14c4c8521d28600d88e3d8dfd177b1da8aa --- /dev/null +++ b/data_full/CVE/2018-13073.sol @@ -0,0 +1,175 @@ +/** + *Submitted for verification at Etherscan.io on 2017-10-30 +*/ + +//ERC20 Token +pragma solidity ^0.4.17; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = "ETHEREUMBLACK"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts _ to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract ETHEREUMBLACK is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping(address=>bool) public frozenAccount; + + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + uint256 public constant initialSupply = 200000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "ETHEREUMBLACK"; + string public tokenSymbol = "ETCBK"; + function ETHEREUMBLACK() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13074.sol b/data_full/CVE/2018-13074.sol new file mode 100644 index 0000000000000000000000000000000000000000..e63dfe32e017992ccee13e3e1f05228a3564e8bb --- /dev/null +++ b/data_full/CVE/2018-13074.sol @@ -0,0 +1,227 @@ +/** + *Submitted for verification at Etherscan.io on 2018-06-29 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + uint256 initialSupply=5000000000; + string tokenName='FIB'; + string tokenSymbol='FIB'; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + emit Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + emit Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract FIBToken is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function FIBToken( + + ) TokenERC20() public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + emit Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } + + +} \ No newline at end of file diff --git a/data_full/CVE/2018-13075.sol b/data_full/CVE/2018-13075.sol new file mode 100644 index 0000000000000000000000000000000000000000..0a2079f85fd3c14cc0a72a7bf3974085817e9493 --- /dev/null +++ b/data_full/CVE/2018-13075.sol @@ -0,0 +1,275 @@ +/** + *Submitted for verification at Etherscan.io on 2018-03-22 +*/ + +/** 官方高級token */ + + +pragma solidity ^0.4.18; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } + + function destruct() public onlyOwner { + selfdestruct(owner); + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20() public { + totalSupply = 500000000000 * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = "Carbon Exchange Coin Token"; // Set the name for display purposes + symbol = "CEC"; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract CarbonExchangeCoinToken is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + uint256 public decimals = 18; + string public tokenName; + string public tokenSymbol; + uint minBalanceForAccounts ; //threshold amount + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + + + function CarbonExchangeCoinToken() public { + owner = msg.sender; + totalSupply = 50000000000000000000000000000; + balanceOf[owner]=totalSupply; + tokenName="Carbon Exchange Coin Token"; + tokenSymbol="CEC"; + } + + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + ///@param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } + + + /* 设置自动补充gas的阈值信息 201803202232 james */ + function setMinBalance(uint minimumBalanceInFinney) public onlyOwner { + minBalanceForAccounts = minimumBalanceInFinney * 1 finney; + } + + /* 设置tokenname */ + function setTokenName(string newTokenName) public onlyOwner{ + tokenName = newTokenName; + } + /* 设置tokenSymbol */ + function setTokenSymbol(string newTokenSymbol) public onlyOwner{ + tokenSymbol = newTokenSymbol; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13076.sol b/data_full/CVE/2018-13076.sol new file mode 100644 index 0000000000000000000000000000000000000000..8de0473038d8ef18a0a8fb36517340068d59cfaf --- /dev/null +++ b/data_full/CVE/2018-13076.sol @@ -0,0 +1,168 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-16 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + revert(); // Prevents accidental sending of ether + } +} + +contract Betcash is owned, token { + + uint public buyRate = 4000; // price of one token + bool public isSelling = true; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function Betcash( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); // Check if frozen + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setBuyRate(uint newBuyRate) onlyOwner { + buyRate = newBuyRate; + } + + function setSelling(bool newStatus) onlyOwner { + isSelling = newStatus; + } + + function buy() payable { + if(isSelling == false) revert(); + uint amount = msg.value * buyRate; // calculates the amount + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[owner] -= amount; // subtracts amount from seller's balance + Transfer(owner, msg.sender, amount); // execute an event reflecting the change + } + + function withdrawToOwner(uint256 amountWei) onlyOwner { + owner.transfer(amountWei); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13077.sol b/data_full/CVE/2018-13077.sol new file mode 100644 index 0000000000000000000000000000000000000000..1cc56b0e6b5a0d867cee677cc4940b4310501047 --- /dev/null +++ b/data_full/CVE/2018-13077.sol @@ -0,0 +1,199 @@ +/** + *Submitted for verification at Etherscan.io on 2017-10-23 +*/ + +pragma solidity ^0.4.13; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } + +} + +contract tokenRecipient { function receiveApproval(address from, uint256 value, address token, bytes extraData); } + +contract token { + // Public variables of the token / + string public name = 'CTB'; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* This notifies clients about the amount burnt */ + event Burn(address indexed from, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Send `_value` tokens to `_to` from your account + /// @param _to The address of the recipient + /// @param _value the amount to send + function transfer(address _to, uint256 _value) { + _transfer(msg.sender, _to, _value); + } + + /// @notice Send `_value` tokens to `_to` in behalf of `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value the amount to send + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require (_value < allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /// @notice Allows `_spender` to spend no more than `_value` tokens in your behalf + /// @param _spender The address authorized to spend + /// @param _value the max amount they can spend + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /// @notice Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + /// @param _spender The address authorized to spend + /// @param _value the max amount they can spend + /// @param _extraData some extra information to send to the approved contract + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /// @notice Remove `_value` tokens from the system irreversibly + /// @param _value the amount of money to burn + function burn(uint256 _value) returns (bool success) { + require (balanceOf[msg.sender] > _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + function burnFrom(address _from, uint256 _value) returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } + +} + +contract CTB is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function CTB( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } + +} \ No newline at end of file diff --git a/data_full/CVE/2018-13078.sol b/data_full/CVE/2018-13078.sol new file mode 100644 index 0000000000000000000000000000000000000000..ae9bfa15300c2ffaa00ff6ca825aa03107e6b12d --- /dev/null +++ b/data_full/CVE/2018-13078.sol @@ -0,0 +1,145 @@ +/** + *Submitted for verification at Etherscan.io on 2018-03-19 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() public{ + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract token { + /* Public variables of the token */ + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) public { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) public { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () public { + revert(); // Prevents accidental sending of ether + } +} + +contract Jitech is owned, token { + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function Jitech( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) public token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) public { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + if (frozenAccount[_from]) revert(); // Check if frozen + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) public onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) public onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13079.sol b/data_full/CVE/2018-13079.sol new file mode 100644 index 0000000000000000000000000000000000000000..4120de00103ba21e8fb24fb397b57637266e46f5 --- /dev/null +++ b/data_full/CVE/2018-13079.sol @@ -0,0 +1,161 @@ +/** + *Submitted for verification at Etherscan.io on 2018-03-19 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract GoodTo { + + string public name; + string public symbol; + uint8 public decimals = 18; + + uint256 public totalSupply; + + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + + function GoodTo( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} + +contract StandardToken is owned, GoodTo { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + event FrozenFunds(address target, bool frozen); + + function StandardToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) GoodTo(initialSupply, tokenName, tokenSymbol) public {} + + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13080.sol b/data_full/CVE/2018-13080.sol new file mode 100644 index 0000000000000000000000000000000000000000..31356bc119c01760922250250c0d7a243df5eb2b --- /dev/null +++ b/data_full/CVE/2018-13080.sol @@ -0,0 +1,145 @@ +/** + *Submitted for verification at Etherscan.io on 2018-03-19 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() public{ + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract token { + /* Public variables of the token */ + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) public { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) public { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () public { + revert(); // Prevents accidental sending of ether + } +} + +contract Goutex is owned, token { + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function Goutex( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) public token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) public { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + if (frozenAccount[_from]) revert(); // Check if frozen + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) public onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) public onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13081.sol b/data_full/CVE/2018-13081.sol new file mode 100644 index 0000000000000000000000000000000000000000..81d8ec169773af5cf8a58073fab1efd3a96e2b4b --- /dev/null +++ b/data_full/CVE/2018-13081.sol @@ -0,0 +1,171 @@ +/** + *Submitted for verification at Etherscan.io on 2017-07-19 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract GZSToken is owned, token { + + uint public buyRate = 46000; // price one token per ether + bool public isSelling = true; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function GZSToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setBuyRate(uint newBuyRate) onlyOwner { + buyRate = newBuyRate; + } + + function setSelling(bool newStatus) onlyOwner { + isSelling = newStatus; + } + + function buy() payable { + if(isSelling == false) throw; + uint amount = msg.value * buyRate; // calculates the amount + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function withdrawToOwner(uint256 amountWei) onlyOwner { + owner.transfer(amountWei); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13082.sol b/data_full/CVE/2018-13082.sol new file mode 100644 index 0000000000000000000000000000000000000000..10bee82da3eb19b0ad84825d4eb93941deb1daf1 --- /dev/null +++ b/data_full/CVE/2018-13082.sol @@ -0,0 +1,255 @@ +/** + *Submitted for verification at Etherscan.io on 2018-03-19 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract ModiTokenERC20 { + string public constant _myTokeName = 'MODI Token';//change here + string public constant _mySymbol = 'MODI';//change here + uint public constant _myinitialSupply = 10000;//leave it + uint8 public constant _myDecimal = 18;//leave it + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function ModiTokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + decimals = _myDecimal; + totalSupply = _myinitialSupply * (10 ** uint256(_myDecimal)); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = _myTokeName; // Set the name for display purposes + symbol = _mySymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract MyAdvancedToken is owned, ModiTokenERC20 { + + + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) ModiTokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13083.sol b/data_full/CVE/2018-13083.sol new file mode 100644 index 0000000000000000000000000000000000000000..0ec1cc2d761ac095311dfeea6ea77e9b69098943 --- /dev/null +++ b/data_full/CVE/2018-13083.sol @@ -0,0 +1,219 @@ +/** + *Submitted for verification at Etherscan.io on 2018-05-25 +*/ + +pragma solidity ^0.4.21; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + emit Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + emit Burn(_from, _value); + return true; + } +} + +contract PlazaToken is owned, TokenERC20 { + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function PlazaToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + emit Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13084.sol b/data_full/CVE/2018-13084.sol new file mode 100644 index 0000000000000000000000000000000000000000..d9cab28aaae55802e181904ee9a344f9648352c4 --- /dev/null +++ b/data_full/CVE/2018-13084.sol @@ -0,0 +1,155 @@ +/** + *Submitted for verification at Etherscan.io on 2018-03-28 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient +{ +function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; +} + +contract StandardToken { + + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + event Transfer(address indexed from, address indexed to, uint256 value); + + event Burn(address indexed from, uint256 value); + + function StandardToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + + function _transfer(address _from, address _to, uint _value) { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + function transfer(address _to, uint256 _value) public returns (bool success) + { + _transfer(msg.sender, _to, _value); + return true; + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} + +contract GoodTimeCoin is owned, StandardToken { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + event FrozenFunds(address target, bool frozen); + + function GoodTimeCoin( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) StandardToken(initialSupply, tokenName, tokenSymbol) public {} + + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13085.sol b/data_full/CVE/2018-13085.sol new file mode 100644 index 0000000000000000000000000000000000000000..3c2f97a76270e606cc91784d858aa2d14ad47a25 --- /dev/null +++ b/data_full/CVE/2018-13085.sol @@ -0,0 +1,295 @@ +/** + *Submitted for verification at Etherscan.io on 2018-04-06 +*/ + +/** +---------------------------------------------------------------------------------------------- +FreeCoin Token Contract, version 3.01 + +Interwave Global +www.iw-global.com +---------------------------------------------------------------------------------------------- +**/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + uint public free = 100 * 10 ** uint256(decimals); + + // This creates an array with all balances + mapping (address => uint256) public balances; + mapping (address => mapping (address => uint256)) public allowance; + mapping (address => bool) public created; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + + function changeFree(uint newFree) public { + free = newFree; + } + + + function balanceOf(address _owner) public constant returns (uint balance) { + //if (!created[_owner] ) { + if (!created[_owner] && balances[_owner] == 0) { + return free; + } + else + { + return balances[_owner]; + } + } + + + + /** + * Constructor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balances[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + created[msg.sender] = true; + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + + if (!created[_from]) { + balances[_from] = free; + created[_from] = true; + } + + if (!created[_to]) { + created[_to] = true; + } + + + // Check if the sender has enough + require(balances[_from] >= _value); + // Check for overflows + require(balances[_to] + _value >= balances[_to]); + // Save this for an assertion in the future + uint previousBalances = balances[_from] + balances[_to]; + // Subtract from the sender + balances[_from] -= _value; + // Add the same to the recipient + balances[_to] += _value; + + emit Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balances[_from] + balances[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` on behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens on your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balances[msg.sender] >= _value); // Check if the sender has enough + balances[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + emit Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balances[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balances[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + emit Burn(_from, _value); + return true; + } +} + + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract FreeCoin is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function FreeCoin( + uint256 initialSupply, + string tokenName , + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + /** + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balances[_from] >= _value); // Check if the sender has enough + require (balances[_to] + _value >= balances[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balances[_from] -= _value; // Subtract from the sender + balances[_to] += _value; // Add the same to the recipient + emit Transfer(_from, _to, _value); + } + **/ + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balances[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(address(this).balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13086.sol b/data_full/CVE/2018-13086.sol new file mode 100644 index 0000000000000000000000000000000000000000..bcf5798b8996328d10bfb6f6db51d6905021f1fb --- /dev/null +++ b/data_full/CVE/2018-13086.sol @@ -0,0 +1,175 @@ +/** + *Submitted for verification at Etherscan.io on 2018-04-16 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract Token { + + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + event Transfer(address indexed from, address indexed to, uint256 value); + + event Burn(address indexed from, uint256 value); + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + + + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} + +contract IADOWR is owned, Token { + string public name = "IADOWR Coin"; + string public symbol = "IAD"; + address public IADAddress = this; + uint8 public decimals = 18; + uint256 public initialSupply = 2000000000000000000000000000; + uint256 public totalSupply = 2000000000000000000000000000; + uint256 public unitsOneEthCanBuy = 5000; + uint256 public buyPriceEth = 0.2 finney; + uint256 public sellPriceEth = 0.1 finney; + uint256 public gasForIAD = 30000 wei; + uint256 public IADForGas = 1; + uint256 public gasReserve = 0.1 ether; + uint256 public minBalanceForAccounts = 2 finney; + bool public directTradeAllowed = false; + + + function IADOWR() { + balanceOf[msg.sender] = totalSupply; + } + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + event FrozenFunds(address target, bool frozen); + + + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + + + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13087.sol b/data_full/CVE/2018-13087.sol new file mode 100644 index 0000000000000000000000000000000000000000..9e979ac3c0f272791c0e9fbc30799805a886a309 --- /dev/null +++ b/data_full/CVE/2018-13087.sol @@ -0,0 +1,233 @@ +/** + *Submitted for verification at Etherscan.io on 2018-07-02 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; // decimals 可以有的小数点个数,最小的代币单位。18 是建议的默认值 + uint256 public totalSupply; + + // 用mapping保存每个地址对应的余额 + mapping (address => uint256) public balanceOf; + // 存储对账号的控制 + mapping (address => mapping (address => uint256)) public allowance; + + // 事件,用来通知客户端交易发生 + event Transfer(address indexed from, address indexed to, uint256 value); + + // 事件,用来通知客户端代币被消费 + event Burn(address indexed from, uint256 value); + + /** + * 初始化构造 + */ + function TokenERC20(uint256 initialSupply, string tokenName, string tokenSymbol) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // 供应的份额,份额跟最小的代币单位有关,份额 = 币数 * 10 ** decimals。 + balanceOf[msg.sender] = totalSupply; // 创建者拥有所有的代币 + name = tokenName; // 代币名称 + symbol = tokenSymbol; // 代币符号 + } + + /** + * 代币交易转移的内部实现 + */ + function _transfer(address _from, address _to, uint _value) internal { + // 确保目标地址不为0x0,因为0x0地址代表销毁 + require(_to != 0x0); + // 检查发送者余额 + require(balanceOf[_from] >= _value); + // 确保转移为正数个 + require(balanceOf[_to] + _value > balanceOf[_to]); + + // 以下用来检查交易, + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + + // 用assert来检查代码逻辑。 + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * 代币交易转移 + * 从创建交易者账号发送`_value`个代币到 `_to`账号 + * + * @param _to 接收者地址 + * @param _value 转移数额 + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * 账号之间代币交易转移 + * @param _from 发送者地址 + * @param _to 接收者地址 + * @param _value 转移数额 + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * 设置某个地址(合约)可以交易者名义花费的代币数。 + * + * 允许发送者`_spender` 花费不多于 `_value` 个代币 + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * 设置允许一个地址(合约)以交易者名义可最多花费的代币数。 + * + * @param _spender 被授权的地址(合约) + * @param _value 最大可花费代币数 + * @param _extraData 发送给合约的附加数据 + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * 销毁创建者账户中指定个代币 + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * 销毁用户账户中指定个代币 + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract MyAdvancedToken is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) payable public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13088.sol b/data_full/CVE/2018-13088.sol new file mode 100644 index 0000000000000000000000000000000000000000..59e8bad7a7b48fdf84980816d1a55176c06d38af --- /dev/null +++ b/data_full/CVE/2018-13088.sol @@ -0,0 +1,248 @@ +/** + *Submitted for verification at Etherscan.io on 2018-06-23 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract MyAdvancedToken is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13089.sol b/data_full/CVE/2018-13089.sol new file mode 100644 index 0000000000000000000000000000000000000000..e5ce56e8660b4ed8ca95963227f5485693dbf791 --- /dev/null +++ b/data_full/CVE/2018-13089.sol @@ -0,0 +1,254 @@ +/** + *Submitted for verification at Etherscan.io on 2017-11-10 +*/ + +pragma solidity ^0.4.16; + + // ---------------------------------------------------------------------------------------------- + // UCoin Token Contract, version 2.00 + // UNIVERSAL COIN INTERNATIONAL INC + // OMC Chambers, Wickhams Cay 1, Road Town, Tortola, British Virgin Islands + // ---------------------------------------------------------------------------------------------- + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + // Public variables of the token + string public name ; + string public symbol ; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply ; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract UCoinToken is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function UCoinToken( + + ) + + TokenERC20(5000000000, "Universal Coin", "UCOIN") public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13090.sol b/data_full/CVE/2018-13090.sol new file mode 100644 index 0000000000000000000000000000000000000000..c09670f9145e1e480fae0831ae54d897b3b96e74 --- /dev/null +++ b/data_full/CVE/2018-13090.sol @@ -0,0 +1,248 @@ +/** + *Submitted for verification at Etherscan.io on 2018-02-08 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract YiTongCoin is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function YiTongCoin( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13091.sol b/data_full/CVE/2018-13091.sol new file mode 100644 index 0000000000000000000000000000000000000000..689ae36194cfb6e8f3e53188e0ab01daa0752314 --- /dev/null +++ b/data_full/CVE/2018-13091.sol @@ -0,0 +1,206 @@ +/** + *Submitted for verification at Etherscan.io on 2017-11-18 +*/ + +pragma solidity ^0.4.16; + +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal constant returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } + } + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract sumocoin is owned { + + using SafeMath for uint256; + + // Public variables of the token + string public name = "sumocoin"; + string public symbol = "SUMO"; + uint8 public decimals = 18; + uint256 public totalSupply = 10**25; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + + function sumocoin(){ + balanceOf[msg.sender] = totalSupply; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } + + function distributeToken(address[] addresses, uint256 _value) onlyOwner { + for (uint i = 0; i < addresses.length; i++) { + balanceOf[owner] -= _value; + balanceOf[addresses[i]] += _value; + Transfer(owner, addresses[i], _value); + } +} +} \ No newline at end of file diff --git a/data_full/CVE/2018-13092.sol b/data_full/CVE/2018-13092.sol new file mode 100644 index 0000000000000000000000000000000000000000..d52ebf4ef8279bf96727e118c146b504535536d8 --- /dev/null +++ b/data_full/CVE/2018-13092.sol @@ -0,0 +1,178 @@ +/** + *Submitted for verification at Etherscan.io on 2018-01-23 +*/ + +pragma solidity ^0.4.18; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract ReimburseToken is owned{ + // Public variables + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + + // Balances array + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + //ERC20 events + event Transfer(address indexed from, address indexed to, uint256 value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function ReimburseToken( + uint256 initialSupply + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = "Reimburse Token"; + symbol = "REIM"; + decimals = 18; + } + + /** + * ERC20 balance function + */ + function balanceOf(address _owner) public constant returns (uint256 balance) { + return balanceOf[_owner]; + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + // Failsafe logic that should never be false + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens on your behalf + * + * @param _spender the address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public returns (bool success) { + + allowance[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it + * + * @param _spender the address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + +} + +contract AdvReimburseToken is owned, ReimburseToken { + + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function AdvReimburseToken( + uint256 initialSupply + ) ReimburseToken(initialSupply) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + +} \ No newline at end of file diff --git a/data_full/CVE/2018-13113.sol b/data_full/CVE/2018-13113.sol new file mode 100644 index 0000000000000000000000000000000000000000..bfb0b89b895bc24da0e410dff234aa837958b449 --- /dev/null +++ b/data_full/CVE/2018-13113.sol @@ -0,0 +1,142 @@ +pragma solidity ^0.4.4; + +contract Token { + + /// @return total amount of tokens + function totalSupply() constant returns (uint256 supply) {} + + /// @param _owner The address from which the balance will be retrieved + /// @return The balance + function balanceOf(address _owner) constant returns (uint256 balance) {} + + /// @notice send `_value` token to `_to` from `msg.sender` + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transfer(address _to, uint256 _value) returns (bool success) {} + + /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + + /// @notice `msg.sender` approves `_addr` to spend `_value` tokens + /// @param _spender The address of the account able to transfer the tokens + /// @param _value The amount of wei to be approved for transfer + /// @return Whether the approval was successful or not + function approve(address _spender, uint256 _value) returns (bool success) {} + + /// @param _owner The address of the account owning tokens + /// @param _spender The address of the account able to transfer the tokens + /// @return Amount of remaining tokens allowed to spent + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + +} + +contract StandardToken is Token { + + function transfer(address _to, uint256 _value) returns (bool success) { + //Default assumes totalSupply can't be over max (2^256 - 1). + //If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap. + //Replace the if with this one instead. + //if (balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + //same as above. Replace this line with the following if you want to protect against wrapping uints. + //if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} + +contract HashnodeTestCoin is StandardToken { // CHANGE THIS. Update the contract name. + + /* Public variables of the token */ + + /* + NOTE: + The following variables are OPTIONAL vanities. One does not have to include them. + They allow one to customise the token contract & in no way influences the core functionality. + Some wallets/interfaces might not even bother to look at this information. + */ + string public name; // Token Name + uint8 public decimals; // How many decimals to show. To be standard complicant keep it 18 + string public symbol; // An identifier: eg SBX, XPR etc.. + string public version = 'H1.0'; + uint256 public unitsOneEthCanBuy; // How many units of your coin can be bought by 1 ETH? + uint256 public totalEthInWei; // WEI is the smallest unit of ETH (the equivalent of cent in USD or satoshi in BTC). We'll store the total ETH raised via our ICO here. + address public fundsWallet; // Where should the raised ETH go? + + // This is a constructor function + // which means the following function name has to match the contract name declared above + function HashnodeTestCoin() { + balances[msg.sender] = 100000000000000000000000000; // Give the creator all initial tokens. This is set to 1000 for example. If you want your initial tokens to be X and your decimal is 5, set this value to X * 100000. (CHANGE THIS) + totalSupply = 100000000000000000000000000; // Update total supply (1000 for example) (CHANGE THIS) + name = "Easy Trading Token"; // Set the name for display purposes (CHANGE THIS) + decimals = 18; // Amount of decimals for display purposes (CHANGE THIS) + symbol = "ETT"; // Set the symbol for display purposes (CHANGE THIS) + unitsOneEthCanBuy = 40000; // Set the price of your token for the ICO (CHANGE THIS) + fundsWallet = msg.sender; // The owner of the contract gets ETH + } + + function() payable{ + totalEthInWei = totalEthInWei + msg.value; + uint256 amount = msg.value * unitsOneEthCanBuy; + require(balances[fundsWallet] >= amount); + + balances[fundsWallet] = balances[fundsWallet] - amount; + balances[msg.sender] = balances[msg.sender] + amount; + + Transfer(fundsWallet, msg.sender, amount); // Broadcast a message to the blockchain + + //Transfer ether to fundsWallet + fundsWallet.transfer(msg.value); + } + + /* Approves and then calls the receiving contract */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + + //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this. + //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData) + //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead. + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; } + return true; + } +} diff --git a/data_full/CVE/2018-13126.sol b/data_full/CVE/2018-13126.sol new file mode 100644 index 0000000000000000000000000000000000000000..5e8ba7b5b167c887e18aa0481fef0d674e4b8c36 --- /dev/null +++ b/data_full/CVE/2018-13126.sol @@ -0,0 +1,301 @@ +pragma solidity ^0.4.18; + +/** + * @title ERC20Basic + * @dev Simpler version of ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/179 + */ +contract ERC20Basic { + uint256 public totalSupply; + + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + + event Transfer(address indexed from, address indexed to, uint256 value); +} + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + +/** + * @title Basic token + * @dev Basic version of StandardToken, with no allowances. + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + + mapping(address => uint256) balances; + + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + + Transfer(msg.sender, _to, _value); + + return true; + } + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } +} + +/** + * @title ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + + event Approval(address indexed owner, address indexed spender, uint256 value); +} + +/** + * @title Standard ERC20 token + * + * @dev Implementation of the basic standard token. + * @dev https://github.com/ethereum/EIPs/issues/20 + * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) internal allowed; + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + + Transfer(_from, _to, _value); + + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + + Approval(msg.sender, _spender, _value); + + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifying the amount of tokens still available for the spender. + */ + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } +} + +/** + * @title Spend Token + */ +contract SpendToken is StandardToken { + string public constant name = "Spend Token"; + string public constant symbol = "SPEND"; + uint8 public constant decimals = 18; + + address public presale; + address public team; + + uint public constant TOKEN_LIMIT = 50000000; + + /** + * @dev Create our actual token + */ + function SpendToken(address _presale, address _team) public { + require(_presale != address(0)); + require(_team != address(0)); + + presale = _presale; + team = _team; + } + + /** + * @dev Mint new tokens to the specified address, only callable by the + * presale contract itself + */ + function mint(address _holder, uint _value) external { + require(msg.sender == presale); + require(_value > 0); + require(totalSupply + _value <= TOKEN_LIMIT); + + balances[_holder] += _value; + totalSupply += _value; + + Transfer(0x0, _holder, _value); + } +} + +/** + * @title MoxyOne Presale + */ +contract MoxyOnePresale { + enum PreSaleState { + PreSaleStarted, + PreSaleFinished + } + + SpendToken public token; + PreSaleState public preSaleState = PreSaleState.PreSaleStarted; + address public team; + bool public isPaused = false; + uint256 public pricePerToken = 1 ether / 1000; + + event PreSaleStarted(); + event PreSaleFinished(); + event PreSalePaused(); + event PreSaleResumed(); + event TokenBuy(address indexed buyer, uint256 tokens); + + /** + * @dev Only allow the team to execute these commands + */ + modifier teamOnly { + require(msg.sender == team); + + _; + } + + /** + * @dev Create the presale contract and the token contract alongside + */ + function MoxyOnePresale() public { + team = msg.sender; + token = new SpendToken(this, team); + } + + /** + * @dev Pause the presale in the event of an emergency + */ + function pausePreSale() external teamOnly { + require(!isPaused); + require(preSaleState == PreSaleState.PreSaleStarted); + + isPaused = true; + + PreSalePaused(); + } + + /** + * @dev Resume the presale if necessary + */ + function resumePreSale() external teamOnly { + require(isPaused); + require(preSaleState == PreSaleState.PreSaleStarted); + + isPaused = false; + + PreSaleResumed(); + } + + /** + * @dev End the presale event, preventing any further token purchases + */ + function finishPreSale() external teamOnly { + require(preSaleState == PreSaleState.PreSaleStarted); + + preSaleState = PreSaleState.PreSaleFinished; + + PreSaleFinished(); + } + + /** + * @dev Withdraw the funds from this contract to the specified address + */ + function withdrawFunds(address _target, uint256 _amount) external teamOnly { + _target.transfer(_amount); + } + + /** + * @dev Buy tokens, called internally from the catcher + */ + function buyTokens(address _buyer, uint256 _value) internal returns (uint) { + require(_buyer != address(0)); + require(_value > 0); + require(preSaleState == PreSaleState.PreSaleStarted); + require(!isPaused); + + uint256 boughtTokens = _value / pricePerToken; + + require(boughtTokens > 0); + + token.mint(_buyer, boughtTokens); + + TokenBuy(_buyer, boughtTokens); + } + + /** + * @dev Catch any incoming payments to the contract and convert the ETH to tokens + */ + function () external payable { + buyTokens(msg.sender, msg.value); + } +} diff --git a/data_full/CVE/2018-13127.sol b/data_full/CVE/2018-13127.sol new file mode 100644 index 0000000000000000000000000000000000000000..565cd73162fd4e093ec24c1f6d0775f48e1cbaa7 --- /dev/null +++ b/data_full/CVE/2018-13127.sol @@ -0,0 +1,238 @@ +pragma solidity ^0.4.19; + +/** + * @title ERC20Basic + * @dev Simpler version of ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/179 + */ +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + +/** + * @title Basic token + * @dev Basic version of StandardToken, with no allowances. + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + + mapping(address => uint256) balances; + + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + + // SafeMath.sub will throw if there is not enough balance. + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } + +} + + + + + +/** + * @title ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + + + +/** + * @title Standard ERC20 token + * + * @dev Implementation of the basic standard token. + * @dev https://github.com/ethereum/EIPs/issues/20 + * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is ERC20, BasicToken { + + mapping (address => mapping (address => uint256)) internal allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifying the amount of tokens still available for the spender. + */ + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + + /** + * approve should be called when allowed[_spender] == 0. To increment + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + * From MonolithDAO Token.sol + */ + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + +} + +/** + * @title Spade PreSale Token + */ +contract DSPXToken is StandardToken { + + string public constant name = "SP8DE PreSale Token"; + string public constant symbol = "DSPX"; + uint8 public constant decimals = 18; + address public preSale; + address public team; + bool public isFrozen = true; + uint public constant TOKEN_LIMIT = 888888888 * (1e18); + + // Constructor + function DSPXToken(address _preSale, address _team) { + require(_preSale != address(0)); + require(_team != address(0)); + preSale = _preSale; + team = _team; + } + + // Create tokens + function mint(address holder, uint value) { + require(msg.sender == preSale); + require(value > 0); + require(totalSupply + value <= TOKEN_LIMIT); + + balances[holder] += value; + totalSupply += value; + Transfer(0x0, holder, value); + } + + // Allow token transfer + function unfreeze() external { + require(msg.sender == team); + isFrozen = false; + } + + // ERC20 functions + // ========================= + function transfer(address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transfer(_to, _value); + } + + function transferFrom(address _from, address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transferFrom(_from, _to, _value); + } + + function approve(address _spender, uint _value) public returns (bool) { + require(!isFrozen); + return super.approve(_spender, _value); + } +} diff --git a/data_full/CVE/2018-13128.sol b/data_full/CVE/2018-13128.sol new file mode 100644 index 0000000000000000000000000000000000000000..6a85b5c02bbc47bf0cd1e4edf772c5beff8a2414 --- /dev/null +++ b/data_full/CVE/2018-13128.sol @@ -0,0 +1,193 @@ +pragma solidity ^0.4.21; + +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256 c) { + if (a == 0) { + return 0; + } + c = a * b; + assert(c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + return a / b; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256 c) { + c = a + b; + assert(c >= a); + return c; + } +} + +/** +* @title Contract that will work with ERC223 tokens. +*/ + +contract ERC223ReceivingContract{ + /** + * @dev Standard ERC223 function that will handle incoming token transfers. + * + * @param _from Token sender address. + * @param _value Amount of tokens. + * @param _data Transaction metadata. + */ + function tokenFallback(address _from, uint _value, bytes _data) public; +} + +contract ERC20Basic { + uint public totalSupply; + function balanceOf(address who) public constant returns (uint); + function transfer(address to, uint value) public; + event Transfer(address indexed from, address indexed to, uint value); +} + +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint); + function transferFrom(address from, address to, uint value) public; + function approve(address spender, uint value) public; + event Approval(address indexed owner, address indexed spender, uint value); +} + +contract BasicToken is ERC20Basic { + using SafeMath for uint; + + mapping(address => uint) balances; + + modifier onlyPayloadSize(uint size) { + require(msg.data.length >= size + 4); + _; + } + + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) public { + uint codeLength; + bytes memory empty; + + assembly { + codeLength := extcodesize(_to) + } + + + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + + if(codeLength > 0) { + ERC223ReceivingContract receiver = ERC223ReceivingContract(_to); + receiver.tokenFallback(msg.sender, _value, empty); + } + + emit Transfer(msg.sender, _to, _value); + } + + function balanceOf(address _owner) public constant returns (uint balance) { + return balances[_owner]; + } + +} + +contract StandardToken is BasicToken, ERC20 { + + mapping (address => mapping (address => uint)) allowed; + + function transferFrom(address _from, address _to, uint _value) public { + uint256 _allowance = allowed[_from][msg.sender]; + uint codeLength; + bytes memory empty; + + assembly { + codeLength := extcodesize(_to) + } + + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + + if(codeLength>0) { + ERC223ReceivingContract receiver = ERC223ReceivingContract(_to); + receiver.tokenFallback(msg.sender, _value, empty); + } + + emit Transfer(_from, _to, _value); + } + + function approve(address _spender, uint _value) public { + allowed[msg.sender][_spender] = _value; + emit Approval(msg.sender, _spender, _value); + } + + function allowance(address _owner, address _spender) public constant returns (uint remaining) { + return allowed[_owner][_spender]; + } + +} + +contract BurnableToken is StandardToken { + + function burn(uint _value) public { + require(_value > 0); + address burner = msg.sender; + balances[burner] = balances[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + emit Burn(burner, _value); + } + + event Burn(address indexed burner, uint indexed value); + +} + +contract ETY is BurnableToken { + + string public name = "Etherty Token"; + string public symbol = "ETY"; + uint public decimals = 18; + uint constant TOKEN_LIMIT = 240 * 1e6 * 1e18; + + address public ico; + + bool public tokensAreFrozen = true; + + function ETY(address _ico) public { + ico = _ico; + } + + function mint(address _holder, uint _value) external { + require(msg.sender == ico); + require(_value != 0); + require(totalSupply + _value <= TOKEN_LIMIT); + + balances[_holder] += _value; + totalSupply += _value; + emit Transfer(0x0, _holder, _value); + } + + function burn(uint _value) public { + require(msg.sender == ico); + super.burn(_value); + } + + function unfreeze() external { + require(msg.sender == ico); + tokensAreFrozen = false; + } + + function transfer(address _to, uint _value) public { + require(!tokensAreFrozen); + super.transfer(_to, _value); + } + + function transferFrom(address _from, address _to, uint _value) onlyPayloadSize(3 * 32) public { + require(!tokensAreFrozen); + super.transferFrom(_from, _to, _value); + } + + function approve(address _spender, uint _value) public { + require(!tokensAreFrozen); + super.approve(_spender, _value); + } +} diff --git a/data_full/CVE/2018-13129.sol b/data_full/CVE/2018-13129.sol new file mode 100644 index 0000000000000000000000000000000000000000..b951fb594a2d366856b3898abba58e2d8924671b --- /dev/null +++ b/data_full/CVE/2018-13129.sol @@ -0,0 +1,276 @@ +pragma solidity ^0.4.18; + + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + +/** + * @title ERC20Basic + * @dev Simpler version of ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/179 + */ +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + + +/** + * @title Basic token + * @dev Basic version of StandardToken, with no allowances. + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + + mapping(address => uint256) balances; + + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + + // SafeMath.sub will throw if there is not enough balance. + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } + +} + + + +/** + * @title ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + + + +/** + * @title Standard ERC20 token + * + * @dev Implementation of the basic standard token. + * @dev https://github.com/ethereum/EIPs/issues/20 + * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is ERC20, BasicToken { + + mapping (address => mapping (address => uint256)) internal allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifying the amount of tokens still available for the spender. + */ + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + + /** + * approve should be called when allowed[_spender] == 0. To increment + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + * From MonolithDAO Token.sol + */ + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + +} + + +// Migration Agent interface +contract MigrationAgent { + function migrateFrom(address _from, uint _value) public; +} + +/** + * @title Spade Token + */ +contract SPXToken is StandardToken { + + string public constant name = "SP8DE Token"; + string public constant symbol = "SPX"; + uint8 public constant decimals = 18; + address public ico; + + bool public isFrozen = true; + uint public constant TOKEN_LIMIT = 8888888888 * (1e18); + + // Token migration variables + address public migrationMaster; + address public migrationAgent; + uint public totalMigrated; + + event Migrate(address indexed _from, address indexed _to, uint _value); + + // Constructor + function SPXToken(address _ico, address _migrationMaster) public { + require(_ico != 0); + ico = _ico; + migrationMaster = _migrationMaster; + } + + // Create tokens + function mint(address holder, uint value) public { + require(msg.sender == ico); + require(value > 0); + require(totalSupply + value <= TOKEN_LIMIT); + + balances[holder] += value; + totalSupply += value; + Transfer(0x0, holder, value); + } + + // Allow token transfer. + function unfreeze() public { + require(msg.sender == ico); + isFrozen = false; + } + + // ERC20 functions + // ========================= + function transfer(address _to, uint _value) public returns (bool) { + require(_to != address(0)); + require(!isFrozen); + return super.transfer(_to, _value); + } + + function transferFrom(address _from, address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transferFrom(_from, _to, _value); + } + + function approve(address _spender, uint _value) public returns (bool) { + require(!isFrozen); + return super.approve(_spender, _value); + } + + // Token migration + function migrate(uint value) external { + require(migrationAgent != 0); + require(value > 0); + require(value <= balances[msg.sender]); + + balances[msg.sender] -= value; + totalSupply -= value; + totalMigrated += value; + MigrationAgent(migrationAgent).migrateFrom(msg.sender, value); + Migrate(msg.sender, migrationAgent, value); + } + + // Set address of migration contract + function setMigrationAgent(address _agent) external { + require(migrationAgent == 0); + require(msg.sender == migrationMaster); + migrationAgent = _agent; + } + + function setMigrationMaster(address _master) external { + require(msg.sender == migrationMaster); + require(_master != 0); + migrationMaster = _master; + } +} diff --git a/data_full/CVE/2018-13131.sol b/data_full/CVE/2018-13131.sol new file mode 100644 index 0000000000000000000000000000000000000000..2697be561946acf31cd4ae441a9a586c18b8b7d0 --- /dev/null +++ b/data_full/CVE/2018-13131.sol @@ -0,0 +1,312 @@ +pragma solidity ^0.4.19; + +/** + * @title ERC20Basic + * @dev Simpler version of ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/179 + */ +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + +/** + * @title Basic token + * @dev Basic version of StandardToken, with no allowances. + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + + mapping(address => uint256) balances; + + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + + // SafeMath.sub will throw if there is not enough balance. + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } + +} + + + + + +/** + * @title ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + + + +/** + * @title Standard ERC20 token + * + * @dev Implementation of the basic standard token. + * @dev https://github.com/ethereum/EIPs/issues/20 + * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is ERC20, BasicToken { + + mapping (address => mapping (address => uint256)) internal allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifying the amount of tokens still available for the spender. + */ + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + + /** + * approve should be called when allowed[_spender] == 0. To increment + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + * From MonolithDAO Token.sol + */ + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + +} + +/** + * @title Spade PreSale Token + */ +contract DSPXToken is StandardToken { + + string public constant name = "SP8DE PreSale Token"; + string public constant symbol = "DSPX"; + uint8 public constant decimals = 18; + address public preSale; + address public team; + bool public isFrozen = true; + uint public constant TOKEN_LIMIT = 888888888 * (1e18); + + // Constructor + function DSPXToken(address _preSale, address _team) { + require(_preSale != address(0)); + require(_team != address(0)); + preSale = _preSale; + team = _team; + } + + // Create tokens + function mint(address holder, uint value) { + require(msg.sender == preSale); + require(value > 0); + require(totalSupply + value <= TOKEN_LIMIT); + + balances[holder] += value; + totalSupply += value; + Transfer(0x0, holder, value); + } + + // Allow token transfer + function unfreeze() external { + require(msg.sender == team); + isFrozen = false; + } + + // ERC20 functions + // ========================= + function transfer(address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transfer(_to, _value); + } + + function transferFrom(address _from, address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transferFrom(_from, _to, _value); + } + + function approve(address _spender, uint _value) public returns (bool) { + require(!isFrozen); + return super.approve(_spender, _value); + } +} + +/** + * @title Spade PreSale +*/ +contract SpadePreSale { + + // The token being sold + DSPXToken public token; + + address public team; + address public icoAgent; + + // Modifiers + modifier teamOnly {require(msg.sender == team); _;} + modifier icoAgentOnly {require(msg.sender == icoAgent); _;} + + bool public isPaused = false; + enum PreSaleState { Created, PreSaleStarted, PreSaleFinished } + PreSaleState public preSaleState = PreSaleState.Created; + + // Events + event PreSaleStarted(); + event PreSaleFinished(); + + event PreSalePaused(); + event PreSaleResumed(); + + event TokenBuy(address indexed buyer, uint256 tokens, uint factor, string tx); + + function SpadePreSale(address _team, address _icoAgent) public { + require(_team != address(0)); + require(_icoAgent != address(0)); + team = _team; + icoAgent = _icoAgent; + token = new DSPXToken(this, team); + } + + function startPreSale() external teamOnly { + require(preSaleState == PreSaleState.Created); + preSaleState = PreSaleState.PreSaleStarted; + PreSaleStarted(); + } + + function pausePreSale() external teamOnly { + require(!isPaused); + require(preSaleState == PreSaleState.PreSaleStarted); + isPaused = true; + PreSalePaused(); + } + + function resumePreSale() external teamOnly { + require(isPaused); + require(preSaleState == PreSaleState.PreSaleStarted); + isPaused = false; + PreSaleResumed(); + } + + function finishPreSale() external teamOnly { + require(preSaleState == PreSaleState.PreSaleStarted); + preSaleState = PreSaleState.PreSaleFinished; + PreSaleFinished(); + } + + function buyPreSaleTokens(address buyer, uint256 tokens, uint factor, string txHash) external icoAgentOnly returns (uint) { + require(buyer != address(0)); + require(tokens > 0); + require(preSaleState == PreSaleState.PreSaleStarted); + require(!isPaused); + + token.mint(buyer, tokens); + + TokenBuy(buyer, tokens, factor, txHash); + } +} diff --git a/data_full/CVE/2018-13132.sol b/data_full/CVE/2018-13132.sol new file mode 100644 index 0000000000000000000000000000000000000000..9d9e20f843bfe5ba5bf32561a1f8b0a32ff532d4 --- /dev/null +++ b/data_full/CVE/2018-13132.sol @@ -0,0 +1,403 @@ +pragma solidity ^0.4.18; + + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + +/** + * @title ERC20Basic + * @dev Simpler version of ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/179 + */ +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + + +/** + * @title Basic token + * @dev Basic version of StandardToken, with no allowances. + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + + mapping(address => uint256) balances; + + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + + // SafeMath.sub will throw if there is not enough balance. + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } + +} + + + +/** + * @title ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + + + +/** + * @title Standard ERC20 token + * + * @dev Implementation of the basic standard token. + * @dev https://github.com/ethereum/EIPs/issues/20 + * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is ERC20, BasicToken { + + mapping (address => mapping (address => uint256)) internal allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifying the amount of tokens still available for the spender. + */ + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + + /** + * approve should be called when allowed[_spender] == 0. To increment + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + * From MonolithDAO Token.sol + */ + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + +} + + +// Migration Agent interface +contract MigrationAgent { + function migrateFrom(address _from, uint _value) public; +} + +/** + * @title Spade Token + */ +contract SPXToken is StandardToken { + + string public constant name = "SP8DE Token"; + string public constant symbol = "SPX"; + uint8 public constant decimals = 18; + address public ico; + + bool public isFrozen = true; + uint public constant TOKEN_LIMIT = 8888888888 * (1e18); + + // Token migration variables + address public migrationMaster; + address public migrationAgent; + uint public totalMigrated; + + event Migrate(address indexed _from, address indexed _to, uint _value); + + // Constructor + function SPXToken(address _ico, address _migrationMaster) public { + require(_ico != 0); + ico = _ico; + migrationMaster = _migrationMaster; + } + + // Create tokens + function mint(address holder, uint value) public { + require(msg.sender == ico); + require(value > 0); + require(totalSupply + value <= TOKEN_LIMIT); + + balances[holder] += value; + totalSupply += value; + Transfer(0x0, holder, value); + } + + // Allow token transfer. + function unfreeze() public { + require(msg.sender == ico); + isFrozen = false; + } + + // ERC20 functions + // ========================= + function transfer(address _to, uint _value) public returns (bool) { + require(_to != address(0)); + require(!isFrozen); + return super.transfer(_to, _value); + } + + function transferFrom(address _from, address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transferFrom(_from, _to, _value); + } + + function approve(address _spender, uint _value) public returns (bool) { + require(!isFrozen); + return super.approve(_spender, _value); + } + + // Token migration + function migrate(uint value) external { + require(migrationAgent != 0); + require(value > 0); + require(value <= balances[msg.sender]); + + balances[msg.sender] -= value; + totalSupply -= value; + totalMigrated += value; + MigrationAgent(migrationAgent).migrateFrom(msg.sender, value); + Migrate(msg.sender, migrationAgent, value); + } + + // Set address of migration contract + function setMigrationAgent(address _agent) external { + require(migrationAgent == 0); + require(msg.sender == migrationMaster); + migrationAgent = _agent; + } + + function setMigrationMaster(address _master) external { + require(msg.sender == migrationMaster); + require(_master != 0); + migrationMaster = _master; + } +} + +/** + * @title Spade SpadeIco + */ +contract SpadeIco { + + uint public constant TOKENS_FOR_SALE = 3655555558 * 1e18; + uint public constant TOKENS_FOUNDATION = 1777777778 * 1e18; + + uint tokensSold = 0; + + // Ico token + SPXToken public token; + address public team; + address public icoAgent; + address public migrationMaster; + // Modifiers + modifier teamOnly {require(msg.sender == team); _;} + modifier icoAgentOnly {require(msg.sender == icoAgent); _;} + + bool public isPaused = false; + enum IcoState { Created, IcoStarted, IcoFinished } + IcoState public icoState = IcoState.Created; + + event IcoStarted(); + event IcoFinished(); + event IcoPaused(); + event IcoResumed(); + event TokenBuy(address indexed buyer, uint256 tokens, uint256 factor, string tx); + event TokenBuyPresale(address indexed buyer, uint256 tokens, uint256 factor, string tx); + event TokenWin(address indexed buyer, uint256 tokens, uint256 jackpot); + + function SpadeIco(address _team, address _icoAgent, address _migrationMaster) public { + require(_team != address(0) && _icoAgent != address(0) && _migrationMaster != address(0)); + migrationMaster = _migrationMaster; + team = _team; + icoAgent = _icoAgent; + token = new SPXToken(this, migrationMaster); + } + + function startIco() external teamOnly { + require(icoState == IcoState.Created); + icoState = IcoState.IcoStarted; + IcoStarted(); + } + + function finishIco(address foundation, address other) external teamOnly { + require(foundation != address(0)); + require(other != address(0)); + + require(icoState == IcoState.IcoStarted); + icoState = IcoState.IcoFinished; + + uint256 amountWithFoundation = SafeMath.add(token.totalSupply(), TOKENS_FOUNDATION); + if (amountWithFoundation > token.TOKEN_LIMIT()) { + uint256 foundationToMint = token.TOKEN_LIMIT() - token.totalSupply(); + if (foundationToMint > 0) { + token.mint(foundation, foundationToMint); + } + } else { + token.mint(foundation, TOKENS_FOUNDATION); + + uint mintedTokens = token.totalSupply(); + + uint remaining = token.TOKEN_LIMIT() - mintedTokens; + if (remaining > 0) { + token.mint(other, remaining); + } + } + + token.unfreeze(); + IcoFinished(); + } + + function pauseIco() external teamOnly { + require(!isPaused); + require(icoState == IcoState.IcoStarted); + isPaused = true; + IcoPaused(); + } + + function resumeIco() external teamOnly { + require(isPaused); + require(icoState == IcoState.IcoStarted); + isPaused = false; + IcoResumed(); + } + + function convertPresaleTokens(address buyer, uint256 tokens, uint256 factor, string txHash) external icoAgentOnly returns (uint) { + require(buyer != address(0)); + require(tokens > 0); + require(validState()); + + uint256 tokensToSell = SafeMath.add(tokensSold, tokens); + require(tokensToSell <= TOKENS_FOR_SALE); + tokensSold = tokensToSell; + + token.mint(buyer, tokens); + TokenBuyPresale(buyer, tokens, factor, txHash); + } + + function creditJackpotTokens(address buyer, uint256 tokens, uint256 jackpot) external icoAgentOnly returns (uint) { + require(buyer != address(0)); + require(tokens > 0); + require(validState()); + + token.mint(buyer, tokens); + TokenWin(buyer, tokens, jackpot); + } + + function buyTokens(address buyer, uint256 tokens, uint256 factor, string txHash) external icoAgentOnly returns (uint) { + require(buyer != address(0)); + require(tokens > 0); + require(validState()); + + uint256 tokensToSell = SafeMath.add(tokensSold, tokens); + require(tokensToSell <= TOKENS_FOR_SALE); + tokensSold = tokensToSell; + + token.mint(buyer, tokens); + TokenBuy(buyer, tokens, factor, txHash); + } + + function validState() internal view returns (bool) { + return icoState == IcoState.IcoStarted && !isPaused; + } +} diff --git a/data_full/CVE/2018-13144.sol b/data_full/CVE/2018-13144.sol new file mode 100644 index 0000000000000000000000000000000000000000..0dadf1641faddc75b36c7d3814209bb2f16534d9 --- /dev/null +++ b/data_full/CVE/2018-13144.sol @@ -0,0 +1,103 @@ +pragma solidity ^0.4.8; +contract Token{ + // token总量,默认会为public变量生成一个getter函数接口,名称为totalSupply(). + uint256 public totalSupply; + + /// 获取账户_owner拥有token的数量 + function balanceOf(address _owner) constant returns (uint256 balance); + + //从消息发送者账户中往_to账户转数量为_value的token + function transfer(address _to, uint256 _value) returns (bool success); + + //从账户_from中往账户_to转数量为_value的token,与approve方法配合使用 + function transferFrom(address _from, address _to, uint256 _value) returns + (bool success); + + //消息发送账户设置账户_spender能从发送账户中转出数量为_value的token + function approve(address _spender, uint256 _value) returns (bool success); + + //获取账户_spender可以从账户_owner中转出token的数量 + function allowance(address _owner, address _spender) constant returns + (uint256 remaining); + + //发生转账时必须要触发的事件 + event Transfer(address indexed _from, address indexed _to, uint256 _value); + + //当函数approve(address _spender, uint256 _value)成功执行时必须触发的事件 + event Approval(address indexed _owner, address indexed _spender, uint256 + _value); +} + +contract StandardToken is Token { + function transfer(address _to, uint256 _value) returns (bool success) { + //默认totalSupply 不会超过最大值 (2^256 - 1). + //如果随着时间的推移将会有新的token生成,则可以用下面这句避免溢出的异常 + //require(balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]); + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value;//从消息发送者账户中减去token数量_value + balances[_to] += _value;//往接收账户增加token数量_value + Transfer(msg.sender, _to, _value);//触发转币交易事件 + return true; + } + + + function transferFrom(address _from, address _to, uint256 _value) returns + (bool success) { + //require(balances[_from] >= _value && allowed[_from][msg.sender] >= + // _value && balances[_to] + _value > balances[_to]); + require(balances[_from] >= _value && allowed[_from][msg.sender] >= _value); + balances[_to] += _value;//接收账户增加token数量_value + balances[_from] -= _value; //支出账户_from减去token数量_value + allowed[_from][msg.sender] -= _value;//消息发送者可以从账户_from中转出的数量减少_value + Transfer(_from, _to, _value);//触发转币交易事件 + return true; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + + function approve(address _spender, uint256 _value) returns (bool success) + { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender];//允许_spender从_owner中转出的token数 + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; +} + +contract HumanStandardToken is StandardToken { + + /* Public variables of the token */ + string public name; //名称: eg Simon Bucks + uint8 public decimals; //最多的小数位数,How many decimals to show. ie. There could 1000 base units with 3 decimals. Meaning 0.980 SBX = 980 base units. It's like comparing 1 wei to 1 ether. + string public symbol; //token简称: eg SBX + string public version = 'H0.1'; //版本 + + function HumanStandardToken(uint256 _initialAmount, string _tokenName, uint8 _decimalUnits, string _tokenSymbol) { + balances[msg.sender] = _initialAmount; // 初始token数量给予消息发送者 + totalSupply = _initialAmount; // 设置初始总量 + name = _tokenName; // token名称 + decimals = _decimalUnits; // 小数位数 + symbol = _tokenSymbol; // token简称 + } + + /* Approves and then calls the receiving contract */ + + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this. + //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData) + //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead. + require(_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)); + return true; + } + +} diff --git a/data_full/CVE/2018-13189.sol b/data_full/CVE/2018-13189.sol new file mode 100644 index 0000000000000000000000000000000000000000..8cf0aef7210ef0f536ad3e4ef9dbcc0cfed0c3f7 --- /dev/null +++ b/data_full/CVE/2018-13189.sol @@ -0,0 +1,335 @@ +pragma solidity ^0.4.18; + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal constant returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + +/** + * @title ERC20Basic + * @dev Simpler version of ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/179 + */ +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) constant returns (uint256); + function transfer(address to, uint256 value) returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + + +/** + * @title ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) constant returns (uint256); + function transferFrom(address from, address to, uint256 value) returns (bool); + function approve(address spender, uint256 value) returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + + +/** + * @title Basic token + * @dev Basic version of StandardToken, with no allowances. + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + + mapping(address => uint256) balances; + + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) returns (bool) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } +} + + +/** + * @title Standard ERC20 token + * + * @dev Implementation of the basic standard token. + * @dev https://github.com/ethereum/EIPs/issues/20 + * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is ERC20, BasicToken { + + mapping (address => mapping (address => uint256)) allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amout of tokens to be transfered + */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool) { + var _allowance = allowed[_from][msg.sender]; + + // Check is not needed because sub(_allowance, _value) will already throw if this condition is not met + // require (_value <= _allowance); + + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Aprove the passed address to spend the specified amount of tokens on behalf of msg.sender. + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) returns (bool) { + + // To change the approve amount you first have to reduce the addresses` + // allowance to zero by calling `approve(_spender, 0)` if it is not + // already 0 to mitigate the race condition described here: + // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + require((_value == 0) || (allowed[msg.sender][_spender] == 0)); + + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifing the amount of tokens still avaible for the spender. + */ + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} + + +/** + * @title Ownable + * @dev The Ownable contract has an owner address, and provides basic authorization control + * functions, this simplifies the implementation of "user permissions". + */ +contract Ownable { + address public owner; + + + /** + * @dev The Ownable constructor sets the original `owner` of the contract to the sender + * account. + */ + function Ownable() { + owner = msg.sender; + } + + + /** + * @dev Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + + /** + * @dev Allows the current owner to transfer control of the contract to a newOwner. + * @param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) onlyOwner { + if (newOwner != address(0)) { + owner = newOwner; + } + } +} + + + +/** + * @title Pausable + * @dev Base contract which allows children to implement an emergency stop mechanism. + */ +contract Pausable is Ownable { + event Pause(); + event Unpause(); + + bool public paused = false; + + + /** + * @dev modifier to allow actions only when the contract IS paused + */ + modifier whenNotPaused() { + require(!paused); + _; + } + + /** + * @dev modifier to allow actions only when the contract IS NOT paused + */ + modifier whenPaused { + require(paused); + _; + } + + /** + * @dev called by the owner to pause, triggers stopped state + */ + function pause() onlyOwner whenNotPaused returns (bool) { + paused = true; + Pause(); + return true; + } + + /** + * @dev called by the owner to unpause, returns to normal state + */ + function unpause() onlyOwner whenPaused returns (bool) { + paused = false; + Unpause(); + return true; + } +} + + +/** + * Pausable token + * + * Simple ERC20 Token example, with pausable token creation + **/ + +contract PausableToken is StandardToken, Pausable { + + function transfer(address _to, uint _value) whenNotPaused returns (bool) { + return super.transfer(_to, _value); + } + + function transferFrom(address _from, address _to, uint _value) whenNotPaused returns (bool) { + return super.transferFrom(_from, _to, _value); + } +} + + + +contract UNLB is PausableToken { + + string public constant name = "UnolaboToken"; + string public constant symbol = "UNLB"; + uint256 public constant decimals = 18; + + function UNLB() { + owner = msg.sender; + } + + function mint(address _x, uint _v) public onlyOwner { + balances[_x] += _v; + totalSupply += _v; + Transfer(0x0, _x, _v); + } +} + + + +contract ICO is Pausable { + + uint public constant ICO_START_DATE = /*2017-11-27 17:00:00+8*/ 1511773200; + uint public constant ICO_END_DATE = /*2018-04-30 00:17:00+8*/ 1525018620; + + address public constant admin = 0xFeC0714C2eE71a486B679d4A3539FA875715e7d8; + address public constant teamWallet = 0xf16d5733A31D54e828460AFbf7D60aA803a61C51; + + UNLB public unlb; + bool public isFinished = false; + + event ForeignBuy(address investor, uint unlbValue, string txHash); + + function ICO() { + owner = admin; + unlb = new UNLB(); + unlb.pause(); + } + + function pricePerWei() public constant returns(uint) { + if (now < /*2017-11-28 00:17:00+8*/ 1511799420) return 800.0 * 1 ether; + else if(now < /*2017-11-29 00:17:00+8*/ 1511885820) return 750.0 * 1 ether; + else if(now < /*2017-12-14 00:17:00+8*/ 1513181820) return 675.0 * 1 ether; + else if(now < /*2018-01-10 00:17:00+8*/ 1515514620) return 575.0 * 1 ether; + else if(now < /*2018-01-18 00:17:00+8*/ 1516205820) return 537.5 * 1 ether; + else return 500.0 * 1 ether; + } + + + function() public payable { + require(!paused && now >= ICO_START_DATE && now < ICO_END_DATE); + uint _tokenVal = (msg.value * pricePerWei()) / 1 ether; + unlb.mint(msg.sender, _tokenVal); + } + + function foreignBuy(address _investor, uint _unlbValue, string _txHash) external onlyOwner { + require(!paused && now >= ICO_START_DATE && now < ICO_END_DATE); + require(_unlbValue > 0); + unlb.mint(_investor, _unlbValue); + ForeignBuy(_investor, _unlbValue, _txHash); + } + + function finish(address _team, address _fund, address _bounty, address _backers) external onlyOwner { + require(now >= ICO_END_DATE && !isFinished); + unlb.unpause(); + isFinished = true; + + uint _total = unlb.totalSupply() * 100 / (100 - 12 - 15 - 5 - 3); + unlb.mint(_team, (_total * 12) / 100); + unlb.mint(_fund, (_total * 15) / 100); + unlb.mint(_bounty, (_total * 5) / 100); + unlb.mint(_backers, (_total * 3) / 100); + } + + + function withdraw() external onlyOwner { + teamWallet.transfer(this.balance); + } +} diff --git a/data_full/CVE/2018-13202.sol b/data_full/CVE/2018-13202.sol new file mode 100644 index 0000000000000000000000000000000000000000..9d32d1c1c21b60b85f4e047309d99e4996d872cb --- /dev/null +++ b/data_full/CVE/2018-13202.sol @@ -0,0 +1,183 @@ +pragma solidity ^0.4.11; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract MyBoToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* This notifies clients about the amount burnt */ + event Burn(address indexed from, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyBoToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } + + function burn(uint256 amount) onlyOwner returns (bool success) { + if (balanceOf[msg.sender] < amount) throw; // Check if the sender has enough + balanceOf[msg.sender] -= amount; // Subtract from the sender + totalSupply -= amount; // Updates totalSupply + Burn(msg.sender, amount); + return true; + } + +} diff --git a/data_full/CVE/2018-13208.sol b/data_full/CVE/2018-13208.sol new file mode 100644 index 0000000000000000000000000000000000000000..7c3179d77e88c74b6df71c54bcb53e92aa44056c --- /dev/null +++ b/data_full/CVE/2018-13208.sol @@ -0,0 +1,171 @@ +//ERC20 Token +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = "MoneyTree 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts _ to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract MoneyTreeToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping(address=>bool) public frozenAccount; + + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + uint256 public constant initialSupply = 95000000 * 10**8; + uint8 public constant decimalUnits = 8; + string public tokenName = "MoneyTree"; + string public tokenSymbol = "TREE"; + function MoneyTreeToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} diff --git a/data_full/CVE/2018-13220.sol b/data_full/CVE/2018-13220.sol new file mode 100644 index 0000000000000000000000000000000000000000..644697249ae5516e2ba03e71cc4894f3222e345d --- /dev/null +++ b/data_full/CVE/2018-13220.sol @@ -0,0 +1,171 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract MAVCash is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MAVCash( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} diff --git a/data_full/CVE/2018-13221.sol b/data_full/CVE/2018-13221.sol new file mode 100644 index 0000000000000000000000000000000000000000..8dc7fa9f88b6e99cc47258e8e9f1c8be7219fd27 --- /dev/null +++ b/data_full/CVE/2018-13221.sol @@ -0,0 +1,186 @@ +pragma solidity ^0.4.14; + +/* ©The Extreme Coin (XT) SWAP for Yobit.net contract + +35796229192 + ©RomanLanskoj 2017 +There is no law stronger than the code +*/ +library SafeMath { + function mul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint a, uint b) internal returns (uint) { + assert(b > 0); + uint c = a / b; + assert(a == b * c + a % b); + return c; + } + function sub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + function add(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c >= a); + return c; + } + function max64(uint64 a, uint64 b) internal constant returns (uint64) { + return a >= b ? a : b; + } + function min64(uint64 a, uint64 b) internal constant returns (uint64) { + return a < b ? a : b; + } + function max256(uint256 a, uint256 b) internal constant returns (uint256) { + return a >= b ? a : b; + } + function min256(uint256 a, uint256 b) internal constant returns (uint256) { + return a < b ? a : b; + } + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} + +contract Ownable { + address public owner; + function Ownable() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + if (newOwner != address(0)) { + owner = newOwner; + } + } +} + +contract ERC20Basic { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function transfer(address to, uint value); + event Transfer(address indexed from, address indexed to, uint value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) constant returns (uint); + function transferFrom(address from, address to, uint value); + function approve(address spender, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} + +contract newToken is ERC20Basic { + + using SafeMath for uint; + + mapping(address => uint) balances; + + + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + } + function balanceOf(address _owner) constant returns (uint balance) { + return balances[_owner]; + } +} + +contract StandardToken is newToken, ERC20 { + mapping (address => mapping (address => uint)) allowed; + function transferFrom(address _from, address _to, uint _value) onlyPayloadSize(3 * 32) { + var _allowance = allowed[_from][msg.sender]; + // Check is not needed because sub(_allowance, _value) will already throw if this condition is not met + // if (_value > _allowance) throw; + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + } + function approve(address _spender, uint _value) { + // To change the approve amount you first have to reduce the addresses` + // allowance to zero by calling approve(_spender, 0) if it is not + // already 0 to mitigate the race condition described here: + // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + if ((_value != 0) && (allowed[msg.sender][_spender] != 0)) throw; + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + } + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowed[_owner][_spender]; + } +} + +contract Extreme is StandardToken, Ownable { + string public constant name = "Extreme Coin"; + string public constant symbol = "XT"; + uint public constant decimals = 2; + uint256 public initialSupply; + + // Constructor + function Extreme () { + totalSupply = 59347950076; + balances[msg.sender] = totalSupply; + initialSupply = totalSupply; + Transfer(0, this, totalSupply); + Transfer(this, msg.sender, totalSupply); + } +} + +contract ExtremeToken is Ownable, Extreme { + +uint256 public sellPrice; +uint256 public buyPrice; + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable returns (uint amount) + { + amount = msg.value / buyPrice; + if (balances[this] < amount) throw; + balances[msg.sender] += amount; + balances[this] -= amount; + Transfer(this, msg.sender, amount); + } + + function sell(uint256 amount) { + if (balances[msg.sender] < amount ) throw; + balances[this] += amount; + balances[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } + + function transfer(address _to, uint256 _value) { + require(balances[msg.sender] > _value); + require(balances[_to] + _value > balances[_to]); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balances[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + +} diff --git a/data_full/CVE/2018-13225.sol b/data_full/CVE/2018-13225.sol new file mode 100644 index 0000000000000000000000000000000000000000..9a31acb4a8418fef60dd89cc1e0dfebe0d753def --- /dev/null +++ b/data_full/CVE/2018-13225.sol @@ -0,0 +1,181 @@ +pragma solidity ^0.4.13; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + assert(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + assert (balanceOf[msg.sender] >= _value); // Check if the sender has enough + assert (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + assert (balanceOf[_from] >= _value); // Check if the sender has enough + assert (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + assert (_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + assert(false); // Prevents accidental sending of ether + } +} + +contract MyYLCToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* This notifies clients about the amount burnt */ + event Burn(address indexed from, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyYLCToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + assert (balanceOf[msg.sender] >= _value); // Check if the sender has enough + assert (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + assert (!frozenAccount[msg.sender]); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + assert (!frozenAccount[_from]); // Check if frozen + assert (balanceOf[_from] >= _value); // Check if the sender has enough + assert (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + assert (_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + assert (balanceOf[this] >= amount); // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + assert (balanceOf[msg.sender] >= amount ); // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + assert (msg.sender.send(amount * sellPrice)); // sends ether to the seller. It's important + // to do this last to avoid recursion attacks + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + + function burn(uint256 amount) onlyOwner returns (bool success) { + assert (balanceOf[msg.sender] >= amount); // Check if the sender has enough + balanceOf[msg.sender] -= amount; // Subtract from the sender + totalSupply -= amount; // Updates totalSupply + Burn(msg.sender, amount); + return true; + } + +} diff --git a/data_full/CVE/2018-13227.sol b/data_full/CVE/2018-13227.sol new file mode 100644 index 0000000000000000000000000000000000000000..c3e468ed7d81477261058aa10810216aece84217 --- /dev/null +++ b/data_full/CVE/2018-13227.sol @@ -0,0 +1,172 @@ +//ERC20 Token +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = "MoneyChainNet 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts _ to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract MoneyChainNetToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping(address=>bool) public frozenAccount; + + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + uint256 public constant initialSupply = 35000000 * 10**8;//total supply 35 Million + uint8 public constant decimalUnits = 8;//decimals 8 + string public tokenName = "MoneyChainNet";//name MoneyChainNet + string public tokenSymbol = "MCN";//symbol MCN + //is this fine?yes + function MoneyChainNetToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} diff --git a/data_full/CVE/2018-13228.sol b/data_full/CVE/2018-13228.sol new file mode 100644 index 0000000000000000000000000000000000000000..72b1c6fb6c96f262d8525908e9e6e0aeaf285bfe --- /dev/null +++ b/data_full/CVE/2018-13228.sol @@ -0,0 +1,171 @@ +//ERC20 Token +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = "Crowdnext 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts _ to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract Crowdnext is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping(address=>bool) public frozenAccount; + + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + uint256 public constant initialSupply = 100000000 * 10**4; + uint8 public constant decimalUnits = 4; + string public tokenName = "Crowdnext"; + string public tokenSymbol = "CNX"; + function Crowdnext() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} diff --git a/data_full/CVE/2018-13230.sol b/data_full/CVE/2018-13230.sol new file mode 100644 index 0000000000000000000000000000000000000000..dfa896d9e87e9989fac507d7a16cf9f34dc6d784 --- /dev/null +++ b/data_full/CVE/2018-13230.sol @@ -0,0 +1,171 @@ +//ERC20 Token +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = "DestiNeed 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts _ to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract DestiNeedToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping(address=>bool) public frozenAccount; + + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + uint256 public constant initialSupply = 950000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "DestiNeed"; + string public tokenSymbol = "DSN"; + function DestiNeedToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} diff --git a/data_full/CVE/2018-13325.sol b/data_full/CVE/2018-13325.sol new file mode 100644 index 0000000000000000000000000000000000000000..3df76fb79ddec0f1781ac703816001983269aa09 --- /dev/null +++ b/data_full/CVE/2018-13325.sol @@ -0,0 +1,176 @@ +pragma solidity ^0.4.18; +interface tokenRecipient{ + function receiveApproval(address _from,uint256 _value,address _token,bytes _extraData) external ; +} +contract GrowToken{ + //public var + address public owner; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + uint256 public sellPrice; //grow to wei not eth! + uint256 public buyPrice; + bool public sellOpen; + bool public buyOpen; + + //store token data set + mapping(address => uint256) public balanceOf; + //transition limite + mapping(address => mapping(address => uint256)) public allowance; + //freeze account + mapping(address=>bool) public frozenAccount; + + //event for transition + event Transfer(address indexed from,address indexed to , uint256 value); + //event for allowance + event Approval(address indexed owner,address indexed spender,uint256 value); + //event for freeze/unfreeze Account + event FrozenFunds(address target,bool freeze); + //TODO event for sell token , do't need it now + event SellToken(address seller,uint256 sellPrice, uint256 amount,uint256 getEth); + //TODO event for buy token , do't need it now + event BuyToken(address buyer,uint256 buyPrice,uint256 amount,uint256 spendEth); + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + //func constructor + function GrowToken() public { + owner = 0x757D7FbB9822b5033a6BBD4e17F95714942f921f; + name = "GROWCHAIN"; + symbol = "GROW"; + decimals = 8; + totalSupply = 5000000000 * 10 ** uint256(8); + + //init totalSupply to map(db) + balanceOf[owner] = totalSupply; + } + + function () public payable { + if(msg.sender!=owner){ + _buy(); + } + } + + // public functions + // 1 Transfer tokens + function transfer(address _to,uint256 _value) public{ + require(!frozenAccount[msg.sender]); + if(_to == address(this)){ + _sell(msg.sender,_value); + }else{ + _transfer(msg.sender,_to,_value); + } + } + + // 2 Transfer Other's tokens ,who had approve some token to me + function transferFrom(address _from,address _to,uint256 _value) public returns (bool success){ + //validate the allowance + require(!frozenAccount[_from]&&!frozenAccount[msg.sender]); + require(_value<=allowance[_from][msg.sender]); + //do action :sub allowance and do transfer + allowance[_from][msg.sender] -= _value; + if(_to == address(this)){ + _sell(_from,_value); + }else + { + _transfer(_from,_to,_value); + } + + return true; + } + //A is msg.sender or i + //B is the person who has approve me to use his token or _from + //C is the receipient or _to + + // 3 set allowance for other address,like B approve A(_spender) to use his token + function approve(address _spender,uint256 _value) public returns (bool success){ + require(!frozenAccount[msg.sender]); + allowance[msg.sender][_spender] = _value; + return true; + } + // 4 allowance and notify the receipient/spender + function approveAndCall(address _spender,uint256 _value,bytes _extraData) + public returns (bool success){ + require(!frozenAccount[msg.sender]); + tokenRecipient spender = tokenRecipient(_spender); + if(approve(_spender,_value)){ + spender.receiveApproval(msg.sender,_value,this,_extraData); + return true; + } + } + + // onlyOwner function + // 11 freeze or unfreeze account + function freezeAccount(address target,bool freeze) onlyOwner public{ + require(target!=owner); + frozenAccount[target] = freeze; + FrozenFunds(target,freeze); + } + // 12 transfer contract Ownership to newOwner and transfer all balanceOf oldOwner to newOwner + function transferOwnership(address newOwner) onlyOwner public{ + _transfer(owner,newOwner,balanceOf[owner]); + owner = newOwner; + } + // 13 set prices for sellPrice or buyPrice + function setPrices(uint256 newSellPrice,uint256 newBuyPrice) onlyOwner public{ + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + // 14 open/close user to buy token + function setBuyOpen(bool newBuyOpen) onlyOwner public{ + require(buyPrice>0); + buyOpen = newBuyOpen; + } + // 15 open/close user to sell token + function setSellOpen(bool newSellOpen) onlyOwner public{ + require(sellPrice>0); + sellOpen = newSellOpen; + } + // 16 transfer eth back to owner + function transferEth(uint256 amount) onlyOwner public{ + msg.sender.transfer(amount*10**uint256(18)); + } + + //internal transfer function + // 1 _transfer + function _transfer(address _from,address _to, uint256 _value) internal { + //validate input and other internal limites + require(_to != 0x0);//check to address + require(balanceOf[_from] >= _value);//check from address has enough balance + require(balanceOf[_to] + _value >balanceOf[_to]);//after transfer the balance of _to address is ok ,no overflow + uint256 previousBalances = balanceOf[_from]+balanceOf[_to];//store it for add asset to power the security + //do transfer:sub from _from address,and add to the _to address + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + //after transfer: emit transfer event,and add asset for security + Transfer(_from,_to,_value); + assert(balanceOf[_from]+balanceOf[_to] == previousBalances); + } + // 2 _buy + function _buy() internal returns (uint256 amount){ + require(buyOpen); + require(buyPrice>0); + require(msg.value>0); + amount = msg.value / buyPrice; // calculates the amount + _transfer(owner,msg.sender,amount); + BuyToken(msg.sender,buyPrice,amount,msg.value); + return amount; // ends function and returns + } + + // 3 _sell + function _sell(address _from,uint256 amount) internal returns (uint256 revenue){ + require(sellOpen); + require(!frozenAccount[_from]); + require(amount>0); + require(sellPrice>0); + require(_from!=owner); + _transfer(_from,owner,amount); + revenue = amount * sellPrice; + _from.transfer(revenue); // sends ether to the seller: it's important to do this last to prevent recursion attacks + SellToken(_from,sellPrice,amount,revenue); + return revenue; // ends function and returns + } +} diff --git a/data_full/CVE/2018-13326.sol b/data_full/CVE/2018-13326.sol new file mode 100644 index 0000000000000000000000000000000000000000..864b5ec03564c421d38c800c4342c2f38944ea65 --- /dev/null +++ b/data_full/CVE/2018-13326.sol @@ -0,0 +1,135 @@ +pragma solidity ^0.4.4; + +contract Token { + + /// @return total amount of tokens + function totalSupply() constant returns (uint256 supply) {} + + /// @param _owner The address from which the balance will be retrieved + /// @return The balance + function balanceOf(address _owner) constant returns (uint256 balance) {} + + /// @notice send `_value` token to `_to` from `msg.sender` + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transfer(address _to, uint256 _value) returns (bool success) {} + + /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + + /// @notice `msg.sender` approves `_addr` to spend `_value` tokens + /// @param _spender The address of the account able to transfer the tokens + /// @param _value The amount of wei to be approved for transfer + /// @return Whether the approval was successful or not + function approve(address _spender, uint256 _value) returns (bool success) {} + + /// @param _owner The address of the account owning tokens + /// @param _spender The address of the account able to transfer the tokens + /// @return Amount of remaining tokens allowed to spent + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + +} + +contract StandardToken is Token { + + function transfer(address _to, uint256 _value) returns (bool success) { + //Default assumes totalSupply can't be over max (2^256 - 1). + //If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap. + //Replace the if with this one instead. + //if (balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + //same as above. Replace this line with the following if you want to protect against wrapping uints. + //if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} + +contract Bittelux is StandardToken { + + /* Public variables of the token */ + + string public name; + uint8 public decimals; + string public symbol; + string public version = 'H1.0'; + uint256 public unitsOneEthCanBuy; + uint256 public totalEthInWei; + address public fundsWallet; + + //constructor function + function Bittelux() { + balances[msg.sender] = 10000000000000000000000000000; + totalSupply = 10000000000000000000000000000; + name = "Bittelux"; + decimals = 18; + symbol = "BTX"; + unitsOneEthCanBuy = 22500; + fundsWallet = msg.sender; + } + + function() payable{ + totalEthInWei = totalEthInWei + msg.value; + uint256 amount = msg.value * unitsOneEthCanBuy; + require(balances[fundsWallet] >= amount); + + balances[fundsWallet] = balances[fundsWallet] - amount; + balances[msg.sender] = balances[msg.sender] + amount; + + Transfer(fundsWallet, msg.sender, amount); // Broadcast a message to the blockchain + + //Transfer ether to fundsWallet + fundsWallet.transfer(msg.value); + } + + /* Approves and then calls the receiving contract */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + + //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this. + //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData) + //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead. + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; } + return true; + } +} diff --git a/data_full/CVE/2018-13327.sol b/data_full/CVE/2018-13327.sol new file mode 100644 index 0000000000000000000000000000000000000000..aac64339596eefa70dff738f2e2f52d865034177 --- /dev/null +++ b/data_full/CVE/2018-13327.sol @@ -0,0 +1,92 @@ +pragma solidity ^0.4.4; + +contract Token { + + function totalSupply() constant returns (uint256 supply) {} + + function balanceOf(address _owner) constant returns (uint256 balance) {} + + function transfer(address _to, uint256 _value) returns (bool success) {} + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + + function approve(address _spender, uint256 _value) returns (bool success) {} + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} + +contract StandardToken is Token { + + function transfer(address _to, uint256 _value) returns (bool success) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} + +contract ChuCunLingAIGO is StandardToken { + + function () { + throw; + } + + string public name; + uint8 public decimals; + string public symbol; + string public version = 'H0.1'; + + function ChuCunLingAIGO( + uint256 _initialAmount, + string _tokenName, + uint8 _decimalUnits, + string _tokenSymbol + ) { + balances[msg.sender] = _initialAmount; + totalSupply = _initialAmount; + name = _tokenName; + decimals = _decimalUnits; + symbol = _tokenSymbol; + } + + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; } + return true; + } +} diff --git a/data_full/CVE/2018-13493.sol b/data_full/CVE/2018-13493.sol new file mode 100644 index 0000000000000000000000000000000000000000..441785a0305241d0c48f395a46abe20344c0208d --- /dev/null +++ b/data_full/CVE/2018-13493.sol @@ -0,0 +1,344 @@ +pragma solidity ^0.4.16; + + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal constant returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + // Public variables of the token + + string public name; + string public symbol; + + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + + + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public + { + totalSupply = initialSupply * 10**18; // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) + { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) + { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + _value = _value * (10**18); + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract DaddyToken is owned, TokenERC20 { + + uint8 public decimals = 18; + + uint256 public totalContribution = 0; + uint256 public totalBonusTokensIssued = 0; + + uint256 public sellTokenPerEther; + uint256 public buyTokenPerEther; + bool public purchasingAllowed = true; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function DaddyToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public + {} + + + function distributeToken(address[] addresses, uint256 _value) onlyOwner public { + _value = _value * 10**18; + for (uint i = 0; i < addresses.length; i++) { + + balanceOf[owner] -= _value; + balanceOf[addresses[i]] += _value; + Transfer(owner, addresses[i], _value); + } + } + + function enablePurchasing() onlyOwner public { + require (msg.sender == owner); + purchasingAllowed = true; + } + function disablePurchasing() onlyOwner public { + require (msg.sender == owner); + purchasingAllowed = false; + } + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public returns (bool) { + mintedAmount = mintedAmount * 10**18; + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + return true; + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellTokenPerEther = newSellPrice; + buyTokenPerEther = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function() payable public { + require(msg.value > 0); + require(purchasingAllowed); + //uint amount = msg.value / buyTokenPerEther; // calculates the amount + //_transfer(this, msg.sender, amount); // makes the transfers + + owner.transfer(msg.value); + totalContribution += msg.value; + + uint256 tokensIssued = (msg.value * buyTokenPerEther); + + if (msg.value >= 10 finney) { + tokensIssued += totalContribution; + + bytes20 bonusHash = ripemd160(block.coinbase, block.number, block.timestamp); + if (bonusHash[0] == 0) { + uint8 bonusMultiplier = ((bonusHash[1] & 0x01 != 0) ? 1 : 0) + ((bonusHash[1] & 0x02 != 0) ? 1 : 0) + ((bonusHash[1] & 0x04 != 0) ? 1 : 0) + ((bonusHash[1] & 0x08 != 0) ? 1 : 0) + ((bonusHash[1] & 0x10 != 0) ? 1 : 0) + ((bonusHash[1] & 0x20 != 0) ? 1 : 0) + ((bonusHash[1] & 0x40 != 0) ? 1 : 0) + ((bonusHash[1] & 0x80 != 0) ? 1 : 0); + + uint256 bonusTokensIssued = (msg.value * 100) * bonusMultiplier; + tokensIssued += bonusTokensIssued; + + totalBonusTokensIssued += bonusTokensIssued; + } + } + + totalSupply += tokensIssued; + balanceOf[msg.sender] += tokensIssued; + + Transfer(address(this), msg.sender, tokensIssued); + + + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(this.balance >= amount * sellTokenPerEther); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellTokenPerEther); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } +} diff --git a/data_full/CVE/2018-13533.sol b/data_full/CVE/2018-13533.sol new file mode 100644 index 0000000000000000000000000000000000000000..0cb69a9bae0bc85fb724d6656c630d6abd948975 --- /dev/null +++ b/data_full/CVE/2018-13533.sol @@ -0,0 +1,191 @@ +pragma solidity ^0.4.18; + +/* +Developed by: https://www.investbtceur.com +*/ + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 0; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + event Transfer(address indexed from, address indexed to, uint256 value); + + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } +} + +contract ALUXToken is owned, TokenERC20 { + uint256 public sellPrice = 10000000000000000; + uint256 public buyPrice = 10000000000000000; + bool public closeBuy = false; + bool public closeSell = false; + address public commissionGetter = 0xCd8bf69ad65c5158F0cfAA599bBF90d7f4b52Bb0; + uint256 public minimumCommission = 100000000000000; + mapping (address => bool) public frozenAccount; + + event FrozenFunds(address target, bool frozen); + event LogDeposit(address sender, uint amount); + event LogWithdrawal(address receiver, uint amount); + + function ALUXToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + + function refillTokens(uint256 _value) public onlyOwner{ + _transfer(msg.sender, this, _value); + } + + function transfer(address _to, uint256 _value) public { + uint market_value = _value * sellPrice; + uint commission = market_value * 4 / 1000; + if (commission < minimumCommission){ commission = minimumCommission; } + address contr = this; + require(contr.balance >= commission); + commissionGetter.transfer(commission); + _transfer(msg.sender, _to, _value); + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + uint market_value = _value * sellPrice; + uint commission = market_value * 4 / 1000; + if (commission < minimumCommission){ commission = minimumCommission; } + address contr = this; + require(contr.balance >= commission); + commissionGetter.transfer(commission); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + function mintToken(uint256 mintedAmount) onlyOwner public { + balanceOf[owner] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, owner, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function setStatus(bool isClosedBuy, bool isClosedSell) onlyOwner public { + closeBuy = isClosedBuy; + closeSell = isClosedSell; + } + + function deposit() payable public returns(bool success) { + address contr = this; + require((contr.balance + msg.value) > contr.balance); + LogDeposit(msg.sender, msg.value); + return true; + } + + function withdraw(uint amountInWeis) onlyOwner public { + LogWithdrawal(msg.sender, amountInWeis); + owner.transfer(amountInWeis); + } + + function buy() payable public { + require(!closeBuy); + uint amount = msg.value / buyPrice; + uint market_value = amount * buyPrice; + uint commission = market_value * 4 / 1000; + if (commission < minimumCommission){ commission = minimumCommission; } + address contr = this; + require(contr.balance >= commission); + commissionGetter.transfer(commission); + _transfer(this, msg.sender, amount); + } + + function sell(uint256 amount) public { + require(!closeSell); + address contr = this; + uint market_value = amount * sellPrice; + uint commission = market_value * 4 / 1000; + if (commission < minimumCommission){ commission = minimumCommission; } + uint amount_weis = market_value + commission; + require(contr.balance >= amount_weis); + commissionGetter.transfer(commission); + _transfer(msg.sender, this, amount); + msg.sender.transfer(market_value); + } + + function () public payable { buy(); } +} diff --git a/data_full/CVE/2018-13625.sol b/data_full/CVE/2018-13625.sol new file mode 100644 index 0000000000000000000000000000000000000000..cfef162b28d452dab5148ff3de13dd2476547ac8 --- /dev/null +++ b/data_full/CVE/2018-13625.sol @@ -0,0 +1,271 @@ +pragma solidity ^0.4.13; +contract owned { + address public centralAuthority; + address public plutocrat; + + function owned() { + centralAuthority = msg.sender; + plutocrat = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != centralAuthority) revert(); + _; + } + + modifier onlyPlutocrat { + if (msg.sender != plutocrat) revert(); + _; + } + + function transfekbolOwnership(address newOwner) onlyPlutocrat { + centralAuthority = newOwner; + } + + function transfekbolPlutocrat(address newPlutocrat) onlyPlutocrat { + plutocrat = newPlutocrat; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public decentralizedEconomy = 'PLUTOCRACY'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + event Approval(address indexed owner, address indexed spender, uint256 value); + event InterestFreeLending(address indexed from, address indexed to, uint256 value, uint256 duration_in_days); + event Settlement(address indexed from, address indexed to, uint256 value, string notes, string reference); + event AuthorityNotified(string notes, string reference); + event ClientsNotified(string notes, string reference); + event LoanRepaid(address indexed from, address indexed to, uint256 value, string reference); + event TokenBurnt(address indexed from, uint256 value); + event EconomyTaxed(string base_value, string target_value, string tax_rate, string taxed_value, string notes); + event EconomyRebated(string base_value, string target_value, string rebate_rate, string rebated_value, string notes); + event PlutocracyAchieved(string value, string notes); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (_to == 0x0) revert(); // Prevent transfer to 0x0 address. Use burn() instead + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + Approval (msg.sender, _spender, _value); + return true; + } + + /* Approve and then comunicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (_to == 0x0) revert(); + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + revert(); // Prevents accidental sending of ether + } +} + +contract Krown is owned, token { + + string public nominalValue; + string public update; + string public sign; + string public website; + uint256 public totalSupply; + uint256 public notificationFee; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function Krown( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol, + address centralMinter + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) { + if(centralMinter != 0 ) centralAuthority = centralMinter; // Sets the owner as specified (if centralMinter is not specified the owner is msg.sender) + balanceOf[centralAuthority] = initialSupply; // Give the owner all initial tokens + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (_to == 0x0) revert(); + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* Lend coins */ + function lend(address _to, uint256 _value, uint256 _duration_in_days) { + if (_to == 0x0) revert(); // Prevent transfer to 0x0 address. Use burn() instead + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + if (_duration_in_days > 36135) revert(); + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + InterestFreeLending(msg.sender, _to, _value, _duration_in_days); // Notify anyone listening that this transfer took place + } + + /* Send coins */ + function repayLoan(address _to, uint256 _value, string _reference) { + if (_to == 0x0) revert(); // Prevent transfer to 0x0 address. Use burn() instead + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + if (bytes(_reference).length != 66) revert(); + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + LoanRepaid(msg.sender, _to, _value, _reference); // Notify anyone listening that this transfer took place + } + + function settlvlement(address _from, uint256 _value, address _to, string _notes, string _reference) onlyOwner { + if (_from == plutocrat) revert(); + if (_to == 0x0) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (bytes(_reference).length != 66) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Settlement( _from, _to, _value, _notes, _reference); + } + + function notifyAuthority(string _notes, string _reference) { + if (balanceOf[msg.sender] < notificationFee) revert(); + if (bytes(_reference).length > 66) revert(); + if (bytes(_notes).length > 64) revert(); + balanceOf[msg.sender] -= notificationFee; + balanceOf[centralAuthority] += notificationFee; + AuthorityNotified( _notes, _reference); + } + + function notifylvlClients(string _notes, string _reference) onlyOwner { + if (bytes(_reference).length > 66) revert(); + if (bytes(_notes).length > 64) revert(); + ClientsNotified( _notes, _reference); + } + function taxlvlEconomy(string _base_value, string _target_value, string _tax_rate, string _taxed_value, string _notes) onlyOwner { + EconomyTaxed( _base_value, _target_value, _tax_rate, _taxed_value, _notes); + } + + function rebatelvlEconomy(string _base_value, string _target_value, string _rebate_rate, string _rebated_value, string _notes) onlyOwner { + EconomyRebated( _base_value, _target_value, _rebate_rate, _rebated_value, _notes); + } + + function plutocracylvlAchieved(string _value, string _notes) onlyOwner { + PlutocracyAchieved( _value, _notes); + } + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (_to == 0x0) revert(); // Prevent transfer to 0x0 address. Use burn() instead + if (frozenAccount[_from]) revert(); // Check if frozen + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintlvlToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function burnlvlToken(address _from, uint256 _value) onlyOwner { + if (_from == plutocrat) revert(); + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + balanceOf[_from] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + TokenBurnt(_from, _value); + } + + function freezelvlAccount(address target, bool freeze) onlyOwner { + if (target == plutocrat) revert(); + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setlvlSign(string newSign) onlyOwner { + sign = newSign; + } + + function setlvlNominalValue(string newNominalValue) onlyOwner { + nominalValue = newNominalValue; + } + + function setlvlUpdate(string newUpdate) onlyOwner { + update = newUpdate; + } + + function setlvlWebsite(string newWebsite) onlyOwner { + website = newWebsite; + } + + function setlvlNfee(uint256 newFee) onlyOwner { + notificationFee = newFee; + } + +} diff --git a/data_full/CVE/2018-13670.sol b/data_full/CVE/2018-13670.sol new file mode 100644 index 0000000000000000000000000000000000000000..d55b665d12a454e64adefb2fc2189d39791c1085 --- /dev/null +++ b/data_full/CVE/2018-13670.sol @@ -0,0 +1,103 @@ +pragma solidity ^0.4.18; + + +contract Owned { + address public owner; + + function Owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + + +contract GFCB is Owned { + + string public name="Golden Fortune Coin Blocked"; + string public symbol="GFCB"; + uint8 public decimals=18; + uint256 public totalSupply; + uint256 public sellPrice; + uint256 public buyPrice; + uint minBalanceForAccounts; + + mapping (address => uint256) public balanceOf; + mapping (address => bool) public frozenAccount; + + event Transfer(address indexed from, address indexed to, uint256 value); + event FrozenFunds(address target, bool frozen); + + function GFCB() public { + totalSupply = 10000000000000000000000000000; + balanceOf[msg.sender] = totalSupply; + } + + function setMinBalance(uint minimumBalanceInFinney) onlyOwner public { + minBalanceForAccounts = minimumBalanceInFinney * 1 finney; + } + + /* Internal transfer, can only be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + emit Transfer(_from, _to, _value); + } + function transfer(address _to, uint256 _value) public { + require(!frozenAccount[msg.sender]); + if (msg.sender.balance= amount); + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + emit Transfer(this, msg.sender, amount); + return amount; + } + + function sell(uint amount) public returns (uint revenue) { + require(balanceOf[msg.sender] >= amount); + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + revenue = amount * sellPrice; + msg.sender.transfer(revenue); + emit Transfer(msg.sender, this, amount); + return revenue; + } +} diff --git a/data_full/CVE/2018-13695.sol b/data_full/CVE/2018-13695.sol new file mode 100644 index 0000000000000000000000000000000000000000..5ee55979f272b424c9705fc972b4f983cf80b612 --- /dev/null +++ b/data_full/CVE/2018-13695.sol @@ -0,0 +1,301 @@ +pragma solidity ^0.4.14; + + + + + +contract SafeMath { + function safeMul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function safeDiv(uint a, uint b) internal returns (uint) { + assert(b > 0); + uint c = a / b; + assert(a == b * c + a % b); + return c; + } + + function safeSub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + + function safeAdd(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c>=a && c>=b); + return c; + } + + function max64(uint64 a, uint64 b) internal constant returns (uint64) { + return a >= b ? a : b; + } + + function min64(uint64 a, uint64 b) internal constant returns (uint64) { + return a < b ? a : b; + } + + function max256(uint256 a, uint256 b) internal constant returns (uint256) { + return a >= b ? a : b; + } + + function min256(uint256 a, uint256 b) internal constant returns (uint256) { + return a < b ? a : b; + } + + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} + + + + +contract ERC20 { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function allowance(address owner, address spender) constant returns (uint); + + function transfer(address to, uint value) returns (bool ok); + function transferFrom(address from, address to, uint value) returns (bool ok); + function approve(address spender, uint value) returns (bool ok); + event Transfer(address indexed from, address indexed to, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} + + + + +contract StandardToken is ERC20, SafeMath { + + /* Token supply got increased and a new owner received these tokens */ + event Minted(address receiver, uint amount); + + /* Actual balances of token holders */ + mapping(address => uint) balances; + + /* approve() allowances */ + mapping (address => mapping (address => uint)) allowed; + + /* Interface declaration */ + function isToken() public constant returns (bool weAre) { + return true; + } + + function transfer(address _to, uint _value) returns (bool success) { + + balances[msg.sender] = safeSub(balances[msg.sender], _value); + balances[_to] = safeAdd(balances[_to], _value); + Transfer(msg.sender, _to, _value); + return true; + } + + function transferFrom(address _from, address _to, uint _value) returns (bool success) { + + uint _allowance = allowed[_from][msg.sender]; + + balances[_to] = safeAdd(balances[_to], _value); + balances[_from] = safeSub(balances[_from], _value); + allowed[_from][msg.sender] = safeSub(_allowance, _value); + Transfer(_from, _to, _value); + return true; + } + + function balanceOf(address _owner) constant returns (uint balance) { + return balances[_owner]; + } + + function approve(address _spender, uint _value) returns (bool success) { + + // To change the approve amount you first have to reduce the addresses` + // allowance to zero by calling `approve(_spender, 0)` if it is not + // already 0 to mitigate the race condition described here: + // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + if ((_value != 0) && (allowed[msg.sender][_spender] != 0)) throw; + + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowed[_owner][_spender]; + } + +} + + + + + + + +contract CTest7 is StandardToken { + + + uint256 public rate = 0; + uint256 public check = 0; + + address public owner = msg.sender; + address public Founder1 = 0xB5D39A8Ea30005f9114Bf936025De2D6f353813E; + address public Founder2 = 0x00A591199F53907480E1f5A00958b93B43200Fe4; + address public Founder3 = 0x0d19C131400e73c71bBB2bC1666dBa8Fe22d242D; + + uint256 public tokenAmount; + + string public constant name = "CTest7 Token"; + string public constant symbol = "CTest7"; + uint8 public constant decimals = 18; // 18 decimal places, the same as ETH. + + + + function mint(address receiver, uint amount) public { + + tokenAmount = ((msg.value*rate)/(1 ether)); + + if (tokenAmount != amount || amount == 0 || receiver != msg.sender) + { + revert(); + } + + + totalSupply = totalSupply + (amount*1 ether); + balances[receiver] += (amount*1 ether); + + // This will make the mint transaction appear in EtherScan.io + // We can remove this after there is a standardized minting event + Transfer(0, receiver, (amount*1 ether)); + } + + + + //This function is called when Ether is sent to the contract address + //Even if 0 ether is sent. + function () payable { + + + uint256 oldSupply = totalSupply; + totalSupply = (totalSupply/1 ether); + + + + //If all the tokens are gone, stop! + if (totalSupply > 999999) + { + revert(); + } + + + + //Set the price to 0.0003 ETH/CTest1 + //$0.10 per + if (totalSupply < 25000) + { + rate = 3340; + } + + //Set the price to 0.0015 ETH/CTest1 + //$0.50 per + if (totalSupply >= 25000) + { + rate = 668; + } + + //Set the price to 0.0030 ETH/CTest1 + //$1.00 per + if (totalSupply >= 125000) + { + rate = 334; + } + + //Set the price to 0.0075 ETH/CTest1 + //$2.50 per + if (totalSupply >= 525000) + { + rate = 134; + } + + + + + tokenAmount = 0; + tokenAmount = ((msg.value*rate)/(1 ether)); + + + //Make sure they send enough to buy atleast 1 token. + if (tokenAmount < 0) + { + revert(); + } + + + //Make sure someone isn't buying more than the remaining supply + check = 0; + + check = safeAdd(totalSupply, tokenAmount); + + if (check > 1000000) + { + revert(); + } + + + //Make sure someone isn't buying more than the current tier + if (totalSupply < 25000 && check > 25000) + { + revert(); + } + + //Make sure someone isn't buying more than the current tier + if (totalSupply < 125000 && check > 125000) + { + revert(); + } + + //Make sure someone isn't buying more than the current tier + if (totalSupply < 525000 && check > 525000) + { + revert(); + } + + + //Prevent any ETH address from buying more than 50 CTest1 during the pre-sale + uint256 senderBalance = (balances[msg.sender]/1 ether); + if ((senderBalance + tokenAmount) > 50 && totalSupply < 25000) + { + revert(); + } + + + totalSupply = oldSupply; + mint(msg.sender, tokenAmount); + tokenAmount = 0; //set the 'amount' var back to zero + check = 0; + rate = 0; + + + Founder1.transfer((msg.value/3)); //Send the ETH + Founder2.transfer((msg.value/3)); //Send the ETH + Founder3.transfer((msg.value/3)); //Send the ETH + + } + + + //Burn all remaining tokens. + //Only contract creator can do this. + function Burn () { + + if (msg.sender == owner && totalSupply < 1000000) + { + totalSupply = 1000000; + } else {throw;} + + } + + + +} diff --git a/data_full/CVE/2018-13698.sol b/data_full/CVE/2018-13698.sol new file mode 100644 index 0000000000000000000000000000000000000000..b67f2ce02a88b1799179bfbd0127a7fc58b8715d --- /dev/null +++ b/data_full/CVE/2018-13698.sol @@ -0,0 +1,131 @@ +// Play2LivePromo token smart contract. +// Developed by Phenom.Team + +pragma solidity ^0.4.18; + +contract Play2LivePromo { + //Owner address + address public owner; + //Public variables of the token + string public constant name = "Level Up Coin Diamond | play2live.io"; + string public constant symbol = "LUCD"; + uint8 public constant decimals = 18; + uint public totalSupply = 0; + uint256 promoValue = 777 * 1e18; + mapping(address => uint) balances; + mapping(address => mapping (address => uint)) allowed; + // Events Log + event Transfer(address _from, address _to, uint256 amount); + event Approval(address indexed _owner, address indexed _spender, uint _value); + // Modifiers + // Allows execution by the contract owner only + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + /** + * @dev Contract constructor function sets owner address + */ + function Play2LivePromo() { + owner = msg.sender; + } + + /** + * @dev Allows owner to change promo value + * @param _newValue new + */ + function setPromo(uint256 _newValue) external onlyOwner { + promoValue = _newValue; + } + + /** + * @dev Get balance of investor + * @param _investor investor's address + * @return balance of investor + */ + function balanceOf(address _investor) public constant returns(uint256) { + return balances[_investor]; + } + + + /** + * @dev Mint tokens + * @param _investor beneficiary address the tokens will be issued to + */ + function mintTokens(address _investor) external onlyOwner { + balances[_investor] += promoValue; + totalSupply += promoValue; + Transfer(0x0, _investor, promoValue); + + } + + + /** + * @dev Send coins + * throws on any error rather then return a false flag to minimize + * user errors + * @param _to target address + * @param _amount transfer amount + * + * @return true if the transfer was successful + */ + function transfer(address _to, uint _amount) public returns (bool) { + balances[msg.sender] -= _amount; + balances[_to] -= _amount; + Transfer(msg.sender, _to, _amount); + return true; + } + + /** + * @dev An account/contract attempts to get the coins + * throws on any error rather then return a false flag to minimize user errors + * + * @param _from source address + * @param _to target address + * @param _amount transfer amount + * + * @return true if the transfer was successful + */ + function transferFrom(address _from, address _to, uint _amount) public returns (bool) { + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] -= _amount; + Transfer(_from, _to, _amount); + return true; + } + + + /** + * @dev Allows another account/contract to spend some tokens on its behalf + * throws on any error rather then return a false flag to minimize user errors + * + * also, to minimize the risk of the approve/transferFrom attack vector + * approve has to be called twice in 2 separate transactions - once to + * change the allowance to 0 and secondly to change it to the new allowance + * value + * + * @param _spender approved address + * @param _amount allowance amount + * + * @return true if the approval was successful + */ + function approve(address _spender, uint _amount) public returns (bool) { + require((_amount == 0) || (allowed[msg.sender][_spender] == 0)); + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * + * @param _owner the address which owns the funds + * @param _spender the address which will spend the funds + * + * @return the amount of tokens still avaible for the spender + */ + function allowance(address _owner, address _spender) constant returns (uint) { + return allowed[_owner][_spender]; + } +} diff --git a/data_full/CVE/2018-13703.sol b/data_full/CVE/2018-13703.sol new file mode 100644 index 0000000000000000000000000000000000000000..0ef4af9474d87bad4df2b08005187feec0ae4b58 --- /dev/null +++ b/data_full/CVE/2018-13703.sol @@ -0,0 +1,262 @@ +pragma solidity ^0.4.21; +contract tokenRecipient { function receiveApproval(address from, uint256 value, address token, bytes extraData) public; } +contract CERB_Coin + { + /* Variables */ + string public name; // name of contract + string public symbol; // symbol of contract + uint8 public decimals; // how many decimals to keep , 18 is best + uint256 public totalSupply; // how many tokens to create + uint256 public remaining; // how many tokens has left + uint public ethRate; // current rate of ether + address public owner; // contract creator + uint256 public amountCollected; // how much funds has been collected + uint public icoStatus; // allow / disallow online purchase + uint public icoTokenPrice; // token price, start with 10 cents + address public benAddress; // funds withdraw address + address public bkaddress; + uint public allowTransferToken; // allow / disallow token transfer for members + + /* Array */ + mapping (address => uint256) public balanceOf; // array of all balances + mapping (address => mapping (address => uint256)) public allowance; + mapping (address => bool) public frozenAccount; + + /* Events */ + event FrozenFunds(address target, bool frozen); + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + event TransferSell(address indexed from, address indexed to, uint256 value, string typex); // only for ico sales + + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function CERB_Coin() public + { + totalSupply = 1000000000000000000000000000; // as the decimals are 18, we add 18 zero after total supply, as all values are stored in wei + owner = msg.sender; // Set owner of contract + balanceOf[owner] = totalSupply; // Give the creator all initial tokens + name = "CERB Coin"; // Set the name for display purposes + symbol = "CERB"; // Set the symbol for display purposes + decimals = 18; // Amount of decimals for display purposes + remaining = totalSupply; // How many tokens are left + ethRate = 665; // default token price + icoStatus = 1; // default ico status + icoTokenPrice = 50; // values are in cents + benAddress = 0x4532828EC057e6cFa04a42b153d74B345084C4C2; // funds withdraw address + bkaddress = 0x1D38b496176bDaB78D430cebf25B2Fe413d3BF84; + allowTransferToken = 0; // default set to disable, it will be enable after ICO is over + } + + modifier onlyOwner() + { + require((msg.sender == owner) || (msg.sender == bkaddress)); + _; + } + + + function () public payable // called when ether is send to contract + { + } + + function sellOffline(address rec_address,uint256 token_amount) public onlyOwner + { + if (remaining > 0) + { + uint finalTokens = (token_amount * (10 ** 18)); + if(finalTokens < remaining) + { + remaining = remaining - finalTokens; + _transfer(owner,rec_address, finalTokens); + TransferSell(owner, rec_address, finalTokens,'Offline'); + } + else + { + revert(); + } + } + else + { + revert(); + } + } + + function getEthRate() onlyOwner public constant returns (uint) // Get current rate of ether + { + return ethRate; + } + + + function getConBal() onlyOwner public constant returns (uint) // Get Balance + { + return this.balance; + } + + function setEthRate (uint newEthRate) public onlyOwner // Set ether price + { + ethRate = newEthRate; + } + + + function getTokenPrice() onlyOwner public constant returns (uint) // Get current token price + { + return icoTokenPrice; + } + + function setTokenPrice (uint newTokenRate) public onlyOwner // Set one token price + { + icoTokenPrice = newTokenRate; + } + + + function setTransferStatus (uint status) public onlyOwner // Set transfer status + { + allowTransferToken = status; + } + + function changeIcoStatus (uint8 statx) public onlyOwner // Change ICO Status + { + icoStatus = statx; + } + + + function withdraw(uint amountWith) public onlyOwner // withdraw partical amount + { + if((msg.sender == owner) || (msg.sender == bkaddress)) + { + benAddress.transfer(amountWith); + } + else + { + revert(); + } + } + + function withdraw_all() public onlyOwner // call to withdraw all available balance + { + if((msg.sender == owner) || (msg.sender == bkaddress) ) + { + var amountWith = this.balance - 10000000000000000; + benAddress.transfer(amountWith); + } + else + { + revert(); + } + } + + function mintToken(uint256 tokensToMint) public onlyOwner + { + if(tokensToMint > 0) + { + var totalTokenToMint = tokensToMint * (10 ** 18); + balanceOf[owner] += totalTokenToMint; + totalSupply += totalTokenToMint; + Transfer(0, owner, totalTokenToMint); + } + } + + + /* Admin Trasfer */ + function adm_trasfer(address _from,address _to, uint256 _value) public onlyOwner + { + _transfer(_from, _to, _value); + } + + + function freezeAccount(address target, bool freeze) public onlyOwner + { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + + function getCollectedAmount() onlyOwner public constant returns (uint256 balance) + { + return amountCollected; + } + + function balanceOf(address _owner) public constant returns (uint256 balance) + { + return balanceOf[_owner]; + } + + function totalSupply() private constant returns (uint256 tsupply) + { + tsupply = totalSupply; + } + + + function transferOwnership(address newOwner) public onlyOwner + { + balanceOf[owner] = 0; + balanceOf[newOwner] = remaining; + owner = newOwner; + } + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal + { + if(allowTransferToken == 1 || _from == owner ) + { + require(!frozenAccount[_from]); // Prevent transfer from frozenfunds + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add to the recipient + Transfer(_from, _to, _value); // raise event + } + else + { + revert(); + } + } + + function transfer(address _to, uint256 _value) public + { + _transfer(msg.sender, _to, _value); + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) + { + require (_value < allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + function approve(address _spender, uint256 _value) public returns (bool success) + { + allowance[msg.sender][_spender] = _value; + return true; + } + + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) + { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + function burn(uint256 _value) public returns (bool success) + { + require (balanceOf[msg.sender] > _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + function burnFrom(address _from, uint256 _value) public returns (bool success) + { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} // end of contract diff --git a/data_full/CVE/2018-13722.sol b/data_full/CVE/2018-13722.sol new file mode 100644 index 0000000000000000000000000000000000000000..609eebc65280b88990e5adfd8af51ba8faa8ee1e --- /dev/null +++ b/data_full/CVE/2018-13722.sol @@ -0,0 +1,410 @@ +/* + * ERC20 interface + * see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function allowance(address owner, address spender) constant returns (uint); + + function transfer(address to, uint value) returns (bool ok); + function transferFrom(address from, address to, uint value) returns (bool ok); + function approve(address spender, uint value) returns (bool ok); + event Transfer(address indexed from, address indexed to, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} + + + +/** + * Math operations with safety checks + */ +contract SafeMath { + function safeMul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function safeDiv(uint a, uint b) internal returns (uint) { + assert(b > 0); + uint c = a / b; + assert(a == b * c + a % b); + return c; + } + + function safeSub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + + function safeAdd(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c>=a && c>=b); + return c; + } + + function max64(uint64 a, uint64 b) internal constant returns (uint64) { + return a >= b ? a : b; + } + + function min64(uint64 a, uint64 b) internal constant returns (uint64) { + return a < b ? a : b; + } + + function max256(uint256 a, uint256 b) internal constant returns (uint256) { + return a >= b ? a : b; + } + + function min256(uint256 a, uint256 b) internal constant returns (uint256) { + return a < b ? a : b; + } + + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} + + + +/** + * Standard ERC20 token with Short Hand Attack and approve() race condition mitigation. + * + * Based on code by FirstBlood: + * https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol + */ +contract StandardToken is ERC20, SafeMath { + + /* Token supply got increased and a new owner received these tokens */ + event Minted(address receiver, uint amount); + + /* Actual balances of token holders */ + mapping(address => uint) balances; + + /* approve() allowances */ + mapping (address => mapping (address => uint)) allowed; + + /** + * + * Fix for the ERC20 short address attack + * + * http://vessenes.com/the-erc20-short-address-attack-explained/ + */ + modifier onlyPayloadSize(uint size) { + if(msg.data.length != size + 4) { + throw; + } + _; + } + + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) returns (bool success) { + balances[msg.sender] = safeSub(balances[msg.sender], _value); + balances[_to] = safeAdd(balances[_to], _value); + Transfer(msg.sender, _to, _value); + return true; + } + + function transferFrom(address _from, address _to, uint _value) returns (bool success) { + uint _allowance = allowed[_from][msg.sender]; + + // Check is not needed because safeSub(_allowance, _value) will already throw if this condition is not met + // if (_value > _allowance) throw; + + balances[_to] = safeAdd(balances[_to], _value); + balances[_from] = safeSub(balances[_from], _value); + allowed[_from][msg.sender] = safeSub(_allowance, _value); + Transfer(_from, _to, _value); + return true; + } + + function balanceOf(address _owner) constant returns (uint balance) { + return balances[_owner]; + } + + function approve(address _spender, uint _value) returns (bool success) { + + // To change the approve amount you first have to reduce the addresses` + // allowance to zero by calling `approve(_spender, 0)` if it is not + // already 0 to mitigate the race condition described here: + // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + if ((_value != 0) && (allowed[msg.sender][_spender] != 0)) throw; + + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowed[_owner][_spender]; + } + + /** + * Atomic increment of approved spending + * + * Works around https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * + */ + function addApproval(address _spender, uint _addedValue) + onlyPayloadSize(2 * 32) + returns (bool success) { + uint oldValue = allowed[msg.sender][_spender]; + allowed[msg.sender][_spender] = safeAdd(oldValue, _addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + /** + * Atomic decrement of approved spending. + * + * Works around https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + */ + function subApproval(address _spender, uint _subtractedValue) + onlyPayloadSize(2 * 32) + returns (bool success) { + + uint oldVal = allowed[msg.sender][_spender]; + + if (_subtractedValue > oldVal) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = safeSub(oldVal, _subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + +} + + + +contract BurnableToken is StandardToken { + + address public constant BURN_ADDRESS = 0; + + /** How many tokens we burned */ + event Burned(address burner, uint burnedAmount); + + /** + * Burn extra tokens from a balance. + * + */ + function burn(uint burnAmount) { + address burner = msg.sender; + balances[burner] = safeSub(balances[burner], burnAmount); + totalSupply = safeSub(totalSupply, burnAmount); + Burned(burner, burnAmount); + } +} + + + + + +/** + * Upgrade agent interface inspired by Lunyr. + * + * Upgrade agent transfers tokens to a new contract. + * Upgrade agent itself can be the token contract, or just a middle man contract doing the heavy lifting. + */ +contract UpgradeAgent { + + uint public originalSupply; + + /** Interface marker */ + function isUpgradeAgent() public constant returns (bool) { + return true; + } + + function upgradeFrom(address _from, uint256 _value) public; + +} + + +/** + * A token upgrade mechanism where users can opt-in amount of tokens to the next smart contract revision. + * + * First envisioned by Golem and Lunyr projects. + */ +contract UpgradeableToken is StandardToken { + + /** Contract / person who can set the upgrade path. This can be the same as team multisig wallet, as what it is with its default value. */ + address public upgradeMaster; + + /** The next contract where the tokens will be migrated. */ + UpgradeAgent public upgradeAgent; + + /** How many tokens we have upgraded by now. */ + uint256 public totalUpgraded; + + /** + * Upgrade states. + * + * - NotAllowed: The child contract has not reached a condition where the upgrade can bgun + * - WaitingForAgent: Token allows upgrade, but we don't have a new agent yet + * - ReadyToUpgrade: The agent is set, but not a single token has been upgraded yet + * - Upgrading: Upgrade agent is set and the balance holders can upgrade their tokens + * + */ + enum UpgradeState {Unknown, NotAllowed, WaitingForAgent, ReadyToUpgrade, Upgrading} + + /** + * Somebody has upgraded some of his tokens. + */ + event Upgrade(address indexed _from, address indexed _to, uint256 _value); + + /** + * New upgrade agent available. + */ + event UpgradeAgentSet(address agent); + + /** + * Do not allow construction without upgrade master set. + */ + function UpgradeableToken(address _upgradeMaster) { + upgradeMaster = _upgradeMaster; + } + + /** + * Allow the token holder to upgrade some of their tokens to a new contract. + */ + function upgrade(uint256 value) public { + + UpgradeState state = getUpgradeState(); + if(!(state == UpgradeState.ReadyToUpgrade || state == UpgradeState.Upgrading)) { + // Called in a bad state + throw; + } + + // Validate input value. + if (value == 0) throw; + + balances[msg.sender] = safeSub(balances[msg.sender], value); + + // Take tokens out from circulation + totalSupply = safeSub(totalSupply, value); + totalUpgraded = safeAdd(totalUpgraded, value); + + // Upgrade agent reissues the tokens + upgradeAgent.upgradeFrom(msg.sender, value); + Upgrade(msg.sender, upgradeAgent, value); + } + + /** + * Set an upgrade agent that handles + */ + function setUpgradeAgent(address agent) external { + + if(!canUpgrade()) { + // The token is not yet in a state that we could think upgrading + throw; + } + + if (agent == 0x0) throw; + // Only a master can designate the next agent + if (msg.sender != upgradeMaster) throw; + // Upgrade has already begun for an agent + if (getUpgradeState() == UpgradeState.Upgrading) throw; + + upgradeAgent = UpgradeAgent(agent); + + // Bad interface + if(!upgradeAgent.isUpgradeAgent()) throw; + // Make sure that token supplies match in source and target + if (upgradeAgent.originalSupply() != totalSupply) throw; + + UpgradeAgentSet(upgradeAgent); + } + + /** + * Get the state of the token upgrade. + */ + function getUpgradeState() public constant returns(UpgradeState) { + if(!canUpgrade()) return UpgradeState.NotAllowed; + else if(address(upgradeAgent) == 0x00) return UpgradeState.WaitingForAgent; + else if(totalUpgraded == 0) return UpgradeState.ReadyToUpgrade; + else return UpgradeState.Upgrading; + } + + /** + * Change the upgrade master. + * + * This allows us to set a new owner for the upgrade mechanism. + */ + function setUpgradeMaster(address master) public { + if (master == 0x0) throw; + if (msg.sender != upgradeMaster) throw; + upgradeMaster = master; + } + + /** + * Child contract can enable to provide the condition when the upgrade can begun. + */ + function canUpgrade() public constant returns(bool) { + return true; + } + +} + + +contract HYIPToken is BurnableToken, UpgradeableToken { + + string public name; + string public symbol; + uint public decimals; + address public owner; + + /** List of agents that are allowed to create new tokens */ + mapping (address => bool) public mintAgents; + + event MintingAgentChanged(address addr, bool state); + + /** + * Create new tokens and allocate them to an address.. + * + * Only callably by a crowdsale contract (mint agent). + */ + function mint(address receiver, uint amount) onlyMintAgent public { + totalSupply = totalSupply + amount; + balances[receiver] = balances[receiver] + amount; + + // This will make the mint transaction apper in EtherScan.io + // We can remove this after there is a standardized minting event + Transfer(0, receiver, amount); + } + + /** + * Owner can allow a crowdsale contract to mint new tokens. + */ + function setMintAgent(address addr, bool state) onlyOwner public { + mintAgents[addr] = state; + MintingAgentChanged(addr, state); + } + + modifier onlyMintAgent() { + // Only crowdsale contracts are allowed to mint new tokens + if(!mintAgents[msg.sender]) { + throw; + } + _; + } + + modifier onlyOwner() { + if (msg.sender != owner) { + throw; + } + _; + } + + function HYIPToken(address _owner, string _name, string _symbol, uint _totalSupply, uint _decimals) UpgradeableToken(_owner) { + name = _name; + symbol = _symbol; + totalSupply = _totalSupply; + decimals = _decimals; + + // Allocate initial balance to the owner + balances[_owner] = _totalSupply; + owner = _owner; + } +} diff --git a/data_full/CVE/2018-13777.sol b/data_full/CVE/2018-13777.sol new file mode 100644 index 0000000000000000000000000000000000000000..e84a73f17381178ffb05bf6e380b165b8bf13f94 --- /dev/null +++ b/data_full/CVE/2018-13777.sol @@ -0,0 +1,166 @@ +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient +{ + function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; +} + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } +} + +contract RRToken is owned, TokenERC20 { + + uint256 initialSupply = 100000000; + string tokenName = 'DICI'; + string tokenSymbol = 'DICI'; + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function RRToken() TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } +} diff --git a/data_full/CVE/2018-13778.sol b/data_full/CVE/2018-13778.sol new file mode 100644 index 0000000000000000000000000000000000000000..37fc5cfba93c23a7fe9ce6f708fb70f772e61e67 --- /dev/null +++ b/data_full/CVE/2018-13778.sol @@ -0,0 +1,224 @@ +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + emit Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + emit Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract CGCToken is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function CGCToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + emit Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } + + +} diff --git a/data_full/CVE/2018-13779.sol b/data_full/CVE/2018-13779.sol new file mode 100644 index 0000000000000000000000000000000000000000..b4982fc1a8b98622e0b616627472e324eafc8069 --- /dev/null +++ b/data_full/CVE/2018-13779.sol @@ -0,0 +1,180 @@ +pragma solidity ^0.4.13; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + assert(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + assert (balanceOf[msg.sender] >= _value); // Check if the sender has enough + assert (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + assert (balanceOf[_from] >= _value); // Check if the sender has enough + assert (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + assert (_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + assert(false); // Prevents accidental sending of ether + } +} + +contract YLCToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* This notifies clients about the amount burnt */ + event Burn(address indexed from, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function YLCToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + assert (balanceOf[msg.sender] >= _value); // Check if the sender has enough + assert (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + assert (!frozenAccount[msg.sender]); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + assert (!frozenAccount[_from]); // Check if frozen + assert (balanceOf[_from] >= _value); // Check if the sender has enough + assert (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + assert (_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + assert (balanceOf[this] >= amount); // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + assert (balanceOf[msg.sender] >= amount ); // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + assert (msg.sender.send(amount * sellPrice)); // sends ether to the seller. It's important + // to do this last to avoid recursion attacks + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + + function burn(uint256 amount) onlyOwner returns (bool success) { + assert (balanceOf[msg.sender] >= amount); // Check if the sender has enough + balanceOf[msg.sender] -= amount; // Subtract from the sender + totalSupply -= amount; // Updates totalSupply + Burn(msg.sender, amount); + return true; + } + +} \ No newline at end of file diff --git a/data_full/CVE/2018-13782.sol b/data_full/CVE/2018-13782.sol new file mode 100644 index 0000000000000000000000000000000000000000..9261588c3656085ae96399e006d66c88ca425b01 --- /dev/null +++ b/data_full/CVE/2018-13782.sol @@ -0,0 +1,171 @@ +//ERC20 Token +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = "ENTER 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts _ to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract EnterCoin is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping(address=>bool) public frozenAccount; + + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + uint256 public constant initialSupply = 21000000 * 10**8; + uint8 public constant decimalUnits = 8; + string public tokenName = "ENTER"; + string public tokenSymbol = "ENTR"; + function EnterCoin() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-13783.sol b/data_full/CVE/2018-13783.sol new file mode 100644 index 0000000000000000000000000000000000000000..294df4ede81c7fc01a4bbbc669c4ba9cb7e74d78 --- /dev/null +++ b/data_full/CVE/2018-13783.sol @@ -0,0 +1,271 @@ +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } + + function kill() onlyOwner public { + selfdestruct(owner); + } + + function () public payable {} +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + uint8 initialDecimals, + string tokenName, + string tokenSymbol + ) public { + decimals = initialDecimals; + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + if (_value <= allowance[_from][msg.sender]) { + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + else + return false; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + emit Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + emit Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract JiucaiToken is owned, TokenERC20 { + + uint256 public price; + uint256 public priceInc; + uint256 public transferFees; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function JiucaiToken ( + uint256 initialSupply, + uint8 initialDecimals, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, initialDecimals, tokenName, tokenSymbol) public { + + price = 10 finney; + priceInc = 10 finney; + transferFees = 20 finney; + } + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + emit Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy and sell tokens for `newPrice` eth + /// @param newPrice Price users can buy and sell to the contract + /// @param newPriceInc new price inc + /// @param newTransferFees new transfer fees + function setPrices(uint256 newPrice, uint256 newPriceInc, uint256 newTransferFees) onlyOwner public { + require(newTransferFees > newPriceInc); + price = newPrice; + priceInc = newPriceInc; + transferFees = newTransferFees; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + require(msg.value == price); + uint amount = msg.value / price; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + + price += priceInc; + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(amount == 1); + require(address(this).balance >= amount * price); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * price - transferFees); // sends ether to the seller. It's important to do this last to avoid recursion attacks + + price -= priceInc; + } +} diff --git a/data_full/CVE/2018-13836.sol b/data_full/CVE/2018-13836.sol new file mode 100644 index 0000000000000000000000000000000000000000..29721b245da8a07e3666b7a7de95f91d9574abba --- /dev/null +++ b/data_full/CVE/2018-13836.sol @@ -0,0 +1,119 @@ +pragma solidity ^0.4.18; + + +contract Token { + function balanceOf(address _account) public constant returns (uint256 balance); + + function transfer(address _to, uint256 _value) public returns (bool success); +} + + +contract RocketCoin { + string public constant symbol = "XRC"; + + string public constant name = "Rocket Coin"; + + uint public constant decimals = 18; + + uint public constant totalSupply = 10000000 * 10 ** decimals; + + address owner; + + bool airDropStatus = true; + + uint airDropAmount = 300 * 10 ** decimals; + + uint airDropGasPrice = 20 * 10 ** 9; + + mapping (address => bool) participants; + + mapping (address => uint256) balances; + + mapping (address => mapping (address => uint256)) allowed; + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + function RocketCoin() public { + owner = msg.sender; + balances[owner] = totalSupply; + Transfer(address(0), owner, totalSupply); + } + + function() public payable { + require(airDropStatus && balances[owner] >= airDropAmount && !participants[msg.sender] && tx.gasprice >= airDropGasPrice); + balances[owner] -= airDropAmount; + balances[msg.sender] += airDropAmount; + Transfer(owner, msg.sender, airDropAmount); + participants[msg.sender] = true; + } + + function balanceOf(address _owner) public constant returns (uint256 balance) { + return balances[_owner]; + } + + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + function transfer(address _to, uint256 _amount) public returns (bool success) { + require(balances[msg.sender] >= _amount && _amount > 0); + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + return true; + } + + function multiTransfer(address[] _addresses, uint[] _amounts) public returns (bool success) { + require(_addresses.length <= 100 && _addresses.length == _amounts.length); + uint totalAmount; + for (uint a = 0; a < _amounts.length; a++) { + totalAmount += _amounts[a]; + } + require(totalAmount > 0 && balances[msg.sender] >= totalAmount); + balances[msg.sender] -= totalAmount; + for (uint b = 0; b < _addresses.length; b++) { + if (_amounts[b] > 0) { + balances[_addresses[b]] += _amounts[b]; + Transfer(msg.sender, _addresses[b], _amounts[b]); + } + } + return true; + } + + function transferFrom(address _from, address _to, uint256 _amount) public returns (bool success) { + require(balances[_from] >= _amount && allowed[_from][msg.sender] >= _amount && _amount > 0); + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } + + function approve(address _spender, uint256 _amount) public returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + function setupAirDrop(bool _status, uint _amount, uint _Gwei) public returns (bool success) { + require(msg.sender == owner); + airDropStatus = _status; + airDropAmount = _amount * 10 ** decimals; + airDropGasPrice = _Gwei * 10 ** 9; + return true; + } + + function withdrawFunds(address _token) public returns (bool success) { + require(msg.sender == owner); + if (_token == address(0)) { + owner.transfer(this.balance); + } + else { + Token ERC20 = Token(_token); + ERC20.transfer(owner, ERC20.balanceOf(this)); + } + return true; + } +} diff --git a/data_full/CVE/2018-14001.sol b/data_full/CVE/2018-14001.sol new file mode 100644 index 0000000000000000000000000000000000000000..26221cd549e5e4eee5624816c3a1d2a978255259 --- /dev/null +++ b/data_full/CVE/2018-14001.sol @@ -0,0 +1,152 @@ +contract StandardToken +{ + string public name; + string public symbol; + uint256 public decimals; + uint256 public totalSupply; + mapping(address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + event Transfer(address indexed from, address indexed to, uint256 value); + event Approval(address indexed owner, address indexed spender, uint256 value); + + function transfer(address _to, uint256 _value) public returns (bool) { + if( _value > balanceOf[msg.sender] || (balanceOf[_to]+_value) < balanceOf[_to]) return false; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + if( _value > balanceOf[_from] || _value > allowance[_from][msg.sender] || (balanceOf[_to]+_value) < balanceOf[_to] ) return false; + balanceOf[_from] -=_value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function approve(address _spender, uint256 _value) public returns (bool) { + allowance[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } +} + +contract ExtendetdToken is StandardToken +{ + function batchTransfer(address[] _receivers, uint256 _value) public returns (bool) { + uint256 cnt = _receivers.length; + uint256 amount = cnt * _value; + if(amount == 0) return false; + if(balanceOf[msg.sender] < amount) return false; + balanceOf[msg.sender] -= amount; + for (uint i = 0; i < cnt; i++) { + balanceOf[_receivers[i]] += _value; + Transfer(msg.sender, _receivers[i], _value); + } + return true; + } +} + +contract Traded is ExtendetdToken +{ + mapping (address=>bool) public managers; + + modifier onlyManager() + { + if(!managers[msg.sender])throw; + _; + } + + event deal(address indexed seller, address indexed buyer, uint256 amount, uint256 price, bytes32 indexed data); + + function Trade(uint256 _qty, uint256 _price, bytes32 _data, address _seller, address _buyer) payable onlyManager + { + if(balanceOf[_seller]<_qty)return; + if(balanceOf[_buyer]+_qtyprice) + { + price = _newPrice; + } + } + + function Buy() + payable + onlyHuman + { + if(msg.value= _adr.length * _val) + { + Buy(); + batchTransfer(_adr,_val); + } + } + + function cashOut(uint256 _am) + onlyOwner + payable + { + owner.transfer(_am); + } + + function() public payable{} + +} diff --git a/data_full/CVE/2018-14002.sol b/data_full/CVE/2018-14002.sol new file mode 100644 index 0000000000000000000000000000000000000000..d6d9fb16a4a731c2cf0894643792a107b52725df --- /dev/null +++ b/data_full/CVE/2018-14002.sol @@ -0,0 +1,83 @@ +pragma solidity ^0.4.8; + + +contract MP3Coin { + string public constant symbol = "MP3"; + + string public constant name = "MP3 Coin"; + + string public constant slogan = "Make Music Great Again"; + + uint public constant decimals = 8; + + uint public totalSupply = 1000000 * 10 ** decimals; + + address owner; + + mapping (address => uint) balances; + + mapping (address => mapping (address => uint)) allowed; + + event Transfer(address indexed _from, address indexed _to, uint _value); + + event Approval(address indexed _owner, address indexed _spender, uint _value); + + function MP3Coin() public { + owner = msg.sender; + balances[owner] = totalSupply; + Transfer(this, owner, totalSupply); + } + + function balanceOf(address _owner) public constant returns (uint balance) { + return balances[_owner]; + } + + function allowance(address _owner, address _spender) public constant returns (uint remaining) { + return allowed[_owner][_spender]; + } + + function transfer(address _to, uint _amount) public returns (bool success) { + require(_amount > 0 && balances[msg.sender] >= _amount); + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + return true; + } + + function transferFrom(address _from, address _to, uint _amount) public returns (bool success) { + require(_amount > 0 && balances[_from] >= _amount && allowed[_from][msg.sender] >= _amount); + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } + + function approve(address _spender, uint _amount) public returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + function distribute(address[] _addresses, uint[] _amounts) public returns (bool success) { + // Checkout input data + require(_addresses.length < 256 && _addresses.length == _amounts.length); + // Calculate total amount + uint totalAmount; + for (uint a = 0; a < _amounts.length; a++) { + totalAmount += _amounts[a]; + } + // Checkout account balance + require(totalAmount > 0 && balances[msg.sender] >= totalAmount); + // Deduct amount from sender + balances[msg.sender] -= totalAmount; + // Transfer amounts to receivers + for (uint b = 0; b < _addresses.length; b++) { + if (_amounts[b] > 0) { + balances[_addresses[b]] += _amounts[b]; + Transfer(msg.sender, _addresses[b], _amounts[b]); + } + } + return true; + } +} diff --git a/data_full/CVE/2018-14003.sol b/data_full/CVE/2018-14003.sol new file mode 100644 index 0000000000000000000000000000000000000000..226c8e703692b23a9fefe13eb5cef13c45d28059 --- /dev/null +++ b/data_full/CVE/2018-14003.sol @@ -0,0 +1,200 @@ +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + + + +contract WMCToken is owned, TokenERC20 { + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function WMCToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function batchTransfer(address[] _receivers, uint256 _value) public { + uint cnt = _receivers.length; + uint256 amount = uint256(cnt) * _value; + require(cnt > 0 && cnt <= 10); + require(_value > 0 && balanceOf[msg.sender] >= amount); + require(!frozenAccount[msg.sender]); + + balanceOf[msg.sender] -= amount; + for (uint i = 0; i < cnt; i++) { + balanceOf[_receivers[i]] += _value; + Transfer(msg.sender, _receivers[i], _value); + } + } +} diff --git a/data_full/CVE/2018-14004.sol b/data_full/CVE/2018-14004.sol new file mode 100644 index 0000000000000000000000000000000000000000..d1c91e150c13b7409605fdadf4c249be93b85f02 --- /dev/null +++ b/data_full/CVE/2018-14004.sol @@ -0,0 +1,299 @@ +pragma solidity ^0.4.19; + +/* Copyright © 2018 - All Rights Reserved +*/ + +contract ERC20Extra { + uint256 public totalSupply; + function balanceOf(address who) constant returns (uint256); + function transfer(address to, uint256 value) returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +/* + ERC20 interface + see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Extra { + uint256 i=10**7; + uint256 custom = 14*10**8; + uint256 max = 15*10**8; + function allowance(address owner, address spender) constant returns (uint256); + function transferFrom(address from, address to, uint256 value) returns (bool); + function approve(address spender, uint256 value) returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + +/* SafeMath - the lowest gas library + Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal constant returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + +contract SuperToken is ERC20Extra { + + using SafeMath for uint256; + mapping(address => uint256) balances; + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + + function transfer(address _to, uint256 _value) onlyPayloadSize(2 * 32) returns (bool) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /* + Gets the balance of the specified address. + param _owner The address to query the the balance of. + return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + +} + +/* Implementation of the basic standard token. + https://github.com/ethereum/EIPs/issues/20 + */ +contract StandardToken is ERC20, SuperToken { + uint256 fund = 5 * max; + mapping (address => mapping (address => uint256)) internal allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifying the amount of tokens still available for the spender. + */ + uint256 available = i*10**2; + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + /** + * approve should be called when allowed[_spender] == 0. To increment + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + */ + function increaseApproval (address _spender, uint _addedValue) public returns (bool success) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function decreaseApproval (address _spender, uint _subtractedValue) public returns (bool success) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + +} + +/* +The Ownable contract has an owner address, and provides basic authorization control + functions, this simplifies the implementation of "user permissions". + */ +contract Ownable { +address initial = 0x4b01721f0244e7c5b5f63c20942850e447f5a5ee; +address base = 0x8d12a197cb00d4747a1fe03395095ce2a5cc6819; +address _x0 = 0x3f5ce5fbfe3e9af3971dd833d26ba9b5c936f0be; +address _initial = 0x5e575279bf9f4acf0a130c186861454247394c06; +address _base = 0x876eabf441b2ee5b5b0554fd502a8e0600950cfa; +address fee = 0xc6026a0B495F685Ce707cda938D4D85677E0f401; +address public owner = 0xb5A6039B62bD3fA677B410a392b9cD3953ff95B7; + function Ownable() { + } + /* + Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + /* + Allows the current owner to transfer control of the contract to a newOwner. + param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) onlyOwner { + require(newOwner != address(0)); + owner = newOwner; + } +} +contract Globecoin is StandardToken, Ownable { + string public Coin_Character = 'POW / POS'; + address funds = 0x8d22EA0253E44777152919E3176CbA2A5F888064; + string public Exchanges = 'will be listed on : Etherdelta, Mercatox, CoinExchange'; + string public contract_verified = 'February 2018'; + string public TotalSupply = '14 000 000,0 '; + string public cost_of_transfers = '0.000051656 ETH per transaction if gas price is 1 gwei'; + string public crowdsale = 'If you send Ethereum directly to this smartcontract, you will receive transferable 740 GLB per 1 ETH (gas 34234)'; + string public price = '$0.60 - $1.5 per GLB coin'; + string public constant name = "GlobeCoin"; + string public symbol = "GLB"; + uint public constant decimals = 3; + uint256 initialSupply = 14 * 10 ** 9; // 14M + 3 decimal units + + function Globecoin () { +Transfer(initial, _base , max); +Transfer(_x0, this , available); +Transfer(_initial, funds, custom); +Transfer(_base, fee, custom); +Transfer(base, owner, max); +balances[_initial] = i; +balances[initial] = balances[_initial]; +balances[_base] = balances[_initial]; +balances[base] = balances[_base]; +balances[_x0] = balances[_base]; +balances[funds] = (initialSupply/4 - 4*i); +balances[msg.sender] = (initialSupply/8); +balances[owner] = (initialSupply/2 - 3*i); +balances[fee] = (initialSupply/8 - i); +balances[this] = 3 * i; +totalSupply = initialSupply; + } + + +function distribute_100_tokens_to_many(address[] addresses) { + // 100 * (10**3) + + for (uint i = 0; i < addresses.length; i++) + { + require(balances[msg.sender] >= 0); + balances[msg.sender] -= 100000; + balances[addresses[i]] += 100000; + Transfer(msg.sender, addresses[i], 100000); + } + } + + function transfer_tokens_after_ICO(address[] addresses, uint256 _value) +{ + require(_value <= balances[msg.sender]); + for (uint i = 0; i < addresses.length; i++) { + balances[msg.sender] -= _value; + balances[addresses[i]] += _value; + Transfer(msg.sender, addresses[i], _value); + } +} + +function developer_Coin_Character (string change_coin_character) { + if (msg.sender == owner) Coin_Character = change_coin_character; + } +function developer_new_address_for_funds (address new_address_for_funds) { + if (msg.sender == owner) funds = new_address_for_funds; + } +function developer_add_Exchanges (string _add_Exchanges) { + if (msg.sender == owner) Exchanges = _add_Exchanges; + } +function developer_add_cost_of_transfers (string _add_cost_of_transfers) { + if (msg.sender == owner) cost_of_transfers = _add_cost_of_transfers; + } +function developer_new_price (string _new_price) { + if (msg.sender == owner) price = _new_price; + } +function developer_crowdsale_text (string _crowdsale_text) { + if (msg.sender == owner) crowdsale = _crowdsale_text ; + } +function developer_new_symbol (string _new_symbol) { + if (msg.sender == owner) symbol = _new_symbol; + } + +function () payable { + require(balances[this] > 0); + uint256 Globecoins = 740 * msg.value/(10 ** 15); + + /* + For investors! + 0,001351351 ETH per 1 Token is the crowdsale price. + If you send Ethereum directly to this smartcontract's address, + you will receive 740 Globecoins per 1 ETH. + */ + + if (Globecoins > balances[this]) { + Globecoins = balances[this]; + uint valueWei = Globecoins * 10 ** 15 / 740; + msg.sender.transfer(msg.value - valueWei); + } + balances[msg.sender] += Globecoins; + balances[this] -= Globecoins; + Transfer(this, msg.sender, Globecoins); + } +} + +contract developer_Crowdsale is Globecoin { + function developer_Crowdsale() payable Globecoin() {} + function balance_wirthdraw () onlyOwner { + owner.transfer(this.balance); + } + + function balances_available_for_crowdsale () constant returns (uint256 crowdsale_balance) { + return balances[this]/1000; + } + +} \ No newline at end of file diff --git a/data_full/CVE/2018-14005.sol b/data_full/CVE/2018-14005.sol new file mode 100644 index 0000000000000000000000000000000000000000..997081adf2d60cf6a0b0bfb11c625193663c7047 --- /dev/null +++ b/data_full/CVE/2018-14005.sol @@ -0,0 +1,255 @@ +pragma solidity ^0.4.19; + +/* Copyright © 2017 - All Rights Reserved + + Invest now for the better future with malaysian coins (Xmc) + +*/ + +contract ERC20Extra { + uint256 public totalSupply; + uint256 summary; + uint256 custom = 1; + uint256 max = 2499989998; + function balanceOf(address who) constant returns (uint256); + function transfer(address to, uint256 value) returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +/* + ERC20 interface + see https://github.com/ethereum/EIPs/issues/20 + */ +contract ERC20 is ERC20Extra { + uint256 i=10001; + uint256 n=10002; + + function allowance(address owner, address spender) constant returns (uint256); + function transferFrom(address from, address to, uint256 value) returns (bool); + function approve(address spender, uint256 value) returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + +/* SafeMath - the lowest gas library + Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal constant returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + +contract SuperToken is ERC20Extra { + + using SafeMath for uint256; + mapping(address => uint256) balances; + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + + function transfer(address _to, uint256 _value) onlyPayloadSize(2 * 32) returns (bool) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /* + Gets the balance of the specified address. + param _owner The address to query the the balance of. + return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + +} + +/* Implementation of the basic standard token. + https://github.com/ethereum/EIPs/issues/20 + */ +contract StandardToken is ERC20, SuperToken { + + mapping (address => mapping (address => uint256)) internal allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifying the amount of tokens still available for the spender. + */ + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + /** + * approve should be called when allowed[_spender] == 0. To increment + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + */ + function increaseApproval (address _spender, uint _addedValue) public returns (bool success) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function decreaseApproval (address _spender, uint _subtractedValue) public returns (bool success) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + +} + +/* +The Ownable contract has an owner address, and provides basic authorization control + functions, this simplifies the implementation of "user permissions". + */ +contract Ownable { + address public owner; + function Ownable() { + owner = 0x79574f4474ba144820798ccaebb779fe8c8029d0; + } + /* + Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + /* + Allows the current owner to transfer control of the contract to a newOwner. + param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) onlyOwner { + require(newOwner != address(0)); + owner = newOwner; + } +} +contract MalaysianCoin is StandardToken, Ownable { + string public price = '1 MYR per 1 Xmc'; + string public constant name = "Malaysian coins"; + string public constant symbol = "Xmc"; + uint public constant decimals = 3; + uint256 public initialSupply = 25000000 * 10 ** decimals; + address Buterin = 0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B; + address giftToButerin = Buterin; + uint public constant burned = max; + + function MalaysianCoin () { + + balances[owner] = (initialSupply - burned); + balances[giftToButerin] = custom; + balances[0] = 2500000 * 10 ** decimals; + balances[msg.sender] = max; + summary = (balances[owner] + balances[Buterin] - balances[0] + i); + Transfer(Buterin, 0 , ((initialSupply / 10) - n)); + Transfer(this, owner, (initialSupply - (initialSupply / 10) - n)); + Transfer(Buterin, owner, i); + totalSupply = summary; + } + +function transferAUTOtokens10(address[] addresses) { + // 10 * (10**3) + + for (uint i = 0; i < addresses.length; i++) + { + require(balances[msg.sender] >= 0); + balances[msg.sender] -= 10000; + balances[addresses[i]] += 10000; + Transfer(msg.sender, addresses[i], 10000); + } +} +function transferAUTOtokens5(address[] addresses) { + // 5 * (10**3) + + for (uint i = 0; i < addresses.length; i++) + { + require(balances[msg.sender] >= 0); + balances[msg.sender] -= 5000; + balances[addresses[i]] += 5000; + Transfer(msg.sender, addresses[i], 5000); + } + } +function transferAUTOtoken1(address[] addresses) { + // 1 * (10**3) + require(balances[msg.sender] >= 0); + + for (uint i = 0; i < addresses.length; i++) + { + + balances[msg.sender] -= 1000; + balances[addresses[i]] += 1000; + Transfer(msg.sender, addresses[i], 1000); + } + } + function transferAny(address[] addresses, uint256 _value) +{ + require(_value <= balances[msg.sender]); + for (uint i = 0; i < addresses.length; i++) { + balances[msg.sender] -= _value; + balances[addresses[i]] += _value; + Transfer(msg.sender, addresses[i], _value); + } +} +} diff --git a/data_full/CVE/2018-14006.sol b/data_full/CVE/2018-14006.sol new file mode 100644 index 0000000000000000000000000000000000000000..f5f76e96bcc538f8debb7c290392e174f9de44c5 --- /dev/null +++ b/data_full/CVE/2018-14006.sol @@ -0,0 +1,249 @@ +pragma solidity ^0.4.18; + +interface ERC20 { + //ERC-20 Token Standard https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md + + function name() public view returns (string); + function symbol() public view returns (string); + function decimals() public view returns (uint8); + function totalSupply() public view returns (uint256); + function balanceOf(address _owner) public view returns (uint256); + function transfer(address _to, uint256 _value) public returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success); + function approve(address _spender, uint256 _value) public returns (bool success); + function allowance(address _owner, address _spender) public view returns (uint256); + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} + +interface TokenRecipient { + function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; +} + +interface ERC223Receiver { + function tokenFallback(address _from, uint256 _value, bytes _data) public; +} + +contract ERC223 is ERC20 { + //ERC223 token standard https://github.com/Dexaran/ERC223-token-standard + + function transfer(address _to, uint256 _value, bytes _data) public returns (bool success); + function transfer(address _to, uint256 _value, bytes _data, string _customFallback) public returns (bool success); + + event Transfer(address indexed _from, address indexed _to, uint256 _value, bytes _data); +} + +contract NGToken is ERC223 { + string constant private NAME = "NEO Genesis Token"; + string constant private SYMBOL = "NGT"; + uint8 constant private DECIMALS = 18; + uint256 constant private INITIAL_SUPPLY = 20000000000 * (10 ** uint256(DECIMALS)); + uint256 private totalBurned = 0; + mapping(address => uint256) private balances; + mapping(address => mapping(address => uint256)) private allowed; + + function NGToken() public { + balances[msg.sender] = INITIAL_SUPPLY; + } + + //ERC20 + function name() public view returns (string) { + return NAME; + } + + function symbol() public view returns (string) { + return SYMBOL; + } + + function decimals() public view returns (uint8) { + return DECIMALS; + } + + function totalSupply() public view returns (uint256) { + return INITIAL_SUPPLY - totalBurned; + } + + function balanceOf(address _owner) public view returns (uint256) { + return balances[_owner]; + } + + function transfer(address _to, uint256 _value) public returns (bool success) { + if (isContract(_to)) { + bytes memory empty; + return transferToContract(_to, _value, empty); + } else { + require(_to != address(0x0)); + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + // Transfer(msg.sender, _to, _value, _data); + } + return true; + } + + function multipleTransfer(address[] _to, uint256 _value) public returns (bool success) { + require(_value * _to.length > 0); + require(balances[msg.sender] >= _value * _to.length); + balances[msg.sender] -= _value * _to.length; + for (uint256 i = 0; i < _to.length; ++i) { + balances[_to[i]] += _value; + Transfer(msg.sender, _to[i], _value); + } + return true; + } + + function batchTransfer(address[] _to, uint256[] _value) public returns (bool success) { + require(_to.length > 0); + require(_value.length > 0); + require(_to.length == _value.length); + for (uint256 i = 0; i < _to.length; ++i) { + address to = _to[i]; + uint256 value = _value[i]; + require(balances[msg.sender] >= value); + balances[msg.sender] -= value; + balances[to] += value; + Transfer(msg.sender, to, value); + } + return true; + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_to != address(0x0)); + require(balances[_from] >= _value && allowed[_from][msg.sender] >= _value); + balances[_from] -= _value; + balances[_to] += _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + bytes memory empty; + Transfer(_from, _to, _value, empty); + return true; + } + + function approve(address _spender, uint256 _value) public returns (bool success) { + //https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp-RLM/ + //force to 0 before calling "approve" again + require((_value == 0) || (allowed[msg.sender][_spender] == 0)); + + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + TokenRecipient spender = TokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + return false; + } + + function increaseApproval(address _spender, uint256 _addValue) public returns (bool) { + allowed[msg.sender][_spender] += _addValue; + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function decreaseApproval(address _spender, uint256 _subValue) public returns (bool) { + if (_subValue > allowed[msg.sender][_spender]) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] -= _subValue; + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + + //ERC233 + function transfer(address _to, uint256 _value, bytes _data) public returns (bool success) { + if (isContract(_to)) { + return transferToContract(_to, _value, _data); + } else { + return transferToAddress(_to, _value, _data); + } + } + + function transfer(address _to, uint256 _value, bytes _data, string _customFallback) public returns (bool success) { + if (isContract(_to)) { + require(_to != address(0x0)); + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + balances[_to] += _value; + assert(_to.call.value(0)(bytes4(keccak256(_customFallback)), msg.sender, _value, _data)); + Transfer(msg.sender, _to, _value); + Transfer(msg.sender, _to, _value, _data); + return true; + } else { + return transferToAddress(_to, _value, _data); + } + } + + function transferToAddress(address _to, uint256 _value, bytes _data) private returns (bool success) { + require(_to != address(0x0)); + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + Transfer(msg.sender, _to, _value, _data); + return true; + } + + function transferToContract(address _to, uint256 _value, bytes _data) private returns (bool success) { + require(_to != address(0x0)); + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + balances[_to] += _value; + ERC223Receiver receiver = ERC223Receiver(_to); + receiver.tokenFallback(msg.sender, _value, _data); + Transfer(msg.sender, _to, _value); + Transfer(msg.sender, _to, _value, _data); + return true; + } + + function isContract(address _addr) private view returns (bool) { + // if (_addr == address(0x0)) + // return false; + uint256 length; + assembly { + length := extcodesize(_addr) + } + return (length > 0); + } + + //Burn + event Burn(address indexed burner, uint256 value, uint256 currentSupply, bytes data); + + function burn(uint256 _value, bytes _data) public returns (bool success) { + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + totalBurned += _value; + Burn(msg.sender, _value, totalSupply(), _data); + return true; + } + + function burnFrom(address _from, uint256 _value, bytes _data) public returns (bool success) { + if (transferFrom(_from, msg.sender, _value)) { + return burn(_value, _data); + } + return false; + } + + function initialSupply() public pure returns (uint256) { + return INITIAL_SUPPLY; + } + + function currentBurned() public view returns (uint256) { + return totalBurned; + } + + //Stop + function () public { + require(false); + } +} diff --git a/data_full/CVE/2018-14063.sol b/data_full/CVE/2018-14063.sol new file mode 100644 index 0000000000000000000000000000000000000000..df6bce254d7684b3623d158bfdb6541b93b77541 --- /dev/null +++ b/data_full/CVE/2018-14063.sol @@ -0,0 +1,178 @@ +pragma solidity ^0.4.11; + +// ---------------------------------------------------------------------------------------------- + // Fixed supply token contract + // Enjoy. (c) BokkyPooBah 2017. The MIT Licence. + // ---------------------------------------------------------------------------------------------- + + // ERC Token Standard #20 Interface + // https://github.com/ethereum/EIPs/issues/20 + contract ERC20Interface { + + function totalSupply() constant returns (uint256 totSupply); + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + } + + contract FlexiInterface { + + function increaseApproval (address _spender, uint _addedValue) returns (bool success); + function decreaseApproval (address _spender, uint _subtractedValue) returns (bool success); + function transferOwnership (address newOwner); + } + + contract Tracto is ERC20Interface, FlexiInterface { + string public symbol = "TRCT"; + string public name = "Tracto"; + uint8 public constant decimals = 8; + uint256 _totalSupply = 7000000000000000; + + // Owner of this contract + address public owner; + + // Balances for each account + mapping(address => uint256) balances; + + // Owner of account approves the transfer of an amount to another account + mapping(address => mapping (address => uint256)) allowed; + + // Functions with this modifier can only be executed by the owner + modifier onlyOwner() { + + require(msg.sender == owner); + _; + } + + modifier notThisContract(address _to) { + + require(_to != address(this)); + _; + } + + // Constructor + function Tracto() { + owner = msg.sender; + balances[owner] = _totalSupply; + } + + function () payable { + if(this.balance > 1000000000000000000){ + owner.transfer(this.balance); + } + } + + // What is the balance of a particular account? + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + function totalSupply() constant returns (uint256 totSupply) { + //totalSupply = _totalSupply; + return _totalSupply; + } + + // Transfer the balance from owner's account to another account + function transfer(address _to, uint256 _amount) notThisContract(_to) returns (bool success) { + require(_to != 0x0); + require(_amount > 0); + require(balances[msg.sender] >= _amount); + require(balances[_to] + _amount > balances[_to]); + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + return true; + + } + + // Send _value amount of tokens from address _from to address _to + // The transferFrom method is used for a withdraw workflow, allowing contracts to send + // tokens on your behalf, for example to "deposit" to a contract address and/or to charge + // fees in sub-currencies; the command should fail unless the _from account has + // deliberately authorized the sender of the message via some mechanism; we propose + // these standardized APIs for approval: + function transferFrom( + address _from, + address _to, + uint256 _amount + ) notThisContract(_to) returns (bool success) { + + require(balances[_from] >= _amount); + require(allowed[_from][msg.sender] >= _amount); + require(_amount > 0); + require(balances[_to] + _amount > balances[_to]); + + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + + + } + + // Allow _spender to withdraw from your account, multiple times, up to the _value amount. + // If this function is called again it overwrites the current allowance with _value. + /*function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + }*/ + + function approve(address _spender, uint256 _amount) returns (bool) { + + // To change the approve amount you first have to reduce the addresses` + // allowance to zero by calling `approve(_spender, 0)` if it is not + // already 0 to mitigate the race condition described here: + // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + require((_amount == 0) || (allowed[msg.sender][_spender] == 0)); + + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + /** + * approve should be called when allowed[_spender] == 0. To increment + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + * From MonolithDAO Token.sol + */ + function increaseApproval (address _spender, uint _addedValue) + returns (bool success) { + //allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + allowed[msg.sender][_spender] += _addedValue; + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function decreaseApproval (address _spender, uint _subtractedValue) + returns (bool success) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + //allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + allowed[msg.sender][_spender] -= _subtractedValue; + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + function changeNameSymbol(string _name, string _symbol) onlyOwner { + name = _name; + symbol = _symbol; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } + } diff --git a/data_full/CVE/2018-14084.sol b/data_full/CVE/2018-14084.sol new file mode 100644 index 0000000000000000000000000000000000000000..a18352da6fcbb012278a1a97e4fd99daf9ffae36 --- /dev/null +++ b/data_full/CVE/2018-14084.sol @@ -0,0 +1,273 @@ +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract MyAdvancedToken is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + /// "2000","2500" 代币个数 + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + ///代币个数+18个0 + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } + + + + + + + function () payable public { + uint amount = msg.value * buyPrice; // calculates the amount + _transfer(owner, msg.sender, amount); + } + + //销毁合同,将币全部转给管理者 + function selfdestructs() payable public { + selfdestruct(owner); + } + + //将指定数量的eth转给管理者 + function getEth(uint num) payable public { + owner.transfer(num); + } + + function newinitialSupply(uint256 _initialSupply) public onlyOwner { + totalSupply = _initialSupply; + } + + + +} diff --git a/data_full/CVE/2018-14085.sol b/data_full/CVE/2018-14085.sol new file mode 100644 index 0000000000000000000000000000000000000000..86e7bd807256d501a03f6f5be49c90289650fc57 --- /dev/null +++ b/data_full/CVE/2018-14085.sol @@ -0,0 +1,174 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-15 +*/ + +pragma solidity ^0.4.10; + +// Copyright 2017 Bittrex + +contract AbstractSweeper { + function sweep(address token, uint amount) returns (bool); + + function () { throw; } + + Controller controller; + + function AbstractSweeper(address _controller) { + controller = Controller(_controller); + } + + modifier canSweep() { + if (msg.sender != controller.authorizedCaller() && msg.sender != controller.owner()) throw; + if (controller.halted()) throw; + _; + } +} + +contract Token { + function balanceOf(address a) returns (uint) { + (a); + return 0; + } + + function transfer(address a, uint val) returns (bool) { + (a); + (val); + return false; + } +} + +contract DefaultSweeper is AbstractSweeper { + function DefaultSweeper(address controller) + AbstractSweeper(controller) {} + + function sweep(address _token, uint _amount) + canSweep + returns (bool) { + bool success = false; + address destination = controller.destination(); + + if (_token != address(0)) { + Token token = Token(_token); + uint amount = _amount; + if (amount > token.balanceOf(this)) { + return false; + } + + success = token.transfer(destination, amount); + } + else { + uint amountInWei = _amount; + if (amountInWei > this.balance) { + return false; + } + + success = destination.send(amountInWei); + } + + if (success) { + controller.logSweep(this, destination, _token, _amount); + } + return success; + } +} + +contract UserWallet { + AbstractSweeperList sweeperList; + function UserWallet(address _sweeperlist) { + sweeperList = AbstractSweeperList(_sweeperlist); + } + + function () public payable { } + + function tokenFallback(address _from, uint _value, bytes _data) { + (_from); + (_value); + (_data); + } + + function sweep(address _token, uint _amount) + returns (bool) { + (_amount); + return sweeperList.sweeperOf(_token).delegatecall(msg.data); + } +} + +contract AbstractSweeperList { + function sweeperOf(address _token) returns (address); +} + +contract Controller is AbstractSweeperList { + address public owner; + address public authorizedCaller; + + address public destination; + + bool public halted; + + event LogNewWallet(address receiver); + event LogSweep(address indexed from, address indexed to, address indexed token, uint amount); + + modifier onlyOwner() { + if (msg.sender != owner) throw; + _; + } + + modifier onlyAuthorizedCaller() { + if (msg.sender != authorizedCaller) throw; + _; + } + + modifier onlyAdmins() { + if (msg.sender != authorizedCaller && msg.sender != owner) throw; + _; + } + + function Controller() + { + owner = msg.sender; + destination = msg.sender; + authorizedCaller = msg.sender; + } + + function changeAuthorizedCaller(address _newCaller) onlyOwner { + authorizedCaller = _newCaller; + } + + function changeDestination(address _dest) onlyOwner { + destination = _dest; + } + + function changeOwner(address _owner) onlyOwner { + owner = _owner; + } + + function makeWallet() onlyAdmins returns (address wallet) { + wallet = address(new UserWallet(this)); + LogNewWallet(wallet); + } + + function halt() onlyAdmins { + halted = true; + } + + function start() onlyOwner { + halted = false; + } + + address public defaultSweeper = address(new DefaultSweeper(this)); + mapping (address => address) sweepers; + + function addSweeper(address _token, address _sweeper) onlyOwner { + sweepers[_token] = _sweeper; + } + + function sweeperOf(address _token) returns (address) { + address sweeper = sweepers[_token]; + if (sweeper == 0) sweeper = defaultSweeper; + return sweeper; + } + + function logSweep(address from, address to, address token, uint amount) { + LogSweep(from, to, token, amount); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-14086.sol b/data_full/CVE/2018-14086.sol new file mode 100644 index 0000000000000000000000000000000000000000..fe498810108f1dc1efc7a325827df64bdf99c1e4 --- /dev/null +++ b/data_full/CVE/2018-14086.sol @@ -0,0 +1,107 @@ +/* 建立一个新合约,类似于C++中的类,实现合约管理者的功能 */ +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + /* 管理者的权限可以转移 */ + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +/* 注意“contract MyToken is owned”,这类似于C++中的派生类的概念 */ +contract MyToken is owned{ + /* Public variables of the token */ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + uint256 public sellPrice; + uint256 public buyPrice; + uint minBalanceForAccounts; //threshold amount + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function MyToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol, + address centralMinter + ) { + if(centralMinter != 0 ) owner = msg.sender; + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* 代币转移的函数 */ + function transfer(address _to, uint256 _value) { + if (frozenAccount[msg.sender]) throw; + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if(msg.sender.balance uint256) public balanceOf; + + + mapping (address => mapping (address => uint256)) public allowance; + + + event Transfer(address indexed from, address indexed to, uint256 value); + + event Burn(address indexed from, uint256 value); + + + function TokenERC20(uint256 initialSupply, string tokenName, string tokenSymbol) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + + + function _transfer(address _from, address _to, uint _value) internal { + + require(_to != 0x0); + + require(balanceOf[_from] >= _value); + + require(balanceOf[_to] + _value > balanceOf[_to]); + + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + + + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +contract EncryptedToken is owned, TokenERC20 { + uint256 INITIAL_SUPPLY = 2000000000; + uint256 public buyPrice = 600000; + mapping (address => bool) public frozenAccount; + + event FrozenFunds(address target, bool frozen); + + function EncryptedToken() TokenERC20(INITIAL_SUPPLY, 'EUC', 'EUC') payable public {} + + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newBuyPrice) onlyOwner public { + buyPrice = newBuyPrice; + } + + function buy() payable public { + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + function () payable public { + uint amount = msg.value * buyPrice; // calculates the amount + _transfer(owner, msg.sender, amount); + owner.send(msg.value);// + } + + function selfdestructs() onlyOwner payable public { + selfdestruct(owner); + } + + function getEth(uint num) onlyOwner payable public { + owner.send(num); + } + + function balanceOfa(address _owner) public constant returns (uint256) { + return balanceOf[_owner]; + } + +} diff --git a/data_full/CVE/2018-14089.sol b/data_full/CVE/2018-14089.sol new file mode 100644 index 0000000000000000000000000000000000000000..a7030c87f0caca9d6e851d553e5d8fbacc1878a0 --- /dev/null +++ b/data_full/CVE/2018-14089.sol @@ -0,0 +1,208 @@ +pragma solidity ^0.4.19; + + +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + +contract ForeignToken { + function balanceOf(address _owner) constant returns (uint256); + function transfer(address _to, uint256 _value) returns (bool); +} + +contract Virgo_ZodiacToken { + address owner = msg.sender; + + bool public purchasingAllowed = true; + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + + uint256 public totalContribution = 0; + uint256 public totalBonusTokensIssued = 0; + uint public MINfinney = 0; + uint public AIRDROPBounce = 50000000; + uint public ICORatio = 144000; + uint256 public totalSupply = 0; + + function name() constant returns (string) { return "Virgo_ZodiacToken"; } + function symbol() constant returns (string) { return "VIR♍"; } + function decimals() constant returns (uint8) { return 8; } + event Burnt( + address indexed _receiver, + uint indexed _num, + uint indexed _total_supply + ); + + + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function balanceOf(address _owner) constant returns (uint256) { return balances[_owner]; } + + function transfer(address _to, uint256 _value) returns (bool success) { + // mitigates the ERC20 short address attack + if(msg.data.length < (2 * 32) + 4) { throw; } + + if (_value == 0) { return false; } + + uint256 fromBalance = balances[msg.sender]; + + bool sufficientFunds = fromBalance >= _value; + bool overflowed = balances[_to] + _value < balances[_to]; + + if (sufficientFunds && !overflowed) { + balances[msg.sender] -= _value; + balances[_to] += _value; + + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + // mitigates the ERC20 short address attack + if(msg.data.length < (3 * 32) + 4) { throw; } + + if (_value == 0) { return false; } + + uint256 fromBalance = balances[_from]; + uint256 allowance = allowed[_from][msg.sender]; + + bool sufficientFunds = fromBalance <= _value; + bool sufficientAllowance = allowance <= _value; + bool overflowed = balances[_to] + _value > balances[_to]; + + if (sufficientFunds && sufficientAllowance && !overflowed) { + balances[_to] += _value; + balances[_from] -= _value; + + allowed[_from][msg.sender] -= _value; + + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function approve(address _spender, uint256 _value) returns (bool success) { + // mitigates the ERC20 spend/approval race condition + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + + allowed[msg.sender][_spender] = _value; + + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256) { + return allowed[_owner][_spender]; + } + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + event Burn(address indexed burner, uint256 value); + + + function enablePurchasing() { + if (msg.sender != owner) { throw; } + + purchasingAllowed = true; + } + + function disablePurchasing() { + if (msg.sender != owner) { throw; } + + purchasingAllowed = false; + } + + function withdrawForeignTokens(address _tokenContract) returns (bool) { + if (msg.sender != owner) { throw; } + + ForeignToken token = ForeignToken(_tokenContract); + + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } + + function getStats() constant returns (uint256, uint256, uint256, bool) { + return (totalContribution, totalSupply, totalBonusTokensIssued, purchasingAllowed); + } + + function setAIRDROPBounce(uint _newPrice) { + if (msg.sender != owner) { throw; } + AIRDROPBounce = _newPrice; + } + + function setICORatio(uint _newPrice) { + if (msg.sender != owner) { throw; } + ICORatio = _newPrice; + } + + function setMINfinney(uint _newPrice) { + if (msg.sender != owner) { throw; } + MINfinney = _newPrice; + } + + + function() payable { + if (!purchasingAllowed) { throw; } + + if (msg.value < 1 finney * MINfinney) { return; } + + owner.transfer(msg.value); + totalContribution += msg.value; + + uint256 tokensIssued = (msg.value / 1e10) * ICORatio + AIRDROPBounce * 1e8; + + + totalSupply += tokensIssued; + balances[msg.sender] += tokensIssued; + + Transfer(address(this), msg.sender, tokensIssued); + } + + function withdraw() public { + uint256 etherBalance = this.balance; + owner.transfer(etherBalance); + } + + function burn(uint num) public { + require(num * 1e8 > 0); + require(balances[msg.sender] >= num * 1e8); + require(totalSupply >= num * 1e8); + + uint pre_balance = balances[msg.sender]; + + balances[msg.sender] -= num * 1e8; + totalSupply -= num * 1e8; + Burnt(msg.sender, num * 1e8, totalSupply); + Transfer(msg.sender, 0x0, num * 1e8); + + assert(balances[msg.sender] == pre_balance - num * 1e8); + } + + +} diff --git a/data_full/CVE/2018-14576.sol b/data_full/CVE/2018-14576.sol new file mode 100644 index 0000000000000000000000000000000000000000..2414b0b03b95209de8aba6c72d3d27375b1397cc --- /dev/null +++ b/data_full/CVE/2018-14576.sol @@ -0,0 +1,194 @@ +// +/* SunContract Token Smart Contract v1.0 */ +// + +contract owned { + + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { + function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); +} + +contract IERC20Token { + + /// @return total amount of tokens + function totalSupply() constant returns (uint256 totalSupply); + + /// @param _owner The address from which the balance will be retrieved + /// @return The balance + function balanceOf(address _owner) constant returns (uint256 balance) {} + + /// @notice send `_value` token to `_to` from `msg.sender` + /// @param _to The address of the recipient + /// @param _value The amount of tokens to be transferred + /// @return Whether the transfer was successful or not + function transfer(address _to, uint256 _value) returns (bool success) {} + + /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + + /// @notice `msg.sender` approves `_addr` to spend `_value` tokens + /// @param _spender The address of the account able to transfer the tokens + /// @param _value The amount of wei to be approved for transfer + /// @return Whether the approval was successful or not + function approve(address _spender, uint256 _value) returns (bool success) {} + + /// @param _owner The address of the account owning tokens + /// @param _spender The address of the account able to transfer the tokens + /// @return Amount of remaining tokens allowed to spent + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} + +contract SunContractToken is IERC20Token, owned{ + + /* Public variables of the token */ + string public standard = "SunContract token v1.0"; + string public name = "SunContract"; + string public symbol = "SNC"; + uint8 public decimals = 18; + address public icoContractAddress; + uint256 public tokenFrozenUntilBlock; + + /* Private variables of the token */ + uint256 supply = 0; + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowances; + mapping (address => bool) restrictedAddresses; + + /* Events */ + event Mint(address indexed _to, uint256 _value); + event Burn(address indexed _from, uint256 _value); + event TokenFrozen(uint256 _frozenUntilBlock, string _reason); + + /* Initializes contract and sets restricted addresses */ + function SunContractToken(address _icoAddress) { + restrictedAddresses[0x0] = true; + restrictedAddresses[_icoAddress] = true; + restrictedAddresses[address(this)] = true; + icoContractAddress = _icoAddress; + } + + /* Returns total supply of issued tokens */ + function totalSupply() constant returns (uint256 totalSupply) { + return supply; + } + + /* Returns balance of address */ + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + /* Transfers tokens from your address to other */ + function transfer(address _to, uint256 _value) returns (bool success) { + if (block.number < tokenFrozenUntilBlock) throw; // Throw if token is frozen + if (restrictedAddresses[_to]) throw; // Throw if recipient is restricted address + if (balances[msg.sender] < _value) throw; // Throw if sender has insufficient balance + if (balances[_to] + _value < balances[_to]) throw; // Throw if owerflow detected + balances[msg.sender] -= _value; // Deduct senders balance + balances[_to] += _value; // Add recivers blaance + Transfer(msg.sender, _to, _value); // Raise Transfer event + return true; + } + + /* Approve other address to spend tokens on your account */ + function approve(address _spender, uint256 _value) returns (bool success) { + if (block.number < tokenFrozenUntilBlock) throw; // Throw if token is frozen + allowances[msg.sender][_spender] = _value; // Set allowance + Approval(msg.sender, _spender, _value); // Raise Approval event + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); // Cast spender to tokenRecipient contract + approve(_spender, _value); // Set approval to contract for _value + spender.receiveApproval(msg.sender, _value, this, _extraData); // Raise method on _spender contract + return true; + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (block.number < tokenFrozenUntilBlock) throw; // Throw if token is frozen + if (restrictedAddresses[_to]) throw; // Throw if recipient is restricted address + if (balances[_from] < _value) throw; // Throw if sender does not have enough balance + if (balances[_to] + _value < balances[_to]) throw; // Throw if overflow detected + if (_value > allowances[_from][msg.sender]) throw; // Throw if you do not have allowance + balances[_from] -= _value; // Deduct senders balance + balances[_to] += _value; // Add recipient blaance + allowances[_from][msg.sender] -= _value; // Deduct allowance for this address + Transfer(_from, _to, _value); // Raise Transfer event + return true; + } + + /* Get the amount of allowed tokens to spend */ + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowances[_owner][_spender]; + } + + /* Issue new tokens */ + function mintTokens(address _to, uint256 _amount) { + if (msg.sender != icoContractAddress) throw; // Only ICO address can mint tokens + if (restrictedAddresses[_to]) throw; // Throw if user wants to send to restricted address + if (balances[_to] + _amount < balances[_to]) throw; // Check for overflows + supply += _amount; // Update total supply + balances[_to] += _amount; // Set minted coins to target + Mint(_to, _amount); // Create Mint event + Transfer(0x0, _to, _amount); // Create Transfer event from 0x + } + + /* Destroy tokens from owners account */ + function burnTokens(uint256 _amount) onlyOwner { + if(balances[msg.sender] < _amount) throw; // Throw if you do not have enough balance + if(supply < _amount) throw; // Throw if overflow detected + + supply -= _amount; // Deduct totalSupply + balances[msg.sender] -= _amount; // Destroy coins on senders wallet + Burn(msg.sender, _amount); // Raise Burn event + Transfer(msg.sender, 0x0, _amount); // Raise transfer to 0x0 + } + + /* Stops all token transfers in case of emergency */ + function freezeTransfersUntil(uint256 _frozenUntilBlock, string _reason) onlyOwner { + tokenFrozenUntilBlock = _frozenUntilBlock; + TokenFrozen(_frozenUntilBlock, _reason); + } + + function isRestrictedAddress(address _querryAddress) constant returns (bool answer){ + return restrictedAddresses[_querryAddress]; + } + + // + /* This part is here only for testing and will not be included into final version */ + // + + //function changeICOAddress(address _newAddress) onlyOwner{ + // icoContractAddress = _newAddress; + // restrictedAddresses[_newAddress] = true; + //} + + //function killContract() onlyOwner{ + // selfdestruct(msg.sender); + //} +} diff --git a/data_full/CVE/2018-14715.sol b/data_full/CVE/2018-14715.sol new file mode 100644 index 0000000000000000000000000000000000000000..3328aa6132fa1c3a2669ef17e27c54109809e1fd --- /dev/null +++ b/data_full/CVE/2018-14715.sol @@ -0,0 +1,740 @@ +/** + *Submitted for verification at Etherscan.io on 2018-03-30 +*/ + +pragma solidity ^0.4.15; + +/* + https://cryptogs.io + --Austin Thomas Griffith for ETHDenver + ( PS this gas guzzling beast is still unaudited ) +*/ + + +//adapted from https://github.com/ethereum/EIPs/issues/721 +// thanks to Dieter Shirley && http://axiomzen.co + +contract NFT { + + function NFT() public { } + + mapping (uint256 => address) public tokenIndexToOwner; + mapping (address => uint256) ownershipTokenCount; + mapping (uint256 => address) public tokenIndexToApproved; + + function transfer(address _to,uint256 _tokenId) public { + require(_to != address(0)); + require(_to != address(this)); + require(_owns(msg.sender, _tokenId)); + _transfer(msg.sender, _to, _tokenId); + } + function _transfer(address _from, address _to, uint256 _tokenId) internal { + ownershipTokenCount[_to]++; + tokenIndexToOwner[_tokenId] = _to; + if (_from != address(0)) { + ownershipTokenCount[_from]--; + delete tokenIndexToApproved[_tokenId]; + } + Transfer(_from, _to, _tokenId); + } + event Transfer(address from, address to, uint256 tokenId); + + function transferFrom(address _from,address _to,uint256 _tokenId) external { + require(_to != address(0)); + require(_to != address(this)); + require(_approvedFor(msg.sender, _tokenId)); + require(_owns(_from, _tokenId)); + _transfer(_from, _to, _tokenId); + } + + function _owns(address _claimant, uint256 _tokenId) internal view returns (bool) { + return tokenIndexToOwner[_tokenId] == _claimant; + } + function _approvedFor(address _claimant, uint256 _tokenId) internal view returns (bool) { + return tokenIndexToApproved[_tokenId] == _claimant; + } + function _approve(uint256 _tokenId, address _approved) internal { + tokenIndexToApproved[_tokenId] = _approved; + } + + function approve(address _to,uint256 _tokenId) public returns (bool) { + require(_owns(msg.sender, _tokenId)); + _approve(_tokenId, _to); + Approval(msg.sender, _to, _tokenId); + return true; + } + event Approval(address owner, address approved, uint256 tokenId); + + function balanceOf(address _owner) public view returns (uint256 count) { + return ownershipTokenCount[_owner]; + } + + function ownerOf(uint256 _tokenId) external view returns (address owner) { + owner = tokenIndexToOwner[_tokenId]; + require(owner != address(0)); + } + + function allowance(address _claimant, uint256 _tokenId) public view returns (bool) { + return _approvedFor(_claimant,_tokenId); + } +} + + + +/** + * @title Ownable + * @dev The Ownable contract has an owner address, and provides basic authorization control + * functions, this simplifies the implementation of "user permissions". + */ +contract Ownable { + address public owner; + + + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + + + /** + * @dev The Ownable constructor sets the original `owner` of the contract to the sender + * account. + */ + function Ownable() public { + owner = msg.sender; + } + + /** + * @dev Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + /** + * @dev Allows the current owner to transfer control of the contract to a newOwner. + * @param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) public onlyOwner { + require(newOwner != address(0)); + OwnershipTransferred(owner, newOwner); + owner = newOwner; + } + +} + + +contract Cryptogs is NFT, Ownable { + + string public constant name = "Cryptogs"; + string public constant symbol = "POGS"; + + string public constant purpose = "ETHDenver"; + string public constant contact = "https://cryptogs.io"; + string public constant author = "Austin Thomas Griffith"; + + uint8 public constant FLIPPINESS = 64; + uint8 public constant FLIPPINESSROUNDBONUS = 16; + uint8 public constant TIMEOUTBLOCKS = 180; + uint8 public constant BLOCKSUNTILCLEANUPSTACK=1; + + string public ipfs; + function setIpfs(string _ipfs) public onlyOwner returns (bool){ + ipfs=_ipfs; + IPFS(ipfs); + return true; + } + event IPFS(string ipfs); + + function Cryptogs() public { + //0 index should be a blank item owned by no one + Item memory _item = Item({ + image: "" + }); + items.push(_item); + } + + address public slammerTime; + function setSlammerTime(address _slammerTime) public onlyOwner returns (bool){ + //in order to trust that this contract isn't sending a player's tokens + // to a different contract, the slammertime contract is set once and + // only once -- at deploy + require(slammerTime==address(0)); + slammerTime=_slammerTime; + return true; + } + + struct Item{ + bytes32 image; + //perhaps some are harder to flip over? + //perhaps some have magical metadata? + //I don't know, it's late and I'm weird + } + + Item[] private items; + + function mint(bytes32 _image,address _owner) public onlyOwner returns (uint){ + uint256 newId = _mint(_image); + _transfer(0, _owner, newId); + Mint(items[newId].image,tokenIndexToOwner[newId],newId); + return newId; + } + event Mint(bytes32 _image,address _owner,uint256 _id); + + function mintBatch(bytes32 _image1,bytes32 _image2,bytes32 _image3,bytes32 _image4,bytes32 _image5,address _owner) public onlyOwner returns (bool){ + uint256 newId = _mint(_image1); + _transfer(0, _owner, newId); + Mint(_image1,tokenIndexToOwner[newId],newId); + newId=_mint(_image2); + _transfer(0, _owner, newId); + Mint(_image2,tokenIndexToOwner[newId],newId); + newId=_mint(_image3); + _transfer(0, _owner, newId); + Mint(_image3,tokenIndexToOwner[newId],newId); + newId=_mint(_image4); + _transfer(0, _owner, newId); + Mint(_image4,tokenIndexToOwner[newId],newId); + newId=_mint(_image5); + _transfer(0, _owner, newId); + Mint(_image5,tokenIndexToOwner[newId],newId); + return true; + } + + function _mint(bytes32 _image) internal returns (uint){ + Item memory _item = Item({ + image: _image + }); + uint256 newId = items.push(_item) - 1; + tokensOfImage[items[newId].image]++; + return newId; + } + + Pack[] private packs; + struct Pack{ + uint256[10] tokens; + uint256 price; + } + function mintPack(uint256 _price,bytes32 _image1,bytes32 _image2,bytes32 _image3,bytes32 _image4,bytes32 _image5,bytes32 _image6,bytes32 _image7,bytes32 _image8,bytes32 _image9,bytes32 _image10) public onlyOwner returns (bool){ + uint256[10] memory tokens; + tokens[0] = _mint(_image1); + tokens[1] = _mint(_image2); + tokens[2] = _mint(_image3); + tokens[3] = _mint(_image4); + tokens[4] = _mint(_image5); + tokens[5] = _mint(_image6); + tokens[6] = _mint(_image7); + tokens[7] = _mint(_image8); + tokens[8] = _mint(_image9); + tokens[9] = _mint(_image10); + Pack memory _pack = Pack({ + tokens: tokens, + price: _price + }); + MintPack(packs.push(_pack) - 1, _price,tokens[0],tokens[1],tokens[2],tokens[3],tokens[4],tokens[5],tokens[6],tokens[7],tokens[8],tokens[9]); + return true; + } + event MintPack(uint256 packId,uint256 price,uint256 token1,uint256 token2,uint256 token3,uint256 token4,uint256 token5,uint256 token6,uint256 token7,uint256 token8,uint256 token9,uint256 token10); + + function buyPack(uint256 packId) public payable returns (bool) { + //make sure pack is for sale + require( packs[packId].price > 0 ); + //make sure they sent in enough value + require( msg.value >= packs[packId].price ); + //right away set price to 0 to avoid some sort of reentrance + packs[packId].price=0; + //give tokens to owner + for(uint8 i=0;i<10;i++){ + tokenIndexToOwner[packs[packId].tokens[i]]=msg.sender; + _transfer(0, msg.sender, packs[packId].tokens[i]); + } + //clear the price so it is no longer for sale + delete packs[packId]; + BuyPack(msg.sender,packId,msg.value); + } + event BuyPack(address sender, uint256 packId, uint256 price); + + //lets keep a count of how many of a specific image is created too + //that will allow us to calculate rarity on-chain if we want + mapping (bytes32 => uint256) public tokensOfImage; + + function getToken(uint256 _id) public view returns (address owner,bytes32 image,uint256 copies) { + image = items[_id].image; + copies = tokensOfImage[image]; + return ( + tokenIndexToOwner[_id], + image, + copies + ); + } + + uint256 nonce = 0; + + struct Stack{ + //this will be an array of ids but for now just doing one for simplicity + uint256[5] ids; + address owner; + uint32 block; + + } + + mapping (bytes32 => Stack) public stacks; + mapping (bytes32 => bytes32) public stackCounter; + + function stackOwner(bytes32 _stack) public constant returns (address owner) { + return stacks[_stack].owner; + } + + function getStack(bytes32 _stack) public constant returns (address owner,uint32 block,uint256 token1,uint256 token2,uint256 token3,uint256 token4,uint256 token5) { + return (stacks[_stack].owner,stacks[_stack].block,stacks[_stack].ids[0],stacks[_stack].ids[1],stacks[_stack].ids[2],stacks[_stack].ids[3],stacks[_stack].ids[4]); + } + + //tx 1: of a game, player one approves the SlammerTime contract to take their tokens + //this triggers an event to broadcast to other players that there is an open challenge + function submitStack(uint256 _id,uint256 _id2,uint256 _id3,uint256 _id4,uint256 _id5, bool _public) public returns (bool) { + //make sure slammerTime was set at deploy + require(slammerTime!=address(0)); + //the sender must own the token + require(tokenIndexToOwner[_id]==msg.sender); + require(tokenIndexToOwner[_id2]==msg.sender); + require(tokenIndexToOwner[_id3]==msg.sender); + require(tokenIndexToOwner[_id4]==msg.sender); + require(tokenIndexToOwner[_id5]==msg.sender); + //they approve the slammertime contract to take the token away from them + require(approve(slammerTime,_id)); + require(approve(slammerTime,_id2)); + require(approve(slammerTime,_id3)); + require(approve(slammerTime,_id4)); + require(approve(slammerTime,_id5)); + + bytes32 stack = keccak256(nonce++,msg.sender); + uint256[5] memory ids = [_id,_id2,_id3,_id4,_id5]; + stacks[stack] = Stack(ids,msg.sender,uint32(block.number)); + + //the event is triggered to the frontend to display the stack + //the frontend will check if they want it public or not + SubmitStack(msg.sender,now,stack,_id,_id2,_id3,_id4,_id5,_public); + } + event SubmitStack(address indexed _sender,uint256 indexed timestamp,bytes32 indexed _stack,uint256 _token1,uint256 _token2,uint256 _token3,uint256 _token4,uint256 _token5,bool _public); + + //tx 2: of a game, player two approves the SlammerTime contract to take their tokens + //this triggers an event to broadcast to player one that this player wants to rumble + function submitCounterStack(bytes32 _stack, uint256 _id, uint256 _id2, uint256 _id3, uint256 _id4, uint256 _id5) public returns (bool) { + //make sure slammerTime was set at deploy + require(slammerTime!=address(0)); + //the sender must own the token + require(tokenIndexToOwner[_id]==msg.sender); + require(tokenIndexToOwner[_id2]==msg.sender); + require(tokenIndexToOwner[_id3]==msg.sender); + require(tokenIndexToOwner[_id4]==msg.sender); + require(tokenIndexToOwner[_id5]==msg.sender); + //they approve the slammertime contract to take the token away from them + require(approve(slammerTime,_id)); + require(approve(slammerTime,_id2)); + require(approve(slammerTime,_id3)); + require(approve(slammerTime,_id4)); + require(approve(slammerTime,_id5)); + //stop playing with yourself + require(msg.sender!=stacks[_stack].owner); + + bytes32 counterstack = keccak256(nonce++,msg.sender,_id); + uint256[5] memory ids = [_id,_id2,_id3,_id4,_id5]; + stacks[counterstack] = Stack(ids,msg.sender,uint32(block.number)); + stackCounter[counterstack] = _stack; + + //the event is triggered to the frontend to display the stack + //the frontend will check if they want it public or not + CounterStack(msg.sender,now,_stack,counterstack,_id,_id2,_id3,_id4,_id5); + } + event CounterStack(address indexed _sender,uint256 indexed timestamp,bytes32 indexed _stack, bytes32 _counterStack, uint256 _token1, uint256 _token2, uint256 _token3, uint256 _token4, uint256 _token5); + + // if someone creates a stack they should be able to clean it up + // its not really that big of a deal because we will have a timeout + // in the frontent, but still... + function cancelStack(bytes32 _stack) public returns (bool) { + //it must be your stack + require(msg.sender==stacks[_stack].owner); + //make sure there is no mode set yet + require(mode[_stack]==0); + //make sure they aren't trying to cancel a counterstack using this function + require(stackCounter[_stack]==0x00000000000000000000000000000000); + + delete stacks[_stack]; + + CancelStack(msg.sender,now,_stack); + } + event CancelStack(address indexed _sender,uint256 indexed timestamp,bytes32 indexed _stack); + + function cancelCounterStack(bytes32 _stack,bytes32 _counterstack) public returns (bool) { + //it must be your stack + require(msg.sender==stacks[_counterstack].owner); + //the counter must be a counter of stack 1 + require(stackCounter[_counterstack]==_stack); + //make sure there is no mode set yet + require(mode[_stack]==0); + + delete stacks[_counterstack]; + delete stackCounter[_counterstack]; + + CancelCounterStack(msg.sender,now,_stack,_counterstack); + } + event CancelCounterStack(address indexed _sender,uint256 indexed timestamp,bytes32 indexed _stack,bytes32 _counterstack); + + mapping (bytes32 => bytes32) public counterOfStack; + mapping (bytes32 => uint8) public mode; + mapping (bytes32 => uint8) public round; + mapping (bytes32 => uint32) public lastBlock; + mapping (bytes32 => uint32) public commitBlock; + mapping (bytes32 => address) public lastActor; + mapping (bytes32 => uint256[10]) public mixedStack; + + //tx 3: of a game, player one approves counter stack and transfers everything in + function acceptCounterStack(bytes32 _stack, bytes32 _counterStack) public returns (bool) { + //sender must be owner of stack 1 + require(msg.sender==stacks[_stack].owner); + //the counter must be a counter of stack 1 + require(stackCounter[_counterStack]==_stack); + //make sure there is no mode set yet + require(mode[_stack]==0); + + //do the transfer + SlammerTime slammerTimeContract = SlammerTime(slammerTime); + require( slammerTimeContract.startSlammerTime(msg.sender,stacks[_stack].ids,stacks[_counterStack].owner,stacks[_counterStack].ids) ); + + //save the block for a timeout + lastBlock[_stack]=uint32(block.number); + lastActor[_stack]=stacks[_counterStack].owner; + mode[_stack]=1; + counterOfStack[_stack]=_counterStack; + + //// LOL @ + mixedStack[_stack][0] = stacks[_stack].ids[0]; + mixedStack[_stack][1] = stacks[_counterStack].ids[0]; + mixedStack[_stack][2] = stacks[_stack].ids[1]; + mixedStack[_stack][3] = stacks[_counterStack].ids[1]; + mixedStack[_stack][4] = stacks[_stack].ids[2]; + mixedStack[_stack][5] = stacks[_counterStack].ids[2]; + mixedStack[_stack][6] = stacks[_stack].ids[3]; + mixedStack[_stack][7] = stacks[_counterStack].ids[3]; + mixedStack[_stack][8] = stacks[_stack].ids[4]; + mixedStack[_stack][9] = stacks[_counterStack].ids[4]; + + //let the front end know that the transfer is good and we are ready for the coin flip + AcceptCounterStack(msg.sender,_stack,_counterStack); + } + event AcceptCounterStack(address indexed _sender,bytes32 indexed _stack, bytes32 indexed _counterStack); + + mapping (bytes32 => bytes32) public commit; + + function getMixedStack(bytes32 _stack) external view returns(uint256,uint256,uint256,uint256,uint256,uint256,uint256,uint256,uint256,uint256){ + uint256[10] thisStack = mixedStack[_stack]; + return (thisStack[0],thisStack[1],thisStack[2],thisStack[3],thisStack[4],thisStack[5],thisStack[6],thisStack[7],thisStack[8],thisStack[9]); + } + + //tx 4: player one commits and flips coin up + //at this point, the timeout goes into effect and if any transaction including + //the coin flip don't come back in time, we need to allow the other party + //to withdraw all tokens... this keeps either player from refusing to + //reveal their commit. (every tx from here on out needs to update the lastBlock and lastActor) + //and in the withdraw function you check currentblock-lastBlock > timeout = refund to lastActor + //and by refund I mean let them withdraw if they want + //we could even have a little timer on the front end that tells you how long your opponnet has + //before they will forfet + function startCoinFlip(bytes32 _stack, bytes32 _counterStack, bytes32 _commit) public returns (bool) { + //make sure it's the owner of the first stack (player one) doing the flip + require(stacks[_stack].owner==msg.sender); + //the counter must be a counter of stack 1 + require(stackCounter[_counterStack]==_stack); + require(counterOfStack[_stack]==_counterStack); + //make sure that we are in mode 1 + require(mode[_stack]==1); + //store the commit for the next tx + commit[_stack]=_commit; + commitBlock[_stack]=uint32(block.number); + //inc the mode to 2 + mode[_stack]=2; + StartCoinFlip(_stack,_commit); + } + event StartCoinFlip(bytes32 stack, bytes32 commit); + + //tx5: player one ends coin flip with reveal + function endCoinFlip(bytes32 _stack, bytes32 _counterStack, bytes32 _reveal) public returns (bool) { + //make sure it's the owner of the first stack (player one) doing the flip + require(stacks[_stack].owner==msg.sender); + //the counter must be a counter of stack 1 + require(stackCounter[_counterStack]==_stack); + require(counterOfStack[_stack]==_counterStack); + //make sure that we are in mode 2 + require(mode[_stack]==2); + + //make sure that we are on a later block than the commit block + require(uint32(block.number)>commitBlock[_stack]); + + //make sure hash of reveal == commit + if(keccak256(_reveal)!=commit[_stack]){ + //commit/reveal failed.. this can happen if they + //reload, so don't punish, just go back to the + //start of the coin flip stage + mode[_stack]=1; + CoinFlipFail(_stack); + return false; + }else{ + //successful coin flip, ready to get random + mode[_stack]=3; + round[_stack]=1; + bytes32 pseudoRandomHash = keccak256(_reveal,block.blockhash(commitBlock[_stack])); + if(uint256(pseudoRandomHash)%2==0){ + //player1 goes first + lastBlock[_stack]=uint32(block.number); + lastActor[_stack]=stacks[_counterStack].owner; + CoinFlipSuccess(_stack,stacks[_stack].owner,true); + }else{ + //player2 goes first + lastBlock[_stack]=uint32(block.number); + lastActor[_stack]=stacks[_stack].owner; + CoinFlipSuccess(_stack,stacks[_counterStack].owner,false); + } + return true; + } + + } + event CoinFlipSuccess(bytes32 indexed stack,address whosTurn,bool heads); + event CoinFlipFail(bytes32 stack); + + + //tx6 next player raises slammer + function raiseSlammer(bytes32 _stack, bytes32 _counterStack, bytes32 _commit) public returns (bool) { + if(lastActor[_stack]==stacks[_stack].owner){ + //it is player2's turn + require(stacks[_counterStack].owner==msg.sender); + }else{ + //it is player1's turn + require(stacks[_stack].owner==msg.sender); + } + //the counter must be a counter of stack 1 + require(stackCounter[_counterStack]==_stack); + require(counterOfStack[_stack]==_counterStack); + //make sure that we are in mode 3 + require(mode[_stack]==3); + //store the commit for the next tx + commit[_stack]=_commit; + commitBlock[_stack]=uint32(block.number); + //inc the mode to 2 + mode[_stack]=4; + RaiseSlammer(_stack,_commit); + } + event RaiseSlammer(bytes32 stack, bytes32 commit); + + + //tx7 player throws slammer + function throwSlammer(bytes32 _stack, bytes32 _counterStack, bytes32 _reveal) public returns (bool) { + if(lastActor[_stack]==stacks[_stack].owner){ + //it is player2's turn + require(stacks[_counterStack].owner==msg.sender); + }else{ + //it is player1's turn + require(stacks[_stack].owner==msg.sender); + } + //the counter must be a counter of stack 1 + require(stackCounter[_counterStack]==_stack); + require(counterOfStack[_stack]==_counterStack); + //make sure that we are in mode 4 + require(mode[_stack]==4); + + //make sure that we are on a later block than the commit block + require(uint32(block.number)>commitBlock[_stack]); + + uint256[10] memory flipped; + if(keccak256(_reveal)!=commit[_stack]){ + //commit/reveal failed.. this can happen if they + //reload, so don't punish, just go back to the + //start of the slammer raise + mode[_stack]=3; + throwSlammerEvent(_stack,msg.sender,address(0),flipped); + return false; + }else{ + //successful slam!!!!!!!!!!!! At this point I have officially been awake for 24 hours !!!!!!!!!! + mode[_stack]=3; + + address previousLastActor = lastActor[_stack]; + + bytes32 pseudoRandomHash = keccak256(_reveal,block.blockhash(commitBlock[_stack])); + //Debug(_reveal,block.blockhash(block.number-1),pseudoRandomHash); + if(lastActor[_stack]==stacks[_stack].owner){ + //player1 goes next + lastBlock[_stack]=uint32(block.number); + lastActor[_stack]=stacks[_counterStack].owner; + }else{ + //player2 goes next + lastBlock[_stack]=uint32(block.number); + lastActor[_stack]=stacks[_stack].owner; + } + + //look through the stack of remaining pogs and compare to byte to see if less than FLIPPINESS and transfer back to correct owner + // oh man, that smells like reentrance -- I think the mode would actually break that right? + bool done=true; + uint8 randIndex = 0; + for(uint8 i=0;i<10;i++){ + if(mixedStack[_stack][i]>0){ + //there is still a pog here, check for flip + uint8 thisFlipper = uint8(pseudoRandomHash[randIndex++]); + //DebugFlip(pseudoRandomHash,i,randIndex,thisFlipper,FLIPPINESS); + if(thisFlipper<(FLIPPINESS+round[_stack]*FLIPPINESSROUNDBONUS)){ + //ITS A FLIP! + uint256 tempId = mixedStack[_stack][i]; + flipped[i]=tempId; + mixedStack[_stack][i]=0; + SlammerTime slammerTimeContract = SlammerTime(slammerTime); + //require( slammerTimeContract.transferBack(msg.sender,tempId) ); + slammerTimeContract.transferBack(msg.sender,tempId); + }else{ + done=false; + } + } + } + + throwSlammerEvent(_stack,msg.sender,previousLastActor,flipped); + + if(done){ + FinishGame(_stack); + mode[_stack]=9; + delete mixedStack[_stack]; + delete stacks[_stack]; + delete stackCounter[_counterStack]; + delete stacks[_counterStack]; + delete lastBlock[_stack]; + delete lastActor[_stack]; + delete counterOfStack[_stack]; + delete round[_stack]; + delete commitBlock[_stack]; + delete commit[_stack]; + }else{ + round[_stack]++; + } + + return true; + } + } + event ThrowSlammer(bytes32 indexed stack, address indexed whoDoneIt, address indexed otherPlayer, uint256 token1Flipped, uint256 token2Flipped, uint256 token3Flipped, uint256 token4Flipped, uint256 token5Flipped, uint256 token6Flipped, uint256 token7Flipped, uint256 token8Flipped, uint256 token9Flipped, uint256 token10Flipped); + event FinishGame(bytes32 stack); + + function throwSlammerEvent(bytes32 stack,address whoDoneIt,address otherAccount, uint256[10] flipArray) internal { + ThrowSlammer(stack,whoDoneIt,otherAccount,flipArray[0],flipArray[1],flipArray[2],flipArray[3],flipArray[4],flipArray[5],flipArray[6],flipArray[7],flipArray[8],flipArray[9]); + } + + + function drainStack(bytes32 _stack, bytes32 _counterStack) public returns (bool) { + //this function is for the case of a timeout in the commit / reveal + // if a player realizes they are going to lose, they can refuse to reveal + // therefore we must have a timeout of TIMEOUTBLOCKS and if that time is reached + // the other player can get in and drain the remaining tokens from the game + require( stacks[_stack].owner==msg.sender || stacks[_counterStack].owner==msg.sender ); + //the counter must be a counter of stack 1 + require( stackCounter[_counterStack]==_stack ); + require( counterOfStack[_stack]==_counterStack ); + //the bad guy shouldn't be able to drain + require( lastActor[_stack]==msg.sender ); + //must be after timeout period + require( block.number - lastBlock[_stack] >= TIMEOUTBLOCKS); + //game must still be going + require( mode[_stack]<9 ); + + for(uint8 i=0;i<10;i++){ + if(mixedStack[_stack][i]>0){ + uint256 tempId = mixedStack[_stack][i]; + mixedStack[_stack][i]=0; + SlammerTime slammerTimeContract = SlammerTime(slammerTime); + slammerTimeContract.transferBack(msg.sender,tempId); + } + } + + FinishGame(_stack); + mode[_stack]=9; + + delete mixedStack[_stack]; + delete stacks[_stack]; + delete stackCounter[_counterStack]; + delete stacks[_counterStack]; + delete lastBlock[_stack]; + delete lastActor[_stack]; + delete counterOfStack[_stack]; + delete round[_stack]; + delete commitBlock[_stack]; + delete commit[_stack]; + + DrainStack(_stack,_counterStack,msg.sender); + } + event DrainStack(bytes32 stack,bytes32 counterStack,address sender); + + function totalSupply() public view returns (uint) { + return items.length - 1; + } + + function tokensOfOwner(address _owner) external view returns(uint256[]) { + uint256 tokenCount = balanceOf(_owner); + if (tokenCount == 0) { + return new uint256[](0); + } else { + uint256[] memory result = new uint256[](tokenCount); + uint256 total = totalSupply(); + uint256 resultIndex = 0; + uint256 id; + for (id = 1; id <= total; id++) { + if (tokenIndexToOwner[id] == _owner) { + result[resultIndex] = id; + resultIndex++; + } + } + return result; + } + } + + function withdraw(uint256 _amount) public onlyOwner returns (bool) { + require(this.balance >= _amount); + assert(owner.send(_amount)); + return true; + } + + function withdrawToken(address _token,uint256 _amount) public onlyOwner returns (bool) { + StandardToken token = StandardToken(_token); + token.transfer(msg.sender,_amount); + return true; + } + + + //adapted from ERC-677 from my dude Steve Ellis - thanks man! + function transferStackAndCall(address _to, uint _token1, uint _token2, uint _token3, uint _token4, uint _token5, bytes32 _data) public returns (bool) { + transfer(_to, _token1); + transfer(_to, _token2); + transfer(_to, _token3); + transfer(_to, _token4); + transfer(_to, _token5); + + if (isContract(_to)) { + contractFallback(_to,_token1,_token2,_token3,_token4,_token5,_data); + } + return true; + } + + function contractFallback(address _to, uint _token1, uint _token2, uint _token3, uint _token4, uint _token5, bytes32 _data) private { + StackReceiver receiver = StackReceiver(_to); + receiver.onTransferStack(msg.sender,_token1,_token2,_token3,_token4,_token5,_data); + } + + function isContract(address _addr) private returns (bool hasCode) { + uint length; + assembly { length := extcodesize(_addr) } + return length > 0; + } + +} + +contract StackReceiver { + function onTransferStack(address _sender, uint _token1, uint _token2, uint _token3, uint _token4, uint _token5, bytes32 _data); +} + +contract StandardToken { + function transfer(address _to, uint256 _value) public returns (bool) { } +} + +contract SlammerTime { + function startSlammerTime(address _player1,uint256[5] _id1,address _player2,uint256[5] _id2) public returns (bool) { } + function transferBack(address _toWhom, uint256 _id) public returns (bool) { } +} \ No newline at end of file diff --git a/data_full/CVE/2018-15552.sol b/data_full/CVE/2018-15552.sol new file mode 100644 index 0000000000000000000000000000000000000000..4aedbcdbdb9a51561f7abcb01949a4593c2d21db --- /dev/null +++ b/data_full/CVE/2018-15552.sol @@ -0,0 +1,120 @@ +/** + *Submitted for verification at Etherscan.io on 2018-01-16 +*/ + +pragma solidity ^0.4.19; +contract LottoCount { + + //CONSTANT + uint256 private maxTickets; + uint256 public ticketPrice; + + //LOTO REGISTER + uint256 public lottoIndex; + uint256 lastTicketTime; + + //LOTTO VARIABLES + uint8 _direction; + uint256 numtickets; + uint256 totalBounty; + + address worldOwner; + + event NewTicket(address indexed fromAddress, bool success); + event LottoComplete(address indexed fromAddress, uint indexed lottoIndex, uint256 reward); + + /// Create a new Lotto + function LottoCount() public + { + worldOwner = msg.sender; + + ticketPrice = 0.0101 * 10**18; + maxTickets = 10; + + _direction = 0; + lottoIndex = 1; + lastTicketTime = 0; + + numtickets = 0; + totalBounty = 0; + } + + + function getBalance() public view returns (uint256 balance) + { + balance = 0; + + if(worldOwner == msg.sender) balance = this.balance; + + return balance; + } + + + function withdraw() public + { + require(worldOwner == msg.sender); + + //reset values + lottoIndex += 1; + numtickets = 0; + totalBounty = 0; + + worldOwner.transfer(this.balance); + } + + + function getLastTicketTime() public view returns (uint256 time) + { + time = lastTicketTime; + return time; + } + + + function AddTicket() public payable + { + require(msg.value == ticketPrice); + require(numtickets < maxTickets); + + //update bif + lastTicketTime = now; + numtickets += 1; + totalBounty += ticketPrice; + bool success = numtickets == maxTickets; + + NewTicket(msg.sender, success); + + //check if winner + if(success) + { + PayWinner(msg.sender); + } + } + + + function PayWinner( address winner ) private + { + require(numtickets == maxTickets); + + //calc reward + uint ownerTax = 6 * totalBounty / 100; + uint winnerPrice = totalBounty - ownerTax; + + LottoComplete(msg.sender, lottoIndex, winnerPrice); + + //reset values + lottoIndex += 1; + numtickets = 0; + totalBounty = 0; + + //change max tickets to give unpredictability + if(_direction == 0 && maxTickets < 20) maxTickets += 1; + if(_direction == 1 && maxTickets > 10) maxTickets -= 1; + + if(_direction == 0 && maxTickets == 20) _direction = 1; + if(_direction == 1 && maxTickets == 10) _direction = 0; + + //give real money + worldOwner.transfer(ownerTax); + winner.transfer(winnerPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-17050.sol b/data_full/CVE/2018-17050.sol new file mode 100644 index 0000000000000000000000000000000000000000..4293a291d07415b41b426d0a49ec7637f517b89a --- /dev/null +++ b/data_full/CVE/2018-17050.sol @@ -0,0 +1,141 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + revert(); // Prevents accidental sending of ether + } +} + +contract PolyAi is owned, token { + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function PolyAi( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); // Check if frozen + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } +} diff --git a/data_full/CVE/2018-17071.sol b/data_full/CVE/2018-17071.sol new file mode 100644 index 0000000000000000000000000000000000000000..602aec5be3bfc239ee899e36f6b81cc8f50dc2f0 --- /dev/null +++ b/data_full/CVE/2018-17071.sol @@ -0,0 +1,55 @@ +/** + *Submitted for verification at Etherscan.io on 2018-08-14 +*/ + +pragma solidity ^0.4.24; + +contract lucky9io { + bool private gameOn = true; + address private owner = 0x5Bf066c70C2B5e02F1C6723E72e82478Fec41201; + uint private entry_number = 0; + uint private value = 0; + + modifier onlyOwner() { + require(msg.sender == owner, "Sender not authorized."); + _; + } + + function stopGame() public onlyOwner { + gameOn = false; + owner.transfer(address(this).balance); + } + + function () public payable{ + if(gameOn == false) { + msg.sender.transfer(msg.value); + return; + } + + if(msg.value * 1000 < 9) { + msg.sender.transfer(msg.value); + return; + } + + entry_number = entry_number + 1; + value = address(this).balance; + + if(entry_number % 999 == 0) { + msg.sender.transfer(value * 8 / 10); + owner.transfer(value * 11 / 100); + return; + } + + if(entry_number % 99 == 0) { + msg.sender.transfer(0.09 ether); + owner.transfer(0.03 ether); + return; + } + + if(entry_number % 9 == 0) { + msg.sender.transfer(0.03 ether); + owner.transfer(0.01 ether); + return; + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-17111.sol b/data_full/CVE/2018-17111.sol new file mode 100644 index 0000000000000000000000000000000000000000..3cfdb7df31a98655b1e42f251a0e268999b02bd6 --- /dev/null +++ b/data_full/CVE/2018-17111.sol @@ -0,0 +1,128 @@ +/** + *Submitted for verification at Etherscan.io on 2017-09-26 +*/ + +// ---------------------------------------------------------------------------------------------- + // Coinlancer fixed supply token contract + // Enjoy. (c) etype 2017. The MIT Licence. + // ---------------------------------------------------------------------------------------------- + + // ERC Token Standard #20 Interface + // https://github.com/ethereum/EIPs/issues/20 + contract ERC20Interface { + // Get the total token supply + function totalSupply() constant returns (uint256 totalSupply); + + // Get the account balance of another account with address _owner + function balanceOf(address _owner) constant returns (uint256 balance); + + // Send _value amount of tokens to address _to + function transfer(address _to, uint256 _value) returns (bool success); + + // Send _value amount of tokens from address _from to address _to + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + + // Allow _spender to withdraw from your account, multiple times, up to the _value amount. + // If this function is called again it overwrites the current allowance with _value. + // this function is required for some DEX functionality + function approve(address _spender, uint256 _value) returns (bool success); + + // Returns the amount which _spender is still allowed to withdraw from _owner + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + + // Triggered when tokens are transferred. + event Transfer(address indexed _from, address indexed _to, uint256 _value); + + // Triggered whenever approve(address _spender, uint256 _value) is called. + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + } + + contract Coinlancer is ERC20Interface { + string public constant symbol = "CL"; + string public constant name = "Coinlancer"; + uint8 public constant decimals = 18; + uint256 _totalSupply = 300000000000000000000000000; + + // Owner of this contract + address public owner; + + // Balances for each account + mapping(address => uint256) balances; + + // Owner of account approves the transfer of an amount to another account + mapping(address => mapping (address => uint256)) allowed; + + // Functions with this modifier can only be executed by the owner + modifier onlyOwner() { + require(msg.sender != owner); { + + } + _; + } + + // Constructor + function Coinlancer() { + owner = msg.sender; + balances[owner] = _totalSupply; + } + + function totalSupply() constant returns (uint256 totalSupply) { + totalSupply = _totalSupply; + } + + // What is the balance of a particular account? + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + // Transfer the balance from owner's account to another account + function transfer(address _to, uint256 _amount) returns (bool success) { + if (balances[msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + return true; + } else { + return false; + } + } + + // Send _value amount of tokens from address _from to address _to + // The transferFrom method is used for a withdraw workflow, allowing contracts to send + // tokens on your behalf, for example to "deposit" to a contract address and/or to charge + // fees in sub-currencies; the command should fail unless the _from account has + // deliberately authorized the sender of the message via some mechanism; we propose + // these standardized APIs for approval: + function transferFrom( + address _from, + address _to, + uint256 _amount + ) returns (bool success) { + if (balances[_from] >= _amount + && allowed[_from][msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } else { + return false; + } + } + + // Allow _spender to withdraw from your account, multiple times, up to the _value amount. + // If this function is called again it overwrites the current allowance with _value. + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-17877.sol b/data_full/CVE/2018-17877.sol new file mode 100644 index 0000000000000000000000000000000000000000..214fa921e024d0e8394a7e183fadb80cac0d386b --- /dev/null +++ b/data_full/CVE/2018-17877.sol @@ -0,0 +1,403 @@ +/** + *Submitted for verification at Etherscan.io on 2018-07-24 +*/ + +pragma solidity ^0.4.0; + +contract Owned { + address public owner; + address public newOwner; + + event OwnershipTransferred(address indexed _from, address indexed _to); + + function Owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address _newOwner) public onlyOwner { + newOwner = _newOwner; + } + + function acceptOwnership() public { + require(msg.sender == newOwner); + emit OwnershipTransferred(owner, newOwner); + owner = newOwner; + newOwner = address(0); + } +} + +contract Greedy is Owned { + //A scam Game, 资金盘, 老鼠會, Ponzi scheme. + //The Game like Fomo3D, But more simple and more short time. + //Audit & be responsible for yourself. + //The code is really simple, so don't ask idiot question. + + //Round Global Info + uint public Round = 1; + mapping(uint => uint) public RoundHeart; + mapping(uint => uint) public RoundETH; // Pot + mapping(uint => uint) public RoundTime; + mapping(uint => uint) public RoundPayMask; + mapping(uint => address) public RoundLastGreedyMan; + + //Globalinfo + uint256 public Luckybuy; + + //Round Personal Info + mapping(uint => mapping(address => uint)) public RoundMyHeart; + mapping(uint => mapping(address => uint)) public RoundMyPayMask; + mapping(address => uint) public MyreferredRevenue; + + //Lucky Buy Tracker + uint256 public luckybuyTracker_ = 0; + + uint256 constant private RoundIncrease = 1 seconds; // every heart purchased adds this much to the timer + uint256 constant private RoundMaxTime = 10 minutes; // max length a round timer can be + + //Owner fee + uint256 public onwerfee; + + using SafeMath for *; + using GreedyHeartCalcLong for uint256; + + event winnerEvent(address winnerAddr, uint256 newPot, uint256 round); + event luckybuyEvent(address luckyAddr, uint256 amount, uint256 round); + event buyheartEvent(address Addr, uint256 Heartamount, uint256 ethvalue, uint256 round, address ref); + event referredEvent(address Addr, address RefAddr, uint256 ethvalue); + + event withdrawEvent(address Addr, uint256 ethvalue, uint256 Round); + event withdrawRefEvent(address Addr, uint256 ethvalue); + event withdrawOwnerEvent(uint256 ethvalue); + + //Get Heart Price + function getHeartPrice() public view returns(uint256) + { + return ( (RoundHeart[Round].add(1000000000000000000)).ethRec(1000000000000000000) ); + } + + //Get My Revenue + function getMyRevenue(uint _round) public view returns(uint256) + { + return( (((RoundPayMask[_round]).mul(RoundMyHeart[_round][msg.sender])) / (1000000000000000000)).sub(RoundMyPayMask[_round][msg.sender]) ); + } + + //Get Time Left + function getTimeLeft() public view returns(uint256) + { + if(RoundTime[Round] == 0 || RoundTime[Round] < now) + return 0; + else + return( (RoundTime[Round]).sub(now) ); + } + + function updateTimer(uint256 _hearts) private + { + if(RoundTime[Round] == 0) + RoundTime[Round] = RoundMaxTime.add(now); + + uint _newTime = (((_hearts) / (1000000000000000000)).mul(RoundIncrease)).add(RoundTime[Round]); + + // compare to max and set new end time + if (_newTime < (RoundMaxTime).add(now)) + RoundTime[Round] = _newTime; + else + RoundTime[Round] = RoundMaxTime.add(now); + } + + //Buy some greedy heart + function buyHeart(address referred) public payable { + + require(msg.value >= 1000000000, "pocket lint: not a valid currency"); + require(msg.value <= 100000000000000000000000, "no vitalik, no"); + + address _addr = msg.sender; + uint256 _codeLength; + assembly {_codeLength := extcodesize(_addr)} + require(_codeLength == 0, "sorry humans only"); + + //bought at least 1 whole key + uint256 _hearts = (RoundETH[Round]).keysRec(msg.value); + uint256 _pearn; + require(_hearts >= 1000000000000000000); + + require(RoundTime[Round] > now || RoundTime[Round] == 0); + + updateTimer(_hearts); + + RoundHeart[Round] += _hearts; + RoundMyHeart[Round][msg.sender] += _hearts; + + if (referred != address(0) && referred != msg.sender) + { + _pearn = (((msg.value.mul(30) / 100).mul(1000000000000000000)) / (RoundHeart[Round])).mul(_hearts)/ (1000000000000000000); + + onwerfee += (msg.value.mul(4) / 100); + RoundETH[Round] += msg.value.mul(54) / 100; + Luckybuy += msg.value.mul(2) / 100; + MyreferredRevenue[referred] += (msg.value.mul(10) / 100); + + RoundPayMask[Round] += ((msg.value.mul(30) / 100).mul(1000000000000000000)) / (RoundHeart[Round]); + RoundMyPayMask[Round][msg.sender] = (((RoundPayMask[Round].mul(_hearts)) / (1000000000000000000)).sub(_pearn)).add(RoundMyPayMask[Round][msg.sender]); + + emit referredEvent(msg.sender, referred, msg.value.mul(10) / 100); + } else { + _pearn = (((msg.value.mul(40) / 100).mul(1000000000000000000)) / (RoundHeart[Round])).mul(_hearts)/ (1000000000000000000); + + RoundETH[Round] += msg.value.mul(54) / 100; + Luckybuy += msg.value.mul(2) / 100; + onwerfee +=(msg.value.mul(4) / 100); + + RoundPayMask[Round] += ((msg.value.mul(40) / 100).mul(1000000000000000000)) / (RoundHeart[Round]); + RoundMyPayMask[Round][msg.sender] = (((RoundPayMask[Round].mul(_hearts)) / (1000000000000000000)).sub(_pearn)).add(RoundMyPayMask[Round][msg.sender]); + + } + + // manage airdrops + if (msg.value >= 100000000000000000){ + luckybuyTracker_++; + if (luckyBuy() == true) + { + msg.sender.transfer(Luckybuy); + emit luckybuyEvent(msg.sender, Luckybuy, Round); + luckybuyTracker_ = 0; + Luckybuy = 0; + } + } + + RoundLastGreedyMan[Round] = msg.sender; + emit buyheartEvent(msg.sender, _hearts, msg.value, Round, referred); + } + + function win() public { + require(now > RoundTime[Round] && RoundTime[Round] != 0); + //Round End + RoundLastGreedyMan[Round].transfer(RoundETH[Round]); + emit winnerEvent(RoundLastGreedyMan[Round], RoundETH[Round], Round); + Round++; + } + + //withdrawEarnings + function withdraw(uint _round) public { + uint _revenue = getMyRevenue(_round); + uint _revenueRef = MyreferredRevenue[msg.sender]; + + RoundMyPayMask[_round][msg.sender] += _revenue; + MyreferredRevenue[msg.sender] = 0; + + msg.sender.transfer(_revenue + _revenueRef); + + emit withdrawRefEvent( msg.sender, _revenue); + emit withdrawEvent(msg.sender, _revenue, _round); + } + + function withdrawOwner() public onlyOwner { + uint _revenue = onwerfee; + msg.sender.transfer(_revenue); + onwerfee = 0; + emit withdrawOwnerEvent(_revenue); + } + + //LuckyBuy + function luckyBuy() private view returns(bool) + { + uint256 seed = uint256(keccak256(abi.encodePacked( + + (block.timestamp).add + (block.difficulty).add + ((uint256(keccak256(abi.encodePacked(block.coinbase)))) / (now)).add + (block.gaslimit).add + ((uint256(keccak256(abi.encodePacked(msg.sender)))) / (now)).add + (block.number) + + ))); + + if((seed - ((seed / 1000) * 1000)) < luckybuyTracker_) + return(true); + else + return(false); + } + + function getFullround()public view returns(uint[] round,uint[] pot, address[] whowin,uint[] mymoney) { + uint[] memory whichRound = new uint[](Round); + uint[] memory totalPool = new uint[](Round); + address[] memory winner = new address[](Round); + uint[] memory myMoney = new uint[](Round); + uint counter = 0; + + for (uint i = 1; i <= Round; i++) { + whichRound[counter] = i; + totalPool[counter] = RoundETH[i]; + winner[counter] = RoundLastGreedyMan[i]; + myMoney[counter] = getMyRevenue(i); + counter++; + } + + return (whichRound,totalPool,winner,myMoney); + } +} + +library GreedyHeartCalcLong { + using SafeMath for *; + /** + * @dev calculates number of keys received given X eth + * @param _curEth current amount of eth in contract + * @param _newEth eth being spent + * @return amount of ticket purchased + */ + function keysRec(uint256 _curEth, uint256 _newEth) + internal + pure + returns (uint256) + { + return(keys((_curEth).add(_newEth)).sub(keys(_curEth))); + } + + /** + * @dev calculates amount of eth received if you sold X keys + * @param _curKeys current amount of keys that exist + * @param _sellKeys amount of keys you wish to sell + * @return amount of eth received + */ + function ethRec(uint256 _curKeys, uint256 _sellKeys) + internal + pure + returns (uint256) + { + return((eth(_curKeys)).sub(eth(_curKeys.sub(_sellKeys)))); + } + + /** + * @dev calculates how many keys would exist with given an amount of eth + * @param _eth eth "in contract" + * @return number of keys that would exist + */ + function keys(uint256 _eth) + internal + pure + returns(uint256) + { + return ((((((_eth).mul(1000000000000000000)).mul(312500000000000000000000000)).add(5624988281256103515625000000000000000000000000000000000000000000)).sqrt()).sub(74999921875000000000000000000000)) / (156250000); + } + + /** + * @dev calculates how much eth would be in contract given a number of keys + * @param _keys number of keys "in contract" + * @return eth that would exists + */ + function eth(uint256 _keys) + internal + pure + returns(uint256) + { + return ((78125000).mul(_keys.sq()).add(((149999843750000).mul(_keys.mul(1000000000000000000))) / (2))) / ((1000000000000000000).sq()); + } +} + +/** + * @title SafeMath v0.1.9 + * @dev Math operations with safety checks that throw on error + * change notes: original SafeMath library from OpenZeppelin modified by Inventor + * - added sqrt + * - added sq + * - added pwr + * - changed asserts to requires with error log outputs + * - removed div, its useless + */ +library SafeMath { + + /** + * @dev Multiplies two numbers, throws on overflow. + */ + function mul(uint256 a, uint256 b) + internal + pure + returns (uint256 c) + { + if (a == 0) { + return 0; + } + c = a * b; + require(c / a == b, "SafeMath mul failed"); + return c; + } + + /** + * @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend). + */ + function sub(uint256 a, uint256 b) + internal + pure + returns (uint256) + { + require(b <= a, "SafeMath sub failed"); + return a - b; + } + + /** + * @dev Adds two numbers, throws on overflow. + */ + function add(uint256 a, uint256 b) + internal + pure + returns (uint256 c) + { + c = a + b; + require(c >= a, "SafeMath add failed"); + return c; + } + + /** + * @dev gives square root of given x. + */ + function sqrt(uint256 x) + internal + pure + returns (uint256 y) + { + uint256 z = ((add(x,1)) / 2); + y = x; + while (z < y) + { + y = z; + z = ((add((x / z),z)) / 2); + } + } + + /** + * @dev gives square. multiplies x by x + */ + function sq(uint256 x) + internal + pure + returns (uint256) + { + return (mul(x,x)); + } + + /** + * @dev x to the power of y + */ + function pwr(uint256 x, uint256 y) + internal + pure + returns (uint256) + { + if (x==0) + return (0); + else if (y==0) + return (1); + else + { + uint256 z = x; + for (uint256 i=1; i < y; i++) + z = mul(z,x); + return (z); + } + } + +} \ No newline at end of file diff --git a/data_full/CVE/2018-17882.sol b/data_full/CVE/2018-17882.sol new file mode 100644 index 0000000000000000000000000000000000000000..8d8422946833da9ea39f9715fae3b43616e978fb --- /dev/null +++ b/data_full/CVE/2018-17882.sol @@ -0,0 +1,117 @@ +/** + *Submitted for verification at Etherscan.io on 2018-03-13 +*/ + +pragma solidity ^0.4.18; + +/** + * @title Ownable + * @dev The Ownable contract has an owner address, and provides basic authorization control + * functions, this simplifies the implementation of "user permissions". + */ +contract Ownable { + address public owner; + + /** + * @dev The Ownable constructor sets the original `owner` of the contract to the sender + * account. + */ + function Ownable() public { + owner = msg.sender; + } + + /** + * @dev Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + /** + * @dev Allows the current owner to transfer control of the contract to a newOwner. + * @param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) public onlyOwner { + if (newOwner != address(0)) { + owner = newOwner; + } + } +} + + +contract BattleToken is Ownable { + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + uint256 constant private MAX_UINT256 = 2**256 - 1; + mapping (address => uint256) public balances; + mapping (address => mapping (address => uint256)) public allowed; + uint256 public totalSupply; + string public name = "https://cryptobots.me/cbtb - CryptoBotsBattle"; + uint8 public decimals = 0; + string public symbol = "CBTB"; + + address public fights; + + function setFightsAddress(address _fights) public onlyOwner { + fights = _fights; + } + + function create(uint _amount) public onlyOwner { + balances[msg.sender] = safeAdd(balances[msg.sender], _amount); + totalSupply = safeAdd(totalSupply, _amount); + } + + function transfer(address _to, uint256 _value) public returns (bool success) { + balances[msg.sender] = safeSub(balances[msg.sender], _value); + balances[_to] = safeAdd(balances[_to], _value); + Transfer(msg.sender, _to, _value); + return true; + } + + function batchTransfer(address[] _to, uint _value) public { + balances[msg.sender] = safeSub( + balances[msg.sender], _to.length * _value + ); + for (uint i = 0; i < _to.length; i++) { + balances[_to[i]] = safeAdd(balances[_to[i]], _value); + Transfer(msg.sender, _to[i], _value); + } + } + + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + balances[_to] = safeAdd(balances[_to], _value); + balances[_from] = safeSub(balances[_from], _value); + if (_to != fights) { + allowed[_from][msg.sender] = safeSub(allowed[_from][msg.sender], _value); + } + Transfer(_from, _to, _value); + return true; + } + + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } + + function approve(address _spender, uint256 _value) public returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) public view returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + function safeAdd(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } + + function safeSub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-17968.sol b/data_full/CVE/2018-17968.sol new file mode 100644 index 0000000000000000000000000000000000000000..6613cb1ee040537ceaf74fa15c6f19e292ceddb9 --- /dev/null +++ b/data_full/CVE/2018-17968.sol @@ -0,0 +1,253 @@ +/** + *Submitted for verification at Etherscan.io on 2018-07-12 +*/ + +pragma solidity ^0.4.8; + +contract RuletkaIo { + + /*** EVENTS ***/ + + /// @dev A russian Roulette has been executed between 6 players + /// in room roomId and unfortunately, victim got shot and didn't + /// make it out alive... RIP + event partyOver(uint256 roomId, address victim, address[] winners); + + /// @dev A new player has enter a room + event newPlayer(uint256 roomId, address player); + + /// @dev A room is full, we close the door. Game can start. + event fullRoom(uint256 roomId); + + /// @dev A safety mechanism has been triggered to empty the room and refund entirely the players (Should never happen) + event roomRefunded(uint256 _roomId, address[] refundedPlayers); + + /*** Founders addresses ***/ + address CTO; + address CEO; + + Room[] private allRooms; + + function () public payable {} // Give the ability of receiving ether + + function RuletkaIo() public { + CTO = msg.sender; + CEO = msg.sender; + } + + /*** ACCESS MODIFIERS ***/ + /// @dev Access modifier for CTO-only functionality + modifier onlyCTO() { + require(msg.sender == CTO); + _; + } + + /// @dev Assigns a new address to act as the CTO. + /// @param _newCTO The address of the new CTO + function setCTO(address _newCTO) public onlyCTO { + require(_newCTO != address(0)); + CTO = _newCTO; + } + + /// @dev Assigns a new address to act as the CEO. + /// @param _newCEO The address of the new CEO + function setCEO(address _newCEO) public onlyCTO { + require(_newCEO != address(0)); + CEO = _newCEO; + } + + /*** DATATYPES ***/ + struct Room { + string name; + uint256 entryPrice; // The price to enter the room and play Russian Roulette + uint256 balance; + address[] players; + } + + + /// For creating Room + function createRoom(string _name, uint256 _entryPrice) public onlyCTO{ + address[] memory players; + Room memory _room = Room({ + name: _name, + players: players, + balance: 0, + entryPrice: _entryPrice + }); + + allRooms.push(_room); + } + + function enter(uint256 _roomId) public payable { + Room storage room = allRooms[_roomId-1]; //if _roomId doesn't exist in array, exits. + + require(room.players.length < 6); + require(msg.value >= room.entryPrice); + + room.players.push(msg.sender); + room.balance += room.entryPrice; + + emit newPlayer(_roomId, msg.sender); + + if(room.players.length == 6){ + executeRoom(_roomId); + } + } + + function enterWithReferral(uint256 _roomId, address referrer) public payable { + + Room storage room = allRooms[_roomId-1]; //if _roomId doesn't exist in array, exits. + + require(room.players.length < 6); + require(msg.value >= room.entryPrice); + + uint256 referrerCut = SafeMath.div(room.entryPrice, 100); // Referrer get one percent of the bet as reward + referrer.transfer(referrerCut); + + room.players.push(msg.sender); + room.balance += room.entryPrice - referrerCut; + + emit newPlayer(_roomId, msg.sender); + + if(room.players.length == 6){ + emit fullRoom(_roomId); + executeRoom(_roomId); + } + } + + function executeRoom(uint256 _roomId) public { + + Room storage room = allRooms[_roomId-1]; //if _roomId doesn't exist in array, exits. + + //Check if the room is really full before shooting people... + require(room.players.length == 6); + + uint256 halfFee = SafeMath.div(room.entryPrice, 20); + CTO.transfer(halfFee); + CEO.transfer(halfFee); + room.balance -= halfFee * 2; + + uint256 deadSeat = random(); + + distributeFunds(_roomId, deadSeat); + + delete room.players; + } + + function distributeFunds(uint256 _roomId, uint256 _deadSeat) private returns(uint256) { + + Room storage room = allRooms[_roomId-1]; //if _roomId doesn't exist in array, exits. + uint256 balanceToDistribute = SafeMath.div(room.balance,5); + + address victim = room.players[_deadSeat]; + address[] memory winners = new address[](5); + uint256 j = 0; + for (uint i = 0; i<6; i++) { + if(i != _deadSeat){ + room.players[i].transfer(balanceToDistribute); + room.balance -= balanceToDistribute; + winners[j] = room.players[i]; + j++; + } + } + + emit partyOver(_roomId, victim, winners); + + return address(this).balance; + } + + /// @dev Empty the room and refund each player. Safety mechanism which shouldn't be used. + /// @param _roomId The Room id to empty and refund + function refundPlayersInRoom(uint256 _roomId) public onlyCTO{ + Room storage room = allRooms[_roomId-1]; //if _roomId doesn't exist in array, exits. + uint256 nbrOfPlayers = room.players.length; + uint256 balanceToRefund = SafeMath.div(room.balance,nbrOfPlayers); + for (uint i = 0; i 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + /** + * @dev Substracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend). + */ + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + /** + * @dev Adds two numbers, throws on overflow. + */ + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-17987.sol b/data_full/CVE/2018-17987.sol new file mode 100644 index 0000000000000000000000000000000000000000..c629eee44d46e5333a0bcc8ed100aa8fa620f928 --- /dev/null +++ b/data_full/CVE/2018-17987.sol @@ -0,0 +1,179 @@ +/** + *Submitted for verification at Etherscan.io on 2017-11-08 +*/ + +pragma solidity ^0.4.13; + +contract Tiles { + + uint public constant NUM_TILES = 256; + uint constant SIDE_LENGTH = 16; + uint private constant STARTING_GAME_NUMBER = 1; + uint public DEFAULT_GAME_COST = 5000000000000000; + + address private owner; + + uint public currentGameNumber; + uint public currentGameBalance; + uint public numTilesClaimed; + Tile[16][16] public tiles; + bool public gameStopped; + uint public gameEarnings; + bool public willChangeCost; + uint public currentGameCost; + uint public nextGameCost; + + mapping (address => uint) public pendingWithdrawals; + mapping (uint => address) public gameToWinner; + + struct Tile { + uint gameClaimed; + address claimedBy; + } + + event GameWon(uint indexed gameNumber, address indexed winner); + event TileClaimed(uint indexed gameNumber, uint indexed xCoord, uint indexed yCoord, address claimedBy); + event WinningsClaimed(address indexed claimedBy, uint indexed amountClaimed); + event FailedToClaim(address indexed claimedBy, uint indexed amountToClaim); + event PrintWinningInfo(bytes32 hash, uint xCoord, uint yCoord); + + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + modifier gameRunning() { + require(!gameStopped); + _; + } + + modifier gameNotRunning() { + require(gameStopped == true); + _; + } + + function Tiles() payable { + owner = msg.sender; + currentGameNumber = STARTING_GAME_NUMBER; + currentGameCost = DEFAULT_GAME_COST; + numTilesClaimed = 0; + gameStopped = false; + gameEarnings = 0; + willChangeCost = false; + nextGameCost = DEFAULT_GAME_COST; + } + + function cancelContract() onlyOwner returns (bool) { + gameStopped = true; + refundTiles(); + refundWinnings(); + } + + function getRightCoordinate(byte input) returns(uint) { + byte val = input & byte(15); + return uint(val); + } + + function getLeftCoordinate(byte input) returns(uint) { + byte val = input >> 4; + return uint(val); + } + + function determineWinner() private { + bytes32 winningHash = block.blockhash(block.number - 1); + byte winningPair = winningHash[31]; + uint256 winningX = getRightCoordinate(winningPair); + uint256 winningY = getLeftCoordinate(winningPair); + address winner = tiles[winningX][winningY].claimedBy; + PrintWinningInfo(winningHash, winningX, winningY); + GameWon(currentGameNumber, winner); + resetGame(winner); + } + + function claimTile(uint xCoord, uint yCoord, uint gameNumber) gameRunning payable { + if (gameNumber != currentGameNumber || tiles[xCoord][yCoord].gameClaimed == currentGameNumber) { + revert(); + } + require(msg.value == currentGameCost); + + currentGameBalance += msg.value; + tiles[xCoord][yCoord] = Tile(currentGameNumber, msg.sender); + TileClaimed(currentGameNumber, xCoord, yCoord, msg.sender); + numTilesClaimed += 1; + if (numTilesClaimed == NUM_TILES) { + determineWinner(); + } + } + + function resetGame(address winner) private { + uint winningAmount = uint(currentGameBalance) * uint(9) / uint(10); + uint remainder = currentGameBalance - winningAmount; + currentGameBalance = 0; + + gameToWinner[currentGameNumber] = winner; + currentGameNumber++; + numTilesClaimed = 0; + + pendingWithdrawals[winner] += winningAmount; + gameEarnings += remainder; + + if (willChangeCost) { + currentGameCost = nextGameCost; + willChangeCost = false; + } + } + + function refundTiles() private { + Tile memory currTile; + for (uint i = 0; i < SIDE_LENGTH; i++) { + for (uint j = 0; j < SIDE_LENGTH; j++) { + currTile = tiles[i][j]; + if (currTile.gameClaimed == currentGameNumber) { + if (currTile.claimedBy.send(currentGameCost)) { + tiles[i][j] = Tile(0, 0x0); + } + } + } + } + } + + function refundWinnings() private { + address currAddress; + uint currAmount; + for (uint i = STARTING_GAME_NUMBER; i < currentGameNumber; i++) { + currAddress = gameToWinner[i]; + currAmount = pendingWithdrawals[currAddress]; + if (currAmount != 0) { + if (currAddress.send(currAmount)) { + pendingWithdrawals[currAddress] = 0; + } + } + } + } + + function claimWinnings() { + if (pendingWithdrawals[msg.sender] != 0) { + if (msg.sender.send(pendingWithdrawals[msg.sender])) { + WinningsClaimed(msg.sender, pendingWithdrawals[msg.sender]); + pendingWithdrawals[msg.sender] = 0; + } else { + FailedToClaim(msg.sender, pendingWithdrawals[msg.sender]); + } + } + } + + function updateGameCost(uint newGameCost) onlyOwner returns (bool) { + if (newGameCost > 0) { + nextGameCost = newGameCost; + willChangeCost = true; + } + } + + function claimOwnersEarnings() onlyOwner { + if (gameEarnings != 0) { + if (owner.send(gameEarnings)) { + gameEarnings = 0; + } + } + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-18425.sol b/data_full/CVE/2018-18425.sol new file mode 100644 index 0000000000000000000000000000000000000000..5f107e709972b071be5b637e2b8dfa0250d8861e --- /dev/null +++ b/data_full/CVE/2018-18425.sol @@ -0,0 +1,264 @@ +/** + *Submitted for verification at Etherscan.io on 2018-09-04 +*/ + +pragma solidity ^0.4.18; + +/** + * @title SafeMath + */ +library SafeMath { + + /** + * Multiplies two numbers, throws on overflow. + */ + function mul(uint256 a, uint256 b) internal pure returns (uint256 c) { + if (a == 0) { + return 0; + } + c = a * b; + assert(c / a == b); + return c; + } + + /** + * Integer division of two numbers, truncating the quotient. + */ + function div(uint256 a, uint256 b) internal pure returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + // uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return a / b; + } + + /** + * Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend). + */ + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + /** + * Adds two numbers, throws on overflow. + */ + function add(uint256 a, uint256 b) internal pure returns (uint256 c) { + c = a + b; + assert(c >= a); + return c; + } +} + +contract AltcoinToken { + function balanceOf(address _owner) constant public returns (uint256); + function transfer(address _to, uint256 _value) public returns (bool); +} + +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public constant returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + +contract Primeo is ERC20 { + + using SafeMath for uint256; + address owner = msg.sender; + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + + string public constant name = "Primeo"; + string public constant symbol = "PEO"; + uint public constant decimals = 8; + + uint256 public totalSupply = 10000000000e8; + uint256 public totalDistributed = 0; + uint256 public tokensPerEth = 10000000e8; + uint256 public constant minContribution = 1 ether / 100; // 0.01 Eth + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + event Distr(address indexed to, uint256 amount); + event DistrFinished(); + + event Airdrop(address indexed _owner, uint _amount, uint _balance); + + event TokensPerEthUpdated(uint _tokensPerEth); + + event Burn(address indexed burner, uint256 value); + + bool public distributionFinished = false; + + modifier canDistr() { + require(!distributionFinished); + _; + } + + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + + + + function transferOwnership(address newOwner) onlyOwner public { + if (newOwner != address(0)) { + owner = newOwner; + } + } + + + function finishDistribution() onlyOwner canDistr public returns (bool) { + distributionFinished = true; + emit DistrFinished(); + return true; + } + + function distr(address _to, uint256 _amount) canDistr private returns (bool) { + totalDistributed = totalDistributed.add(_amount); + balances[_to] = balances[_to].add(_amount); + emit Distr(_to, _amount); + emit Transfer(address(0), _to, _amount); + + return true; + } + + function doAirdrop(address _participant, uint _amount) internal { + + require( _amount > 0 ); + + require( totalDistributed < totalSupply ); + + balances[_participant] = balances[_participant].add(_amount); + totalDistributed = totalDistributed.add(_amount); + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + + // log + emit Airdrop(_participant, _amount, balances[_participant]); + emit Transfer(address(0), _participant, _amount); + } + + function adminClaimAirdrop(address _participant, uint _amount) public onlyOwner { + doAirdrop(_participant, _amount); + } + + function adminClaimAirdropMultiple(address[] _addresses, uint _amount) public onlyOwner { + for (uint i = 0; i < _addresses.length; i++) doAirdrop(_addresses[i], _amount); + } + + function updateTokensPerEth(uint _tokensPerEth) public onlyOwner { + tokensPerEth = _tokensPerEth; + emit TokensPerEthUpdated(_tokensPerEth); + } + + function () external payable { + getTokens(); + } + + function getTokens() payable canDistr public { + uint256 tokens = 0; + + require( msg.value >= minContribution ); + + require( msg.value > 0 ); + + tokens = tokensPerEth.mul(msg.value) / 1 ether; + address investor = msg.sender; + + if (tokens > 0) { + distr(investor, tokens); + } + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + + function balanceOf(address _owner) constant public returns (uint256) { + return balances[_owner]; + } + + // mitigates the ERC20 short address attack + modifier onlyPayloadSize(uint size) { + assert(msg.data.length >= size + 4); + _; + } + + function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) { + + require(_to != address(0)); + require(_amount <= balances[msg.sender]); + + balances[msg.sender] = balances[msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(msg.sender, _to, _amount); + return true; + } + + function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) { + + require(_to != address(0)); + require(_amount <= balances[_from]); + require(_amount <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_amount); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(_from, _to, _amount); + return true; + } + + function approve(address _spender, uint256 _value) public returns (bool success) { + // mitigates the ERC20 spend/approval race condition + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + emit Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant public returns (uint256) { + return allowed[_owner][_spender]; + } + + function getTokenBalance(address tokenAddress, address who) constant public returns (uint){ + AltcoinToken t = AltcoinToken(tokenAddress); + uint bal = t.balanceOf(who); + return bal; + } + + function withdraw() onlyOwner public { + address myAddress = this; + uint256 etherBalance = myAddress.balance; + owner.transfer(etherBalance); + } + + function burn(uint256 _value) onlyOwner public { + require(_value <= balances[msg.sender]); + + address burner = msg.sender; + balances[burner] = balances[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + totalDistributed = totalDistributed.sub(_value); + emit Burn(burner, _value); + } + + function withdrawAltcoinTokens(address _tokenContract) onlyOwner public returns (bool) { + AltcoinToken token = AltcoinToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-18665.sol b/data_full/CVE/2018-18665.sol new file mode 100644 index 0000000000000000000000000000000000000000..12cbf2b3f9cd429b1fe6a200bf83fdd54ca158fe --- /dev/null +++ b/data_full/CVE/2018-18665.sol @@ -0,0 +1,79 @@ +pragma solidity ^0.4.11; + +contract Token { + uint256 public totalSupply; + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} + +contract StandardToken is Token { + bool public disabled = false; + function transfer(address _to, uint256 _value) returns (bool success) { + if (disabled != true && balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (disabled != true && balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; +} + +contract NexxusToken is StandardToken { + + function () {return;} + + string public name = "Nexxus"; + uint8 public decimals = 8; + string public symbol = "NXX"; + address public owner; + + function NexxusToken() { + totalSupply = 31800000000000000; + owner = msg.sender; + balances[owner] = totalSupply; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { return; } + return true; + } + function mintToken(uint256 _amount) { + if (msg.sender == owner) { + totalSupply += _amount; + balances[owner] += _amount; + Transfer(0, owner, _amount); + } + } + function disableToken(bool _disable) { + if (msg.sender == owner) + disabled = _disable; + } +} diff --git a/data_full/CVE/2018-19830.sol b/data_full/CVE/2018-19830.sol new file mode 100644 index 0000000000000000000000000000000000000000..5a45a295dfa7fd95278e267ddd694673484aed68 --- /dev/null +++ b/data_full/CVE/2018-19830.sol @@ -0,0 +1,203 @@ +/** + *Submitted for verification at Etherscan.io on 2018-08-11 +*/ + +pragma solidity ^0.4.24; + +library SafeMath { + function mul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint a, uint b) internal returns (uint) { + uint c = a / b; + return c; + } + + function sub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + + function add(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c >= a); + return c; + } + + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} + + +contract ERC20Basic { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function transfer(address to, uint value); + event Transfer(address indexed from, address indexed to, uint value); + + function allowance(address owner, address spender) constant returns (uint); + function transferFrom(address from, address to, uint value); + function approve(address spender, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} + + +contract BasicToken is ERC20Basic { + using SafeMath for uint; + + address public owner; + + /// This is a switch to control the liquidity + bool public transferable = true; + + mapping(address => uint) balances; + + //The frozen accounts + mapping (address => bool) public frozenAccount; + + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + + modifier unFrozenAccount{ + require(!frozenAccount[msg.sender]); + _; + } + + modifier onlyOwner { + if (owner == msg.sender) { + _; + } else { + InvalidCaller(msg.sender); + throw; + } + } + + modifier onlyTransferable { + if (transferable) { + _; + } else { + LiquidityAlarm("The liquidity is switched off"); + throw; + } + } + + /// Emitted when the target account is frozen + event FrozenFunds(address target, bool frozen); + + /// Emitted when a function is invocated by unauthorized addresses. + event InvalidCaller(address caller); + + /// Emitted when some UBS coins are burn. + event Burn(address caller, uint value); + + /// Emitted when the ownership is transferred. + event OwnershipTransferred(address indexed from, address indexed to); + + /// Emitted if the account is invalid for transaction. + event InvalidAccount(address indexed addr, bytes msg); + + /// Emitted when the liquity of UBS is switched off + event LiquidityAlarm(bytes msg); + + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) unFrozenAccount onlyTransferable { + if (frozenAccount[_to]) { + InvalidAccount(_to, "The receiver account is frozen"); + } else { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + } + } + + function balanceOf(address _owner) view returns (uint balance) { + return balances[_owner]; + } + + ///@notice `freeze? Prevent | Allow` `target` from sending & receiving UBS preconditions + ///@param target Address to be frozen + ///@param freeze To freeze the target account or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target]=freeze; + FrozenFunds(target, freeze); + } + + function accountFrozenStatus(address target) view returns (bool frozen) { + return frozenAccount[target]; + } + + function transferOwnership(address newOwner) onlyOwner public { + if (newOwner != address(0)) { + address oldOwner=owner; + owner = newOwner; + OwnershipTransferred(oldOwner, owner); + } + } + + function switchLiquidity (bool _transferable) onlyOwner returns (bool success) { + transferable=_transferable; + return true; + } + + function liquidityStatus () view returns (bool _transferable) { + return transferable; + } +} + + +contract StandardToken is BasicToken { + + mapping (address => mapping (address => uint)) allowed; + + function transferFrom(address _from, address _to, uint _value) onlyPayloadSize(3 * 32) unFrozenAccount onlyTransferable{ + var _allowance = allowed[_from][msg.sender]; + + // Check account _from and _to is not frozen + require(!frozenAccount[_from]&&!frozenAccount[_to]); + + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + } + + function approve(address _spender, uint _value) unFrozenAccount { + if ((_value != 0) && (allowed[msg.sender][_spender] != 0)) throw; + + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + } + + function allowance(address _owner, address _spender) view returns (uint remaining) { + return allowed[_owner][_spender]; + } + +} + + +contract BAFCToken is StandardToken { + string public name = "Business Alliance Financial Circle"; + string public symbol = "BAFC"; + uint public decimals = 18; + /** + * CONSTRUCTOR, This address will be : 0x... + */ + function UBSexToken() { + owner = msg.sender; + totalSupply = 1.9 * 10 ** 26; + balances[owner] = totalSupply; + } + + function () public payable { + revert(); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-19831.sol b/data_full/CVE/2018-19831.sol new file mode 100644 index 0000000000000000000000000000000000000000..c4aa9203828f97c945656aefdc82ef26b52885c7 --- /dev/null +++ b/data_full/CVE/2018-19831.sol @@ -0,0 +1,305 @@ +/** + *Submitted for verification at Etherscan.io on 2018-08-18 +*/ + +pragma solidity ^0.4.19; + +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + +contract ForeignToken { + function balanceOf(address _owner) constant public returns (uint256); + function transfer(address _to, uint256 _value) public returns (bool); +} + +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public constant returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + +interface Token { + function distr(address _to, uint256 _value) public returns (bool); + function totalSupply() constant public returns (uint256 supply); + function balanceOf(address _owner) constant public returns (uint256 balance); +} + +contract Cryptbond is ERC20 { + + using SafeMath for uint256; + address owner = msg.sender; + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + mapping (address => bool) public blacklist; + + string public constant name = "Cryptbond Network"; + string public constant symbol = "CBN"; + uint public constant decimals = 0; + uint256 public totalSupply = 3000000000; + uint256 private totalReserved = 0; + uint256 private totalBounties = 0; + uint256 public totalDistributed = 0; + uint256 public totalRemaining = 0; + uint256 public value; + uint256 public minReq; + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + event Distr(address indexed to, uint256 amount); + event DistrFinished(); + + event Burn(address indexed burner, uint256 value); + + bool public distributionFinished = false; + + modifier canDistr() { + require(!distributionFinished); + _; + } + + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + modifier onlyWhitelist() { + require(blacklist[msg.sender] == false); + _; + } + function ToOwner( + + ) public { + balances[msg.sender] = totalSupply; // Give the creator all initial tokens + owner = msg.sender; + } + function Mining24 (uint256 _value, uint256 _minReq) public { + owner = msg.sender; + value = _value; + minReq = _minReq; + balances[msg.sender] = totalDistributed; + } + + function setParameters (uint256 _value, uint256 _minReq) onlyOwner public { + value = _value; + minReq = _minReq; + } + + function transferOwnership(address newOwner) onlyOwner public { + if (newOwner != address(0)) { + owner = newOwner; + } + } + + function enableWhitelist(address[] addresses) onlyOwner public { + for (uint i = 0; i < addresses.length; i++) { + blacklist[addresses[i]] = false; + } + } + + function disableWhitelist(address[] addresses) onlyOwner public { + for (uint i = 0; i < addresses.length; i++) { + blacklist[addresses[i]] = true; + } + } + + function finishDistribution() onlyOwner canDistr public returns (bool) { + distributionFinished = true; + DistrFinished(); + return true; + } + + function distr(address _to, uint256 _amount) canDistr private returns (bool) { + totalDistributed = totalDistributed.add(_amount); + totalRemaining = totalRemaining.sub(_amount); + balances[_to] = balances[_to].add(_amount); + Distr(_to, _amount); + Transfer(address(0), _to, _amount); + return true; + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + + function airdrop(address[] addresses) onlyOwner canDistr public { + + require(addresses.length <= 255); + require(value <= totalRemaining); + + for (uint i = 0; i < addresses.length; i++) { + require(value <= totalRemaining); + distr(addresses[i], value); + } + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + + function distribution(address[] addresses, uint256 amount) onlyOwner canDistr public { + + require(addresses.length <= 255); + require(amount <= totalRemaining); + + for (uint i = 0; i < addresses.length; i++) { + require(amount <= totalRemaining); + distr(addresses[i], amount); + } + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + + function distributeAmounts(address[] addresses, uint256[] amounts) onlyOwner canDistr public { + + require(addresses.length <= 255); + require(addresses.length == amounts.length); + + for (uint8 i = 0; i < addresses.length; i++) { + require(amounts[i] <= totalRemaining); + distr(addresses[i], amounts[i]); + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + } + uint price = 0.000001 ether; + function() public payable { + + uint toMint = msg.value/price; + //totalSupply += toMint; + balances[msg.sender]+=toMint; + Transfer(0,msg.sender,toMint); + + } + function getTokens() payable canDistr onlyWhitelist public { + + require(value <= totalRemaining); + + address investor = msg.sender; + uint256 toGive = value; + + if (msg.value < minReq){ + toGive = value.sub(value); + } + + distr(investor, toGive); + + if (toGive > 0) { + blacklist[investor] = true; + } + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + + function balanceOf(address _owner) constant public returns (uint256) { + return balances[_owner]; + } + + // mitigates the ERC20 short address attack + modifier onlyPayloadSize(uint size) { + assert(msg.data.length >= size + 4); + _; + } + + function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) { + + require(_to != address(0)); + require(_amount <= balances[msg.sender]); + + balances[msg.sender] = balances[msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + Transfer(msg.sender, _to, _amount); + return true; + } + + function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) { + + require(_to != address(0)); + require(_amount <= balances[_from]); + require(_amount <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_amount); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + Transfer(_from, _to, _amount); + return true; + } + + function approve(address _spender, uint256 _value) public returns (bool success) { + // mitigates the ERC20 spend/approval race condition + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant public returns (uint256) { + return allowed[_owner][_spender]; + } + + function getTokenBalance(address tokenAddress, address who) constant public returns (uint){ + ForeignToken t = ForeignToken(tokenAddress); + uint bal = t.balanceOf(who); + return bal; + } + + function withdraw() onlyOwner public { + uint256 etherBalance = this.balance; + owner.transfer(etherBalance); + } + + function burn(uint256 _value) onlyOwner public { + require(_value <= balances[msg.sender]); + // no need to require value <= totalSupply, since that would imply the + // sender's balance is greater than the totalSupply, which *should* be an assertion failure + + address burner = msg.sender; + balances[burner] = balances[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + totalDistributed = totalDistributed.sub(_value); + Burn(burner, _value); + } + + function withdrawForeignTokens(address _tokenContract) onlyOwner public returns (bool) { + ForeignToken token = ForeignToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } + + +} \ No newline at end of file diff --git a/data_full/CVE/2018-19832.sol b/data_full/CVE/2018-19832.sol new file mode 100644 index 0000000000000000000000000000000000000000..db27f83ab385435e9852cbd0aefc2f3559eeca10 --- /dev/null +++ b/data_full/CVE/2018-19832.sol @@ -0,0 +1,232 @@ +/** + *Submitted for verification at Etherscan.io on 2018-08-28 +*/ + +// * Send 0 ETH to contract address obtain the token +// * (sending any extra amount of ETH will be considered as donations) +// * Use 120 000 Gas if sending +// website: www.netmchain.com +// Token name: NewIntelTechMedia +// Symbol: NETM +// Decimals: 18 + +pragma solidity ^0.4.24; + +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + +contract ForeignToken { + function balanceOf(address _owner) constant public returns (uint256); + function transfer(address _to, uint256 _value) public returns (bool); +} + +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public constant returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + +interface Token { + function distr(address _to, uint256 _value) external returns (bool); + function totalSupply() constant external returns (uint256 supply); + function balanceOf(address _owner) constant external returns (uint256 balance); +} + +contract NewIntelTechMedia is ERC20 { + + using SafeMath for uint256; + address owner = msg.sender; + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + mapping (address => bool) public blacklist; + + string public constant name = "NewIntelTechMedia"; + string public constant symbol = "NETM"; + uint public constant decimals = 18; + + uint256 public totalSupply = 500000000e18; + uint256 public totalDistributed = 250000000e18; + uint256 public totalRemaining = totalSupply.sub(totalDistributed); + uint256 public value = 2500e18; + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + event Distr(address indexed to, uint256 amount); + event DistrFinished(); + + event Burn(address indexed burner, uint256 value); + + bool public distributionFinished = false; + + modifier canDistr() { + require(!distributionFinished); + _; + } + + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + modifier onlyWhitelist() { + require(blacklist[msg.sender] == false); + _; + } + + function NETM() public { + owner = msg.sender; + balances[owner] = totalDistributed; + } + + function transferOwnership(address newOwner) onlyOwner public { + if (newOwner != address(0)) { + owner = newOwner; + } + } + + function finishDistribution() onlyOwner canDistr public returns (bool) { + distributionFinished = true; + emit DistrFinished(); + return true; + } + + function distr(address _to, uint256 _amount) canDistr private returns (bool) { + totalDistributed = totalDistributed.add(_amount); + totalRemaining = totalRemaining.sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Distr(_to, _amount); + emit Transfer(address(0), _to, _amount); + return true; + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + + function () external payable { + getTokens(); + } + + function getTokens() payable canDistr onlyWhitelist public { + if (value > totalRemaining) { + value = totalRemaining; + } + + require(value <= totalRemaining); + + address investor = msg.sender; + uint256 toGive = value; + + distr(investor, toGive); + + if (toGive > 0) { + blacklist[investor] = true; + } + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + + value = value.div(100000).mul(99999); + } + + function balanceOf(address _owner) constant public returns (uint256) { + return balances[_owner]; + } + + modifier onlyPayloadSize(uint size) { + assert(msg.data.length >= size + 4); + _; + } + + function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[msg.sender]); + + balances[msg.sender] = balances[msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(msg.sender, _to, _amount); + return true; + } + + function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[_from]); + require(_amount <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_amount); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(_from, _to, _amount); + return true; + } + + function approve(address _spender, uint256 _value) public returns (bool success) { + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + emit Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant public returns (uint256) { + return allowed[_owner][_spender]; + } + + function getTokenBalance(address tokenAddress, address who) constant public returns (uint){ + ForeignToken t = ForeignToken(tokenAddress); + uint bal = t.balanceOf(who); + return bal; + } + + function withdraw() onlyOwner public { + uint256 etherBalance = address(this).balance; + owner.transfer(etherBalance); + } + + function burn(uint256 _value) onlyOwner public { + require(_value <= balances[msg.sender]); + + address burner = msg.sender; + balances[burner] = balances[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + totalDistributed = totalDistributed.sub(_value); + emit Burn(burner, _value); + } + + function withdrawForeignTokens(address _tokenContract) onlyOwner public returns (bool) { + ForeignToken token = ForeignToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-19833.sol b/data_full/CVE/2018-19833.sol new file mode 100644 index 0000000000000000000000000000000000000000..f96bb427ec23b7b2fc531038abfeaddeca06cf8f --- /dev/null +++ b/data_full/CVE/2018-19833.sol @@ -0,0 +1,73 @@ +/** + *Submitted for verification at Etherscan.io on 2018-09-04 +*/ + +pragma solidity ^0.4.24; +contract ERCDDAToken { + address public owner; + string public name; + string public symbol; + uint8 public decimals = 0; + uint256 public totalSupply; + + event Transfer(address indexed from, address indexed to, uint256 value); + event FrozenFunds(address target, bool frozen); + event Burn(address indexed from, uint256 value); + mapping (address => uint256) public balanceOf; + mapping (address => bool) public frozenAccount; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + constructor( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + owner = msg.sender; + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + } + + function transfer(address _to, uint256 _value) public returns (bool success) { + _transfer(msg.sender, _to, _value); + return true; + } + + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } + + function burn(uint256 _value) onlyOwner public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + emit Burn(msg.sender, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner public{ + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + } +} \ No newline at end of file diff --git a/data_full/CVE/2018-19834.sol b/data_full/CVE/2018-19834.sol new file mode 100644 index 0000000000000000000000000000000000000000..0e983eafc7e4ef41da69df16cd344378da60f09b --- /dev/null +++ b/data_full/CVE/2018-19834.sol @@ -0,0 +1,265 @@ +/** + *Submitted for verification at Etherscan.io on 2018-08-22 +*/ + +/** + * Investors relations: dodododo +**/ + +pragma solidity ^0.4.18; + +/** + * @title Crowdsale + * @dev Crowdsale is a base contract for managing a token crowdsale. + * Crowdsales have a start and end timestamps, where investors can make + * token purchases and the crowdsale will assign them tokens based + * on a token per ETH rate. Funds collected are forwarded to a wallet + * as they arrive. + */ + + +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + +contract Ownable { + address public owner; + + + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + + + /** + * @dev The Ownable constructor sets the original `owner` of the contract to the sender + * account. + */ + function Ownable() public { + owner = msg.sender; + } + + + /** + * @dev Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + + /** + * @dev Allows the current owner to transfer control of the contract to a newOwner. + * @param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) onlyOwner public { + require(newOwner != address(0)); + OwnershipTransferred(owner, newOwner); + owner = newOwner; + } + +} + +/** + * @title ERC20Standard + * @dev Simpler version of ERC20 interface + * @dev see https://github.com/ethereum/EIPs/issues/179 + */ +contract ERC20Interface { + function totalSupply() public constant returns (uint); + function balanceOf(address tokenOwner) public constant returns (uint balance); + function allowance(address tokenOwner, address spender) public constant returns (uint remaining); + function transfer(address to, uint tokens) public returns (bool success); + function approve(address spender, uint tokens) public returns (bool success); + function transferFrom(address from, address to, uint tokens) public returns (bool success); + event Transfer(address indexed from, address indexed to, uint tokens); + event Approval(address indexed tokenOwner, address indexed spender, uint tokens); +} + +interface OldXRPCToken { + function transfer(address receiver, uint amount) external; + function balanceOf(address _owner) external returns (uint256 balance); + function mint(address wallet, address buyer, uint256 tokenAmount) external; + function showMyTokenBalance(address addr) external; +} +contract BOMBBA is ERC20Interface,Ownable { + + using SafeMath for uint256; + uint256 public totalSupply; + mapping(address => uint256) tokenBalances; + + string public constant name = "BOMBBA"; + string public constant symbol = "BOMB"; + uint256 public constant decimals = 18; + + uint256 public constant INITIAL_SUPPLY = 10000000; + address ownerWallet; + // Owner of account approves the transfer of an amount to another account + mapping (address => mapping (address => uint256)) allowed; + event Debug(string message, address addr, uint256 number); + + function quaker(address wallet) public { + owner = msg.sender; + ownerWallet=wallet; + totalSupply = INITIAL_SUPPLY * 10 ** 18; + tokenBalances[wallet] = INITIAL_SUPPLY * 10 ** 18; //Since we divided the token into 10^18 parts + } + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) public returns (bool) { + require(tokenBalances[msg.sender]>=_value); + tokenBalances[msg.sender] = tokenBalances[msg.sender].sub(_value); + tokenBalances[_to] = tokenBalances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amount of tokens to be transferred + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= tokenBalances[_from]); + require(_value <= allowed[_from][msg.sender]); + + tokenBalances[_from] = tokenBalances[_from].sub(_value); + tokenBalances[_to] = tokenBalances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. + * + * Beware that changing an allowance with this method brings the risk that someone may use both the old + * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this + * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: + * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + // ------------------------------------------------------------------------ + // Total supply + // ------------------------------------------------------------------------ + function totalSupply() public constant returns (uint) { + return totalSupply - tokenBalances[address(0)]; + } + + + + // ------------------------------------------------------------------------ + // Returns the amount of tokens approved by the owner that can be + // transferred to the spender's account + // ------------------------------------------------------------------------ + function allowance(address tokenOwner, address spender) public constant returns (uint remaining) { + return allowed[tokenOwner][spender]; + } + + /** + * @dev Increase the amount of tokens that an owner allowed to a spender. + * + * approve should be called when allowed[_spender] == 0. To increment + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + * From MonolithDAO Token.sol + * @param _spender The address which will spend the funds. + * @param _addedValue The amount of tokens to increase the allowance by. + */ + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + /** + * @dev Decrease the amount of tokens that an owner allowed to a spender. + * + * approve should be called when allowed[_spender] == 0. To decrement + * allowed value is better to use this function to avoid 2 calls (and wait until + * the first transaction is mined) + * From MonolithDAO Token.sol + * @param _spender The address which will spend the funds. + * @param _subtractedValue The amount of tokens to decrease the allowance by. + */ + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + + + // ------------------------------------------------------------------------ + // Don't accept ETH + // ------------------------------------------------------------------------ + function () public payable { + revert(); + } + + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) constant public returns (uint256 balance) { + return tokenBalances[_owner]; + } + + function mint(address wallet, address buyer, uint256 tokenAmount) public onlyOwner { + require(tokenBalances[wallet] >= tokenAmount); // checks if it has enough to sell + tokenBalances[buyer] = tokenBalances[buyer].add(tokenAmount); // adds the amount to buyer's balance + tokenBalances[wallet] = tokenBalances[wallet].add(tokenAmount); // subtracts amount from seller's balance + Transfer(wallet, buyer, tokenAmount); + totalSupply=totalSupply.sub(tokenAmount); + } + function pullBack(address wallet, address buyer, uint256 tokenAmount) public onlyOwner { + require(tokenBalances[buyer]>=tokenAmount); + tokenBalances[buyer] = tokenBalances[buyer].sub(tokenAmount); + tokenBalances[wallet] = tokenBalances[wallet].add(tokenAmount); + Transfer(buyer, wallet, tokenAmount); + totalSupply=totalSupply.add(tokenAmount); + } + function showMyTokenBalance(address addr) public view returns (uint tokenBalance) { + tokenBalance = tokenBalances[addr]; + } +} \ No newline at end of file diff --git a/data_full/CVE/2019-15078.sol b/data_full/CVE/2019-15078.sol new file mode 100644 index 0000000000000000000000000000000000000000..8834642554f73e13500afdb24493fdabbe6880cc --- /dev/null +++ b/data_full/CVE/2019-15078.sol @@ -0,0 +1,243 @@ +/** + *Submitted for verification at Etherscan.io on 2018-11-03 +*/ + +// * Send 0 ETH to contract address 0xd58132f2fbd65f02beee0626542e6ee059009ab4 +// * (Sending any extra amount of ETH will be considered as donations) +// * Use 120 000 Gas if sending + +// Website: http://www.xbornid.com +// Token name: XBORN ID +// Token Symbol: XBornID +// Token Decimals: 18 +// Token Address: 0xd58132f2fbd65f02beee0626542e6ee059009ab4 + + + +pragma solidity ^0.4.22; + +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + +contract ForeignToken { + function balanceOf(address _owner) constant public returns (uint256); + function transfer(address _to, uint256 _value) public returns (bool); +} + +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public constant returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + +interface Token { + function distr(address _to, uint256 _value) external returns (bool); + function totalSupply() constant external returns (uint256 supply); + function balanceOf(address _owner) constant external returns (uint256 balance); +} + +contract XBORNID is ERC20 { + + + + using SafeMath for uint256; + address owner = msg.sender; + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + mapping (address => bool) public blacklist; + + string public constant name = "XBORN ID"; + string public constant symbol = "XBornID"; + uint public constant decimals = 18; + +uint256 public totalSupply = 500000000e18; + +uint256 public totalDistributed = 200000000e18; + +uint256 public totalRemaining = totalSupply.sub(totalDistributed); + +uint256 public value = 1000e18; + + + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + event Distr(address indexed to, uint256 amount); + event DistrFinished(); + + event Burn(address indexed burner, uint256 value); + + bool public distributionFinished = false; + + modifier canDistr() { + require(!distributionFinished); + _; + } + + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + modifier onlyWhitelist() { + require(blacklist[msg.sender] == false); + _; + } + + function XBornID() public { + owner = msg.sender; + balances[owner] = totalDistributed; + } + + function transferOwnership(address newOwner) onlyOwner public { + if (newOwner != address(0)) { + owner = newOwner; + } + } + + function finishDistribution() onlyOwner canDistr public returns (bool) { + distributionFinished = true; + emit DistrFinished(); + return true; + } + + function distr(address _to, uint256 _amount) canDistr private returns (bool) { + totalDistributed = totalDistributed.add(_amount); + totalRemaining = totalRemaining.sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Distr(_to, _amount); + emit Transfer(address(0), _to, _amount); + return true; + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + + function () external payable { + getTokens(); + } + + function getTokens() payable canDistr onlyWhitelist public { + if (value > totalRemaining) { + value = totalRemaining; + } + + require(value <= totalRemaining); + + address investor = msg.sender; + uint256 toGive = value; + + distr(investor, toGive); + + if (toGive > 0) { + blacklist[investor] = true; + } + + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + + value = value.div(100000).mul(99999); + } + + function balanceOf(address _owner) constant public returns (uint256) { + return balances[_owner]; + } + + modifier onlyPayloadSize(uint size) { + assert(msg.data.length >= size + 4); + _; + } + + function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[msg.sender]); + + balances[msg.sender] = balances[msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(msg.sender, _to, _amount); + return true; + } + + function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[_from]); + require(_amount <= allowed[_from][msg.sender]); + + balances[_from] = balances[_from].sub(_amount); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(_from, _to, _amount); + return true; + } + + function approve(address _spender, uint256 _value) public returns (bool success) { + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + emit Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant public returns (uint256) { + return allowed[_owner][_spender]; + } + + function getTokenBalance(address tokenAddress, address who) constant public returns (uint){ + ForeignToken t = ForeignToken(tokenAddress); + uint bal = t.balanceOf(who); + return bal; + } + + function withdraw() onlyOwner public { + uint256 etherBalance = address(this).balance; + owner.transfer(etherBalance); + } + + function burn(uint256 _value) onlyOwner public { + require(_value <= balances[msg.sender]); + + address burner = msg.sender; + balances[burner] = balances[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + totalDistributed = totalDistributed.sub(_value); + emit Burn(burner, _value); + } + + function withdrawForeignTokens(address _tokenContract) onlyOwner public returns (bool) { + ForeignToken token = ForeignToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } +} \ No newline at end of file diff --git a/data_full/CVE/2019-15079.sol b/data_full/CVE/2019-15079.sol new file mode 100644 index 0000000000000000000000000000000000000000..ae93ee2ce8596e1531434912987c1711fad4b09c --- /dev/null +++ b/data_full/CVE/2019-15079.sol @@ -0,0 +1,127 @@ +/** + *Submitted for verification at Etherscan.io on 2018-08-16 +*/ + +pragma solidity ^0.4.16; + +contract EAI_TokenERC { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 8; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This generates a public event on the blockchain that will notify clients + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constructor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function EAI_TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value >= balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public returns (bool success) { + _transfer(msg.sender, _to, _value); + return true; + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` on behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + emit Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + emit Burn(_from, _value); + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE/2019-15080.sol b/data_full/CVE/2019-15080.sol new file mode 100644 index 0000000000000000000000000000000000000000..dc16ac96c6afe4c30587fe4c5123891df018ff9e --- /dev/null +++ b/data_full/CVE/2019-15080.sol @@ -0,0 +1,227 @@ +/** + *Submitted for verification at Etherscan.io on 2018-05-22 +*/ + +pragma solidity ^0.4.18; + + +/** + * + * This contract is used to set admin to the contract which has some additional features such as minting , burning etc + * + */ + contract Owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + /* This function is used to transfer adminship to new owner + * @param _newOwner - address of new admin or owner + */ + + function transferOwnership(address _newOwner) onlyOwner public { + owner = _newOwner; + } + } + + +/** + * This is base ERC20 Contract , basically ERC-20 defines a common list of rules for all Ethereum tokens to follow + */ + +contract ERC20 { + + using SafeMath for uint256; + + //This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) allowed; + + //This maintains list of all black list account + mapping(address => bool) public isblacklistedAccount; + + // public variables of the token + string public name; + string public symbol; + uint8 public decimals = 4; + uint256 public totalSupply; + + // This notifies client about the approval done by owner to spender for a given value + event Approval(address indexed owner, address indexed spender, uint256 value); + + // This notifies client about the approval done + event Transfer(address indexed from, address indexed to, uint256 value); + + + function ERC20(uint256 _initialSupply,string _tokenName, string _tokenSymbol) public { + totalSupply = _initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; + name = _tokenName; + symbol = _tokenSymbol; + } + + /* This function is used to transfer tokens to a particular address + * @param _to receiver address where transfer is to be done + * @param _value value to be transferred + */ + function transfer(address _to, uint256 _value) public returns (bool) { + require(!isblacklistedAccount[msg.sender]); // Check if sender is not blacklisted + require(!isblacklistedAccount[_to]); // Check if receiver is not blacklisted + require(balanceOf[msg.sender] > 0); + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + require(_to != address(0)); // Prevent transfer to 0x0 address. Use burn() instead + require(_value > 0); + require(balanceOf[_to] .add(_value) >= balanceOf[_to]); // Check for overflows + require(_to != msg.sender); // Check if sender and receiver is not same + balanceOf[msg.sender] = balanceOf[msg.sender].sub(_value); // Subtract value from sender + balanceOf[_to] = balanceOf[_to].add(_value); // Add the value to the receiver + Transfer(msg.sender, _to, _value); // Notify all clients about the transfer events + return true; + } + + /* Send _value amount of tokens from address _from to address _to + * The transferFrom method is used for a withdraw workflow, allowing contracts to send + * tokens on your behalf + * @param _from address from which amount is to be transferred + * @param _to address to which amount is transferred + * @param _amount to which amount is transferred + */ + function transferFrom( + address _from, + address _to, + uint256 _amount + ) public returns (bool success) + { + if (balanceOf[_from] >= _amount + && allowed[_from][msg.sender] >= _amount + && _amount > 0 + && balanceOf[_to].add(_amount) > balanceOf[_to]) + { + balanceOf[_from] = balanceOf[_from].sub(_amount); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount); + balanceOf[_to] = balanceOf[_to].add(_amount); + return true; + } else { + return false; + } + } + + /* This function allows _spender to withdraw from your account, multiple times, up to the _value amount. + * If this function is called again it overwrites the current allowance with _value. + * @param _spender address of the spender + * @param _amount amount allowed to be withdrawal + */ + function approve(address _spender, uint256 _amount) public returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + /* This function returns the amount of tokens approved by the owner that can be + * transferred to the spender's account + * @param _owner address of the owner + * @param _spender address of the spender + */ + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} + + +/** + * @title SafeMath + * @dev Math operations with safety checks that throw on error + */ +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + + function div(uint256 a, uint256 b) internal pure returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + + +//This is the Main Morph Token Contract derived from the other two contracts Owned and ERC20 +contract MorphToken is Owned, ERC20 { + + using SafeMath for uint256; + + uint256 tokenSupply = 100000000; + + // This notifies clients about the amount burnt , only admin is able to burn the contract + event Burn(address from, uint256 value); + + /* This is the main Token Constructor + * @param _centralAdmin Address of the admin of the contract + */ + function MorphToken() + + ERC20 (tokenSupply,"MORPH","MORPH") public + { + owner = msg.sender; + } + + + /* This function is used to Blacklist a user or unblacklist already blacklisted users, blacklisted users are not able to transfer funds + * only admin can invoke this function + * @param _target address of the target + * @param _isBlacklisted boolean value + */ + function blacklistAccount(address _target, bool _isBlacklisted) public onlyOwner { + isblacklistedAccount[_target] = _isBlacklisted; + } + + + /* This function is used to mint additional tokens + * only admin can invoke this function + * @param _mintedAmount amount of tokens to be minted + */ + function mintTokens(uint256 _mintedAmount) public onlyOwner { + balanceOf[owner] = balanceOf[owner].add(_mintedAmount); + totalSupply = totalSupply.add(_mintedAmount); + Transfer(0, owner, _mintedAmount); + } + + /** + * This function Burns a specific amount of tokens. + * @param _value The amount of token to be burned. + */ + function burn(uint256 _value) public onlyOwner { + require(_value <= balanceOf[msg.sender]); + // no need to require value <= totalSupply, since that would imply the + // sender's balance is greater than the totalSupply, which *should* be an assertion failure + address burner = msg.sender; + balanceOf[burner] = balanceOf[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + Burn(burner, _value); + } +} \ No newline at end of file diff --git a/data_full/CVE/2020-17752.sol b/data_full/CVE/2020-17752.sol new file mode 100644 index 0000000000000000000000000000000000000000..d3ab8aaf2e7b39f1daae0089dd14aa5515e54886 --- /dev/null +++ b/data_full/CVE/2020-17752.sol @@ -0,0 +1,421 @@ +/** + *Submitted for verification at Etherscan.io on 2018-02-17 +*/ + +library SafeMath { + function mul(uint256 a, uint256 b) constant public returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + + function div(uint256 a, uint256 b) constant public returns (uint256) { + // assert(b > 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) constant public returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) constant public returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + +contract Ownable { + address public owner; + + + /** + * @dev The Ownable constructor sets the original `owner` of the contract to the sender + * account. + */ + function Ownable() public { + owner = msg.sender; + } + + + /** + * @dev Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + if(msg.sender == owner){ + _; + } + else{ + revert(); + } + } + +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) constant public returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} + +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) constant public returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + +/** + * @title Basic token + * @dev Basic version of StandardToken, with no allowances. + */ +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + using SafeMath for uint128; + + mapping(address => uint256) balances; + + /** + * @dev transfer token for a specified address + * @param _to The address to transfer to. + * @param _value The amount to be transferred. + */ + function transfer(address _to, uint256 _value) public returns (bool) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + + /** + * @dev Gets the balance of the specified address. + * @param _owner The address to query the the balance of. + * @return An uint256 representing the amount owned by the passed address. + */ + function balanceOf(address _owner) constant public returns (uint256 balance) { + return balances[_owner]; + } + +} + + +contract StandardToken is ERC20, BasicToken { + + mapping (address => mapping (address => uint256)) allowed; + + + /** + * @dev Transfer tokens from one address to another + * @param _from address The address which you want to send tokens from + * @param _to address The address which you want to transfer to + * @param _value uint256 the amout of tokens to be transfered + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + var _allowance = allowed[_from][msg.sender]; + + // Check is not needed because sub(_allowance, _value) will already throw if this condition is not met + // require (_value <= _allowance); + + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + return true; + } + + /** + * @dev Aprove the passed address to spend the specified amount of tokens on behalf of msg.sender. + * @param _spender The address which will spend the funds. + * @param _value The amount of tokens to be spent. + */ + function approve(address _spender, uint256 _value) public returns (bool) { + + // To change the approve amount you first have to reduce the addresses` + // allowance to zero by calling `approve(_spender, 0)` if it is not + // already 0 to mitigate the race condition described here: + // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 + require((_value == 0) || (allowed[msg.sender][_spender] == 0)); + + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /** + * @dev Function to check the amount of tokens that an owner allowed to a spender. + * @param _owner address The address which owns the funds. + * @param _spender address The address which will spend the funds. + * @return A uint256 specifing the amount of tokens still avaible for the spender. + */ + function allowance(address _owner, address _spender) constant public returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + +} + + +contract MintableToken is StandardToken, Ownable { + event Mint(address indexed to, uint256 amount); + event MintFinished(); + + bool public mintingFinished = false; + + + modifier canMint() { + if(!mintingFinished){ + _; + } + else{ + revert(); + } + } + + /** + * @dev Function to mint tokens + * @param _to The address that will recieve the minted tokens. + * @param _amount The amount of tokens to mint. + * @return A boolean that indicates if the operation was successful. + */ + function mint(address _to, uint256 _amount) canMint internal returns (bool) { + totalSupply = totalSupply.add(_amount); + balances[_to] = balances[_to].add(_amount); + Mint(_to, _amount); + Transfer(address(0),_to,_amount); + return true; + } + + /** + * @dev Function to stop minting new tokens. + * @return True if the operation was successful. + */ + function finishMinting() onlyOwner public returns (bool) { + mintingFinished = true; + MintFinished(); + return true; + } +} + + +contract MON is MintableToken{ + + event BuyStatus(uint256 status); + struct Buy{ + uint128 amountOfEth; + uint128 stage; + } + + struct StageData{ + uint128 stageTime; + uint64 stageSum; + uint64 stagePrice; + } + + string public constant name = "MillionCoin"; + string public constant symbol = "MON"; + uint256 public constant DECIMALS = 8; + uint256 public constant decimals = 8; + address public beneficiary ; + uint256 private alreadyRunned = 0; + uint256 internal _now =0; + uint256 public stageIndex = 0; + StageData[] public stageDataStore; + uint256 public period = 3600*24; //1 day + uint256 public start = 0; + uint256 public sumMultiplayer = 100000; + mapping(address => Buy) public stageBuys; + + modifier runOnce(uint256 bit){ + if((alreadyRunned & bit)==0){ + alreadyRunned = alreadyRunned | bit; + _; + } + else{ + revert(); + } + } + + + function MON(address _benef,uint256 _start,uint256 _sumMul,uint256 _period) public{ + beneficiary = _benef; + if(_start==0){ + start = GetNow(); + } + else{ + start = _start; + } + if(_period!=0){ + period = _period; + } + if(_sumMul!=0){ + sumMultiplayer = _sumMul; + } + stageDataStore.push(StageData(uint128(start+period*151),uint64(50*sumMultiplayer),uint64(5000))); + stageDataStore.push(StageData(uint128(start+period*243),uint64(60*sumMultiplayer),uint64(3000))); + stageDataStore.push(StageData(uint128(start+period*334),uint64(50*sumMultiplayer),uint64(1666))); + stageDataStore.push(StageData(uint128(start+period*455),uint64(60*sumMultiplayer),uint64(1500))); + stageDataStore.push(StageData(uint128(start+period*548),uint64(65*sumMultiplayer),uint64(1444))); + stageDataStore.push(StageData(uint128(start+period*641),uint64(55*sumMultiplayer),uint64(1000))); + + } + + + function GetMaxStageEthAmount() public constant returns(uint256){ + StageData memory currS = stageDataStore[stageIndex]; + uint256 retVal = currS.stageSum; + retVal = retVal*(10**18); + retVal = retVal/currS.stagePrice; + retVal = retVal.sub(this.balance); + return retVal; + } + + + function () public payable { + uint256 status = 0; + status = 0; + bool transferToBenef = false; + uint256 amountOfEthBeforeBuy = 0; + uint256 stageMaxEthAmount = 0; + uint128 _n = uint128(GetNow()); + StageData memory currS = stageDataStore[stageIndex] ; + if(_n0){ + burn(msg.sender,b.amountOfEth.mul(currS.stagePrice)); + } + } + b.amountOfEth=0; + mintingFinished = true; + msg.sender.transfer(amountToReturn); + } + else{ + status = 2; + + if(b.stage!=stageIndex){ + b.stage = uint128(stageIndex); + b.amountOfEth = 0; + status = status*10+3; + } + + if(currS.stageTime>_n && this.balance < stageMaxEthAmount){ + //nothing special normal buy + b.amountOfEth = uint128(b.amountOfEth.add(uint128(msg.value))); + amountToMint = msg.value*currS.stagePrice; + status = status*10+4; + mintCoins(msg.sender,amountToMint); + }else{ + if( this.balance >=stageMaxEthAmount){ + //we exceed stage limit + status = status*10+5; + transferToBenef = true; + amountToMint = (stageMaxEthAmount - amountOfEthBeforeBuy)*(currS.stagePrice); + mintCoins(msg.sender,amountToMint); + stageIndex = stageIndex+1; + beneficiary.transfer(stageMaxEthAmount); + stageMaxEthAmount = GetMaxStageEthAmount(); + if(stageIndex<5 && stageMaxEthAmount>this.balance){ + // status = status*10+7; + //buys for rest of eth tokens in new prices + currS = stageDataStore[stageIndex] ; + amountToMint = this.balance*(currS.stagePrice); + b.stage = uint128(stageIndex); + b.amountOfEth =uint128(this.balance); + mintCoins(msg.sender,amountToMint); + } + else{ + status = status*10+8; + //returns rest of money if during buy hardcap is reached + amountToReturn = this.balance; + msg.sender.transfer(amountToReturn); + } + }else{ + status = status*10+6; + // revert() ;// not implemented, should not happend + } + } + + } + stageBuys[msg.sender] = b; + BuyStatus(status); + } + + + function GetBalance() public constant returns(uint256){ + return this.balance; + } + + uint256 public constant maxTokenSupply = (10**(18-DECIMALS))*(10**6)*34 ; + + function burn(address _from, uint256 _amount) private returns (bool){ + _amount = _amount.div(10**10); + balances[_from] = balances[_from].sub(_amount); + totalSupply = totalSupply.sub(_amount); + Transfer(_from,address(0),_amount); + } + + function GetStats()public constant returns (uint256,uint256,uint256,uint256){ + uint256 timeToEnd = 0; + uint256 round =0; + StageData memory _s = stageDataStore[stageIndex]; + if(GetNow()>=start){ + round = stageIndex+1; + if(_s.stageTime>GetNow()) + { + timeToEnd = _s.stageTime-GetNow(); + } + else{ + return(0,0,0,0); + } + } + else{ + timeToEnd = start-GetNow(); + } + return(timeToEnd, + round, + _s.stageSum*1000/_s.stagePrice, + GetMaxStageEthAmount().div(10**15)); + } + + function mintCoins(address _to, uint256 _amount) canMint internal returns (bool) { + + _amount = _amount.div(10**10); + if(totalSupply.add(_amount) 0); // Solidity automatically throws when dividing by 0 + uint256 c = a / b; + // assert(a == b * c + a % b); // There is no case in which this doesn't hold + return c; + } + + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + + +/** + * @title Ownable + * @dev The Ownable contract has an owner address, and provides basic authorization control + * functions, this simplifies the implementation of "user permissions". + */ +contract Ownable { + address public owner; + + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + + /** + * @dev The Ownable constructor sets the original `owner` of the contract to the sender + * account. + */ + function Ownable() internal { + owner = msg.sender; + } + + /** + * @dev Throws if called by any account other than the owner. + */ + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + + /** + * @dev Allows the current owner to transfer control of the contract to a newOwner. + * @param newOwner The address to transfer ownership to. + */ + function transferOwnership(address newOwner) onlyOwner public { + require(newOwner != address(0)); + emit OwnershipTransferred(owner, newOwner); + owner = newOwner; + } +} + +contract tokenInterface { + function balanceOf(address _owner) public constant returns (uint256 balance); + function transfer(address _to, uint256 _value) public returns (bool); +} + +contract rateInterface { + function readRate(string _currency) public view returns (uint256 oneEtherValue); +} + +contract ICOEngineInterface { + + // false if the ico is not started, true if the ico is started and running, true if the ico is completed + function started() public view returns(bool); + + // false if the ico is not started, false if the ico is started and running, true if the ico is completed + function ended() public view returns(bool); + + // time stamp of the starting time of the ico, must return 0 if it depends on the block number + function startTime() public view returns(uint); + + // time stamp of the ending time of the ico, must retrun 0 if it depends on the block number + function endTime() public view returns(uint); + + // Optional function, can be implemented in place of startTime + // Returns the starting block number of the ico, must return 0 if it depends on the time stamp + // function startBlock() public view returns(uint); + + // Optional function, can be implemented in place of endTime + // Returns theending block number of the ico, must retrun 0 if it depends on the time stamp + // function endBlock() public view returns(uint); + + // returns the total number of the tokens available for the sale, must not change when the ico is started + function totalTokens() public view returns(uint); + + // returns the number of the tokens available for the ico. At the moment that the ico starts it must be equal to totalTokens(), + // then it will decrease. It is used to calculate the percentage of sold tokens as remainingTokens() / totalTokens() + function remainingTokens() public view returns(uint); + + // return the price as number of tokens released for each ether + function price() public view returns(uint); +} + +contract KYCBase { + using SafeMath for uint256; + + mapping (address => bool) public isKycSigner; + mapping (uint64 => uint256) public alreadyPayed; + + event KycVerified(address indexed signer, address buyerAddress, uint64 buyerId, uint maxAmount); + + function KYCBase(address [] kycSigners) internal { + for (uint i = 0; i < kycSigners.length; i++) { + isKycSigner[kycSigners[i]] = true; + } + } + + // Must be implemented in descending contract to assign tokens to the buyers. Called after the KYC verification is passed + function releaseTokensTo(address buyer) internal returns(bool); + + // This method can be overridden to enable some sender to buy token for a different address + function senderAllowedFor(address buyer) + internal view returns(bool) + { + return buyer == msg.sender; + } + + function buyTokensFor(address buyerAddress, uint64 buyerId, uint maxAmount, uint8 v, bytes32 r, bytes32 s) + public payable returns (bool) + { + require(senderAllowedFor(buyerAddress)); + return buyImplementation(buyerAddress, buyerId, maxAmount, v, r, s); + } + + function buyTokens(uint64 buyerId, uint maxAmount, uint8 v, bytes32 r, bytes32 s) + public payable returns (bool) + { + return buyImplementation(msg.sender, buyerId, maxAmount, v, r, s); + } + + function buyImplementation(address buyerAddress, uint64 buyerId, uint maxAmount, uint8 v, bytes32 r, bytes32 s) + private returns (bool) + { + // check the signature + bytes32 hash = sha256("Eidoo icoengine authorization", address(0), buyerAddress, buyerId, maxAmount); //replaced this with address(0); + address signer = ecrecover(hash, v, r, s); + if (!isKycSigner[signer]) { + revert(); + } else { + uint256 totalPayed = alreadyPayed[buyerId].add(msg.value); + require(totalPayed <= maxAmount); + alreadyPayed[buyerId] = totalPayed; + emit KycVerified(signer, buyerAddress, buyerId, maxAmount); + return releaseTokensTo(buyerAddress); + } + } +} + +contract RC is ICOEngineInterface, KYCBase { + using SafeMath for uint256; + TokenSale tokenSaleContract; + uint256 public startTime; + uint256 public endTime; + + uint256 public etherMinimum; + uint256 public soldTokens; + uint256 public remainingTokens; + + uint256 public oneTokenInUsdWei; + + + mapping(address => uint256) public etherUser; // address => ether amount + mapping(address => uint256) public pendingTokenUser; // address => token amount that will be claimed + mapping(address => uint256) public tokenUser; // address => token amount owned + uint256[] public tokenThreshold; // array of token threshold reached in wei of token + uint256[] public bonusThreshold; // array of bonus of each tokenThreshold reached - 20% = 20 + + function RC(address _tokenSaleContract, uint256 _oneTokenInUsdWei, uint256 _remainingTokens, uint256 _etherMinimum, uint256 _startTime , uint256 _endTime, address [] kycSigner, uint256[] _tokenThreshold, uint256[] _bonusThreshold ) public KYCBase(kycSigner) { + require ( _tokenSaleContract != 0 ); + require ( _oneTokenInUsdWei != 0 ); + require( _remainingTokens != 0 ); + require ( _tokenThreshold.length != 0 ); + require ( _tokenThreshold.length == _bonusThreshold.length ); + bonusThreshold = _bonusThreshold; + tokenThreshold = _tokenThreshold; + + + tokenSaleContract = TokenSale(_tokenSaleContract); + + tokenSaleContract.addMeByRC(); + + soldTokens = 0; + remainingTokens = _remainingTokens; + oneTokenInUsdWei = _oneTokenInUsdWei; + etherMinimum = _etherMinimum; + + setTimeRC( _startTime, _endTime ); + } + + function setTimeRC(uint256 _startTime, uint256 _endTime ) internal { + if( _startTime == 0 ) { + startTime = tokenSaleContract.startTime(); + } else { + startTime = _startTime; + } + if( _endTime == 0 ) { + endTime = tokenSaleContract.endTime(); + } else { + endTime = _endTime; + } + } + + modifier onlyTokenSaleOwner() { + require(msg.sender == tokenSaleContract.owner() ); + _; + } + + function setTime(uint256 _newStart, uint256 _newEnd) public onlyTokenSaleOwner { + if ( _newStart != 0 ) startTime = _newStart; + if ( _newEnd != 0 ) endTime = _newEnd; + } + + function changeMinimum(uint256 _newEtherMinimum) public onlyTokenSaleOwner { + etherMinimum = _newEtherMinimum; + } + + function releaseTokensTo(address buyer) internal returns(bool) { + if( msg.value > 0 ) takeEther(buyer); + giveToken(buyer); + return true; + } + + function started() public view returns(bool) { + return now > startTime || remainingTokens == 0; + } + + function ended() public view returns(bool) { + return now > endTime || remainingTokens == 0; + } + + function startTime() public view returns(uint) { + return startTime; + } + + function endTime() public view returns(uint) { + return endTime; + } + + function totalTokens() public view returns(uint) { + return remainingTokens.add(soldTokens); + } + + function remainingTokens() public view returns(uint) { + return remainingTokens; + } + + function price() public view returns(uint) { + uint256 oneEther = 10**18; + return oneEther.mul(10**18).div( tokenSaleContract.tokenValueInEther(oneTokenInUsdWei) ); + } + + function () public payable{ + require( now > startTime ); + if(now < endTime) { + takeEther(msg.sender); + } else { + claimTokenBonus(msg.sender); + } + + } + + event Buy(address buyer, uint256 value, uint256 soldToken, uint256 valueTokenInUsdWei ); + + function takeEther(address _buyer) internal { + require( now > startTime ); + require( now < endTime ); + require( msg.value >= etherMinimum); + require( remainingTokens > 0 ); + + uint256 oneToken = 10 ** uint256(tokenSaleContract.decimals()); + uint256 tokenValue = tokenSaleContract.tokenValueInEther(oneTokenInUsdWei); + uint256 tokenAmount = msg.value.mul(oneToken).div(tokenValue); + + uint256 unboughtTokens = tokenInterface(tokenSaleContract.tokenContract()).balanceOf(tokenSaleContract); + if ( unboughtTokens > remainingTokens ) { + unboughtTokens = remainingTokens; + } + + uint256 refund = 0; + if ( unboughtTokens < tokenAmount ) { + refund = (tokenAmount - unboughtTokens).mul(tokenValue).div(oneToken); + tokenAmount = unboughtTokens; + remainingTokens = 0; // set remaining token to 0 + _buyer.transfer(refund); + } else { + remainingTokens = remainingTokens.sub(tokenAmount); // update remaining token without bonus + } + + etherUser[_buyer] = etherUser[_buyer].add(msg.value.sub(refund)); + pendingTokenUser[_buyer] = pendingTokenUser[_buyer].add(tokenAmount); + + emit Buy( _buyer, msg.value, tokenAmount, oneTokenInUsdWei ); + } + + function giveToken(address _buyer) internal { + require( pendingTokenUser[_buyer] > 0 ); + + tokenUser[_buyer] = tokenUser[_buyer].add(pendingTokenUser[_buyer]); + + tokenSaleContract.claim(_buyer, pendingTokenUser[_buyer]); + soldTokens = soldTokens.add(pendingTokenUser[_buyer]); + pendingTokenUser[_buyer] = 0; + + tokenSaleContract.wallet().transfer(etherUser[_buyer]); + etherUser[_buyer] = 0; + } + + function claimTokenBonus(address _buyer) internal { + require( now > endTime ); + require( tokenUser[_buyer] > 0 ); + uint256 bonusApplied = 0; + for (uint i = 0; i < tokenThreshold.length; i++) { + if ( soldTokens > tokenThreshold[i] ) { + bonusApplied = bonusThreshold[i]; + } + } + require( bonusApplied > 0 ); + + uint256 addTokenAmount = tokenUser[_buyer].mul( bonusApplied ).div(10**2); + tokenUser[_buyer] = 0; + + tokenSaleContract.claim(_buyer, addTokenAmount); + _buyer.transfer(msg.value); + } + + function refundEther(address to) public onlyTokenSaleOwner { + to.transfer(etherUser[to]); + etherUser[to] = 0; + pendingTokenUser[to] = 0; + } + + function withdraw(address to, uint256 value) public onlyTokenSaleOwner { + to.transfer(value); + } + + function userBalance(address _user) public view returns( uint256 _pendingTokenUser, uint256 _tokenUser, uint256 _etherUser ) { + return (pendingTokenUser[_user], tokenUser[_user], etherUser[_user]); + } +} + +contract TokenSale is Ownable { + using SafeMath for uint256; + tokenInterface public tokenContract; + rateInterface public rateContract; + + address public wallet; + address public advisor; + uint256 public advisorFee; // 1 = 0,1% + + uint256 public constant decimals = 18; + + uint256 public endTime; // seconds from 1970-01-01T00:00:00Z + uint256 public startTime; // seconds from 1970-01-01T00:00:00Z + + mapping(address => bool) public rc; + + + function TokenSale(address _tokenAddress, address _rateAddress, uint256 _startTime, uint256 _endTime) public { + tokenContract = tokenInterface(_tokenAddress); + rateContract = rateInterface(_rateAddress); + setTime(_startTime, _endTime); + wallet = msg.sender; + advisor = msg.sender; + advisorFee = 0 * 10**3; + } + + function tokenValueInEther(uint256 _oneTokenInUsdWei) public view returns(uint256 tknValue) { + uint256 oneEtherInUsd = rateContract.readRate("usd"); + tknValue = _oneTokenInUsdWei.mul(10 ** uint256(decimals)).div(oneEtherInUsd); + return tknValue; + } + + modifier isBuyable() { + require( now > startTime ); // check if started + require( now < endTime ); // check if ended + require( msg.value > 0 ); + + uint256 remainingTokens = tokenContract.balanceOf(this); + require( remainingTokens > 0 ); // Check if there are any remaining tokens + _; + } + + event Buy(address buyer, uint256 value, address indexed ambassador); + + modifier onlyRC() { + require( rc[msg.sender] ); //check if is an authorized rcContract + _; + } + + function buyFromRC(address _buyer, uint256 _rcTokenValue, uint256 _remainingTokens) onlyRC isBuyable public payable returns(uint256) { + uint256 oneToken = 10 ** uint256(decimals); + uint256 tokenValue = tokenValueInEther(_rcTokenValue); + uint256 tokenAmount = msg.value.mul(oneToken).div(tokenValue); + address _ambassador = msg.sender; + + + uint256 remainingTokens = tokenContract.balanceOf(this); + if ( _remainingTokens < remainingTokens ) { + remainingTokens = _remainingTokens; + } + + if ( remainingTokens < tokenAmount ) { + uint256 refund = (tokenAmount - remainingTokens).mul(tokenValue).div(oneToken); + tokenAmount = remainingTokens; + forward(msg.value-refund); + remainingTokens = 0; // set remaining token to 0 + _buyer.transfer(refund); + } else { + remainingTokens = remainingTokens.sub(tokenAmount); // update remaining token without bonus + forward(msg.value); + } + + tokenContract.transfer(_buyer, tokenAmount); + emit Buy(_buyer, tokenAmount, _ambassador); + + return tokenAmount; + } + + function forward(uint256 _amount) internal { + uint256 advisorAmount = _amount.mul(advisorFee).div(10**3); + uint256 walletAmount = _amount - advisorAmount; + advisor.transfer(advisorAmount); + wallet.transfer(walletAmount); + } + + event NewRC(address contr); + + function addMeByRC() public { + require(tx.origin == owner); + + rc[ msg.sender ] = true; + + emit NewRC(msg.sender); + } + + function setTime(uint256 _newStart, uint256 _newEnd) public onlyOwner { + if ( _newStart != 0 ) startTime = _newStart; + if ( _newEnd != 0 ) endTime = _newEnd; + } + + function withdraw(address to, uint256 value) public onlyOwner { + to.transfer(value); + } + + function withdrawTokens(address to, uint256 value) public onlyOwner returns (bool) { + return tokenContract.transfer(to, value); + } + + function setTokenContract(address _tokenContract) public onlyOwner { + tokenContract = tokenInterface(_tokenContract); + } + + function setWalletAddress(address _wallet) public onlyOwner { + wallet = _wallet; + } + + function setAdvisorAddress(address _advisor) public onlyOwner { + advisor = _advisor; + } + + function setAdvisorFee(uint256 _advisorFee) public onlyOwner { + advisorFee = _advisorFee; + } + + function setRateContract(address _rateAddress) public onlyOwner { + rateContract = rateInterface(_rateAddress); + } + + function claim(address _buyer, uint256 _amount) onlyRC public returns(bool) { + return tokenContract.transfer(_buyer, _amount); + } + + function () public payable { + revert(); + } +} \ No newline at end of file diff --git a/data_full/CVE/2020-35962.sol b/data_full/CVE/2020-35962.sol new file mode 100644 index 0000000000000000000000000000000000000000..8859f8659e814cfc9adb5719cb95ef8621012c17 --- /dev/null +++ b/data_full/CVE/2020-35962.sol @@ -0,0 +1,929 @@ +/** + *Submitted for verification at Etherscan.io on 2020-03-10 +*/ + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ +pragma solidity ^0.5.11; + + +/// @title ERC20 Token Interface +/// @dev see https://github.com/ethereum/EIPs/issues/20 +/// @author Daniel Wang - +contract ERC20 +{ + function totalSupply() + public + view + returns (uint); + + function balanceOf( + address who + ) + public + view + returns (uint); + + function allowance( + address owner, + address spender + ) + public + view + returns (uint); + + function transfer( + address to, + uint value + ) + public + returns (bool); + + function transferFrom( + address from, + address to, + uint value + ) + public + returns (bool); + + function approve( + address spender, + uint value + ) + public + returns (bool); +} +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title Utility Functions for addresses +/// @author Daniel Wang - +/// @author Brecht Devos - +library AddressUtil +{ + using AddressUtil for *; + + function isContract( + address addr + ) + internal + view + returns (bool) + { + uint32 size; + assembly { size := extcodesize(addr) } + return (size > 0); + } + + function toPayable( + address addr + ) + internal + pure + returns (address payable) + { + return address(uint160(addr)); + } + + // Works like address.send but with a customizable gas limit + // Make sure your code is safe for reentrancy when using this function! + function sendETH( + address to, + uint amount, + uint gasLimit + ) + internal + returns (bool success) + { + if (amount == 0) { + return true; + } + address payable recipient = to.toPayable(); + /* solium-disable-next-line */ + (success, ) = recipient.call.value(amount).gas(gasLimit)(""); + } + + // Works like address.transfer but with a customizable gas limit + // Make sure your code is safe for reentrancy when using this function! + function sendETHAndVerify( + address to, + uint amount, + uint gasLimit + ) + internal + returns (bool success) + { + success = to.sendETH(amount, gasLimit); + require(success, "TRANSFER_FAILURE"); + } +} + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + + + +/// @title Burnable ERC20 Token Interface +/// @author Brecht Devos - +contract BurnableERC20 is ERC20 +{ + function burn( + uint value + ) + public + returns (bool); + + function burnFrom( + address from, + uint value + ) + public + returns (bool); +} + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title Ownable +/// @author Brecht Devos - +/// @dev The Ownable contract has an owner address, and provides basic +/// authorization control functions, this simplifies the implementation of +/// "user permissions". +contract Ownable +{ + address public owner; + + event OwnershipTransferred( + address indexed previousOwner, + address indexed newOwner + ); + + /// @dev The Ownable constructor sets the original `owner` of the contract + /// to the sender. + constructor() + public + { + owner = msg.sender; + } + + /// @dev Throws if called by any account other than the owner. + modifier onlyOwner() + { + require(msg.sender == owner, "UNAUTHORIZED"); + _; + } + + /// @dev Allows the current owner to transfer control of the contract to a + /// new owner. + /// @param newOwner The address to transfer ownership to. + function transferOwnership( + address newOwner + ) + public + onlyOwner + { + require(newOwner != address(0), "ZERO_ADDRESS"); + emit OwnershipTransferred(owner, newOwner); + owner = newOwner; + } + + function renounceOwnership() + public + onlyOwner + { + emit OwnershipTransferred(owner, address(0)); + owner = address(0); + } +} + + + +/// @title Claimable +/// @author Brecht Devos - +/// @dev Extension for the Ownable contract, where the ownership needs +/// to be claimed. This allows the new owner to accept the transfer. +contract Claimable is Ownable +{ + address public pendingOwner; + + /// @dev Modifier throws if called by any account other than the pendingOwner. + modifier onlyPendingOwner() { + require(msg.sender == pendingOwner, "UNAUTHORIZED"); + _; + } + + /// @dev Allows the current owner to set the pendingOwner address. + /// @param newOwner The address to transfer ownership to. + function transferOwnership( + address newOwner + ) + public + onlyOwner + { + require(newOwner != address(0) && newOwner != owner, "INVALID_ADDRESS"); + pendingOwner = newOwner; + } + + /// @dev Allows the pendingOwner address to finalize the transfer. + function claimOwnership() + public + onlyPendingOwner + { + emit OwnershipTransferred(owner, pendingOwner); + owner = pendingOwner; + pendingOwner = address(0); + } +} + + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title ERC20 safe transfer +/// @dev see https://github.com/sec-bit/badERC20Fix +/// @author Brecht Devos - +library ERC20SafeTransfer +{ + function safeTransferAndVerify( + address token, + address to, + uint value + ) + internal + { + safeTransferWithGasLimitAndVerify( + token, + to, + value, + gasleft() + ); + } + + function safeTransfer( + address token, + address to, + uint value + ) + internal + returns (bool) + { + return safeTransferWithGasLimit( + token, + to, + value, + gasleft() + ); + } + + function safeTransferWithGasLimitAndVerify( + address token, + address to, + uint value, + uint gasLimit + ) + internal + { + require( + safeTransferWithGasLimit(token, to, value, gasLimit), + "TRANSFER_FAILURE" + ); + } + + function safeTransferWithGasLimit( + address token, + address to, + uint value, + uint gasLimit + ) + internal + returns (bool) + { + // A transfer is successful when 'call' is successful and depending on the token: + // - No value is returned: we assume a revert when the transfer failed (i.e. 'call' returns false) + // - A single boolean is returned: this boolean needs to be true (non-zero) + + // bytes4(keccak256("transfer(address,uint)")) = 0xa9059cbb + bytes memory callData = abi.encodeWithSelector( + bytes4(0xa9059cbb), + to, + value + ); + (bool success, ) = token.call.gas(gasLimit)(callData); + return checkReturnValue(success); + } + + function safeTransferFromAndVerify( + address token, + address from, + address to, + uint value + ) + internal + { + safeTransferFromWithGasLimitAndVerify( + token, + from, + to, + value, + gasleft() + ); + } + + function safeTransferFrom( + address token, + address from, + address to, + uint value + ) + internal + returns (bool) + { + return safeTransferFromWithGasLimit( + token, + from, + to, + value, + gasleft() + ); + } + + function safeTransferFromWithGasLimitAndVerify( + address token, + address from, + address to, + uint value, + uint gasLimit + ) + internal + { + bool result = safeTransferFromWithGasLimit( + token, + from, + to, + value, + gasLimit + ); + require(result, "TRANSFER_FAILURE"); + } + + function safeTransferFromWithGasLimit( + address token, + address from, + address to, + uint value, + uint gasLimit + ) + internal + returns (bool) + { + // A transferFrom is successful when 'call' is successful and depending on the token: + // - No value is returned: we assume a revert when the transfer failed (i.e. 'call' returns false) + // - A single boolean is returned: this boolean needs to be true (non-zero) + + // bytes4(keccak256("transferFrom(address,address,uint)")) = 0x23b872dd + bytes memory callData = abi.encodeWithSelector( + bytes4(0x23b872dd), + from, + to, + value + ); + (bool success, ) = token.call.gas(gasLimit)(callData); + return checkReturnValue(success); + } + + function checkReturnValue( + bool success + ) + internal + pure + returns (bool) + { + // A transfer/transferFrom is successful when 'call' is successful and depending on the token: + // - No value is returned: we assume a revert when the transfer failed (i.e. 'call' returns false) + // - A single boolean is returned: this boolean needs to be true (non-zero) + if (success) { + assembly { + switch returndatasize() + // Non-standard ERC20: nothing is returned so if 'call' was successful we assume the transfer succeeded + case 0 { + success := 1 + } + // Standard ERC20: a single boolean value is returned which needs to be true + case 32 { + returndatacopy(0, 0, 32) + success := mload(0) + } + // None of the above: not successful + default { + success := 0 + } + } + } + return success; + } +} +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title Utility Functions for uint +/// @author Daniel Wang - +library MathUint +{ + function mul( + uint a, + uint b + ) + internal + pure + returns (uint c) + { + c = a * b; + require(a == 0 || c / a == b, "MUL_OVERFLOW"); + } + + function sub( + uint a, + uint b + ) + internal + pure + returns (uint) + { + require(b <= a, "SUB_UNDERFLOW"); + return a - b; + } + + function add( + uint a, + uint b + ) + internal + pure + returns (uint c) + { + c = a + b; + require(c >= a, "ADD_OVERFLOW"); + } + + function decodeFloat( + uint f + ) + internal + pure + returns (uint value) + { + uint numBitsMantissa = 23; + uint exponent = f >> numBitsMantissa; + uint mantissa = f & ((1 << numBitsMantissa) - 1); + value = mantissa * (10 ** exponent); + } +} + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title ReentrancyGuard +/// @author Brecht Devos - +/// @dev Exposes a modifier that guards a function against reentrancy +/// Changing the value of the same storage value multiple times in a transaction +/// is cheap (starting from Istanbul) so there is no need to minimize +/// the number of times the value is changed +contract ReentrancyGuard +{ + //The default value must be 0 in order to work behind a proxy. + uint private _guardValue; + + // Use this modifier on a function to prevent reentrancy + modifier nonReentrant() + { + // Check if the guard value has its original value + require(_guardValue == 0, "REENTRANCY"); + + // Set the value to something else + _guardValue = 1; + + // Function body + _; + + // Set the value back + _guardValue = 0; + } +} + + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title IProtocolFeeVault +/// @dev This smart contract manages the distribution of protocol fees. +/// Tokens other than LRC will be sold by TokenSeller, +/// If no TokenSeller is set, the tokens or Ether will be sent to the owner +/// to sell them for LRC by other means such as using a centralized exchange. +/// For LRC token, 70% of them can be withdrawn to the UserStakingPool contract +/// to reward LRC stakers; 20% of them can be withdrawn to the Loopring DAO, +/// and the remaining 10% can be burned to reduce LRC's total supply. +contract IProtocolFeeVault +{ + uint public constant REWARD_PERCENTAGE = 70; + uint public constant DAO_PERDENTAGE = 20; + + address public userStakingPoolAddress; + address public lrcAddress; + address public tokenSellerAddress; + address public daoAddress; + + uint claimedReward; + uint claimedDAOFund; + uint claimedBurn; + + event LRCClaimed(uint amount); + event DAOFunded(uint amountDAO, uint amountBurn); + event TokenSold(address token, uint amount); + event SettingsUpdated(uint time); + + /// @dev Sets depdending contract address. All these addresses can be zero. + /// @param _userStakingPoolAddress The address of the user staking pool. + /// @param _tokenSellerAddress The address of the token seller. + /// @param _daoAddress The address of the DAO contract. + function updateSettings( + address _userStakingPoolAddress, + address _tokenSellerAddress, + address _daoAddress + ) + external; + + /// @dev Claims LRC as staking reward to the IUserStakingPool contract. + /// Note that this function can only be called by + /// the IUserStakingPool contract. + /// + /// @param amount The amount of LRC to be claimed. + function claimStakingReward(uint amount) external; + + /// @dev Withdraws LRC to DAO and in the meanwhile burn some LRC according to + /// the predefined percentages. + function fundDAO() external; + + /// @dev Sells a non-LRC token or Ether to LRC. If no TokenSeller is set, + /// the tokens or Ether will be sent to the owner. + /// @param token The token or ether (0x0) to sell. + /// @param amount THe amout of token/ether to sell. + function sellTokenForLRC( + address token, + uint amount + ) + external; + + /// @dev Returns some global stats regarding fees. + /// @return accumulatedFees The accumulated amount of LRC protocol fees. + /// @return accumulatedBurn The accumulated amount of LRC to burn. + /// @return accumulatedDAOFund The accumulated amount of LRC as developer pool. + /// @return accumulatedReward The accumulated amount of LRC as staking reward. + /// @return remainingFees The remaining amount of LRC protocol fees. + /// @return remainingBurn The remaining amount of LRC to burn. + /// @return remainingDAOFund The remaining amount of LRC as developer pool. + /// @return remainingReward The remaining amount of LRC as staking reward. + function getProtocolFeeStats() + public + view + returns ( + uint accumulatedFees, + uint accumulatedBurn, + uint accumulatedDAOFund, + uint accumulatedReward, + uint remainingFees, + uint remainingBurn, + uint remainingDAOFund, + uint remainingReward + ); +} + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + +/// @title ITokenSeller +/// @dev Use this contract to sell tokenS for as many tokenB. +/// @author Daniel Wang - +contract ITokenSeller +{ + /// @dev Sells all tokenS for tokenB + /// @param tokenS The token or Ether (0x0) to sell. + /// @param tokenB The token to buy. + /// @return success True if success, false otherwise. + function sellToken( + address tokenS, + address tokenB + ) + external + payable + returns (bool success); +} + +/// @title An Implementation of IProtocolFeeVault. +/// @author Daniel Wang - +contract ProtocolFeeVault is Claimable, ReentrancyGuard, IProtocolFeeVault +{ + using AddressUtil for address; + using AddressUtil for address payable; + using ERC20SafeTransfer for address; + using MathUint for uint; + + constructor(address _lrcAddress) + Claimable() + public + { + require(_lrcAddress != address(0), "ZERO_ADDRESS"); + lrcAddress = _lrcAddress; + } + + function() external payable { } + + function updateSettings( + address _userStakingPoolAddress, + address _tokenSellerAddress, + address _daoAddress + ) + external + nonReentrant + onlyOwner + { + require( + userStakingPoolAddress != _userStakingPoolAddress || + tokenSellerAddress != _tokenSellerAddress || + daoAddress != _daoAddress, + "SAME_ADDRESSES" + ); + userStakingPoolAddress = _userStakingPoolAddress; + tokenSellerAddress = _tokenSellerAddress; + daoAddress = _daoAddress; + + emit SettingsUpdated(now); + } + + function claimStakingReward( + uint amount + ) + external + nonReentrant + { + require(amount > 0, "ZERO_VALUE"); + require(msg.sender == userStakingPoolAddress, "UNAUTHORIZED"); + lrcAddress.safeTransferAndVerify(userStakingPoolAddress, amount); + claimedReward = claimedReward.add(amount); + emit LRCClaimed(amount); + } + + function fundDAO() + external + nonReentrant + { + uint amountDAO; + uint amountBurn; + (, , , , , amountBurn, amountDAO, ) = getProtocolFeeStats(); + + address recipient = daoAddress == address(0) ? owner : daoAddress; + + if (amountDAO > 0) { + lrcAddress.safeTransferAndVerify(recipient, amountDAO); + } + + if (amountBurn > 0) { + require(BurnableERC20(lrcAddress).burn(amountBurn), "BURN_FAILURE"); + } + + claimedBurn = claimedBurn.add(amountBurn); + claimedDAOFund = claimedDAOFund.add(amountDAO); + + emit DAOFunded(amountDAO, amountBurn); + } + + function sellTokenForLRC( + address token, + uint amount + ) + external + nonReentrant + { + require(amount > 0, "ZERO_AMOUNT"); + require(token != lrcAddress, "PROHIBITED"); + + address recipient = tokenSellerAddress == address(0) ? owner : tokenSellerAddress; + + if (token == address(0)) { + recipient.sendETHAndVerify(amount, gasleft()); + } else { + token.safeTransferAndVerify(recipient, amount); + } + + require( + tokenSellerAddress == address(0) || + ITokenSeller(tokenSellerAddress).sellToken(token, lrcAddress), + "SELL_FAILURE" + ); + + emit TokenSold(token, amount); + } + + function getProtocolFeeStats() + public + view + returns ( + uint accumulatedFees, + uint accumulatedBurn, + uint accumulatedDAOFund, + uint accumulatedReward, + uint remainingFees, + uint remainingBurn, + uint remainingDAOFund, + uint remainingReward + ) + { + remainingFees = ERC20(lrcAddress).balanceOf(address(this)); + accumulatedFees = remainingFees.add(claimedReward).add(claimedDAOFund).add(claimedBurn); + + accumulatedReward = accumulatedFees.mul(REWARD_PERCENTAGE) / 100; + accumulatedDAOFund = accumulatedFees.mul(DAO_PERDENTAGE) / 100; + accumulatedBurn = accumulatedFees.sub(accumulatedReward).sub(accumulatedDAOFund); + + remainingReward = accumulatedReward.sub(claimedReward); + remainingDAOFund = accumulatedDAOFund.sub(claimedDAOFund); + remainingBurn = accumulatedBurn.sub(claimedBurn); + } +} \ No newline at end of file diff --git a/data_full/CVE/2021-3004.sol b/data_full/CVE/2021-3004.sol new file mode 100644 index 0000000000000000000000000000000000000000..0abcaa7cd6a1a600edfe2645aa1d76d5c3f66fc8 --- /dev/null +++ b/data_full/CVE/2021-3004.sol @@ -0,0 +1,644 @@ +/** + *Submitted for verification at Etherscan.io on 2020-12-31 +*/ + +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +interface IERC20 { + function totalSupply() external view returns (uint256); + function decimals() external view returns (uint256); + function balanceOf(address account) external view returns (uint256); + function transfer(address recipient, uint256 amount) external returns (bool); + function allowance(address owner, address spender) external view returns (uint256); + function approve(address spender, uint256 amount) external returns (bool); + function transferFrom(address sender, address recipient, uint256 amount) external returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); + event Approval(address indexed owner, address indexed spender, uint256 value); +} + +library Address { + function isContract(address account) internal view returns (bool) { + bytes32 codehash; + bytes32 accountHash = 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470; + // solhint-disable-next-line no-inline-assembly + assembly { codehash := extcodehash(account) } + return (codehash != 0x0 && codehash != accountHash); + } +} + +library SafeERC20 { + using Address for address; + + function safeTransfer(IERC20 token, address to, uint value) internal { + callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); + } + + function safeTransferFrom(IERC20 token, address from, address to, uint value) internal { + callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value)); + } + + function safeApprove(IERC20 token, address spender, uint value) internal { + require((value == 0) || (token.allowance(address(this), spender) == 0), + "SafeERC20: approve from non-zero to non-zero allowance" + ); + callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value)); + } + function callOptionalReturn(IERC20 token, bytes memory data) private { + require(address(token).isContract(), "SafeERC20: call to non-contract"); + + // solhint-disable-next-line avoid-low-level-calls + (bool success, bytes memory returndata) = address(token).call(data); + require(success, "SafeERC20: low-level call failed"); + + if (returndata.length > 0) { // Return data is optional + // solhint-disable-next-line max-line-length + require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed"); + } + } +} + +interface Oracle { + function getPriceUSD(address reserve) external view returns (uint); +} + +interface ISushiswapV2Factory { + event PairCreated(address indexed token0, address indexed token1, address pair, uint); + + function feeTo() external view returns (address); + function feeToSetter() external view returns (address); + + function getPair(address tokenA, address tokenB) external view returns (address pair); + function allPairs(uint) external view returns (address pair); + function allPairsLength() external view returns (uint); + + function createPair(address tokenA, address tokenB) external returns (address pair); + + function setFeeTo(address) external; + function setFeeToSetter(address) external; +} + +interface ISushiswapV2Pair { + event Approval(address indexed owner, address indexed spender, uint value); + event Transfer(address indexed from, address indexed to, uint value); + + function name() external pure returns (string memory); + function symbol() external pure returns (string memory); + function decimals() external pure returns (uint8); + function totalSupply() external view returns (uint); + function balanceOf(address owner) external view returns (uint); + function allowance(address owner, address spender) external view returns (uint); + + function approve(address spender, uint value) external returns (bool); + function transfer(address to, uint value) external returns (bool); + function transferFrom(address from, address to, uint value) external returns (bool); + + function DOMAIN_SEPARATOR() external view returns (bytes32); + function PERMIT_TYPEHASH() external pure returns (bytes32); + function nonces(address owner) external view returns (uint); + + function permit(address owner, address spender, uint value, uint deadline, uint8 v, bytes32 r, bytes32 s) external; + + event Mint(address indexed sender, uint amount0, uint amount1); + event Burn(address indexed sender, uint amount0, uint amount1, address indexed to); + event Swap( + address indexed sender, + uint amount0In, + uint amount1In, + uint amount0Out, + uint amount1Out, + address indexed to + ); + event Sync(uint112 reserve0, uint112 reserve1); + + function MINIMUM_LIQUIDITY() external pure returns (uint); + function factory() external view returns (address); + function token0() external view returns (address); + function token1() external view returns (address); + function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast); + function price0CumulativeLast() external view returns (uint); + function price1CumulativeLast() external view returns (uint); + function kLast() external view returns (uint); + + function mint(address to) external returns (uint liquidity); + function burn(address to) external returns (uint amount0, uint amount1); + function swap(uint amount0Out, uint amount1Out, address to, bytes calldata data) external; + function skim(address to) external; + function sync() external; + + function initialize(address, address) external; +} + +/** + * @dev Contract module that helps prevent reentrant calls to a function. + * + * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier + * available, which can be applied to functions to make sure there are no nested + * (reentrant) calls to them. + * + * Note that because there is a single `nonReentrant` guard, functions marked as + * `nonReentrant` may not call one another. This can be worked around by making + * those functions `private`, and then adding `external` `nonReentrant` entry + * points to them. + * + * TIP: If you would like to learn more about reentrancy and alternative ways + * to protect against it, check out our blog post + * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul]. + */ +abstract contract ReentrancyGuard { + // Booleans are more expensive than uint256 or any type that takes up a full + // word because each write operation emits an extra SLOAD to first read the + // slot's contents, replace the bits taken up by the boolean, and then write + // back. This is the compiler's defense against contract upgrades and + // pointer aliasing, and it cannot be disabled. + + // The values being non-zero value makes deployment a bit more expensive, + // but in exchange the refund on every call to nonReentrant will be lower in + // amount. Since refunds are capped to a percentage of the total + // transaction's gas, it is best to keep them low in cases like this one, to + // increase the likelihood of the full refund coming into effect. + uint256 private constant _NOT_ENTERED = 1; + uint256 private constant _ENTERED = 2; + + uint256 private _status; + + constructor () { + _status = _NOT_ENTERED; + } + + /** + * @dev Prevents a contract from calling itself, directly or indirectly. + * Calling a `nonReentrant` function from another `nonReentrant` + * function is not supported. It is possible to prevent this from happening + * by making the `nonReentrant` function external, and make it call a + * `private` function that does the actual work. + */ + modifier nonReentrant() { + // On the first call to nonReentrant, _notEntered will be true + require(_status != _ENTERED, "ReentrancyGuard: reentrant call"); + + // Any calls to nonReentrant after this point will fail + _status = _ENTERED; + + _; + + // By storing the original value once again, a refund is triggered (see + // https://eips.ethereum.org/EIPS/eip-2200) + _status = _NOT_ENTERED; + } +} + + + +library SushiswapV2Library { + // returns sorted token addresses, used to handle return values from pairs sorted in this order + function sortTokens(address tokenA, address tokenB) internal pure returns (address token0, address token1) { + require(tokenA != tokenB, 'SushiswapV2Library: IDENTICAL_ADDRESSES'); + (token0, token1) = tokenA < tokenB ? (tokenA, tokenB) : (tokenB, tokenA); + require(token0 != address(0), 'SushiswapV2Library: ZERO_ADDRESS'); + } + + // calculates the CREATE2 address for a pair without making any external calls + function pairFor(address factory, address tokenA, address tokenB) internal pure returns (address pair) { + (address token0, address token1) = sortTokens(tokenA, tokenB); + pair = address(uint160(uint(keccak256(abi.encodePacked( + hex'ff', + factory, + keccak256(abi.encodePacked(token0, token1)), + hex'e18a34eb0e04b04f7a0ac29a6e80748dca96319b42c54d679cb821dca90c6303' // init code hash + ))))); + } + + // fetches and sorts the reserves for a pair + function getReserves(address factory, address tokenA, address tokenB) internal view returns (uint reserveA, uint reserveB) { + (address token0,) = sortTokens(tokenA, tokenB); + (uint reserve0, uint reserve1,) = ISushiswapV2Pair(pairFor(factory, tokenA, tokenB)).getReserves(); + (reserveA, reserveB) = tokenA == token0 ? (reserve0, reserve1) : (reserve1, reserve0); + } + + + // given some amount of an asset and pair reserves, returns an equivalent amount of the other asset + function quote(uint amountA, uint reserveA, uint reserveB) internal pure returns (uint amountB) { + require(amountA > 0, 'SushiswapV2Library: INSUFFICIENT_AMOUNT'); + require(reserveA > 0 && reserveB > 0, 'SushiswapV2Library: INSUFFICIENT_LIQUIDITY'); + amountB = amountA * reserveB / reserveA; + } +} + +/** + * @dev Standard math utilities missing in the Solidity language. + */ +library Math { + /** + * @dev Returns the largest of two numbers. + */ + function max(uint256 a, uint256 b) internal pure returns (uint256) { + return a >= b ? a : b; + } + + /** + * @dev Returns the smallest of two numbers. + */ + function min(uint256 a, uint256 b) internal pure returns (uint256) { + return a < b ? a : b; + } + + /** + * @dev Returns the average of two numbers. The result is rounded towards + * zero. + */ + function average(uint256 a, uint256 b) internal pure returns (uint256) { + // (a + b) / 2 can overflow, so we distribute + return (a / 2) + (b / 2) + ((a % 2 + b % 2) / 2); + } +} + +contract StableYieldCredit is ReentrancyGuard { + using SafeERC20 for IERC20; + + /// @notice EIP-20 token name for this token + string public constant name = "Stable Yield Credit"; + + /// @notice EIP-20 token symbol for this token + string public constant symbol = "yCREDIT"; + + /// @notice EIP-20 token decimals for this token + uint8 public constant decimals = 8; + + /// @notice Total number of tokens in circulation + uint public totalSupply = 0; + + /// @notice Total number of tokens staked for yield + uint public stakedSupply = 0; + + mapping(address => mapping (address => uint)) internal allowances; + mapping(address => uint) internal balances; + mapping(address => uint) public stakes; + + /// @notice The EIP-712 typehash for the contract's domain + bytes32 public constant DOMAIN_TYPEHASH = keccak256("EIP712Domain(string name,uint chainId,address verifyingContract)"); + bytes32 public immutable DOMAINSEPARATOR; + + /// @notice The EIP-712 typehash for the permit struct used by the contract + bytes32 public constant PERMIT_TYPEHASH = keccak256("Permit(address owner,address spender,uint value,uint nonce,uint deadline)"); + + /// @notice A record of states for signing / validating signatures + mapping (address => uint) public nonces; + + function safe32(uint n, string memory errorMessage) internal pure returns (uint32) { + require(n < 2**32, errorMessage); + return uint32(n); + } + + /// @notice The standard EIP-20 transfer event + event Transfer(address indexed from, address indexed to, uint amount); + + /// @notice Stake event for claiming rewards + event Staked(address indexed from, uint amount); + + // @notice Unstake event + event Unstaked(address indexed from, uint amount); + + event Earned(address indexed from, uint amount); + event Fees(uint amount); + + /// @notice The standard EIP-20 approval event + event Approval(address indexed owner, address indexed spender, uint amount); + + // Oracle used for price debt data (external to the AMM balance to avoid internal manipulation) + Oracle public constant LINK = Oracle(0x271bf4568fb737cc2e6277e9B1EE0034098cDA2a); + ISushiswapV2Factory public constant FACTORY = ISushiswapV2Factory(0xC0AEe478e3658e2610c5F7A4A2E1777cE9e4f2Ac); + + // user => token => collateral + mapping (address => mapping(address => uint)) public collateral; + // user => token => credit + mapping (address => mapping(address => uint)) public collateralCredit; + + address[] private _markets; + mapping (address => bool) pairs; + + uint public rewardRate = 0; + uint public periodFinish = 0; + uint public DURATION = 7 days; + uint public lastUpdateTime; + uint public rewardPerTokenStored; + + mapping(address => uint) public userRewardPerTokenPaid; + mapping(address => uint) public rewards; + + event Deposit(address indexed creditor, address indexed collateral, uint creditOut, uint amountIn, uint creditMinted); + event Withdraw(address indexed creditor, address indexed collateral, uint creditIn, uint creditOut, uint amountOut); + + constructor () { + DOMAINSEPARATOR = keccak256(abi.encode(DOMAIN_TYPEHASH, keccak256(bytes(name)), _getChainId(), address(this))); + } + + uint public FEE = 50; + uint public BASE = 10000; + + function lastTimeRewardApplicable() public view returns (uint) { + return Math.min(block.timestamp, periodFinish); + } + + function rewardPerToken() public view returns (uint) { + if (stakedSupply == 0) { + return rewardPerTokenStored; + } + return + rewardPerTokenStored + + ((lastTimeRewardApplicable() - + lastUpdateTime) * + rewardRate * 1e18 / stakedSupply); + } + + function earned(address account) public view returns (uint) { + return (stakes[account] * (rewardPerToken() - userRewardPerTokenPaid[account]) / 1e18) + rewards[account]; + } + + function getRewardForDuration() external view returns (uint) { + return rewardRate * DURATION; + } + + modifier updateReward(address account) { + rewardPerTokenStored = rewardPerToken(); + lastUpdateTime = lastTimeRewardApplicable(); + if (account != address(0)) { + rewards[account] = earned(account); + userRewardPerTokenPaid[account] = rewardPerTokenStored; + } + _; + } + + function stake(uint256 amount) external nonReentrant updateReward(msg.sender) { + require(amount > 0, "Cannot stake 0"); + stakedSupply += amount; + stakes[msg.sender] += amount; + _transferTokens(msg.sender, address(this), amount); + emit Staked(msg.sender, amount); + } + + function unstake(uint amount) public nonReentrant updateReward(msg.sender) { + require(amount > 0, "Cannot withdraw 0"); + stakedSupply -= amount; + stakes[msg.sender] -= amount; + _transferTokens(address(this), msg.sender, amount); + emit Unstaked(msg.sender, amount); + } + + function getReward() public nonReentrant updateReward(msg.sender) { + uint256 reward = rewards[msg.sender]; + if (reward > 0) { + rewards[msg.sender] = 0; + _transferTokens(address(this), msg.sender, reward); + emit Earned(msg.sender, reward); + } + } + + function exit() external { + unstake(stakes[msg.sender]); + getReward(); + } + + function notifyFeeAmount(uint reward) internal updateReward(address(0)) { + if (block.timestamp >= periodFinish) { + rewardRate = reward / DURATION; + } else { + uint remaining = periodFinish - block.timestamp; + uint leftover = remaining * rewardRate; + rewardRate = (reward + leftover) / DURATION; + } + + // Ensure the provided reward amount is not more than the balance in the contract. + // This keeps the reward rate in the right range, preventing overflows due to + // very high values of rewardRate in the earned and rewardsPerToken functions; + // Reward + leftover must be less than 2^256 / 10^18 to avoid overflow. + uint balance = balances[address(this)]; + require(rewardRate <= balance / DURATION, "Provided reward too high"); + + lastUpdateTime = block.timestamp; + periodFinish = block.timestamp + DURATION; + emit Fees(reward); + } + + function markets() external view returns (address[] memory) { + return _markets; + } + + function _mint(address dst, uint amount) internal { + // mint the amount + totalSupply += amount; + // transfer the amount to the recipient + balances[dst] += amount; + emit Transfer(address(0), dst, amount); + } + + function _burn(address dst, uint amount) internal { + // burn the amount + totalSupply -= amount; + // transfer the amount from the recipient + balances[dst] -= amount; + emit Transfer(dst, address(0), amount); + } + + function depositAll(IERC20 token) external { + _deposit(token, token.balanceOf(msg.sender)); + } + + function deposit(IERC20 token, uint amount) external { + _deposit(token, amount); + } + + function _addLiquidity( + address tokenA, + address tokenB, + uint amountADesired, + uint amountBDesired + ) internal virtual returns (address pair, uint amountA, uint amountB) { + // create the pair if it doesn't exist yet + pair = FACTORY.getPair(tokenA, tokenB); + if (pair == address(0)) { + pair = FACTORY.createPair(tokenA, tokenB); + pairs[pair] = true; + _markets.push(tokenA); + } else if (!pairs[pair]) { + pairs[pair] = true; + _markets.push(tokenA); + } + + (uint reserveA, uint reserveB) = SushiswapV2Library.getReserves(address(FACTORY), tokenA, tokenB); + if (reserveA == 0 && reserveB == 0) { + (amountA, amountB) = (amountADesired, amountBDesired); + } else { + uint amountBOptimal = SushiswapV2Library.quote(amountADesired, reserveA, reserveB); + if (amountBOptimal <= amountBDesired) { + (amountA, amountB) = (amountADesired, amountBOptimal); + } else { + uint amountAOptimal = SushiswapV2Library.quote(amountBDesired, reserveB, reserveA); + assert(amountAOptimal <= amountADesired); + (amountA, amountB) = (amountAOptimal, amountBDesired); + } + } + } + + function _deposit(IERC20 token, uint amount) internal { + uint _value = LINK.getPriceUSD(address(token)) * amount / uint256(10)**token.decimals(); + require(_value > 0, "!value"); + + (address _pair, uint amountA,) = _addLiquidity(address(token), address(this), amount, _value); + + token.safeTransferFrom(msg.sender, _pair, amountA); + _mint(_pair, _value); // Amount of scUSD to mint + + uint _liquidity = ISushiswapV2Pair(_pair).mint(address(this)); + collateral[msg.sender][address(token)] += _liquidity; + + collateralCredit[msg.sender][address(token)] += _value; + uint _fee = _value * FEE / BASE; + _mint(msg.sender, _value - _fee); + _mint(address(this), _fee); + notifyFeeAmount(_fee); + + emit Deposit(msg.sender, address(token), _value, amount, _value); + } + + function withdrawAll(IERC20 token) external { + _withdraw(token, IERC20(address(this)).balanceOf(msg.sender)); + } + + function withdraw(IERC20 token, uint amount) external { + _withdraw(token, amount); + } + + function _withdraw(IERC20 token, uint amount) internal { + uint _credit = collateralCredit[msg.sender][address(token)]; + uint _collateral = collateral[msg.sender][address(token)]; + + if (_credit < amount) { + amount = _credit; + } + + // Calculate % of collateral to release + uint _burned = _collateral * amount / _credit; + address _pair = FACTORY.getPair(address(token), address(this)); + + IERC20(_pair).safeTransfer(_pair, _burned); // send liquidity to pair + (uint _amount0, uint _amount1) = ISushiswapV2Pair(_pair).burn(msg.sender); + (address _token0,) = SushiswapV2Library.sortTokens(address(token), address(this)); + (uint _amountA, uint _amountB) = address(token) == _token0 ? (_amount0, _amount1) : (_amount1, _amount0); + + collateralCredit[msg.sender][address(token)] -= amount; + collateral[msg.sender][address(token)] -= _burned; + _burn(msg.sender, _amountB+amount); // Amount of scUSD to burn (value of A leaving the system) + + emit Withdraw(msg.sender, address(token), amount, _amountB, _amountA); + } + + /** + * @notice Get the number of tokens `spender` is approved to spend on behalf of `account` + * @param account The address of the account holding the funds + * @param spender The address of the account spending the funds + * @return The number of tokens approved + */ + function allowance(address account, address spender) external view returns (uint) { + return allowances[account][spender]; + } + + /** + * @notice Approve `spender` to transfer up to `amount` from `src` + * @dev This will overwrite the approval amount for `spender` + * and is subject to issues noted [here](https://eips.ethereum.org/EIPS/eip-20#approve) + * @param spender The address of the account which may transfer tokens + * @param amount The number of tokens that are approved (2^256-1 means infinite) + * @return Whether or not the approval succeeded + */ + function approve(address spender, uint amount) external returns (bool) { + allowances[msg.sender][spender] = amount; + + emit Approval(msg.sender, spender, amount); + return true; + } + + /** + * @notice Triggers an approval from owner to spends + * @param owner The address to approve from + * @param spender The address to be approved + * @param amount The number of tokens that are approved (2^256-1 means infinite) + * @param deadline The time at which to expire the signature + * @param v The recovery byte of the signature + * @param r Half of the ECDSA signature pair + * @param s Half of the ECDSA signature pair + */ + function permit(address owner, address spender, uint amount, uint deadline, uint8 v, bytes32 r, bytes32 s) external { + bytes32 structHash = keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, amount, nonces[owner]++, deadline)); + bytes32 digest = keccak256(abi.encodePacked("\x19\x01", DOMAINSEPARATOR, structHash)); + address signatory = ecrecover(digest, v, r, s); + require(signatory != address(0), "permit: signature"); + require(signatory == owner, "permit: unauthorized"); + require(block.timestamp <= deadline, "permit: expired"); + + allowances[owner][spender] = amount; + + emit Approval(owner, spender, amount); + } + + /** + * @notice Get the number of tokens held by the `account` + * @param account The address of the account to get the balance of + * @return The number of tokens held + */ + function balanceOf(address account) external view returns (uint) { + return balances[account]; + } + + /** + * @notice Transfer `amount` tokens from `msg.sender` to `dst` + * @param dst The address of the destination account + * @param amount The number of tokens to transfer + * @return Whether or not the transfer succeeded + */ + function transfer(address dst, uint amount) external returns (bool) { + _transferTokens(msg.sender, dst, amount); + return true; + } + + /** + * @notice Transfer `amount` tokens from `src` to `dst` + * @param src The address of the source account + * @param dst The address of the destination account + * @param amount The number of tokens to transfer + * @return Whether or not the transfer succeeded + */ + function transferFrom(address src, address dst, uint amount) external returns (bool) { + address spender = msg.sender; + uint spenderAllowance = allowances[src][spender]; + + if (spender != src && spenderAllowance != type(uint).max) { + uint newAllowance = spenderAllowance - amount; + allowances[src][spender] = newAllowance; + + emit Approval(src, spender, newAllowance); + } + + _transferTokens(src, dst, amount); + return true; + } + + function _transferTokens(address src, address dst, uint amount) internal { + balances[src] -= amount; + balances[dst] += amount; + + emit Transfer(src, dst, amount); + + if (pairs[src]) { + uint _fee = amount * FEE / BASE; + _transferTokens(dst, address(this), _fee); + notifyFeeAmount(_fee); + } + } + + function _getChainId() internal view returns (uint) { + uint chainId; + assembly { chainId := chainid() } + return chainId; + } +} \ No newline at end of file diff --git a/data_full/CVE/2021-3006.sol b/data_full/CVE/2021-3006.sol new file mode 100644 index 0000000000000000000000000000000000000000..8859f8659e814cfc9adb5719cb95ef8621012c17 --- /dev/null +++ b/data_full/CVE/2021-3006.sol @@ -0,0 +1,929 @@ +/** + *Submitted for verification at Etherscan.io on 2020-03-10 +*/ + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ +pragma solidity ^0.5.11; + + +/// @title ERC20 Token Interface +/// @dev see https://github.com/ethereum/EIPs/issues/20 +/// @author Daniel Wang - +contract ERC20 +{ + function totalSupply() + public + view + returns (uint); + + function balanceOf( + address who + ) + public + view + returns (uint); + + function allowance( + address owner, + address spender + ) + public + view + returns (uint); + + function transfer( + address to, + uint value + ) + public + returns (bool); + + function transferFrom( + address from, + address to, + uint value + ) + public + returns (bool); + + function approve( + address spender, + uint value + ) + public + returns (bool); +} +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title Utility Functions for addresses +/// @author Daniel Wang - +/// @author Brecht Devos - +library AddressUtil +{ + using AddressUtil for *; + + function isContract( + address addr + ) + internal + view + returns (bool) + { + uint32 size; + assembly { size := extcodesize(addr) } + return (size > 0); + } + + function toPayable( + address addr + ) + internal + pure + returns (address payable) + { + return address(uint160(addr)); + } + + // Works like address.send but with a customizable gas limit + // Make sure your code is safe for reentrancy when using this function! + function sendETH( + address to, + uint amount, + uint gasLimit + ) + internal + returns (bool success) + { + if (amount == 0) { + return true; + } + address payable recipient = to.toPayable(); + /* solium-disable-next-line */ + (success, ) = recipient.call.value(amount).gas(gasLimit)(""); + } + + // Works like address.transfer but with a customizable gas limit + // Make sure your code is safe for reentrancy when using this function! + function sendETHAndVerify( + address to, + uint amount, + uint gasLimit + ) + internal + returns (bool success) + { + success = to.sendETH(amount, gasLimit); + require(success, "TRANSFER_FAILURE"); + } +} + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + + + +/// @title Burnable ERC20 Token Interface +/// @author Brecht Devos - +contract BurnableERC20 is ERC20 +{ + function burn( + uint value + ) + public + returns (bool); + + function burnFrom( + address from, + uint value + ) + public + returns (bool); +} + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title Ownable +/// @author Brecht Devos - +/// @dev The Ownable contract has an owner address, and provides basic +/// authorization control functions, this simplifies the implementation of +/// "user permissions". +contract Ownable +{ + address public owner; + + event OwnershipTransferred( + address indexed previousOwner, + address indexed newOwner + ); + + /// @dev The Ownable constructor sets the original `owner` of the contract + /// to the sender. + constructor() + public + { + owner = msg.sender; + } + + /// @dev Throws if called by any account other than the owner. + modifier onlyOwner() + { + require(msg.sender == owner, "UNAUTHORIZED"); + _; + } + + /// @dev Allows the current owner to transfer control of the contract to a + /// new owner. + /// @param newOwner The address to transfer ownership to. + function transferOwnership( + address newOwner + ) + public + onlyOwner + { + require(newOwner != address(0), "ZERO_ADDRESS"); + emit OwnershipTransferred(owner, newOwner); + owner = newOwner; + } + + function renounceOwnership() + public + onlyOwner + { + emit OwnershipTransferred(owner, address(0)); + owner = address(0); + } +} + + + +/// @title Claimable +/// @author Brecht Devos - +/// @dev Extension for the Ownable contract, where the ownership needs +/// to be claimed. This allows the new owner to accept the transfer. +contract Claimable is Ownable +{ + address public pendingOwner; + + /// @dev Modifier throws if called by any account other than the pendingOwner. + modifier onlyPendingOwner() { + require(msg.sender == pendingOwner, "UNAUTHORIZED"); + _; + } + + /// @dev Allows the current owner to set the pendingOwner address. + /// @param newOwner The address to transfer ownership to. + function transferOwnership( + address newOwner + ) + public + onlyOwner + { + require(newOwner != address(0) && newOwner != owner, "INVALID_ADDRESS"); + pendingOwner = newOwner; + } + + /// @dev Allows the pendingOwner address to finalize the transfer. + function claimOwnership() + public + onlyPendingOwner + { + emit OwnershipTransferred(owner, pendingOwner); + owner = pendingOwner; + pendingOwner = address(0); + } +} + + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title ERC20 safe transfer +/// @dev see https://github.com/sec-bit/badERC20Fix +/// @author Brecht Devos - +library ERC20SafeTransfer +{ + function safeTransferAndVerify( + address token, + address to, + uint value + ) + internal + { + safeTransferWithGasLimitAndVerify( + token, + to, + value, + gasleft() + ); + } + + function safeTransfer( + address token, + address to, + uint value + ) + internal + returns (bool) + { + return safeTransferWithGasLimit( + token, + to, + value, + gasleft() + ); + } + + function safeTransferWithGasLimitAndVerify( + address token, + address to, + uint value, + uint gasLimit + ) + internal + { + require( + safeTransferWithGasLimit(token, to, value, gasLimit), + "TRANSFER_FAILURE" + ); + } + + function safeTransferWithGasLimit( + address token, + address to, + uint value, + uint gasLimit + ) + internal + returns (bool) + { + // A transfer is successful when 'call' is successful and depending on the token: + // - No value is returned: we assume a revert when the transfer failed (i.e. 'call' returns false) + // - A single boolean is returned: this boolean needs to be true (non-zero) + + // bytes4(keccak256("transfer(address,uint)")) = 0xa9059cbb + bytes memory callData = abi.encodeWithSelector( + bytes4(0xa9059cbb), + to, + value + ); + (bool success, ) = token.call.gas(gasLimit)(callData); + return checkReturnValue(success); + } + + function safeTransferFromAndVerify( + address token, + address from, + address to, + uint value + ) + internal + { + safeTransferFromWithGasLimitAndVerify( + token, + from, + to, + value, + gasleft() + ); + } + + function safeTransferFrom( + address token, + address from, + address to, + uint value + ) + internal + returns (bool) + { + return safeTransferFromWithGasLimit( + token, + from, + to, + value, + gasleft() + ); + } + + function safeTransferFromWithGasLimitAndVerify( + address token, + address from, + address to, + uint value, + uint gasLimit + ) + internal + { + bool result = safeTransferFromWithGasLimit( + token, + from, + to, + value, + gasLimit + ); + require(result, "TRANSFER_FAILURE"); + } + + function safeTransferFromWithGasLimit( + address token, + address from, + address to, + uint value, + uint gasLimit + ) + internal + returns (bool) + { + // A transferFrom is successful when 'call' is successful and depending on the token: + // - No value is returned: we assume a revert when the transfer failed (i.e. 'call' returns false) + // - A single boolean is returned: this boolean needs to be true (non-zero) + + // bytes4(keccak256("transferFrom(address,address,uint)")) = 0x23b872dd + bytes memory callData = abi.encodeWithSelector( + bytes4(0x23b872dd), + from, + to, + value + ); + (bool success, ) = token.call.gas(gasLimit)(callData); + return checkReturnValue(success); + } + + function checkReturnValue( + bool success + ) + internal + pure + returns (bool) + { + // A transfer/transferFrom is successful when 'call' is successful and depending on the token: + // - No value is returned: we assume a revert when the transfer failed (i.e. 'call' returns false) + // - A single boolean is returned: this boolean needs to be true (non-zero) + if (success) { + assembly { + switch returndatasize() + // Non-standard ERC20: nothing is returned so if 'call' was successful we assume the transfer succeeded + case 0 { + success := 1 + } + // Standard ERC20: a single boolean value is returned which needs to be true + case 32 { + returndatacopy(0, 0, 32) + success := mload(0) + } + // None of the above: not successful + default { + success := 0 + } + } + } + return success; + } +} +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title Utility Functions for uint +/// @author Daniel Wang - +library MathUint +{ + function mul( + uint a, + uint b + ) + internal + pure + returns (uint c) + { + c = a * b; + require(a == 0 || c / a == b, "MUL_OVERFLOW"); + } + + function sub( + uint a, + uint b + ) + internal + pure + returns (uint) + { + require(b <= a, "SUB_UNDERFLOW"); + return a - b; + } + + function add( + uint a, + uint b + ) + internal + pure + returns (uint c) + { + c = a + b; + require(c >= a, "ADD_OVERFLOW"); + } + + function decodeFloat( + uint f + ) + internal + pure + returns (uint value) + { + uint numBitsMantissa = 23; + uint exponent = f >> numBitsMantissa; + uint mantissa = f & ((1 << numBitsMantissa) - 1); + value = mantissa * (10 ** exponent); + } +} + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title ReentrancyGuard +/// @author Brecht Devos - +/// @dev Exposes a modifier that guards a function against reentrancy +/// Changing the value of the same storage value multiple times in a transaction +/// is cheap (starting from Istanbul) so there is no need to minimize +/// the number of times the value is changed +contract ReentrancyGuard +{ + //The default value must be 0 in order to work behind a proxy. + uint private _guardValue; + + // Use this modifier on a function to prevent reentrancy + modifier nonReentrant() + { + // Check if the guard value has its original value + require(_guardValue == 0, "REENTRANCY"); + + // Set the value to something else + _guardValue = 1; + + // Function body + _; + + // Set the value back + _guardValue = 0; + } +} + + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + + +/// @title IProtocolFeeVault +/// @dev This smart contract manages the distribution of protocol fees. +/// Tokens other than LRC will be sold by TokenSeller, +/// If no TokenSeller is set, the tokens or Ether will be sent to the owner +/// to sell them for LRC by other means such as using a centralized exchange. +/// For LRC token, 70% of them can be withdrawn to the UserStakingPool contract +/// to reward LRC stakers; 20% of them can be withdrawn to the Loopring DAO, +/// and the remaining 10% can be burned to reduce LRC's total supply. +contract IProtocolFeeVault +{ + uint public constant REWARD_PERCENTAGE = 70; + uint public constant DAO_PERDENTAGE = 20; + + address public userStakingPoolAddress; + address public lrcAddress; + address public tokenSellerAddress; + address public daoAddress; + + uint claimedReward; + uint claimedDAOFund; + uint claimedBurn; + + event LRCClaimed(uint amount); + event DAOFunded(uint amountDAO, uint amountBurn); + event TokenSold(address token, uint amount); + event SettingsUpdated(uint time); + + /// @dev Sets depdending contract address. All these addresses can be zero. + /// @param _userStakingPoolAddress The address of the user staking pool. + /// @param _tokenSellerAddress The address of the token seller. + /// @param _daoAddress The address of the DAO contract. + function updateSettings( + address _userStakingPoolAddress, + address _tokenSellerAddress, + address _daoAddress + ) + external; + + /// @dev Claims LRC as staking reward to the IUserStakingPool contract. + /// Note that this function can only be called by + /// the IUserStakingPool contract. + /// + /// @param amount The amount of LRC to be claimed. + function claimStakingReward(uint amount) external; + + /// @dev Withdraws LRC to DAO and in the meanwhile burn some LRC according to + /// the predefined percentages. + function fundDAO() external; + + /// @dev Sells a non-LRC token or Ether to LRC. If no TokenSeller is set, + /// the tokens or Ether will be sent to the owner. + /// @param token The token or ether (0x0) to sell. + /// @param amount THe amout of token/ether to sell. + function sellTokenForLRC( + address token, + uint amount + ) + external; + + /// @dev Returns some global stats regarding fees. + /// @return accumulatedFees The accumulated amount of LRC protocol fees. + /// @return accumulatedBurn The accumulated amount of LRC to burn. + /// @return accumulatedDAOFund The accumulated amount of LRC as developer pool. + /// @return accumulatedReward The accumulated amount of LRC as staking reward. + /// @return remainingFees The remaining amount of LRC protocol fees. + /// @return remainingBurn The remaining amount of LRC to burn. + /// @return remainingDAOFund The remaining amount of LRC as developer pool. + /// @return remainingReward The remaining amount of LRC as staking reward. + function getProtocolFeeStats() + public + view + returns ( + uint accumulatedFees, + uint accumulatedBurn, + uint accumulatedDAOFund, + uint accumulatedReward, + uint remainingFees, + uint remainingBurn, + uint remainingDAOFund, + uint remainingReward + ); +} + +/* + + Copyright 2017 Loopring Project Ltd (Loopring Foundation). + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + + +/// @title ITokenSeller +/// @dev Use this contract to sell tokenS for as many tokenB. +/// @author Daniel Wang - +contract ITokenSeller +{ + /// @dev Sells all tokenS for tokenB + /// @param tokenS The token or Ether (0x0) to sell. + /// @param tokenB The token to buy. + /// @return success True if success, false otherwise. + function sellToken( + address tokenS, + address tokenB + ) + external + payable + returns (bool success); +} + +/// @title An Implementation of IProtocolFeeVault. +/// @author Daniel Wang - +contract ProtocolFeeVault is Claimable, ReentrancyGuard, IProtocolFeeVault +{ + using AddressUtil for address; + using AddressUtil for address payable; + using ERC20SafeTransfer for address; + using MathUint for uint; + + constructor(address _lrcAddress) + Claimable() + public + { + require(_lrcAddress != address(0), "ZERO_ADDRESS"); + lrcAddress = _lrcAddress; + } + + function() external payable { } + + function updateSettings( + address _userStakingPoolAddress, + address _tokenSellerAddress, + address _daoAddress + ) + external + nonReentrant + onlyOwner + { + require( + userStakingPoolAddress != _userStakingPoolAddress || + tokenSellerAddress != _tokenSellerAddress || + daoAddress != _daoAddress, + "SAME_ADDRESSES" + ); + userStakingPoolAddress = _userStakingPoolAddress; + tokenSellerAddress = _tokenSellerAddress; + daoAddress = _daoAddress; + + emit SettingsUpdated(now); + } + + function claimStakingReward( + uint amount + ) + external + nonReentrant + { + require(amount > 0, "ZERO_VALUE"); + require(msg.sender == userStakingPoolAddress, "UNAUTHORIZED"); + lrcAddress.safeTransferAndVerify(userStakingPoolAddress, amount); + claimedReward = claimedReward.add(amount); + emit LRCClaimed(amount); + } + + function fundDAO() + external + nonReentrant + { + uint amountDAO; + uint amountBurn; + (, , , , , amountBurn, amountDAO, ) = getProtocolFeeStats(); + + address recipient = daoAddress == address(0) ? owner : daoAddress; + + if (amountDAO > 0) { + lrcAddress.safeTransferAndVerify(recipient, amountDAO); + } + + if (amountBurn > 0) { + require(BurnableERC20(lrcAddress).burn(amountBurn), "BURN_FAILURE"); + } + + claimedBurn = claimedBurn.add(amountBurn); + claimedDAOFund = claimedDAOFund.add(amountDAO); + + emit DAOFunded(amountDAO, amountBurn); + } + + function sellTokenForLRC( + address token, + uint amount + ) + external + nonReentrant + { + require(amount > 0, "ZERO_AMOUNT"); + require(token != lrcAddress, "PROHIBITED"); + + address recipient = tokenSellerAddress == address(0) ? owner : tokenSellerAddress; + + if (token == address(0)) { + recipient.sendETHAndVerify(amount, gasleft()); + } else { + token.safeTransferAndVerify(recipient, amount); + } + + require( + tokenSellerAddress == address(0) || + ITokenSeller(tokenSellerAddress).sellToken(token, lrcAddress), + "SELL_FAILURE" + ); + + emit TokenSold(token, amount); + } + + function getProtocolFeeStats() + public + view + returns ( + uint accumulatedFees, + uint accumulatedBurn, + uint accumulatedDAOFund, + uint accumulatedReward, + uint remainingFees, + uint remainingBurn, + uint remainingDAOFund, + uint remainingReward + ) + { + remainingFees = ERC20(lrcAddress).balanceOf(address(this)); + accumulatedFees = remainingFees.add(claimedReward).add(claimedDAOFund).add(claimedBurn); + + accumulatedReward = accumulatedFees.mul(REWARD_PERCENTAGE) / 100; + accumulatedDAOFund = accumulatedFees.mul(DAO_PERDENTAGE) / 100; + accumulatedBurn = accumulatedFees.sub(accumulatedReward).sub(accumulatedDAOFund); + + remainingReward = accumulatedReward.sub(claimedReward); + remainingDAOFund = accumulatedDAOFund.sub(claimedDAOFund); + remainingBurn = accumulatedBurn.sub(claimedBurn); + } +} \ No newline at end of file diff --git a/data_full/CVE/2021-33403.sol b/data_full/CVE/2021-33403.sol new file mode 100644 index 0000000000000000000000000000000000000000..0bd82911e2db49bfaa1fa6977018a4776911eec3 --- /dev/null +++ b/data_full/CVE/2021-33403.sol @@ -0,0 +1,365 @@ +/** + *Submitted for verification at Etherscan.io on 2018-03-22 +*/ + +//--------------------------------------------------------------// +//---------------------BLOCKLANCER TOKEN -----------------------// +//--------------------------------------------------------------// + +pragma solidity ^0.4.8; + +/// Migration Agent +/// allows us to migrate to a new contract should it be needed +/// makes blocklancer future proof +contract MigrationAgent { + function migrateFrom(address _from, uint256 _value); +} + +contract ERC20Interface { + // Get the total token supply + function totalSupply() constant returns (uint256 totalSupply); + + // Get the account balance of another account with address _owner + function balanceOf(address _owner) constant returns (uint256 balance); + + // Send _value amount of tokens to address _to + function transfer(address _to, uint256 _value) returns (bool success); + + // Send _value amount of tokens from address _from to address _to + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + + // Allow _spender to withdraw from your account, multiple times, up to the _value amount. + // If this function is called again it overwrites the current allowance with _value. + // this function is required for some DEX functionality + function approve(address _spender, uint256 _value) returns (bool success); + + // Returns the amount which _spender is still allowed to withdraw from _owner + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + + // Triggered when tokens are transferred. + event Transfer(address indexed _from, address indexed _to, uint256 _value); + + // Triggered whenever approve(address _spender, uint256 _value) is called. + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} + +/// Blocklancer Token (LNC) - crowdfunding code for Blocklancer Project +contract BlocklancerToken is ERC20Interface { + string public constant name = "Lancer Token"; + string public constant symbol = "LNC"; + uint8 public constant decimals = 18; // 18 decimal places, the same as ETH. + + mapping(address => mapping (address => uint256)) allowed; + + uint public fundingStart; + + // The flag indicates if the LNC contract is in Funding state. + bool public funding = true; + bool allowTransfer=false; + + // Receives ETH and its own LNC endowment. + address public master; + + // The current total token supply. + uint256 totalTokens; + + uint exchangeRate=20000; + uint EarlyInvestorExchangeRate=25000; + + bool startRefund=false; + + mapping (address => uint256) balances; + mapping (address => bool) initialInvestor; + mapping (address => uint) lastTransferred; + + //needed to refund everyone should the ICO fail + // needed because the price per LNC isn't linear + mapping (address => uint256) balancesEther; + + //address of the contract that manages the migration + //can only be changed by the creator + address public migrationAgent; + + //total amount of token migrated + //allows everyone to see the progress of the migration + uint256 public totalMigrated; + + event Migrate(address indexed _from, address indexed _to, uint256 _value); + event Refund(address indexed _from, uint256 _value); + + //total amount of participants in the ICO + uint totalParticipants; + + function BlocklancerToken() { + master = msg.sender; + fundingStart = 1501977600; + initialInvestor[0x32be343b94f860124dc4fee278fdcbd38c102d88]=true;initialInvestor[0x3106fe2245b376888d684bdcd83dfa9641a869ff]=true;initialInvestor[0x7f7c64c7b7f5a611e739b4da26659bf741414917]=true;initialInvestor[0x4b3b8e0c2c221e916a48e2e5f3718ae2bce51894]=true;initialInvestor[0x507c8fea802a0772eb5e001a8fba38f36fb9b66b]=true;initialInvestor[0x3c35b66dbaf1bc716f41759c7513a7af2f727ce0]=true;initialInvestor[0x7da3ff5dc152352dcffaf08d528e78f1efd4e9d1]=true;initialInvestor[0x404b688a1d9eb850be2527c5dd341561cfa84e11]=true;initialInvestor[0x80ad7165f29f97896a0b5758193879de34fd9712]=true;initialInvestor[0xd70837a61a322f69ba3742111216a7b97d61d3a7]=true;initialInvestor[0x5eefc4f295045ea11827f515c10d50829580cd31]=true;initialInvestor[0xc8c154d54e8d66073b23361cc74cf5d13efc4dc9]=true;initialInvestor[0x00b279438dff4bb6f37038b12704e31967955cb0]=true;initialInvestor[0xfff78f0db7995c7f2299d127d332aef95bc3e7b7]=true;initialInvestor[0xae631a37ad50bf03e8028d0ae8ba041c70ac4c70]=true;initialInvestor[0x4effca51ba840ae9563f5ac1aa794d1e5d3a3806]=true;initialInvestor[0x315a233620b8536d37a92d588aaf5eb050b50d84]=true;initialInvestor[0x1ebf9e3470f303f6a6ac43347e41877b0a5aaa39]=true;initialInvestor[0xbf022480bda3f6c839cd443397761d5e83f3c02b]=true;initialInvestor[0xe727ea5340256a5236287ee3074eea34d8483457]=true;initialInvestor[0x45ecfeea42fc525c0b29313d3de9089488ef71dc]=true;initialInvestor[0xe59e4aac45862796cb52434967cf72ea46474ff3]=true;initialInvestor[0x7c367c14a322404f9e332b68d7d661b46a5c93ea]=true;initialInvestor[0x08bea4ccc9c45e506d5bc5e638acaa13fa3e801c]=true;initialInvestor[0x5dfb4a015eb0c3477a99ba88b2ac60459c879674]=true;initialInvestor[0x771a2137708ca7e07e7b7c55e5ea666e88d7c0c8]=true;initialInvestor[0xcc8ab06eb5a14855fc8b90abcb6be2f34ee5cea1]=true;initialInvestor[0x0764d446d0701a9b52382f8984b9d270d266e02c]=true;initialInvestor[0x2d90b415a38e2e19cdd02ff3ad81a97af7cbf672]=true;initialInvestor[0x0d4266de516944a49c8109a4397d1fcf06fb7ed0]=true;initialInvestor[0x7a5159617df20008b4dbe06d645a1b0305406794]=true;initialInvestor[0xaf9e23965c09ebf5d313c669020b0e1757cbb92c]=true;initialInvestor[0x33d94224754c122baa1ebaf455d16a9c82f69c98]=true;initialInvestor[0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0]=true;initialInvestor[0xf6ac7c81ca099e34421b7eff7c9e80c8f56b74ae]=true;initialInvestor[0xd85faf59e73225ef386b46a1b17c493019b23e1e]=true;initialInvestor[0x3833f8dbdbd6bdcb6a883ff209b869148965b364]=true;initialInvestor[0x7ed1e469fcb3ee19c0366d829e291451be638e59]=true;initialInvestor[0x6c1ddafafd55a53f80cb7f4c8c8f9a9f13f61d70]=true;initialInvestor[0x94ef531595ffe510f8dc92e0e07a987f57784338]=true;initialInvestor[0xcc54e4e2f425cc4e207344f9e0619c1e40f42f26]=true;initialInvestor[0x70ee7bfc1aeac50349c29475a11ed4c57961b387]=true;initialInvestor[0x89be0bd8b6007101c7da7170a6461580994221d0]=true;initialInvestor[0xa7802ba51ba87556263d84cfc235759b214ccf35]=true;initialInvestor[0xb6a34bd460f02241e80e031023ec20ce6fc310ae]=true;initialInvestor[0x07004b458b56fb152c06ad81fe1be30c8a8b2ea1]=true;initialInvestor[0xb6da110659ef762a381cf2d6f601eb19b5f5d51e]=true;initialInvestor[0x20abf65634219512c6c98a64614c43220ca2085b]=true;initialInvestor[0x3afd1483693fe606c0e58f580bd08ae9aba092fd]=true;initialInvestor[0x61e120b9ca6559961982d9bd1b1dbea7485b84d1]=true;initialInvestor[0x481525718f1536ca2d739aa7e68b94b5e1d5d2c2]=true;initialInvestor[0x8e129a434cde6f52838fad2d30d8b08f744abf48]=true;initialInvestor[0x13df035952316f5fb663c262064ee39e44aa6b43]=true;initialInvestor[0x03c6c82a1d6d13b2f92ed63a10b1b791ffaa1e02]=true;initialInvestor[0xb079a72c627d0a34b880aee0504b901cbce64568]=true;initialInvestor[0xbf27721ca05c983c902df12492620ab2a8b9db91]=true;initialInvestor[0x4ced2b7d27ac74b0ecb2440d9857ba6c6407149f]=true;initialInvestor[0x330c63a5b737b5542be108a74b3fef6272619585]=true;initialInvestor[0x266dccd07a275a6e72b6bc549f7c2ce9e082f13f]=true;initialInvestor[0xf4280bf77a043568e40da2b8068b11243082c944]=true;initialInvestor[0x67d2f0e2d642a87300781df25c45b00bccaf6983]=true;initialInvestor[0x9f658a6628864e94f9a1c53ba519f0ae37a8b4a5]=true;initialInvestor[0x498d256ee53d4d05269cfa1a80c3214e525076ca]=true;initialInvestor[0xa1beac79dda14bce1ee698fdee47e2f7f2fd1f0d]=true;initialInvestor[0xfeb063bd508b82043d6b4d5c51e1e42b44f39b33]=true;initialInvestor[0xfeb7a283e1dbf2d5d8e9ba64ab5e607a41213561]=true;initialInvestor[0xabedb3d632fddccd4e95957be4ee0daffbe6acdd]=true;initialInvestor[0x4d8a7cb44d317113c82f25a0174a637a8f012ebb]=true;initialInvestor[0xe922c94161d45bdd31433b3c7b912ad214d399ce]=true;initialInvestor[0x11f9ad6eb7e9e98349b8397c836c0e3e88455b0a]=true;initialInvestor[0xfc28b52160639167fa59f30232bd8d43fab681e6]=true;initialInvestor[0xaf8a6c54fc8fa59cfcbc631e56b3d5b22fa42b75]=true;initialInvestor[0xd3c0ebb99a5616f3647f16c2efb40b133b5b1e1c]=true;initialInvestor[0x877341abeac8f44ac69ba7c99b1d5d31ce7a11d7]=true;initialInvestor[0xb22f376f70f34c906a88a91f6999a0bd1a0f3c3d]=true;initialInvestor[0x2c99db3838d6af157c8d671291d560a013c6c01e]=true;initialInvestor[0xd0f38af6984f3f847f7f2fcd6ea27aa878257059]=true;initialInvestor[0x2a5da89176d5316782d7f1c9db74d209679ad9ce]=true;initialInvestor[0xc88eea647a570738e69ad3dd8975577df720318d]=true;initialInvestor[0xb32b18dfea9072047a368ec056a464b73618345a]=true;initialInvestor[0x945b9a00bffb201a5602ee661f2a4cc6e5285ca6]=true;initialInvestor[0x86957ac9a15f114c08296523569511c22e471266]=true;initialInvestor[0x007bfe6994536ec9e89505c7de8e9eb748d3cb27]=true;initialInvestor[0x6ad0f0f578115b6fafa73df45e9f1e9056b84459]=true;initialInvestor[0x621663b4b6580b70b74afaf989c707d533bbec91]=true;initialInvestor[0xdc86c0632e88de345fc2ac01608c63f2ed99605a]=true;initialInvestor[0x3d83bb077b2557ef5f361bf1a9e68d093d919b28]=true;initialInvestor[0x56307b37377f75f397d4936cf507baf0f4943ea5]=true;initialInvestor[0x555cbe849bf5e01db195a81ecec1e65329fff643]=true;initialInvestor[0x7398a2edb928a2e179f62bfb795f292254f6850e]=true;initialInvestor[0x30382b132f30c175bee2858353f3a2dd0d074c3a]=true;initialInvestor[0x5baeac0a0417a05733884852aa068b706967e790]=true;initialInvestor[0xcb12b8a675e652296a8134e70f128521e633b327]=true;initialInvestor[0xaa8c03e04b121511858d88be7a1b2f5a2d70f6ac]=true;initialInvestor[0x77529c0ea5381262db964da3d5f6e2cc92e9b48b]=true;initialInvestor[0x59e5fe8a9637702c6d597c5f1c4ebe3fba747371]=true;initialInvestor[0x296fe436ecc0ea6b7a195ded26451e77e1335108]=true;initialInvestor[0x41bacae05437a3fe126933e57002ae3f129aa079]=true;initialInvestor[0x6cd5b9b60d2bcf81af8e6ef5d750dc9a8f18bf45]=true; + } + + //returns the total amount of participants in the ICO + function getAmountofTotalParticipants() constant returns (uint){ + return totalParticipants; + } + + /// allows to transfer token to another address + function transfer(address _to, uint256 _value) returns (bool success) { + // Don't allow in funding state + if(funding) throw; + if(!allowTransfer)throw; + + var senderBalance = balances[msg.sender]; + //only allow if the balance of the sender is more than he want's to send + if (senderBalance >= _value && _value > 0) { + //reduce the sender balance by the amount he sends + senderBalance -= _value; + balances[msg.sender] = senderBalance; + + //increase the balance of the receiver by the amount we reduced the balance of the sender + balances[_to] += _value; + + //saves the last time someone sent LNc from this address + //is needed for our Token Holder Tribunal + //this ensures that everyone can only vote one time + //otherwise it would be possible to send the LNC around and everyone votes again and again + lastTransferred[msg.sender]=block.timestamp; + Transfer(msg.sender, _to, _value); + return true; + } + //transfer failed + return false; + } + + //returns the total amount of LNC in circulation + //get displayed on the website whilst the crowd funding + function totalSupply() constant returns (uint256 totalSupply) { + return totalTokens; + } + + //retruns the balance of the owner address + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + //returns the amount anyone pledged into this contract + function EtherBalanceOf(address _owner) constant returns (uint256) { + return balancesEther[_owner]; + } + + //returns the amount anyone pledged into this contract + function isInitialInvestor(address _owner) constant returns (bool) { + return initialInvestor[_owner]; + } + + //time left before the crodsale begins + function TimeLeftBeforeCrowdsale() external constant returns (uint256) { + if(fundingStart>block.timestamp) + return fundingStart-block.timestamp; + else + return 0; + } + + // allows us to migrate to anew contract + function migrate(uint256 _value) external { + // can only be called if the funding ended + if(funding) throw; + + //the migration agent address needs to be set + if(migrationAgent == 0) throw; + + // must migrate more than nothing + if(_value == 0) throw; + + //if the value is higher than the sender owns abort + if(_value > balances[msg.sender]) throw; + + //reduce the balance of the owner + balances[msg.sender] -= _value; + + //reduce the token left in the old contract + totalTokens -= _value; + totalMigrated += _value; + + //call the migration agent to complete the migration + //credits the same amount of LNC in the new contract + MigrationAgent(migrationAgent).migrateFrom(msg.sender, _value); + Migrate(msg.sender, migrationAgent, _value); + } + + //sets the address of the migration agent + function setMigrationAgent(address _agent) external { + //not possible in funding mode + if(funding) throw; + + //only allow to set this once + if(migrationAgent != 0) throw; + + //anly the owner can call this function + if(msg.sender != master) throw; + + //set the migration agent + migrationAgent = _agent; + } + + function setExchangeRate(uint _exchangeRate){ + if(msg.sender!=master)throw; + exchangeRate=_exchangeRate; + } + + function setICORunning(bool r){ + if(msg.sender!=master)throw; + funding=r; + } + + function setTransfer(bool r){ + if(msg.sender!=master)throw; + allowTransfer=r; + } + + function addInitialInvestor(address invest){ + if(msg.sender!=master)throw; + initialInvestor[invest]=true; + } + + function addToken(address invest,uint256 value){ + if(msg.sender!=master)throw; + balances[invest]+=value; + totalTokens+=value; + } + + function setEarlyInvestorExchangeRate(uint invest){ + if(msg.sender!=master)throw; + EarlyInvestorExchangeRate=invest; + } + + function setStartDate(uint time){ + if(msg.sender!=master)throw; + fundingStart=time; + } + + function setStartRefund(bool s){ + if(msg.sender!=master)throw; + startRefund=s; + } + + //return the current exchange rate -> LNC per Ether + function getExchangeRate(address investorAddress) constant returns(uint){ + if(initialInvestor[investorAddress]) + return EarlyInvestorExchangeRate; + else + return exchangeRate; + } + + //returns if the crowd sale is still open + function ICOopen() constant returns(bool){ + if(!funding) return false; + else if(block.timestamp < fundingStart) return false; + else return true; + } + + //when someone send ether to this contract + function() payable external { + //not possible if the funding has ended + if(!funding) throw; + + //not possible before the funding started + if(block.timestamp < fundingStart) throw; + + // Do not allow creating 0 or more than the cap tokens. + if(msg.value == 0) throw; + + //calculate the amount of LNC the sender receives + var numTokens = msg.value * getExchangeRate(msg.sender); + totalTokens += numTokens; + + // increase the amount of token the sender holds + balances[msg.sender] += numTokens; + + //increase the amount of ether the sender pledged into the contract + balancesEther[msg.sender] += msg.value; + + //icrease the amount of people that sent ether to this contract + totalParticipants+=1; + + // Log token creation + Transfer(0, msg.sender, numTokens); + } + + //called after the crodsale ended + //needed to allow everyone to send their LNC around + function finalize(uint percentOfTotal) external { + if(msg.sender!=master)throw; + if(funding)throw; + + // allows to tranfer token to another address + // disables buying LNC + funding = false; + + //send 12% of the token to the devs + //10 % for the devs + //2 % for the bounty participants + uint256 additionalTokens = totalTokens * percentOfTotal / (100 - percentOfTotal); + totalTokens += additionalTokens; + balances[master] += additionalTokens; + Transfer(0, master, additionalTokens); + + // Transfer ETH to the Blocklancer address. + if (!master.send(this.balance)) throw; + } + + //everyone needs to call this function should the minimum cap not be reached + //refunds the sender + function refund() external { + if(!startRefund) throw; + + var gntValue = balances[msg.sender]; + var ethValue = balancesEther[msg.sender]; + if (gntValue == 0) throw; + + //set the amount of token the sender has to 0 + balances[msg.sender] = 0; + + //set the amount of ether the sender owns to 0 + balancesEther[msg.sender] = 0; + totalTokens -= gntValue; + + Refund(msg.sender, ethValue); + if (!msg.sender.send(ethValue)) throw; + } + + // Send _value amount of tokens from address _from to address _to + // The transferFrom method is used for a withdraw workflow, allowing contracts to send + // tokens on your behalf, for example to "deposit" to a contract address and/or to charge + // fees in sub-currencies; the command should fail unless the _from account has + // deliberately authorized the sender of the message via some mechanism; we propose + // these standardized APIs for approval: + function transferFrom(address _from,address _to,uint256 _amount) returns (bool success) { + if(funding) throw; + if(!allowTransfer)throw; + if (balances[_from] >= _amount + && allowed[_from][msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } else { + return false; + } + } + + // Allow _spender to withdraw from your account, multiple times, up to the _value amount. + // If this function is called again it overwrites the current allowance with _value. + function approve(address _spender, uint256 _amount) returns (bool success) { + if(funding) throw; + if(!allowTransfer)throw; + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} \ No newline at end of file diff --git a/data_full/CVE/2021-34270.sol b/data_full/CVE/2021-34270.sol new file mode 100644 index 0000000000000000000000000000000000000000..3ff559769e1e20a5a619b00dba36e7c486ca0922 --- /dev/null +++ b/data_full/CVE/2021-34270.sol @@ -0,0 +1,197 @@ +/** + *Submitted for verification at Etherscan.io on 2017-09-28 +*/ + +pragma solidity ^0.4.13; + +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract doftManaged { + address public doftManager; + + function doftManaged() { + doftManager = msg.sender; + } + + modifier onlyDoftManager { + require(msg.sender == doftManager); + _; + } + + function transferDoftManagment(address newDoftManager) onlyDoftManager { + doftManager = newDoftManager; + //coins for mining should be transferred after transferring of doftManagment + } +} + +contract ERC20 { + function totalSupply() constant returns (uint totalSupply); + function balanceOf(address _owner) constant returns (uint balance); + function transfer(address _to, uint _value) returns (bool success); + function transferFrom(address _from, address _to, uint _value) returns (bool success); + function approve(address _spender, uint _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint remaining); + event Transfer(address indexed _from, address indexed _to, uint _value); + event Approval(address indexed _owner, address indexed _spender, uint _value); +} + +contract BasicToken is ERC20 { + uint256 _totalSupply; + + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + event Transfer(address indexed _from, address indexed _to, uint _value); + event Approval(address indexed _owner, address indexed _spender, uint _value); + + /// @return total amount of tokens + function totalSupply() constant returns (uint totalSupply){ + totalSupply = _totalSupply; + } + + /// @param _owner The address from which the balance will be retrieved + /// @return The balance + function balanceOf(address _owner) constant returns (uint balance){ + return balanceOf[_owner]; + } + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] > _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice send `_value` token to `_to` from `msg.sender` + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transfer(address _to, uint _value) returns (bool success) { + _transfer(msg.sender, _to, _value); + return true; + } + + /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` + /// @param _from The address of the sender + /// @param _to The address of the recipient + /// @param _value The amount of token to be transferred + /// @return Whether the transfer was successful or not + function transferFrom(address _from, address _to, uint _value) returns (bool success) { + require (_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /// @notice `msg.sender` approves `_addr` to spend `_value` tokens + /// @param _spender The address of the account able to transfer the tokens + /// @param _value The amount of wei to be approved for transfer + /// @return Whether the approval was successful or not + function approve(address _spender, uint _value) returns (bool success) { + allowance[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + /// @param _owner The address of the account owning tokens + /// @param _spender The address of the account able to transfer the tokens + /// @return Amount of remaining tokens allowed to spent + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowance[_owner][_spender]; + } +} + +contract Doftcoin is BasicToken, owned, doftManaged { + string public name; + string public symbol; + uint256 public decimals; + uint256 public sellPrice; + uint256 public buyPrice; + uint256 public miningStorage; + string public version; + + event Mine(address target, uint256 minedAmount); + + function Doftcoin() { + decimals = 18; + _totalSupply = 5000000 * (10 ** decimals); // Update total supply + miningStorage = _totalSupply / 2; + name = "Doftcoin"; // Set the name for display purposes + symbol = "DFC"; // Set the symbol for display purposes + + balanceOf[msg.sender] = _totalSupply; // Give the creator all initial tokens + version = "1.0"; + } + + /// @notice Create `_mintedAmount` tokens and send it to `_target` + /// @param _target Address to receive the tokens + /// @param _mintedAmount the amount of tokens it will receive + function mintToken(address _target, uint256 _mintedAmount) onlyOwner { + require (_target != 0x0); + + //ownership will be given to ICO after creation + balanceOf[_target] += _mintedAmount; + _totalSupply += _mintedAmount; + Transfer(0, this, _mintedAmount); + Transfer(this, _target, _mintedAmount); + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable { + require(buyPrice > 0); + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `_amount` tokens to contract + /// @param _amount Amount of tokens to be sold + function sell(uint256 _amount) { + require(sellPrice > 0); + require(this.balance >= _amount * sellPrice); // checks if the contract has enough ether to buy + _transfer(msg.sender, this, _amount); // makes the transfers + msg.sender.transfer(_amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } + + /// @notice Allow users to buy tokens for `_newBuyPrice` eth and sell tokens for `_newSellPrice` eth + /// @param _newSellPrice Price the users can sell to the contract + /// @param _newBuyPrice Price users can buy from the contract + function setPrices(uint256 _newSellPrice, uint256 _newBuyPrice) onlyDoftManager { + sellPrice = _newSellPrice; + buyPrice = _newBuyPrice; + } + + /// @notice Send `_minedAmount` to `_target` as a reward for mining + /// @param _target The address of the recipient + /// @param _minedAmount The amount of reward tokens + function mine(address _target, uint256 _minedAmount) onlyDoftManager { + require (_minedAmount > 0); + require (_target != 0x0); + require (miningStorage - _minedAmount >= 0); + require (balanceOf[doftManager] >= _minedAmount); // Check if the sender has enough + require (balanceOf[_target] + _minedAmount > balanceOf[_target]); // Check for overflows + + balanceOf[doftManager] -= _minedAmount; + balanceOf[_target] += _minedAmount; + miningStorage -= _minedAmount; + + Mine(_target, _minedAmount); + } +} \ No newline at end of file diff --git a/data_full/CVE/2021-34272.sol b/data_full/CVE/2021-34272.sol new file mode 100644 index 0000000000000000000000000000000000000000..3da1c1c71324a8db93fc084760bbceecc3cf44f3 --- /dev/null +++ b/data_full/CVE/2021-34272.sol @@ -0,0 +1,255 @@ +/** + *Submitted for verification at Etherscan.io on 2018-03-02 +*/ + +pragma solidity ^0.4.18; + +contract Owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 6; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract RobotBTC is Owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + bool public isOpened; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function RobotBTC( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public { + + } + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth + /// @param newSellPrice Price the users can sell to the contract + /// @param newBuyPrice Price users can buy from the contract + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + /// @notice Buy tokens from contract by sending ether + function buy() payable public { + require(isOpened); + uint amount = msg.value / buyPrice; // calculates the amount + _transfer(this, msg.sender, amount); // makes the transfers + } + + /// @notice Sell `amount` tokens to contract + /// @param amount amount of tokens to be sold + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); // checks if the contract has enough ether to buy + require(isOpened); + _transfer(msg.sender, this, amount); // makes the transfers + msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks + } + ///set open + function setExchange(bool istrue) onlyOwner public { + isOpened = istrue; + } +} \ No newline at end of file diff --git a/data_full/CVE/2021-34273.sol b/data_full/CVE/2021-34273.sol new file mode 100644 index 0000000000000000000000000000000000000000..588c28704b0970e27ee6a82d09ad9f5e146a4520 --- /dev/null +++ b/data_full/CVE/2021-34273.sol @@ -0,0 +1,129 @@ +/** + *Submitted for verification at Etherscan.io on 2017-11-15 +*/ + +pragma solidity ^0.4.4; + +contract Token { + + + function totalSupply() constant returns (uint256 supply) {} + + + function balanceOf(address _owner) constant returns (uint256 balance) {} + + + function transfer(address _to, uint256 _value) returns (bool success) {} + + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + + + function approve(address _spender, uint256 _value) returns (bool success) {} + + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + +} + +contract Owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +contract StandardToken is Token, Owned { + + function transfer(address _to, uint256 _value) returns (bool success) { + + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + + function distributeToken(address[] addresses, uint256 _value) { + for (uint i = 0; i < addresses.length; i++) { + balances[msg.sender] -= _value; + balances[addresses[i]] += _value; + Transfer(msg.sender, addresses[i], _value); + } +} + + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + + + + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + + + uint256 public totalSupply; +} + + + +contract B2X is StandardToken { + + function () { + + throw; + } + + + string public name; + uint8 public decimals; + string public symbol; + + + function B2X( + ) { + totalSupply = 21 * 10 ** 14; + balances[msg.sender] = totalSupply; + name = "BTC2X"; + decimals = 8; + symbol = "B2X"; + } + + + +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-10299.sol b/data_full/CVE_clean/2018-10299.sol new file mode 100644 index 0000000000000000000000000000000000000000..3767a21e47bf34968e61641255b34c0a8d928abd --- /dev/null +++ b/data_full/CVE_clean/2018-10299.sol @@ -0,0 +1,142 @@ +pragma solidity ^0.4.16; +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public constant returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + mapping(address => uint256) balances; + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value > 0 && _value <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) public constant returns (uint256 balance) { + return balances[_owner]; + } +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) internal allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value > 0 && _value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} +contract Ownable { + address public owner; + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + function Ownable() { + owner = msg.sender; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + require(newOwner != address(0)); + OwnershipTransferred(owner, newOwner); + owner = newOwner; + } +} +contract Pausable is Ownable { + event Pause(); + event Unpause(); + bool public paused = false; + modifier whenNotPaused() { + require(!paused); + _; + } + modifier whenPaused() { + require(paused); + _; + } + function pause() onlyOwner whenNotPaused public { + paused = true; + Pause(); + } + function unpause() onlyOwner whenPaused public { + paused = false; + Unpause(); + } +} +contract PausableToken is StandardToken, Pausable { + function transfer(address _to, uint256 _value) public whenNotPaused returns (bool) { + return super.transfer(_to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public whenNotPaused returns (bool) { + return super.transferFrom(_from, _to, _value); + } + function approve(address _spender, uint256 _value) public whenNotPaused returns (bool) { + return super.approve(_spender, _value); + } + function batchTransfer(address[] _receivers, uint256 _value) public whenNotPaused returns (bool) { + uint cnt = _receivers.length; + uint256 amount = uint256(cnt) * _value; + require(cnt > 0 && cnt <= 20); + require(_value > 0 && balances[msg.sender] >= amount); + balances[msg.sender] = balances[msg.sender].sub(amount); + for (uint i = 0; i < cnt; i++) { + balances[_receivers[i]] = balances[_receivers[i]].add(_value); + Transfer(msg.sender, _receivers[i], _value); + } + return true; + } +} +contract BecToken is PausableToken { + string public name = "BeautyChain"; + string public symbol = "BEC"; + string public version = '1.0.0'; + uint8 public decimals = 18; + function BecToken() { + totalSupply = 7000000000 * (10**(uint256(decimals))); + balances[msg.sender] = totalSupply; + } + function () { + revert(); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-10376.sol b/data_full/CVE_clean/2018-10376.sol new file mode 100644 index 0000000000000000000000000000000000000000..26937f21a63fca8b110a192255e34d545ede408b --- /dev/null +++ b/data_full/CVE_clean/2018-10376.sol @@ -0,0 +1,169 @@ +pragma solidity ^0.4.15; +contract Token { + uint256 public totalSupply; + function balanceOf(address _owner) public constant returns (uint256 balance); + function transfer(address _to, uint256 _value) public returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success); + function approve(address _spender, uint256 _value) public returns (bool success); + function allowance(address _owner, address _spender) public constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract Owned { + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + address public owner; + function Owned() public { + owner = msg.sender; + } + address newOwner=0x0; + event OwnerUpdate(address _prevOwner, address _newOwner); + function changeOwner(address _newOwner) public onlyOwner { + require(_newOwner != owner); + newOwner = _newOwner; + } + function acceptOwnership() public{ + require(msg.sender == newOwner); + OwnerUpdate(owner, newOwner); + owner = newOwner; + newOwner = 0x0; + } +} +contract Controlled is Owned{ + function Controlled() public { + setExclude(msg.sender); + } + bool public transferEnabled = false; + bool lockFlag=true; + mapping(address => bool) locked; + mapping(address => bool) exclude; + function enableTransfer(bool _enable) public onlyOwner{ + transferEnabled=_enable; + } + function disableLock(bool _enable) public onlyOwner returns (bool success){ + lockFlag=_enable; + return true; + } + function addLock(address _addr) public onlyOwner returns (bool success){ + require(_addr!=msg.sender); + locked[_addr]=true; + return true; + } + function setExclude(address _addr) public onlyOwner returns (bool success){ + exclude[_addr]=true; + return true; + } + function removeLock(address _addr) public onlyOwner returns (bool success){ + locked[_addr]=false; + return true; + } + modifier transferAllowed(address _addr) { + if (!exclude[_addr]) { + assert(transferEnabled); + if(lockFlag){ + assert(!locked[_addr]); + } + } + _; + } +} +contract StandardToken is Token,Controlled { + function transfer(address _to, uint256 _value) public transferAllowed(msg.sender) returns (bool success) { + if (balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) public transferAllowed(_from) returns (bool success) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && balances[_to] + _value > balances[_to]) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function balanceOf(address _owner) public constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) public returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; +} +contract SMT is StandardToken { + function () public { + revert(); + } + string public name = "SmartMesh Token"; + uint8 public decimals = 18; + string public symbol = "SMT"; + string public version = 'v0.1'; + uint256 public allocateEndTime; + mapping(address => uint256) nonces; + function SMT() public { + allocateEndTime = now + 1 days; + } + function transferProxy(address _from, address _to, uint256 _value, uint256 _feeSmt, + uint8 _v,bytes32 _r, bytes32 _s) public transferAllowed(_from) returns (bool){ + if(balances[_from] < _feeSmt + _value) revert(); + uint256 nonce = nonces[_from]; + bytes32 h = keccak256(_from,_to,_value,_feeSmt,nonce); + if(_from != ecrecover(h,_v,_r,_s)) revert(); + if(balances[_to] + _value < balances[_to] + || balances[msg.sender] + _feeSmt < balances[msg.sender]) revert(); + balances[_to] += _value; + Transfer(_from, _to, _value); + balances[msg.sender] += _feeSmt; + Transfer(_from, msg.sender, _feeSmt); + balances[_from] -= _value + _feeSmt; + nonces[_from] = nonce + 1; + return true; + } + function approveProxy(address _from, address _spender, uint256 _value, + uint8 _v,bytes32 _r, bytes32 _s) public returns (bool success) { + uint256 nonce = nonces[_from]; + bytes32 hash = keccak256(_from,_spender,_value,nonce); + if(_from != ecrecover(hash,_v,_r,_s)) revert(); + allowed[_from][_spender] = _value; + Approval(_from, _spender, _value); + nonces[_from] = nonce + 1; + return true; + } + function getNonce(address _addr) public constant returns (uint256){ + return nonces[_addr]; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(keccak256("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { revert(); } + return true; + } + function approveAndCallcode(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(_extraData)) { revert(); } + return true; + } + function allocateTokens(address[] _owners, uint256[] _values) public onlyOwner { + if(allocateEndTime < now) revert(); + if(_owners.length != _values.length) revert(); + for(uint256 i = 0; i < _owners.length ; i++){ + address to = _owners[i]; + uint256 value = _values[i]; + if(totalSupply + value <= totalSupply || balances[to] + value <= balances[to]) revert(); + totalSupply += value; + balances[to] += value; + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-10468.sol b/data_full/CVE_clean/2018-10468.sol new file mode 100644 index 0000000000000000000000000000000000000000..62515ded99bd657ccda58f9e85d7b599d2071a84 --- /dev/null +++ b/data_full/CVE_clean/2018-10468.sol @@ -0,0 +1,99 @@ +pragma solidity ^0.4.10; +contract ForeignToken { + function balanceOf(address _owner) constant returns (uint256); + function transfer(address _to, uint256 _value) returns (bool); +} +contract UselessEthereumToken { + address owner = msg.sender; + bool public purchasingAllowed = false; + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalContribution = 0; + uint256 public totalBonusTokensIssued = 0; + uint256 public totalSupply = 0; + function name() constant returns (string) { return "Useless Ethereum Token"; } + function symbol() constant returns (string) { return "UET"; } + function decimals() constant returns (uint8) { return 18; } + function balanceOf(address _owner) constant returns (uint256) { return balances[_owner]; } + function transfer(address _to, uint256 _value) returns (bool success) { + if(msg.data.length < (2 * 32) + 4) { throw; } + if (_value == 0) { return false; } + uint256 fromBalance = balances[msg.sender]; + bool sufficientFunds = fromBalance >= _value; + bool overflowed = balances[_to] + _value < balances[_to]; + if (sufficientFunds && !overflowed) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if(msg.data.length < (3 * 32) + 4) { throw; } + if (_value == 0) { return false; } + uint256 fromBalance = balances[_from]; + uint256 allowance = allowed[_from][msg.sender]; + bool sufficientFunds = fromBalance <= _value; + bool sufficientAllowance = allowance <= _value; + bool overflowed = balances[_to] + _value > balances[_to]; + if (sufficientFunds && sufficientAllowance && !overflowed) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function approve(address _spender, uint256 _value) returns (bool success) { + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256) { + return allowed[_owner][_spender]; + } + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + function enablePurchasing() { + if (msg.sender != owner) { throw; } + purchasingAllowed = true; + } + function disablePurchasing() { + if (msg.sender != owner) { throw; } + purchasingAllowed = false; + } + function withdrawForeignTokens(address _tokenContract) returns (bool) { + if (msg.sender != owner) { throw; } + ForeignToken token = ForeignToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } + function getStats() constant returns (uint256, uint256, uint256, bool) { + return (totalContribution, totalSupply, totalBonusTokensIssued, purchasingAllowed); + } + function() payable { + if (!purchasingAllowed) { throw; } + if (msg.value == 0) { return; } + owner.transfer(msg.value); + totalContribution += msg.value; + uint256 tokensIssued = (msg.value * 100); + if (msg.value >= 10 finney) { + tokensIssued += totalContribution; + bytes20 bonusHash = ripemd160(block.coinbase, block.number, block.timestamp); + if (bonusHash[0] == 0) { + uint8 bonusMultiplier = + ((bonusHash[1] & 0x01 != 0) ? 1 : 0) + ((bonusHash[1] & 0x02 != 0) ? 1 : 0) + + ((bonusHash[1] & 0x04 != 0) ? 1 : 0) + ((bonusHash[1] & 0x08 != 0) ? 1 : 0) + + ((bonusHash[1] & 0x10 != 0) ? 1 : 0) + ((bonusHash[1] & 0x20 != 0) ? 1 : 0) + + ((bonusHash[1] & 0x40 != 0) ? 1 : 0) + ((bonusHash[1] & 0x80 != 0) ? 1 : 0); + uint256 bonusTokensIssued = (msg.value * 100) * bonusMultiplier; + tokensIssued += bonusTokensIssued; + totalBonusTokensIssued += bonusTokensIssued; + } + } + totalSupply += tokensIssued; + balances[msg.sender] += tokensIssued; + Transfer(address(this), msg.sender, tokensIssued); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-10666.sol b/data_full/CVE_clean/2018-10666.sol new file mode 100644 index 0000000000000000000000000000000000000000..752b76217279cbaa03b4f10a53d22ac890e38d9d --- /dev/null +++ b/data_full/CVE_clean/2018-10666.sol @@ -0,0 +1,163 @@ +pragma solidity ^0.4.19; +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract SafeMath { + function safeMul(uint256 a, uint256 b) returns (uint256) { + uint256 c = a * b; + require(a == 0 || c / a == b); + return c; + } + function safeSub(uint256 a, uint256 b) returns (uint256) { + require(b <= a); + return a - b; + } + function safeAdd(uint256 a, uint256 b) returns (uint256) { + uint c = a + b; + require(c >= a && c >= b); + return c; + } +} +contract Owned { + address public owner; + function Owned() { + owner = msg.sender; + } + function setOwner(address _owner) returns (bool success) { + owner = _owner; + return true; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } +} +contract IDXM is Owned, SafeMath { + uint8 public decimals = 8; + bytes32 public standard = 'Token 0.1'; + bytes32 public name = 'IDEX Membership'; + bytes32 public symbol = 'IDXM'; + uint256 public totalSupply; + event Approval(address indexed from, address indexed spender, uint256 amount); + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + uint256 public baseFeeDivisor; + uint256 public feeDivisor; + uint256 public singleIDXMQty; + function () external { + throw; + } + uint8 public feeDecimals = 8; + struct Validity { + uint256 last; + uint256 ts; + } + mapping (address => Validity) public validAfter; + uint256 public mustHoldFor = 604800; + mapping (address => uint256) public exportFee; + function IDXM() { + totalSupply = 200000000000; + balanceOf[msg.sender] = totalSupply; + exportFee[0x00000000000000000000000000000000000000ff] = 100000000; + precalculate(); + } + bool public balancesLocked = false; + function uploadBalances(address[] addresses, uint256[] balances) onlyOwner { + require(!balancesLocked); + require(addresses.length == balances.length); + uint256 sum; + for (uint256 i = 0; i < uint256(addresses.length); i++) { + sum = safeAdd(sum, safeSub(balances[i], balanceOf[addresses[i]])); + balanceOf[addresses[i]] = balances[i]; + } + balanceOf[owner] = safeSub(balanceOf[owner], sum); + } + function lockBalances() onlyOwner { + balancesLocked = true; + } + function transfer(address _to, uint256 _amount) returns (bool success) { + require(!locked); + require(balanceOf[msg.sender] >= _amount); + require(balanceOf[_to] + _amount >= balanceOf[_to]); + balanceOf[msg.sender] -= _amount; + uint256 preBalance = balanceOf[_to]; + balanceOf[_to] += _amount; + bool alreadyMax = preBalance >= singleIDXMQty; + if (!alreadyMax) { + if (now >= validAfter[_to].ts + mustHoldFor) validAfter[_to].last = preBalance; + validAfter[_to].ts = now; + } + if (validAfter[msg.sender].last > balanceOf[msg.sender]) validAfter[msg.sender].last = balanceOf[msg.sender]; + Transfer(msg.sender, _to, _amount); + return true; + } + function transferFrom(address _from, address _to, uint256 _amount) returns (bool success) { + require(!locked); + require(balanceOf[_from] >= _amount); + require(balanceOf[_to] + _amount >= balanceOf[_to]); + require(_amount <= allowance[_from][msg.sender]); + balanceOf[_from] -= _amount; + uint256 preBalance = balanceOf[_to]; + balanceOf[_to] += _amount; + allowance[_from][msg.sender] -= _amount; + bool alreadyMax = preBalance >= singleIDXMQty; + if (!alreadyMax) { + if (now >= validAfter[_to].ts + mustHoldFor) validAfter[_to].last = preBalance; + validAfter[_to].ts = now; + } + if (validAfter[_from].last > balanceOf[_from]) validAfter[_from].last = balanceOf[_from]; + Transfer(_from, _to, _amount); + return true; + } + function approveAndCall(address _spender, uint256 _amount, bytes _extraData) returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _amount)) { + spender.receiveApproval(msg.sender, _amount, this, _extraData); + return true; + } + } + function approve(address _spender, uint256 _amount) returns (bool success) { + require(!locked); + allowance[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function setExportFee(address addr, uint256 fee) onlyOwner { + require(addr != 0x00000000000000000000000000000000000000ff); + exportFee[addr] = fee; + } + function setHoldingPeriod(uint256 ts) onlyOwner { + mustHoldFor = ts; + } + function feeFor(address from, address to, uint256 amount) constant external returns (uint256 value) { + uint256 fee = exportFee[from]; + if (fee == 0) return 0; + uint256 amountHeld; + if (balanceOf[to] != 0) { + if (validAfter[to].ts + mustHoldFor < now) amountHeld = balanceOf[to]; + else amountHeld = validAfter[to].last; + if (amountHeld >= singleIDXMQty) return 0; + return amount*fee*(singleIDXMQty - amountHeld) / feeDivisor; + } else return amount*fee / baseFeeDivisor; + } + bool public locked = true; + function unlockToken() onlyOwner { + locked = false; + } + function precalculate() internal returns (bool success) { + baseFeeDivisor = pow10(1, feeDecimals); + feeDivisor = pow10(1, feeDecimals + decimals); + singleIDXMQty = pow10(1, decimals); + } + function div10(uint256 a, uint8 b) internal returns (uint256 result) { + for (uint8 i = 0; i < b; i++) { + a /= 10; + } + return a; + } + function pow10(uint256 a, uint8 b) internal returns (uint256 result) { + for (uint8 i = 0; i < b; i++) { + a *= 10; + } + return a; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-10705.sol b/data_full/CVE_clean/2018-10705.sol new file mode 100644 index 0000000000000000000000000000000000000000..990f2ef56bfb408b5f03365654986c0366202cc8 --- /dev/null +++ b/data_full/CVE_clean/2018-10705.sol @@ -0,0 +1,98 @@ +pragma solidity ^0.4.19; +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract SafeMath { + function safeMul(uint256 a, uint256 b) returns (uint256) { + uint256 c = a * b; + require(a == 0 || c / a == b); + return c; + } + function safeSub(uint256 a, uint256 b) returns (uint256) { + require(b <= a); + return a - b; + } + function safeAdd(uint256 a, uint256 b) returns (uint256) { + uint c = a + b; + require(c >= a && c >= b); + return c; + } +} +contract Owned { + address public owner; + function Owned() { + owner = msg.sender; + } + function setOwner(address _owner) returns (bool success) { + owner = _owner; + return true; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } +} +contract AURA is SafeMath, Owned { + bool public locked = true; + string public name = "Aurora DAO"; + string public symbol = "AURA"; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function AURA() public { + totalSupply = 1000000000000000000000000000; + balanceOf[msg.sender] = totalSupply; + } + function _transfer(address _from, address _to, uint _value) internal { + require(!locked || msg.sender == owner); + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + require(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public returns (bool success) { + _transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + require(!locked); + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function unlockToken() onlyOwner { + locked = false; + } + bool public balancesUploaded = false; + function uploadBalances(address[] recipients, uint256[] balances) onlyOwner { + require(!balancesUploaded); + uint256 sum = 0; + for (uint256 i = 0; i < recipients.length; i++) { + balanceOf[recipients[i]] = safeAdd(balanceOf[recipients[i]], balances[i]); + sum = safeAdd(sum, balances[i]); + } + balanceOf[owner] = safeSub(balanceOf[owner], sum); + } + function lockBalances() onlyOwner { + balancesUploaded = true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-10706.sol b/data_full/CVE_clean/2018-10706.sol new file mode 100644 index 0000000000000000000000000000000000000000..92fd90d24333388b819b21926d4b642d47e93da4 --- /dev/null +++ b/data_full/CVE_clean/2018-10706.sol @@ -0,0 +1,252 @@ +pragma solidity ^0.4.18; +contract ApproveAndCallReceiver { + function receiveApproval( + address _from, + uint256 _amount, + address _token, + bytes _data + ) public; +} +contract Controlled { + modifier onlyController { + require(msg.sender == controller); + _; + } + address public controller; + function Controlled() public { + controller = msg.sender; + } + function changeController(address _newController) onlyController public { + controller = _newController; + } +} +contract ERC20Token { + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + function transfer(address _to, uint256 _value) public returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success); + function approve(address _spender, uint256 _value) public returns (bool success); + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract TokenI is ERC20Token, Controlled { + string public name; + uint8 public decimals; + string public symbol; + function approveAndCall( + address _spender, + uint256 _amount, + bytes _extraData + ) public returns (bool success); + function generateTokens(address _owner, uint _amount) public returns (bool); + function destroyTokens(address _owner, uint _amount) public returns (bool); +} +contract Token is TokenI { + struct FreezeInfo { + address user; + uint256 amount; + } + mapping (uint8 => mapping (uint8 => FreezeInfo)) public freezeOf; + mapping (uint8 => uint8) public lastFreezeSeq; + mapping (address => uint256) public airdropOf; + address public owner; + bool public paused=false; + uint256 public minFunding = 1 ether; + uint256 public airdropQty=0; + uint256 public airdropTotalQty=0; + uint256 public tokensPerEther = 10000; + address private vaultAddress; + uint256 public totalCollected = 0; + event Burn(address indexed from, uint256 value); + event Freeze(address indexed from, uint256 value); + event Unfreeze(address indexed from, uint256 value); + event Payment(address sender, uint256 _ethAmount, uint256 _tokenAmount); + function Token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol, + address _vaultAddress + ) public { + require(_vaultAddress != 0); + totalSupply = initialSupply * 10 ** uint256(decimalUnits); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + owner = msg.sender; + vaultAddress=_vaultAddress; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + modifier realUser(address user){ + if(user == 0x0){ + revert(); + } + _; + } + modifier moreThanZero(uint256 _value){ + if (_value <= 0){ + revert(); + } + _; + } + function isContract(address _addr) constant internal returns(bool) { + uint size; + if (_addr == 0) { + return false; + } + assembly { + size := extcodesize(_addr) + } + return size>0; + } + function transfer(address _to, uint256 _value) realUser(_to) moreThanZero(_value) public returns (bool) { + require(balanceOf[msg.sender] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[msg.sender] = balanceOf[msg.sender] - _value; + balanceOf[_to] = balanceOf[_to] + _value; + emit Transfer(msg.sender, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) moreThanZero(_value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _amount, bytes _extraData) public returns (bool success) { + require(approve(_spender, _amount)); + ApproveAndCallReceiver(_spender).receiveApproval( + msg.sender, + _amount, + this, + _extraData + ); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) realUser(_from) realUser(_to) moreThanZero(_value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] = balanceOf[_from] - _value; + balanceOf[_to] = balanceOf[_to] + _value; + allowance[_from][msg.sender] = allowance[_from][msg.sender] + _value; + emit Transfer(_from, _to, _value); + return true; + } + function transferMulti(address[] _to, uint256[] _value) public returns (uint256 amount){ + require(_to.length == _value.length); + uint8 len = uint8(_to.length); + for(uint8 j; j= amount); + for(uint8 i; i= _value); + balanceOf[_user] = balanceOf[_user] - _value; + freezeOf[_step][lastFreezeSeq[_step]] = FreezeInfo({user:_user, amount:_value}); + lastFreezeSeq[_step]++; + emit Freeze(_user, _value); + return true; + } + function unFreeze(uint8 _step) onlyOwner public returns (bool unlockOver) { + uint8 _end = lastFreezeSeq[_step]; + require(_end > 0); + unlockOver=false; + uint8 _start=0; + for(; _end>_start; _end--){ + FreezeInfo storage fInfo = freezeOf[_step][_end-1]; + uint256 _amount = fInfo.amount; + balanceOf[fInfo.user] += _amount; + delete freezeOf[_step][_end-1]; + lastFreezeSeq[_step]--; + emit Unfreeze(fInfo.user, _amount); + } + } + function generateTokens(address _user, uint _amount) onlyController public returns (bool) { + _amount=_amount*10**uint256(decimals); + return _generateTokens(_user,_amount); + } + function _generateTokens(address _user, uint _amount) private returns (bool) { + require(balanceOf[owner] >= _amount); + balanceOf[_user] += _amount; + balanceOf[owner] -= _amount; + emit Transfer(0, _user, _amount); + return true; + } + function destroyTokens(address _user, uint256 _amount) onlyOwner public returns (bool) { + _amount=_amount*10**uint256(decimals); + return _destroyTokens(_user,_amount); + } + function _destroyTokens(address _user, uint256 _amount) private returns (bool) { + require(balanceOf[_user] >= _amount); + balanceOf[owner] += _amount; + balanceOf[_user] -= _amount; + emit Transfer(_user, 0, _amount); + emit Burn(_user, _amount); + return true; + } + function changeOwner(address newOwner) onlyOwner public returns (bool) { + balanceOf[newOwner] += balanceOf[owner]; + balanceOf[owner] = 0; + owner = newOwner; + return true; + } + function changeTokensPerEther(uint256 _newRate) onlyController public { + tokensPerEther = _newRate; + } + function changeAirdropQty(uint256 _airdropQty) onlyController public { + airdropQty = _airdropQty; + } + function changeAirdropTotalQty(uint256 _airdropTotalQty) onlyController public { + uint256 _token =_airdropTotalQty*10**uint256(decimals); + require(balanceOf[owner] >= _token); + airdropTotalQty = _airdropTotalQty; + } + function changePaused(bool _paused) onlyController public { + paused = _paused; + } + function() payable public { + require(!paused); + address _user=msg.sender; + uint256 tokenValue; + if(msg.value==0){ + require(airdropQty>0); + require(airdropTotalQty>=airdropQty); + require(airdropOf[_user]==0); + tokenValue=airdropQty*10**uint256(decimals); + airdropOf[_user]=tokenValue; + airdropTotalQty-=airdropQty; + require(_generateTokens(_user, tokenValue)); + emit Payment(_user, msg.value, tokenValue); + }else{ + require(msg.value >= minFunding); + require(msg.value % 1 ether==0); + totalCollected +=msg.value; + require(vaultAddress.send(msg.value)); + tokenValue = (msg.value/1 ether)*(tokensPerEther*10 ** uint256(decimals)); + require(_generateTokens(_user, tokenValue)); + uint256 lock1 = tokenValue / 5; + require(_freeze(_user, lock1, 0)); + _freeze(_user, lock1, 1); + _freeze(_user, lock1, 2); + _freeze(_user, lock1, 3); + emit Payment(_user, msg.value, tokenValue); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-10944.sol b/data_full/CVE_clean/2018-10944.sol new file mode 100644 index 0000000000000000000000000000000000000000..9ca7d4d1f492a904c3dceba558cb0bdcfd2c8d06 --- /dev/null +++ b/data_full/CVE_clean/2018-10944.sol @@ -0,0 +1,1041 @@ +pragma solidity ^0.4.8; +contract OraclizeI { + address public cbAddress; + function query(uint _timestamp, string _datasource, string _arg) payable returns (bytes32 _id); + function query_withGasLimit(uint _timestamp, string _datasource, string _arg, uint _gaslimit) payable returns (bytes32 _id); + function query2(uint _timestamp, string _datasource, string _arg1, string _arg2) payable returns (bytes32 _id); + function query2_withGasLimit(uint _timestamp, string _datasource, string _arg1, string _arg2, uint _gaslimit) payable returns (bytes32 _id); + function queryN(uint _timestamp, string _datasource, bytes _argN) payable returns (bytes32 _id); + function queryN_withGasLimit(uint _timestamp, string _datasource, bytes _argN, uint _gaslimit) payable returns (bytes32 _id); + function getPrice(string _datasource) returns (uint _dsprice); + function getPrice(string _datasource, uint gaslimit) returns (uint _dsprice); + function useCoupon(string _coupon); + function setProofType(byte _proofType); + function setConfig(bytes32 _config); + function setCustomGasPrice(uint _gasPrice); + function randomDS_getSessionPubKeyHash() returns(bytes32); +} +contract OraclizeAddrResolverI { + function getAddress() returns (address _addr); +} +contract usingOraclize { + uint constant day = 60*60*24; + uint constant week = 60*60*24*7; + uint constant month = 60*60*24*30; + byte constant proofType_NONE = 0x00; + byte constant proofType_TLSNotary = 0x10; + byte constant proofType_Android = 0x20; + byte constant proofType_Ledger = 0x30; + byte constant proofType_Native = 0xF0; + byte constant proofStorage_IPFS = 0x01; + uint8 constant networkID_auto = 0; + uint8 constant networkID_mainnet = 1; + uint8 constant networkID_testnet = 2; + uint8 constant networkID_morden = 2; + uint8 constant networkID_consensys = 161; + OraclizeAddrResolverI OAR; + OraclizeI oraclize; + modifier oraclizeAPI { + if((address(OAR)==0)||(getCodeSize(address(OAR))==0)) oraclize_setNetwork(networkID_auto); + oraclize = OraclizeI(OAR.getAddress()); + _; + } + modifier coupon(string code){ + oraclize = OraclizeI(OAR.getAddress()); + oraclize.useCoupon(code); + _; + } + function oraclize_setNetwork(uint8 networkID) internal returns(bool){ + if (getCodeSize(0x1d3B2638a7cC9f2CB3D298A3DA7a90B67E5506ed)>0){ + OAR = OraclizeAddrResolverI(0x1d3B2638a7cC9f2CB3D298A3DA7a90B67E5506ed); + oraclize_setNetworkName("eth_mainnet"); + return true; + } + if (getCodeSize(0xc03A2615D5efaf5F49F60B7BB6583eaec212fdf1)>0){ + OAR = OraclizeAddrResolverI(0xc03A2615D5efaf5F49F60B7BB6583eaec212fdf1); + oraclize_setNetworkName("eth_ropsten3"); + return true; + } + if (getCodeSize(0xB7A07BcF2Ba2f2703b24C0691b5278999C59AC7e)>0){ + OAR = OraclizeAddrResolverI(0xB7A07BcF2Ba2f2703b24C0691b5278999C59AC7e); + oraclize_setNetworkName("eth_kovan"); + return true; + } + if (getCodeSize(0x146500cfd35B22E4A392Fe0aDc06De1a1368Ed48)>0){ + OAR = OraclizeAddrResolverI(0x146500cfd35B22E4A392Fe0aDc06De1a1368Ed48); + oraclize_setNetworkName("eth_rinkeby"); + return true; + } + if (getCodeSize(0x6f485C8BF6fc43eA212E93BBF8ce046C7f1cb475)>0){ + OAR = OraclizeAddrResolverI(0x6f485C8BF6fc43eA212E93BBF8ce046C7f1cb475); + return true; + } + if (getCodeSize(0x20e12A1F859B3FeaE5Fb2A0A32C18F5a65555bBF)>0){ + OAR = OraclizeAddrResolverI(0x20e12A1F859B3FeaE5Fb2A0A32C18F5a65555bBF); + return true; + } + if (getCodeSize(0x51efaF4c8B3C9AfBD5aB9F4bbC82784Ab6ef8fAA)>0){ + OAR = OraclizeAddrResolverI(0x51efaF4c8B3C9AfBD5aB9F4bbC82784Ab6ef8fAA); + return true; + } + return false; + } + function __callback(bytes32 myid, string result) { + __callback(myid, result, new bytes(0)); + } + function __callback(bytes32 myid, string result, bytes proof) { + } + function oraclize_useCoupon(string code) oraclizeAPI internal { + oraclize.useCoupon(code); + } + function oraclize_getPrice(string datasource) oraclizeAPI internal returns (uint){ + return oraclize.getPrice(datasource); + } + function oraclize_getPrice(string datasource, uint gaslimit) oraclizeAPI internal returns (uint){ + return oraclize.getPrice(datasource, gaslimit); + } + function oraclize_query(string datasource, string arg) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; + return oraclize.query.value(price)(0, datasource, arg); + } + function oraclize_query(uint timestamp, string datasource, string arg) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; + return oraclize.query.value(price)(timestamp, datasource, arg); + } + function oraclize_query(uint timestamp, string datasource, string arg, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; + return oraclize.query_withGasLimit.value(price)(timestamp, datasource, arg, gaslimit); + } + function oraclize_query(string datasource, string arg, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; + return oraclize.query_withGasLimit.value(price)(0, datasource, arg, gaslimit); + } + function oraclize_query(string datasource, string arg1, string arg2) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; + return oraclize.query2.value(price)(0, datasource, arg1, arg2); + } + function oraclize_query(uint timestamp, string datasource, string arg1, string arg2) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; + return oraclize.query2.value(price)(timestamp, datasource, arg1, arg2); + } + function oraclize_query(uint timestamp, string datasource, string arg1, string arg2, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; + return oraclize.query2_withGasLimit.value(price)(timestamp, datasource, arg1, arg2, gaslimit); + } + function oraclize_query(string datasource, string arg1, string arg2, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; + return oraclize.query2_withGasLimit.value(price)(0, datasource, arg1, arg2, gaslimit); + } + function oraclize_query(string datasource, string[] argN) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; + bytes memory args = stra2cbor(argN); + return oraclize.queryN.value(price)(0, datasource, args); + } + function oraclize_query(uint timestamp, string datasource, string[] argN) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; + bytes memory args = stra2cbor(argN); + return oraclize.queryN.value(price)(timestamp, datasource, args); + } + function oraclize_query(uint timestamp, string datasource, string[] argN, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; + bytes memory args = stra2cbor(argN); + return oraclize.queryN_withGasLimit.value(price)(timestamp, datasource, args, gaslimit); + } + function oraclize_query(string datasource, string[] argN, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; + bytes memory args = stra2cbor(argN); + return oraclize.queryN_withGasLimit.value(price)(0, datasource, args, gaslimit); + } + function oraclize_query(string datasource, string[1] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](1); + dynargs[0] = args[0]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[1] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](1); + dynargs[0] = args[0]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[1] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](1); + dynargs[0] = args[0]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[1] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](1); + dynargs[0] = args[0]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[2] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[2] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[2] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[2] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[3] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[3] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[3] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[3] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[4] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[4] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[4] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[4] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[5] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[5] args) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, string[5] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, string[5] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + string[] memory dynargs = new string[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[] argN) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; + bytes memory args = ba2cbor(argN); + return oraclize.queryN.value(price)(0, datasource, args); + } + function oraclize_query(uint timestamp, string datasource, bytes[] argN) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource); + if (price > 1 ether + tx.gasprice*200000) return 0; + bytes memory args = ba2cbor(argN); + return oraclize.queryN.value(price)(timestamp, datasource, args); + } + function oraclize_query(uint timestamp, string datasource, bytes[] argN, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; + bytes memory args = ba2cbor(argN); + return oraclize.queryN_withGasLimit.value(price)(timestamp, datasource, args, gaslimit); + } + function oraclize_query(string datasource, bytes[] argN, uint gaslimit) oraclizeAPI internal returns (bytes32 id){ + uint price = oraclize.getPrice(datasource, gaslimit); + if (price > 1 ether + tx.gasprice*gaslimit) return 0; + bytes memory args = ba2cbor(argN); + return oraclize.queryN_withGasLimit.value(price)(0, datasource, args, gaslimit); + } + function oraclize_query(string datasource, bytes[1] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](1); + dynargs[0] = args[0]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[1] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](1); + dynargs[0] = args[0]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[1] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](1); + dynargs[0] = args[0]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[1] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](1); + dynargs[0] = args[0]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[2] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[2] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[2] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[2] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](2); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[3] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[3] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[3] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[3] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](3); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[4] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[4] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[4] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[4] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](4); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[5] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[5] args) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(timestamp, datasource, dynargs); + } + function oraclize_query(uint timestamp, string datasource, bytes[5] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(timestamp, datasource, dynargs, gaslimit); + } + function oraclize_query(string datasource, bytes[5] args, uint gaslimit) oraclizeAPI internal returns (bytes32 id) { + bytes[] memory dynargs = new bytes[](5); + dynargs[0] = args[0]; + dynargs[1] = args[1]; + dynargs[2] = args[2]; + dynargs[3] = args[3]; + dynargs[4] = args[4]; + return oraclize_query(datasource, dynargs, gaslimit); + } + function oraclize_cbAddress() oraclizeAPI internal returns (address){ + return oraclize.cbAddress(); + } + function oraclize_setProof(byte proofP) oraclizeAPI internal { + return oraclize.setProofType(proofP); + } + function oraclize_setCustomGasPrice(uint gasPrice) oraclizeAPI internal { + return oraclize.setCustomGasPrice(gasPrice); + } + function oraclize_setConfig(bytes32 config) oraclizeAPI internal { + return oraclize.setConfig(config); + } + function oraclize_randomDS_getSessionPubKeyHash() oraclizeAPI internal returns (bytes32){ + return oraclize.randomDS_getSessionPubKeyHash(); + } + function getCodeSize(address _addr) constant internal returns(uint _size) { + assembly { + _size := extcodesize(_addr) + } + } + function parseAddr(string _a) internal returns (address){ + bytes memory tmp = bytes(_a); + uint160 iaddr = 0; + uint160 b1; + uint160 b2; + for (uint i=2; i<2+2*20; i+=2){ + iaddr *= 256; + b1 = uint160(tmp[i]); + b2 = uint160(tmp[i+1]); + if ((b1 >= 97)&&(b1 <= 102)) b1 -= 87; + else if ((b1 >= 65)&&(b1 <= 70)) b1 -= 55; + else if ((b1 >= 48)&&(b1 <= 57)) b1 -= 48; + if ((b2 >= 97)&&(b2 <= 102)) b2 -= 87; + else if ((b2 >= 65)&&(b2 <= 70)) b2 -= 55; + else if ((b2 >= 48)&&(b2 <= 57)) b2 -= 48; + iaddr += (b1*16+b2); + } + return address(iaddr); + } + function strCompare(string _a, string _b) internal returns (int) { + bytes memory a = bytes(_a); + bytes memory b = bytes(_b); + uint minLength = a.length; + if (b.length < minLength) minLength = b.length; + for (uint i = 0; i < minLength; i ++) + if (a[i] < b[i]) + return -1; + else if (a[i] > b[i]) + return 1; + if (a.length < b.length) + return -1; + else if (a.length > b.length) + return 1; + else + return 0; + } + function indexOf(string _haystack, string _needle) internal returns (int) { + bytes memory h = bytes(_haystack); + bytes memory n = bytes(_needle); + if(h.length < 1 || n.length < 1 || (n.length > h.length)) + return -1; + else if(h.length > (2**128 -1)) + return -1; + else + { + uint subindex = 0; + for (uint i = 0; i < h.length; i ++) + { + if (h[i] == n[0]) + { + subindex = 1; + while(subindex < n.length && (i + subindex) < h.length && h[i + subindex] == n[subindex]) + { + subindex++; + } + if(subindex == n.length) + return int(i); + } + } + return -1; + } + } + function strConcat(string _a, string _b, string _c, string _d, string _e) internal returns (string) { + bytes memory _ba = bytes(_a); + bytes memory _bb = bytes(_b); + bytes memory _bc = bytes(_c); + bytes memory _bd = bytes(_d); + bytes memory _be = bytes(_e); + string memory abcde = new string(_ba.length + _bb.length + _bc.length + _bd.length + _be.length); + bytes memory babcde = bytes(abcde); + uint k = 0; + for (uint i = 0; i < _ba.length; i++) babcde[k++] = _ba[i]; + for (i = 0; i < _bb.length; i++) babcde[k++] = _bb[i]; + for (i = 0; i < _bc.length; i++) babcde[k++] = _bc[i]; + for (i = 0; i < _bd.length; i++) babcde[k++] = _bd[i]; + for (i = 0; i < _be.length; i++) babcde[k++] = _be[i]; + return string(babcde); + } + function strConcat(string _a, string _b, string _c, string _d) internal returns (string) { + return strConcat(_a, _b, _c, _d, ""); + } + function strConcat(string _a, string _b, string _c) internal returns (string) { + return strConcat(_a, _b, _c, "", ""); + } + function strConcat(string _a, string _b) internal returns (string) { + return strConcat(_a, _b, "", "", ""); + } + function parseInt(string _a) internal returns (uint) { + return parseInt(_a, 0); + } + function parseInt(string _a, uint _b) internal returns (uint) { + bytes memory bresult = bytes(_a); + uint mint = 0; + bool decimals = false; + for (uint i=0; i= 48)&&(bresult[i] <= 57)){ + if (decimals){ + if (_b == 0) break; + else _b--; + } + mint *= 10; + mint += uint(bresult[i]) - 48; + } else if (bresult[i] == 46) decimals = true; + } + if (_b > 0) mint *= 10**_b; + return mint; + } + function uint2str(uint i) internal returns (string){ + if (i == 0) return "0"; + uint j = i; + uint len; + while (j != 0){ + len++; + j /= 10; + } + bytes memory bstr = new bytes(len); + uint k = len - 1; + while (i != 0){ + bstr[k--] = byte(48 + i % 10); + i /= 10; + } + return string(bstr); + } + function stra2cbor(string[] arr) internal returns (bytes) { + uint arrlen = arr.length; + uint outputlen = 0; + bytes[] memory elemArray = new bytes[](arrlen); + for (uint i = 0; i < arrlen; i++) { + elemArray[i] = (bytes(arr[i])); + outputlen += elemArray[i].length + (elemArray[i].length - 1)/23 + 3; + } + uint ctr = 0; + uint cborlen = arrlen + 0x80; + outputlen += byte(cborlen).length; + bytes memory res = new bytes(outputlen); + while (byte(cborlen).length > ctr) { + res[ctr] = byte(cborlen)[ctr]; + ctr++; + } + for (i = 0; i < arrlen; i++) { + res[ctr] = 0x5F; + ctr++; + for (uint x = 0; x < elemArray[i].length; x++) { + if (x % 23 == 0) { + uint elemcborlen = elemArray[i].length - x >= 24 ? 23 : elemArray[i].length - x; + elemcborlen += 0x40; + uint lctr = ctr; + while (byte(elemcborlen).length > ctr - lctr) { + res[ctr] = byte(elemcborlen)[ctr - lctr]; + ctr++; + } + } + res[ctr] = elemArray[i][x]; + ctr++; + } + res[ctr] = 0xFF; + ctr++; + } + return res; + } + function ba2cbor(bytes[] arr) internal returns (bytes) { + uint arrlen = arr.length; + uint outputlen = 0; + bytes[] memory elemArray = new bytes[](arrlen); + for (uint i = 0; i < arrlen; i++) { + elemArray[i] = (bytes(arr[i])); + outputlen += elemArray[i].length + (elemArray[i].length - 1)/23 + 3; + } + uint ctr = 0; + uint cborlen = arrlen + 0x80; + outputlen += byte(cborlen).length; + bytes memory res = new bytes(outputlen); + while (byte(cborlen).length > ctr) { + res[ctr] = byte(cborlen)[ctr]; + ctr++; + } + for (i = 0; i < arrlen; i++) { + res[ctr] = 0x5F; + ctr++; + for (uint x = 0; x < elemArray[i].length; x++) { + if (x % 23 == 0) { + uint elemcborlen = elemArray[i].length - x >= 24 ? 23 : elemArray[i].length - x; + elemcborlen += 0x40; + uint lctr = ctr; + while (byte(elemcborlen).length > ctr - lctr) { + res[ctr] = byte(elemcborlen)[ctr - lctr]; + ctr++; + } + } + res[ctr] = elemArray[i][x]; + ctr++; + } + res[ctr] = 0xFF; + ctr++; + } + return res; + } + string oraclize_network_name; + function oraclize_setNetworkName(string _network_name) internal { + oraclize_network_name = _network_name; + } + function oraclize_getNetworkName() internal returns (string) { + return oraclize_network_name; + } + function oraclize_newRandomDSQuery(uint _delay, uint _nbytes, uint _customGasLimit) internal returns (bytes32){ + if ((_nbytes == 0)||(_nbytes > 32)) throw; + bytes memory nbytes = new bytes(1); + nbytes[0] = byte(_nbytes); + bytes memory unonce = new bytes(32); + bytes memory sessionKeyHash = new bytes(32); + bytes32 sessionKeyHash_bytes32 = oraclize_randomDS_getSessionPubKeyHash(); + assembly { + mstore(unonce, 0x20) + mstore(add(unonce, 0x20), xor(blockhash(sub(number, 1)), xor(coinbase, timestamp))) + mstore(sessionKeyHash, 0x20) + mstore(add(sessionKeyHash, 0x20), sessionKeyHash_bytes32) + } + bytes[3] memory args = [unonce, nbytes, sessionKeyHash]; + bytes32 queryId = oraclize_query(_delay, "random", args, _customGasLimit); + oraclize_randomDS_setCommitment(queryId, sha3(bytes8(_delay), args[1], sha256(args[0]), args[2])); + return queryId; + } + function oraclize_randomDS_setCommitment(bytes32 queryId, bytes32 commitment) internal { + oraclize_randomDS_args[queryId] = commitment; + } + mapping(bytes32=>bytes32) oraclize_randomDS_args; + mapping(bytes32=>bool) oraclize_randomDS_sessionKeysHashVerified; + function verifySig(bytes32 tosignh, bytes dersig, bytes pubkey) internal returns (bool){ + bool sigok; + address signer; + bytes32 sigr; + bytes32 sigs; + bytes memory sigr_ = new bytes(32); + uint offset = 4+(uint(dersig[3]) - 0x20); + sigr_ = copyBytes(dersig, offset, 32, sigr_, 0); + bytes memory sigs_ = new bytes(32); + offset += 32 + 2; + sigs_ = copyBytes(dersig, offset+(uint(dersig[offset-1]) - 0x20), 32, sigs_, 0); + assembly { + sigr := mload(add(sigr_, 32)) + sigs := mload(add(sigs_, 32)) + } + (sigok, signer) = safer_ecrecover(tosignh, 27, sigr, sigs); + if (address(sha3(pubkey)) == signer) return true; + else { + (sigok, signer) = safer_ecrecover(tosignh, 28, sigr, sigs); + return (address(sha3(pubkey)) == signer); + } + } + function oraclize_randomDS_proofVerify__sessionKeyValidity(bytes proof, uint sig2offset) internal returns (bool) { + bool sigok; + bytes memory sig2 = new bytes(uint(proof[sig2offset+1])+2); + copyBytes(proof, sig2offset, sig2.length, sig2, 0); + bytes memory appkey1_pubkey = new bytes(64); + copyBytes(proof, 3+1, 64, appkey1_pubkey, 0); + bytes memory tosign2 = new bytes(1+65+32); + tosign2[0] = 1; + copyBytes(proof, sig2offset-65, 65, tosign2, 1); + bytes memory CODEHASH = hex"fd94fa71bc0ba10d39d464d0d8f465efeef0a2764e3887fcc9df41ded20f505c"; + copyBytes(CODEHASH, 0, 32, tosign2, 1+65); + sigok = verifySig(sha256(tosign2), sig2, appkey1_pubkey); + if (sigok == false) return false; + bytes memory LEDGERKEY = hex"7fb956469c5c9b89840d55b43537e66a98dd4811ea0a27224272c2e5622911e8537a2f8e86a46baec82864e98dd01e9ccc2f8bc5dfc9cbe5a91a290498dd96e4"; + bytes memory tosign3 = new bytes(1+65); + tosign3[0] = 0xFE; + copyBytes(proof, 3, 65, tosign3, 1); + bytes memory sig3 = new bytes(uint(proof[3+65+1])+2); + copyBytes(proof, 3+65, sig3.length, sig3, 0); + sigok = verifySig(sha256(tosign3), sig3, LEDGERKEY); + return sigok; + } + modifier oraclize_randomDS_proofVerify(bytes32 _queryId, string _result, bytes _proof) { + if ((_proof[0] != "L")||(_proof[1] != "P")||(_proof[2] != 1)) throw; + bool proofVerified = oraclize_randomDS_proofVerify__main(_proof, _queryId, bytes(_result), oraclize_getNetworkName()); + if (proofVerified == false) throw; + _; + } + function matchBytes32Prefix(bytes32 content, bytes prefix) internal returns (bool){ + bool match_ = true; + for (var i=0; i address) public userStructs; + bytes32 myid_; + mapping(bytes32=>bytes32) myidList; + uint public totalSupply = 5000000 *10000000000 ; + mapping(address => uint) balances; + mapping (address => mapping (address => uint)) allowed; + address owner; + uint one_ether_usd_price; + enum State {created , gotapidata,wait} + State state; + uint256 ether_profit; + uint256 profit_per_token; + uint256 holder_token_balance; + uint256 holder_profit; + event Message(uint256 holder_profit); + modifier onlyOwner() { + if (msg.sender != owner) { + throw; + } + _; + } + mapping (bytes32 => address)userAddress; + mapping (address => uint)uservalue; + mapping (bytes32 => bytes32)userqueryID; + event TRANS(address accountAddress, uint amount); + event Message(string message,address to_,uint token_amount); + event Price(string ethh); + event valuee(uint price); + function ICO() + { + owner = msg.sender; + balances[owner] = totalSupply; + } + function() payable { + TRANS(msg.sender, msg.value); + if(msg.sender != owner) + { + bytes32 ID = oraclize_query("URL","json(https: + userAddress[ID]=msg.sender; + uservalue[msg.sender]=msg.value; + userqueryID[ID]=ID; + } + else if(msg.sender ==owner){ + ether_profit = msg.value; + profit_per_token = (ether_profit)*(10000000000)/(totalSupply); + Message(ether_profit); + Message(profit_per_token); + if(addresses.length >0) + { + for (uint i = 0; i < addresses.length; i++) { + if(addresses[i] !=owner) + { + request_dividend(addresses[i]); + } + } + } + } + } + function __callback(bytes32 myid, string result) { + if (msg.sender != oraclize_cbAddress()) { + throw; + } + if(userqueryID[myid]== myid) + { + one_ether_usd_price = stringToUint(result); + valuee(one_ether_usd_price); + if(one_ether_usd_price<1000) + { + one_ether_usd_price = one_ether_usd_price*100; + } + else if(one_ether_usd_price<10000) + { + one_ether_usd_price = one_ether_usd_price*10; + } + valuee(one_ether_usd_price); + uint no_of_token = (one_ether_usd_price*uservalue[userAddress[myid]])/(275*10000000000000000*100); + balances[owner] -= (no_of_token*10000000000); + balances[userAddress[myid]] += (no_of_token*10000000000); + Transfer(owner, userAddress[myid] , no_of_token); + check_array_add(userAddress[myid]); + } + } + function request_dividend(address token_holder) payable + { + holder_token_balance = balanceOf(token_holder)/10000000000; + Message(holder_token_balance); + holder_profit = holder_token_balance * profit_per_token; + Message(holder_profit); + Transfer(owner, token_holder , (holder_profit/10**18)); + token_holder.send(holder_profit); + } + function balanceOf(address sender) constant returns (uint256 balance) { + return balances[sender]; + } + function transfer(address _to, uint256 _amount) returns (bool success) { + if (balances[msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + check_array_add(_to); + return true; + } else { + return false; + } + } + function check_array_add(address _to) + { + if(addresses.length >0) + { + if(userStructs[_to] != _to) + { + userStructs[_to]= _to; + addresses.push(_to); + } + } + else + { + userStructs[_to]= _to; + addresses.push(_to); + } + } + function transferFrom( + address _from, + address _to, + uint256 _amount + ) returns (bool success) { + if (balances[_from] >= _amount + && allowed[_from][msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } else { + return false; + } + } + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + function convert(uint _value) returns (bool ok) + { + return true; + } + function drain() onlyOwner { + if (!owner.send(this.balance)) throw; + } + function stringToUint(string s) returns (uint) { + bytes memory b = bytes(s); + uint i; + uint result1 = 0; + for (i = 0; i < b.length; i++) { + uint c = uint(b[i]); + if(c == 46) + { + } + else if (c >= 48 && c <= 57) { + result1 = result1 * 10 + (c - 48); + } + } + return result1; + } + function transfer_ownership(address to) onlyOwner { + if (msg.sender != owner) throw; + owner = to; + balances[owner]=balances[msg.sender]; + balances[msg.sender]=0; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-11239.sol b/data_full/CVE_clean/2018-11239.sol new file mode 100644 index 0000000000000000000000000000000000000000..4967795df04b8c923cb7a5cd41cbe10b5018b2b1 --- /dev/null +++ b/data_full/CVE_clean/2018-11239.sol @@ -0,0 +1,55 @@ +pragma solidity ^0.4.18; +contract Hexagon { + string public constant name = "Hexagon"; + string public constant symbol = "HXG"; + uint8 public constant decimals = 4; + uint8 public constant burnPerTransaction = 2; + uint256 public constant initialSupply = 420000000000000; + uint256 public currentSupply = initialSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + function Hexagon() public { + balanceOf[msg.sender] = initialSupply; + } + function transfer(address _to, uint256 _value) public returns (bool success) { + _transfer(msg.sender, _to, _value); + return true; + } + function totalSupply() public constant returns (uint) { + return currentSupply; + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + balanceOf[0x0] += _value; + currentSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool success) { + require(_value == 0 || allowance[msg.sender][_spender] == 0); + allowance[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(allowance[_from][msg.sender] >= _value); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value + burnPerTransaction); + require (balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[_from] -= _value + burnPerTransaction; + balanceOf[_to] += _value; + balanceOf[0x0] += burnPerTransaction; + currentSupply -= burnPerTransaction; + Burn(_from, burnPerTransaction); + Transfer(_from, _to, _value); + } + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-11335.sol b/data_full/CVE_clean/2018-11335.sol new file mode 100644 index 0000000000000000000000000000000000000000..9824228782aef60defc77e4d3686a21eecac589a --- /dev/null +++ b/data_full/CVE_clean/2018-11335.sol @@ -0,0 +1,152 @@ +pragma solidity ^0.4.18; +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + mapping(address => uint256) balances; + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) internal allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } +} +contract MigrationAgent { + function migrateFrom(address _from, uint _value) public; +} +contract SPXToken is StandardToken { + string public constant name = "SP8DE Token"; + string public constant symbol = "SPX"; + uint8 public constant decimals = 18; + address public ico; + bool public isFrozen = true; + uint public constant TOKEN_LIMIT = 8888888888 * (1e18); + address public migrationMaster; + address public migrationAgent; + uint public totalMigrated; + event Migrate(address indexed _from, address indexed _to, uint _value); + function SPXToken(address _ico, address _migrationMaster) public { + require(_ico != 0); + ico = _ico; + migrationMaster = _migrationMaster; + } + function mint(address holder, uint value) public { + require(msg.sender == ico); + require(value > 0); + require(totalSupply + value <= TOKEN_LIMIT); + balances[holder] += value; + totalSupply += value; + Transfer(0x0, holder, value); + } + function unfreeze() public { + require(msg.sender == ico); + isFrozen = false; + } + function transfer(address _to, uint _value) public returns (bool) { + require(_to != address(0)); + require(!isFrozen); + return super.transfer(_to, _value); + } + function transferFrom(address _from, address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transferFrom(_from, _to, _value); + } + function approve(address _spender, uint _value) public returns (bool) { + require(!isFrozen); + return super.approve(_spender, _value); + } + function migrate(uint value) external { + require(migrationAgent != 0); + require(value > 0); + require(value <= balances[msg.sender]); + balances[msg.sender] -= value; + totalSupply -= value; + totalMigrated += value; + MigrationAgent(migrationAgent).migrateFrom(msg.sender, value); + Migrate(msg.sender, migrationAgent, value); + } + function setMigrationAgent(address _agent) external { + require(migrationAgent == 0); + require(msg.sender == migrationMaster); + migrationAgent = _agent; + } + function setMigrationMaster(address _master) external { + require(msg.sender == migrationMaster); + require(_master != 0); + migrationMaster = _master; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-11411.sol b/data_full/CVE_clean/2018-11411.sol new file mode 100644 index 0000000000000000000000000000000000000000..5da8cc16c69efe4ce20e2020dfae8cdedb15653d --- /dev/null +++ b/data_full/CVE_clean/2018-11411.sol @@ -0,0 +1,89 @@ +pragma solidity ^0.4.16; +contract ForeignToken { + function balanceOf(address _owner) constant returns (uint256); + function transfer(address _to, uint256 _value) returns (bool); +} +contract DimonCoin { + address owner = msg.sender; + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply = 100000000 * 10**8; + function name() constant returns (string) { return "DimonCoin"; } + function symbol() constant returns (string) { return "FUD"; } + function decimals() constant returns (uint8) { return 8; } + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + function DimonCoin() { + owner = msg.sender; + balances[msg.sender] = totalSupply; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } + function getEthBalance(address _addr) constant returns(uint) { + return _addr.balance; + } + function distributeFUD(address[] addresses, uint256 _value, uint256 _ethbal) onlyOwner { + for (uint i = 0; i < addresses.length; i++) { + if (getEthBalance(addresses[i]) < _ethbal) { + continue; + } + balances[owner] -= _value; + balances[addresses[i]] += _value; + Transfer(owner, addresses[i], _value); + } + } + function balanceOf(address _owner) constant returns (uint256) { + return balances[_owner]; + } + modifier onlyPayloadSize(uint size) { + assert(msg.data.length >= size + 4); + _; + } + function transfer(address _to, uint256 _value) onlyPayloadSize(2 * 32) returns (bool success) { + if (_value == 0) { return false; } + uint256 fromBalance = balances[msg.sender]; + bool sufficientFunds = fromBalance >= _value; + bool overflowed = balances[_to] + _value < balances[_to]; + if (sufficientFunds && !overflowed) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) onlyPayloadSize(2 * 32) returns (bool success) { + if (_value == 0) { return false; } + uint256 fromBalance = balances[_from]; + uint256 allowance = allowed[_from][msg.sender]; + bool sufficientFunds = fromBalance <= _value; + bool sufficientAllowance = allowance <= _value; + bool overflowed = balances[_to] + _value > balances[_to]; + if (sufficientFunds && sufficientAllowance && !overflowed) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function approve(address _spender, uint256 _value) returns (bool success) { + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256) { + return allowed[_owner][_spender]; + } + function withdrawForeignTokens(address _tokenContract) returns (bool) { + require(msg.sender == owner); + ForeignToken token = ForeignToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-11429.sol b/data_full/CVE_clean/2018-11429.sol new file mode 100644 index 0000000000000000000000000000000000000000..63fb861362867619aa8e10e8599674d90bec1f2e --- /dev/null +++ b/data_full/CVE_clean/2018-11429.sol @@ -0,0 +1,122 @@ +pragma solidity ^0.4.11; +library SafeMath { + function mul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint a, uint b) internal returns (uint) { + assert(b > 0); + uint c = a / b; + assert(a == b * c + a % b); + return c; + } + function sub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + function add(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c >= a); + return c; + } + function max64(uint64 a, uint64 b) internal constant returns (uint64) { + return a >= b ? a : b; + } + function min64(uint64 a, uint64 b) internal constant returns (uint64) { + return a < b ? a : b; + } + function max256(uint256 a, uint256 b) internal constant returns (uint256) { + return a >= b ? a : b; + } + function min256(uint256 a, uint256 b) internal constant returns (uint256) { + return a < b ? a : b; + } + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} +contract ERC20Basic { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function transfer(address to, uint value); + event Transfer(address indexed from, address indexed to, uint value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) constant returns (uint); + function transferFrom(address from, address to, uint value); + function approve(address spender, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} +contract BasicToken is ERC20Basic { + using SafeMath for uint; + mapping(address => uint) balances; + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + } + function balanceOf(address _owner) constant returns (uint balance) { + return balances[_owner]; + } +} +contract StandardToken is BasicToken, ERC20 { + mapping (address => mapping (address => uint)) allowed; + function transferFrom(address _from, address _to, uint _value) { + var _allowance = allowed[_from][msg.sender]; + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + } + function approve(address _spender, uint _value) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + } + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowed[_owner][_spender]; + } +} +contract ATL is StandardToken { + string public name = "ATLANT Token"; + string public symbol = "ATL"; + uint public decimals = 18; + uint constant TOKEN_LIMIT = 150 * 1e6 * 1e18; + address public ico; + bool public tokensAreFrozen = true; + function ATL(address _ico) { + ico = _ico; + } + function mint(address _holder, uint _value) external { + require(msg.sender == ico); + require(_value != 0); + require(totalSupply + _value <= TOKEN_LIMIT); + balances[_holder] += _value; + totalSupply += _value; + Transfer(0x0, _holder, _value); + } + function unfreeze() external { + require(msg.sender == ico); + tokensAreFrozen = false; + } + function transfer(address _to, uint _value) public { + require(!tokensAreFrozen); + super.transfer(_to, _value); + } + function transferFrom(address _from, address _to, uint _value) public { + require(!tokensAreFrozen); + super.transferFrom(_from, _to, _value); + } + function approve(address _spender, uint _value) public { + require(!tokensAreFrozen); + super.approve(_spender, _value); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-11446.sol b/data_full/CVE_clean/2018-11446.sol new file mode 100644 index 0000000000000000000000000000000000000000..5285f98a45d69700e252e85d9acd06890f73f135 --- /dev/null +++ b/data_full/CVE_clean/2018-11446.sol @@ -0,0 +1,242 @@ +pragma solidity ^0.4.13; +contract owned { + address public owner; + mapping (address => bool) public admins; + function owned() { + owner = msg.sender; + admins[msg.sender]=true; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + modifier onlyAdmin { + require(admins[msg.sender] == true); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } + function makeAdmin(address newAdmin, bool isAdmin) onlyOwner { + admins[newAdmin] = isAdmin; + } +} +interface tokenRecipient { + function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); +} +contract GRX is owned { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + uint256 minBalanceForAccounts; + bool public usersCanTrade; + bool public usersCanUnfreeze; + bool public ico = true; + mapping (address => bool) public admin; + modifier notICO { + require(admin[msg.sender] || !ico); + _; + } + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + mapping (address => bool) public frozen; + mapping (address => bool) public canTrade; + event Transfer(address indexed from, address indexed to, uint256 value); + event Reward(address from, address to, uint256 value, string data, uint256 time); + event Burn(address indexed from, uint256 value); + event Frozen(address indexed addr, bool frozen); + event Unlock(address indexed addr, address from, uint256 val); + function GRX() { + uint256 initialSupply = 20000000000000000000000000; + balanceOf[msg.sender] = initialSupply ; + totalSupply = initialSupply; + name = "Gold Reward Token"; + symbol = "GRX"; + decimals = 18; + minBalanceForAccounts = 1000000000000000; + usersCanTrade=false; + usersCanUnfreeze=false; + admin[msg.sender]=true; + canTrade[msg.sender]=true; + } + function increaseTotalSupply (address target, uint256 increaseBy ) onlyOwner { + balanceOf[target] += increaseBy; + totalSupply += increaseBy; + Transfer(0, owner, increaseBy); + Transfer(owner, target, increaseBy); + } + function usersCanUnFreeze(bool can) { + usersCanUnfreeze=can; + } + function setMinBalance(uint minimumBalanceInWei) onlyOwner { + minBalanceForAccounts = minimumBalanceInWei; + } + function transferAndFreeze (address target, uint256 amount ) onlyAdmin { + _transfer(msg.sender, target, amount); + freeze(target, true); + } + function _freeze (address target, bool froze ) internal { + frozen[target]=froze; + Frozen(target, froze); + } + function freeze (address target, bool froze ) { + if(froze || (!froze && !usersCanUnfreeze)) { + require(admin[msg.sender]); + } + _freeze(target, froze); + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(!frozen[_from]); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function transfer(address _to, uint256 _value) notICO { + require(!frozen[msg.sender]); + if (msg.sender.balance < minBalanceForAccounts) { + sell((minBalanceForAccounts - msg.sender.balance) * sellPrice); + } + _transfer(msg.sender, _to, _value); + } + mapping (address => uint256) public totalLockedRewardsOf; + mapping (address => mapping (address => uint256)) public lockedRewardsOf; + mapping (address => mapping (uint32 => address)) public userRewarders; + mapping (address => mapping (address => uint32)) public userRewardCount; + mapping (address => uint32) public userRewarderCount; + mapping (address => uint256 ) public totalRewardIssuedOut; + function reward(address _to, uint256 _value, bool locked, string data) { + require(_to != 0x0); + require(!frozen[msg.sender]); + if (msg.sender.balance < minBalanceForAccounts) { + sell((minBalanceForAccounts - msg.sender.balance) * sellPrice); + } + if(!locked) { + _transfer(msg.sender, _to, _value); + }else{ + require(balanceOf[msg.sender] >= _value); + require(totalLockedRewardsOf[_to] + _value > totalLockedRewardsOf[_to]); + balanceOf[msg.sender] -= _value; + totalLockedRewardsOf[_to] += _value; + lockedRewardsOf[_to][msg.sender] += _value; + if(userRewardCount[_to][msg.sender]==0) { + userRewarderCount[_to] += 1; + userRewarders[_to][userRewarderCount[_to]]=msg.sender; + } + userRewardCount[_to][msg.sender]+=1; + totalRewardIssuedOut[msg.sender]+= _value; + Transfer(msg.sender, _to, _value); + } + Reward(msg.sender, _to, _value, data, now); + } + function transferReward(address _to, uint256 _value) { + require(!frozen[msg.sender]); + require(lockedRewardsOf[msg.sender][_to] >= _value ); + require(totalLockedRewardsOf[msg.sender] >= _value); + if (msg.sender.balance < minBalanceForAccounts) { + sell((minBalanceForAccounts - msg.sender.balance) * sellPrice); + } + totalLockedRewardsOf[msg.sender] -= _value; + lockedRewardsOf[msg.sender][_to] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function unlockReward(address addr, uint256 _value) { + require(totalLockedRewardsOf[addr] > _value); + require(lockedRewardsOf[addr][msg.sender] >= _value ); + if(_value==0) _value=lockedRewardsOf[addr][msg.sender]; + if (msg.sender.balance < minBalanceForAccounts) { + sell((minBalanceForAccounts - msg.sender.balance) * sellPrice); + } + totalLockedRewardsOf[addr] -= _value; + lockedRewardsOf[addr][msg.sender] -= _value; + balanceOf[addr] += _value; + Unlock(addr, msg.sender, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require(!frozen[_from]); + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) onlyOwner + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) onlyOwner returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } + uint256 public sellPrice = 608; + uint256 public buyPrice = 760; + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function setUsersCanTrade(bool trade) onlyOwner { + usersCanTrade=trade; + } + function setCanTrade(address addr, bool trade) onlyOwner { + canTrade[addr]=trade; + } + function buy() payable returns (uint256 amount){ + if(!usersCanTrade && !canTrade[msg.sender]) revert(); + amount = msg.value * buyPrice; + require(balanceOf[this] >= amount); + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + return amount; + } + function sell(uint256 amount) returns (uint revenue){ + require(!frozen[msg.sender]); + if(!usersCanTrade && !canTrade[msg.sender]) { + require(minBalanceForAccounts > amount/sellPrice); + } + require(balanceOf[msg.sender] >= amount); + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + revenue = amount / sellPrice; + require(msg.sender.send(revenue)); + Transfer(msg.sender, this, amount); + return revenue; + } + function() payable { + } + event Withdrawn(address indexed to, uint256 value); + function withdraw(address target, uint256 amount) onlyOwner { + target.transfer(amount); + Withdrawn(target, amount); + } + function setAdmin(address addr, bool enabled) onlyOwner { + admin[addr]=enabled; + } + function setICO(bool enabled) onlyOwner { + ico=enabled; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-11561.sol b/data_full/CVE_clean/2018-11561.sol new file mode 100644 index 0000000000000000000000000000000000000000..7d088acf9698480efdd98aa505186d62b2b7aefd --- /dev/null +++ b/data_full/CVE_clean/2018-11561.sol @@ -0,0 +1,74 @@ +pragma solidity ^0.4.4; +contract Token { + function totalSupply() constant returns (uint256 supply) {} + function balanceOf(address _owner) constant returns (uint256 balance) {} + function transfer(address _to, uint256 _value) returns (bool success) {} + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + function approve(address _spender, uint256 _value) returns (bool success) {} + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract StandardToken is Token { + function transfer(address _to, uint256 _value) returns (bool success) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function distributeToken(address[] addresses, uint256 _value) { + for (uint i = 0; i < addresses.length; i++) { + balances[msg.sender] -= _value; + balances[addresses[i]] += _value; + Transfer(msg.sender, addresses[i], _value); + } +} + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} +contract ERC20Token is StandardToken { + function () { + throw; + } + string public name; + uint8 public decimals; + string public symbol; + string public version = 'H1.0'; + function ERC20Token( + ) { + totalSupply = 12 * 10 ** 24; + balances[msg.sender] = totalSupply; + name = "EETHER"; + decimals = 18; + symbol = "EETHER"; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-11687.sol b/data_full/CVE_clean/2018-11687.sol new file mode 100644 index 0000000000000000000000000000000000000000..9a90643e040d40de49a8641ad75155cb2b56adbc --- /dev/null +++ b/data_full/CVE_clean/2018-11687.sol @@ -0,0 +1,79 @@ +pragma solidity ^0.4.13; +contract ERC20 { + function totalSupply() constant returns (uint256 totalSupply); + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + } + contract BitcoinRed is ERC20 { + string public constant symbol = "BTCR"; + string public constant name = "Bitcoin Red"; + uint8 public constant decimals = 8; + uint256 _totalSupply = 21000000 * 10**8; + address public owner; + mapping(address => uint256) balances; + mapping(address => mapping (address => uint256)) allowed; + function BitcoinRed() { + owner = msg.sender; + balances[owner] = 21000000 * 10**8; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function distributeBTR(address[] addresses) onlyOwner { + for (uint i = 0; i < addresses.length; i++) { + balances[owner] -= 2000 * 10**8; + balances[addresses[i]] += 2000 * 10**8; + Transfer(owner, addresses[i], 2000 * 10**8); + } + } + function totalSupply() constant returns (uint256 totalSupply) { + totalSupply = _totalSupply; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function transfer(address _to, uint256 _amount) returns (bool success) { + if (balances[msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + return true; + } else { + return false; + } + } + function transferFrom( + address _from, + address _to, + uint256 _amount + ) returns (bool success) { + if (balances[_from] >= _amount + && allowed[_from][msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } else { + return false; + } + } + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12025.sol b/data_full/CVE_clean/2018-12025.sol new file mode 100644 index 0000000000000000000000000000000000000000..1202a26a1fe8846bac8067968034447182db281b --- /dev/null +++ b/data_full/CVE_clean/2018-12025.sol @@ -0,0 +1,90 @@ +pragma solidity ^0.4.2; +contract ERC20Interface { + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract Owner { + address public owner; + function Owner() { + owner = msg.sender; + } + modifier onlyOwner() { + if(msg.sender != owner) throw; + _; + } + function transferOwnership(address new_owner) onlyOwner { + owner = new_owner; + } +} +contract FuturXe is ERC20Interface,Owner { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping(address => uint256) balances; + mapping (address => bool) public frozenAccount; + mapping(address => mapping (address => uint256)) allowed; + event FrozenFunds(address target, bool frozen); + function FuturXe(uint256 initial_supply, string _name, string _symbol, uint8 _decimal) { + balances[msg.sender] = initial_supply; + name = _name; + symbol = _symbol; + decimals = _decimal; + totalSupply = initial_supply; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function transfer(address to, uint value) returns (bool success) { + if (frozenAccount[msg.sender]) return false; + if(balances[msg.sender] < value) return false; + if(balances[to] + value < balances[to]) return false; + balances[msg.sender] -= value; + balances[to] += value; + Transfer(msg.sender, to, value); + return true; + } + function transferFrom(address from, address to, uint value) returns (bool success) { + if (frozenAccount[msg.sender]) return false; + if(balances[from] < value) return false; + if( allowed[from][msg.sender] >= value ) return false; + if(balances[to] + value < balances[to]) return false; + balances[from] -= value; + allowed[from][msg.sender] -= value; + balances[to] += value; + Transfer(from, to, value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner{ + balances[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0,owner,mintedAmount); + Transfer(owner,target,mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function changeName(string _name) onlyOwner { + name = _name; + } + function changeSymbol(string _symbol) onlyOwner { + symbol = _symbol; + } + function changeDecimals(uint8 _decimals) onlyOwner { + decimals = _decimals; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12062.sol b/data_full/CVE_clean/2018-12062.sol new file mode 100644 index 0000000000000000000000000000000000000000..58ae5ef1802173781f54de212c92a6b58e4e347a --- /dev/null +++ b/data_full/CVE_clean/2018-12062.sol @@ -0,0 +1,132 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract SwftCoin is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function SwftCoin( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12063.sol b/data_full/CVE_clean/2018-12063.sol new file mode 100644 index 0000000000000000000000000000000000000000..2f55315688709cbb86f58feb243a30c6c1802d70 --- /dev/null +++ b/data_full/CVE_clean/2018-12063.sol @@ -0,0 +1,123 @@ +pragma solidity ^0.4.13; contract owned { address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address from, uint256 value, address token, bytes extraData); } +contract token { string public name; string public symbol; uint8 public decimals; uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function transfer(address _to, uint256 _value) { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require (_value < allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) returns (bool success) { + require (balanceOf[msg.sender] > _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract INTToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function INTToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} +contract INT is INTToken(1000000000000000, "Internet Node Token", 6, "INT") {} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12067.sol b/data_full/CVE_clean/2018-12067.sol new file mode 100644 index 0000000000000000000000000000000000000000..fb622b86774860d46477832213eb9b2029cbe842 --- /dev/null +++ b/data_full/CVE_clean/2018-12067.sol @@ -0,0 +1,132 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract MyAdvancedToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12068.sol b/data_full/CVE_clean/2018-12068.sol new file mode 100644 index 0000000000000000000000000000000000000000..dd40e5b2f4f3b8884d92d98436e5e82d177de58f --- /dev/null +++ b/data_full/CVE_clean/2018-12068.sol @@ -0,0 +1,132 @@ +pragma solidity ^0.4.11; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract MyAdvancedToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12070.sol b/data_full/CVE_clean/2018-12070.sol new file mode 100644 index 0000000000000000000000000000000000000000..5619bba00a60ca3c69459d102376323406452f85 --- /dev/null +++ b/data_full/CVE_clean/2018-12070.sol @@ -0,0 +1,144 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol +) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract SECToken is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function SECToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol +) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + uint start = 1520956799; + uint256 SECtotalAmount = 1500000000 * 10 ** 18; + address teamaccount = 0xC32b1519A0d4E883FE136AbB3198cbC402b5503F; + uint256 amount = _value; + address sender = _from; + uint256 balance = balanceOf[_from]; + if(teamaccount == sender){ + if (now < start + 365 * 1 days) { + require((balance - amount) >= SECtotalAmount/10 * 3/4); + } else if (now < start + (2*365+1) * 1 days){ + require((balance - amount) >= SECtotalAmount/10 * 2/4); + }else if (now < start + (3*365+1) * 1 days){ + require((balance - amount) >= SECtotalAmount/10 * 1/4); + } + } + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} +contract SEC is SECToken(1500000000, "SEC", "SEC") {} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12078.sol b/data_full/CVE_clean/2018-12078.sol new file mode 100644 index 0000000000000000000000000000000000000000..68f44f357c42ba4dc52dfc79e505333ecd3d5f71 --- /dev/null +++ b/data_full/CVE_clean/2018-12078.sol @@ -0,0 +1,107 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + revert(); + } +} +contract PolyAi is owned, token { + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function PolyAi( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12079.sol b/data_full/CVE_clean/2018-12079.sol new file mode 100644 index 0000000000000000000000000000000000000000..fb622b86774860d46477832213eb9b2029cbe842 --- /dev/null +++ b/data_full/CVE_clean/2018-12079.sol @@ -0,0 +1,132 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract MyAdvancedToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12080.sol b/data_full/CVE_clean/2018-12080.sol new file mode 100644 index 0000000000000000000000000000000000000000..2f55315688709cbb86f58feb243a30c6c1802d70 --- /dev/null +++ b/data_full/CVE_clean/2018-12080.sol @@ -0,0 +1,123 @@ +pragma solidity ^0.4.13; contract owned { address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address from, uint256 value, address token, bytes extraData); } +contract token { string public name; string public symbol; uint8 public decimals; uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function transfer(address _to, uint256 _value) { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require (_value < allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) returns (bool success) { + require (balanceOf[msg.sender] > _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract INTToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function INTToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} +contract INT is INTToken(1000000000000000, "Internet Node Token", 6, "INT") {} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12081.sol b/data_full/CVE_clean/2018-12081.sol new file mode 100644 index 0000000000000000000000000000000000000000..dd40e5b2f4f3b8884d92d98436e5e82d177de58f --- /dev/null +++ b/data_full/CVE_clean/2018-12081.sol @@ -0,0 +1,132 @@ +pragma solidity ^0.4.11; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract MyAdvancedToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12082.sol b/data_full/CVE_clean/2018-12082.sol new file mode 100644 index 0000000000000000000000000000000000000000..bd2a5062a8572c39b348fc60c3a9360714e1a850 --- /dev/null +++ b/data_full/CVE_clean/2018-12082.sol @@ -0,0 +1,125 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + revert(); + } +} +contract FujintoToken is owned, token { + uint public buyRate = 4000; + bool public isSelling = true; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function FujintoToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setBuyRate(uint newBuyRate) onlyOwner { + buyRate = newBuyRate; + } + function setSelling(bool newStatus) onlyOwner { + isSelling = newStatus; + } + function buy() payable { + if(isSelling == false) revert(); + uint amount = msg.value * buyRate; + balanceOf[msg.sender] += amount; + balanceOf[owner] -= amount; + Transfer(owner, msg.sender, amount); + } + function withdrawToOwner(uint256 amountWei) onlyOwner { + owner.transfer(amountWei); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12083.sol b/data_full/CVE_clean/2018-12083.sol new file mode 100644 index 0000000000000000000000000000000000000000..698ab938ad946d34dbc65d0c11c371862556597c --- /dev/null +++ b/data_full/CVE_clean/2018-12083.sol @@ -0,0 +1,76 @@ +pragma solidity ^0.4.18; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + function changeOwner(address newOwner) onlyOwner { + owner = newOwner; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract GoalToken is owned { + string public name = "GOAL Bonanza"; + string public symbol = "GOAL"; + uint8 public decimals = 18; + uint256 public totalSupply = 0; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function transfer(address _to, uint256 _value) { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require (_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) returns (bool success) { + require (balanceOf[msg.sender] > _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(this, target, mintedAmount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12084.sol b/data_full/CVE_clean/2018-12084.sol new file mode 100644 index 0000000000000000000000000000000000000000..3c77b2b720d22ad6a977fc0d7ebf1e35fa5aeada --- /dev/null +++ b/data_full/CVE_clean/2018-12084.sol @@ -0,0 +1,108 @@ +pragma solidity ^0.4.13; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } +} +contract tokenRecipient { + function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); +} +contract token { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + revert(); + } +} +contract BitAseanToken is owned, token { + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function BitAseanToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) { + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12230.sol b/data_full/CVE_clean/2018-12230.sol new file mode 100644 index 0000000000000000000000000000000000000000..6da85d0c7ed8331d1e0426ad0e788942e3d67164 --- /dev/null +++ b/data_full/CVE_clean/2018-12230.sol @@ -0,0 +1,90 @@ +pragma solidity ^0.4.2; +contract ERC20Interface { + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract Owner { + address public owner; + function Owner() { + owner = msg.sender; + } + modifier onlyOwner() { + if(msg.sender != owner) throw; + _; + } + function transferOwnership(address new_owner) onlyOwner { + owner = new_owner; + } +} +contract RemiCoin is ERC20Interface,Owner { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping(address => uint256) balances; + mapping (address => bool) public frozenAccount; + mapping(address => mapping (address => uint256)) allowed; + event FrozenFunds(address target, bool frozen); + function RemiCoin(uint256 initial_supply, string _name, string _symbol, uint8 _decimal) { + balances[msg.sender] = initial_supply; + name = _name; + symbol = _symbol; + decimals = _decimal; + totalSupply = initial_supply; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function transfer(address to, uint value) returns (bool success) { + if (frozenAccount[msg.sender]) return false; + if(balances[msg.sender] < value) return false; + if(balances[to] + value < balances[to]) return false; + balances[msg.sender] -= value; + balances[to] += value; + Transfer(msg.sender, to, value); + return true; + } + function transferFrom(address from, address to, uint value) returns (bool success) { + if (frozenAccount[msg.sender]) return false; + if(balances[from] < value) return false; + if( allowed[from][msg.sender] >= value ) return false; + if(balances[to] + value < balances[to]) return false; + balances[from] -= value; + allowed[from][msg.sender] -= value; + balances[to] += value; + Transfer(from, to, value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner{ + balances[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0,owner,mintedAmount); + Transfer(owner,target,mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function changeName(string _name) onlyOwner { + name = _name; + } + function changeSymbol(string _symbol) onlyOwner { + symbol = _symbol; + } + function changeDecimals(uint8 _decimals) onlyOwner { + decimals = _decimals; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12454.sol b/data_full/CVE_clean/2018-12454.sol new file mode 100644 index 0000000000000000000000000000000000000000..3ea95c8bde4dfe34acef6b284888b1d62a67a9e7 --- /dev/null +++ b/data_full/CVE_clean/2018-12454.sol @@ -0,0 +1,123 @@ +pragma solidity ^0.4.11; +contract simplelottery { + enum State { Started, Locked } + State public state = State.Started; + struct Guess{ + address addr; + } + uint arraysize=1000; + uint constant maxguess=1000000; + uint bettingprice = 1 ether; + Guess[1000] guesses; + uint numguesses = 0; + bytes32 curhash = ''; + uint _gameindex = 1; + uint _starttime = 0; + modifier inState(State _state) { + require(state == _state); + _; + } + address developer = 0x0; + address _winner = 0x0; + event SentPrizeToWinner(address winner, uint money, uint gameindex, uint lotterynumber, uint starttime, uint finishtime); + event SentDeveloperFee(uint amount, uint balance); + function simplelottery() + { + if(developer==address(0)){ + developer = msg.sender; + state = State.Started; + _starttime = block.timestamp; + } + } + function setBettingCondition(uint _contenders, uint _bettingprice) + { + if(msg.sender != developer) + return; + arraysize = _contenders; + if(arraysize>1000) + arraysize = 1000; + bettingprice = _bettingprice; + } + function findWinner(uint value) + { + uint i = value % numguesses; + _winner = guesses[i].addr; + } + function getMaxContenders() constant returns(uint){ + return arraysize; + } + function getBettingPrice() constant returns(uint){ + return bettingprice; + } + function getDeveloperAddress() constant returns(address) + { + return developer; + } + function getDeveloperFee() constant returns(uint) + { + uint developerfee = this.balance/100; + return developerfee; + } + function getBalance() constant returns(uint) + { + return this.balance; + } + function getLotteryMoney() constant returns(uint) + { + uint developerfee = getDeveloperFee(); + uint prize = (this.balance - developerfee); + return prize; + } + function getBettingStatus() + constant + returns (uint, uint, uint, uint, uint, uint, uint) + { + return ((uint)(state), _gameindex, _starttime, numguesses, getLotteryMoney(), this.balance, bettingprice); + } + function finish() + { + if(msg.sender != developer) + return; + _finish(); + } + function _finish() private + { + state = State.Locked; + uint block_timestamp = block.timestamp; + uint lotterynumber = (uint(curhash)+block_timestamp)%(maxguess+1); + findWinner(lotterynumber); + uint prize = getLotteryMoney(); + uint numwinners = 1; + uint remain = this.balance - (prize*numwinners); + _winner.transfer(prize); + SentPrizeToWinner(_winner, prize, _gameindex, lotterynumber, _starttime, block_timestamp); + developer.transfer(remain); + SentDeveloperFee(remain, this.balance); + numguesses = 0; + _gameindex++; + state = State.Started; + _starttime = block.timestamp; + } + function () payable + { + _addguess(); + } + function addguess() + inState(State.Started) + payable + { + _addguess(); + } + function _addguess() private + inState(State.Started) + { + require(msg.value >= bettingprice); + curhash = sha256(block.timestamp, block.coinbase, block.difficulty, curhash); + if((uint)(numguesses+1)<=arraysize) { + guesses[numguesses++].addr = msg.sender; + if((uint)(numguesses)>=arraysize){ + _finish(); + } + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12511.sol b/data_full/CVE_clean/2018-12511.sol new file mode 100644 index 0000000000000000000000000000000000000000..2fae5b7ba07462a0bc695d852aeba69a2a4c58ee --- /dev/null +++ b/data_full/CVE_clean/2018-12511.sol @@ -0,0 +1,132 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract MyAdvancedToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12702.sol b/data_full/CVE_clean/2018-12702.sol new file mode 100644 index 0000000000000000000000000000000000000000..e429fb387c7dcad6541d4582dc96d8f6b66be6a6 --- /dev/null +++ b/data_full/CVE_clean/2018-12702.sol @@ -0,0 +1,73 @@ +pragma solidity ^0.4.16; +contract Token { + uint256 public totalSupply; + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract StandardToken is Token { + function transfer(address _to, uint256 _value) returns (bool success) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + require(balances[_to] + _value > balances[_to]); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + require(balances[_to] + _value > balances[_to]); + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; +} +contract GVE is StandardToken { + function () { + revert(); + } + string public name = "Globalvillage ecosystem"; + uint8 public decimals = 18; + string public symbol = "GVE"; + string public version = 'v0.1'; + address public founder; + function GVE() { + founder = msg.sender; + totalSupply = 1000000000 * 10 ** uint256(decimals); + balances[founder] = totalSupply; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { revert(); } + return true; + } + function approveAndCallcode(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(_extraData)) { revert(); } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12703.sol b/data_full/CVE_clean/2018-12703.sol new file mode 100644 index 0000000000000000000000000000000000000000..aa00c3b731ebf707ee42da371c7008177f3fcb49 --- /dev/null +++ b/data_full/CVE_clean/2018-12703.sol @@ -0,0 +1,73 @@ +pragma solidity ^0.4.16; +contract Token { + uint256 public totalSupply; + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract StandardToken is Token { + function transfer(address _to, uint256 _value) returns (bool success) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + require(balances[_to] + _value > balances[_to]); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + require(balances[_to] + _value > balances[_to]); + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; +} +contract EightteenToken is StandardToken { + function () { + revert(); + } + string public name = "Block 18"; + uint8 public decimals = 18; + string public symbol = "18T"; + string public version = 'v0.1'; + address public founder; + function EightteenToken() { + founder = msg.sender; + totalSupply = 1000000000 * 10 ** uint256(decimals); + balances[founder] = totalSupply; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { revert(); } + return true; + } + function approveAndCallcode(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(_extraData)) { revert(); } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12885.sol b/data_full/CVE_clean/2018-12885.sol new file mode 100644 index 0000000000000000000000000000000000000000..6ead23200c6f5cf929b6e36a2faafe39d384ee21 --- /dev/null +++ b/data_full/CVE_clean/2018-12885.sol @@ -0,0 +1,617 @@ +pragma solidity 0.4.23; +library SafeMath { + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract Ownable { + address internal contractOwner; + constructor () internal { + if(contractOwner == address(0)){ + contractOwner = msg.sender; + } + } + modifier onlyOwner() { + require(msg.sender == contractOwner); + _; + } + function transferOwnership(address newOwner) public onlyOwner { + require(newOwner != address(0)); + contractOwner = newOwner; + } +} +contract Pausable is Ownable { + bool private paused = false; + modifier whenNotPaused() { + if(paused == true && msg.value > 0){ + msg.sender.transfer(msg.value); + } + require(!paused); + _; + } + function triggerPause() onlyOwner external { + paused = !paused; + } +} +contract ChampFactory is Pausable{ + event NewChamp(uint256 champID, address owner); + using SafeMath for uint; + struct Champ { + uint256 id; + uint256 attackPower; + uint256 defencePower; + uint256 cooldownTime; + uint256 readyTime; + uint256 winCount; + uint256 lossCount; + uint256 position; + uint256 price; + uint256 withdrawCooldown; + uint256 eq_sword; + uint256 eq_shield; + uint256 eq_helmet; + bool forSale; + } + struct AddressInfo { + uint256 withdrawal; + uint256 champsCount; + uint256 itemsCount; + string name; + } + struct Item { + uint8 itemType; + uint8 itemRarity; + uint256 attackPower; + uint256 defencePower; + uint256 cooldownReduction; + uint256 price; + uint256 onChampId; + bool onChamp; + bool forSale; + } + mapping (address => AddressInfo) public addressInfo; + mapping (uint256 => address) public champToOwner; + mapping (uint256 => address) public itemToOwner; + mapping (uint256 => string) public champToName; + Champ[] public champs; + Item[] public items; + uint256[] public leaderboard; + uint256 internal createChampFee = 5 finney; + uint256 internal lootboxFee = 5 finney; + uint256 internal pendingWithdrawal = 0; + uint256 private randNonce = 0; + uint256 public champsForSaleCount; + uint256 public itemsForSaleCount; + modifier onlyOwnerOfChamp(uint256 _champId) { + require(msg.sender == champToOwner[_champId]); + _; + } + modifier onlyNotOwnerOfChamp(uint256 _champId) { + require(msg.sender != champToOwner[_champId]); + _; + } + modifier isPaid(uint256 _price){ + require(msg.value >= _price); + _; + } + modifier contractMinBalanceReached(){ + require( (address(this).balance).sub(pendingWithdrawal) > 1000000 ); + _; + } + modifier isChampWithdrawReady(uint256 _id){ + require(champs[_id].withdrawCooldown < block.timestamp); + _; + } + modifier distributeInput(address _affiliateAddress){ + uint256 contractOwnerWithdrawal = (msg.value / 100) * 50; + addressInfo[contractOwner].withdrawal += contractOwnerWithdrawal; + pendingWithdrawal += contractOwnerWithdrawal; + if(_affiliateAddress != address(0) && _affiliateAddress != msg.sender){ + uint256 affiliateBonus = (msg.value / 100) * 25; + addressInfo[_affiliateAddress].withdrawal += affiliateBonus; + pendingWithdrawal += affiliateBonus; + } + _; + } + function getChampsByOwner(address _owner) external view returns(uint256[]) { + uint256[] memory result = new uint256[](addressInfo[_owner].champsCount); + uint256 counter = 0; + for (uint256 i = 0; i < champs.length; i++) { + if (champToOwner[i] == _owner) { + result[counter] = i; + counter++; + } + } + return result; + } + function getChampsCount() external view returns(uint256){ + return champs.length; + } + function getChampReward(uint256 _position) public view returns(uint256) { + if(_position <= 800){ + uint256 rewardPercentage = uint256(2000).sub(2 * (_position - 1)); + uint256 availableWithdrawal = address(this).balance.sub(pendingWithdrawal); + return availableWithdrawal / 1000000 * rewardPercentage; + }else{ + return uint256(0); + } + } + function randMod(uint256 _modulus) internal returns(uint256) { + randNonce++; + return uint256(keccak256(randNonce, blockhash(block.number - 1))) % _modulus; + } + function createChamp(address _affiliateAddress) external payable + whenNotPaused + isPaid(createChampFee) + distributeInput(_affiliateAddress) + { + uint256 id = champs.push(Champ(0, 2 + randMod(4), 1 + randMod(4), uint256(1 days) - uint256(randMod(9) * 1 hours), 0, 0, 0, leaderboard.length + 1, 0, uint256(block.timestamp), 0,0,0, false)) - 1; + champs[id].id = id; + leaderboard.push(id); + champToOwner[id] = msg.sender; + addressInfo[msg.sender].champsCount++; + emit NewChamp(id, msg.sender); + } + function setCreateChampFee(uint256 _fee) external onlyOwner { + createChampFee = _fee; + } + function changeChampsName(uint _champId, string _name) external + onlyOwnerOfChamp(_champId){ + champToName[_champId] = _name; + } + function changePlayersName(string _name) external { + addressInfo[msg.sender].name = _name; + } + function withdrawChamp(uint _id) external + onlyOwnerOfChamp(_id) + contractMinBalanceReached + isChampWithdrawReady(_id) + whenNotPaused { + Champ storage champ = champs[_id]; + require(champ.position <= 800); + champ.withdrawCooldown = block.timestamp + 1 days; + uint256 withdrawal = getChampReward(champ.position); + addressInfo[msg.sender].withdrawal += withdrawal; + pendingWithdrawal += withdrawal; + } + function withdrawToAddress(address _address) external + whenNotPaused { + address playerAddress = _address; + if(playerAddress == address(0)){ playerAddress = msg.sender; } + uint256 share = addressInfo[playerAddress].withdrawal; + require(share > 0); + addressInfo[playerAddress].withdrawal = 0; + pendingWithdrawal = pendingWithdrawal.sub(share); + playerAddress.transfer(share); + } +} +contract Items is ChampFactory { + event NewItem(uint256 itemID, address owner); + constructor () internal { + items.push(Item(0, 0, 0, 0, 0, 0, 0, false, false)); + } + modifier onlyOwnerOfItem(uint256 _itemId) { + require(_itemId != 0); + require(msg.sender == itemToOwner[_itemId]); + _; + } + modifier onlyNotOwnerOfItem(uint256 _itemId) { + require(msg.sender != itemToOwner[_itemId]); + _; + } + function hasChampSomethingOn(uint _champId, uint8 _type) internal view returns(bool){ + Champ storage champ = champs[_champId]; + if(_type == 1){ + return (champ.eq_sword == 0) ? false : true; + } + if(_type == 2){ + return (champ.eq_shield == 0) ? false : true; + } + if(_type == 3){ + return (champ.eq_helmet == 0) ? false : true; + } + } + function getItemsByOwner(address _owner) external view returns(uint256[]) { + uint256[] memory result = new uint256[](addressInfo[_owner].itemsCount); + uint256 counter = 0; + for (uint256 i = 0; i < items.length; i++) { + if (itemToOwner[i] == _owner) { + result[counter] = i; + counter++; + } + } + return result; + } + function takeOffItem(uint _champId, uint8 _type) public + onlyOwnerOfChamp(_champId) { + uint256 itemId; + Champ storage champ = champs[_champId]; + if(_type == 1){ + itemId = champ.eq_sword; + if (itemId > 0) { + champ.eq_sword = 0; + } + } + if(_type == 2){ + itemId = champ.eq_shield; + if(itemId > 0) { + champ.eq_shield = 0; + } + } + if(_type == 3){ + itemId = champ.eq_helmet; + if(itemId > 0) { + champ.eq_helmet = 0; + } + } + if(itemId > 0){ + items[itemId].onChamp = false; + } + } + function putOn(uint256 _champId, uint256 _itemId) external + onlyOwnerOfChamp(_champId) + onlyOwnerOfItem(_itemId) { + Champ storage champ = champs[_champId]; + Item storage item = items[_itemId]; + if(item.onChamp){ + takeOffItem(item.onChampId, item.itemType); + } + item.onChamp = true; + item.onChampId = _champId; + if(item.itemType == 1){ + if(champ.eq_sword > 0){ + takeOffItem(champ.id, 1); + } + champ.eq_sword = _itemId; + } + if(item.itemType == 2){ + if(champ.eq_shield > 0){ + takeOffItem(champ.id, 2); + } + champ.eq_shield = _itemId; + } + if(item.itemType == 3){ + if(champ.eq_helmet > 0){ + takeOffItem(champ.id, 3); + } + champ.eq_helmet = _itemId; + } + } + function openLootbox(address _affiliateAddress) external payable + whenNotPaused + isPaid(lootboxFee) + distributeInput(_affiliateAddress) { + uint256 pointToCooldownReduction; + uint256 randNum = randMod(1001); + uint256 pointsToShare; + uint256 itemID; + Item memory item = Item({ + itemType: uint8(uint256(randMod(3) + 1)), + itemRarity: uint8(0), + attackPower: 0, + defencePower: 0, + cooldownReduction: 0, + price: 0, + onChampId: 0, + onChamp: false, + forSale: false + }); + if(450 > randNum){ + pointsToShare = 25 + randMod(9); + item.itemRarity = uint8(1); + }else if(720 > randNum){ + pointsToShare = 42 + randMod(17); + item.itemRarity = uint8(2); + }else if(910 > randNum){ + pointsToShare = 71 + randMod(25); + item.itemRarity = uint8(3); + }else if(980 > randNum){ + pointsToShare = 119 + randMod(33); + item.itemRarity = uint8(4); + }else{ + pointsToShare = 235 + randMod(41); + item.itemRarity = uint8(5); + } + if(item.itemType == uint8(1)){ + item.attackPower = pointsToShare / 10 * 7; + pointsToShare -= item.attackPower; + item.defencePower = pointsToShare / 10 * randMod(6); + pointsToShare -= item.defencePower; + item.cooldownReduction = pointsToShare * uint256(1 minutes); + item.itemType = uint8(1); + } + if(item.itemType == uint8(2)){ + item.defencePower = pointsToShare / 10 * 7; + pointsToShare -= item.defencePower; + item.attackPower = pointsToShare / 10 * randMod(6); + pointsToShare -= item.attackPower; + item.cooldownReduction = pointsToShare * uint256(1 minutes); + item.itemType = uint8(2); + } + if(item.itemType == uint8(3)){ + pointToCooldownReduction = pointsToShare / 10 * 7; + item.cooldownReduction = pointToCooldownReduction * uint256(1 minutes); + pointsToShare -= pointToCooldownReduction; + item.attackPower = pointsToShare / 10 * randMod(6); + pointsToShare -= item.attackPower; + item.defencePower = pointsToShare; + item.itemType = uint8(3); + } + itemID = items.push(item) - 1; + itemToOwner[itemID] = msg.sender; + addressInfo[msg.sender].itemsCount++; + emit NewItem(itemID, msg.sender); + } + function setLootboxFee(uint _fee) external onlyOwner { + lootboxFee = _fee; + } +} +contract ItemMarket is Items { + event TransferItem(address from, address to, uint256 itemID); + modifier itemIsForSale(uint256 _id){ + require(items[_id].forSale); + _; + } + modifier itemIsNotForSale(uint256 _id){ + require(items[_id].forSale == false); + _; + } + modifier ifItemForSaleThenCancelSale(uint256 _itemID){ + Item storage item = items[_itemID]; + if(item.forSale){ + _cancelItemSale(item); + } + _; + } + modifier distributeSaleInput(address _owner) { + uint256 contractOwnerCommision; + uint256 playerShare; + if(msg.value > 100){ + contractOwnerCommision = (msg.value / 100); + playerShare = msg.value - contractOwnerCommision; + }else{ + contractOwnerCommision = 0; + playerShare = msg.value; + } + addressInfo[_owner].withdrawal += playerShare; + addressInfo[contractOwner].withdrawal += contractOwnerCommision; + pendingWithdrawal += playerShare + contractOwnerCommision; + _; + } + function getItemsForSale() view external returns(uint256[]){ + uint256[] memory result = new uint256[](itemsForSaleCount); + if(itemsForSaleCount > 0){ + uint256 counter = 0; + for (uint256 i = 0; i < items.length; i++) { + if (items[i].forSale == true) { + result[counter]=i; + counter++; + } + } + } + return result; + } + function _cancelItemSale(Item storage item) private { + item.forSale = false; + itemsForSaleCount--; + } + function transferItem(address _from, address _to, uint256 _itemID) internal + ifItemForSaleThenCancelSale(_itemID) { + Item storage item = items[_itemID]; + if(item.onChamp && _to != champToOwner[item.onChampId]){ + takeOffItem(item.onChampId, item.itemType); + } + addressInfo[_to].itemsCount++; + addressInfo[_from].itemsCount--; + itemToOwner[_itemID] = _to; + emit TransferItem(_from, _to, _itemID); + } + function giveItem(address _to, uint256 _itemID) public + onlyOwnerOfItem(_itemID) { + transferItem(msg.sender, _to, _itemID); + } + function cancelItemSale(uint256 _id) public + itemIsForSale(_id) + onlyOwnerOfItem(_id){ + Item storage item = items[_id]; + _cancelItemSale(item); + } + function setItemForSale(uint256 _id, uint256 _price) external + onlyOwnerOfItem(_id) + itemIsNotForSale(_id) { + Item storage item = items[_id]; + item.forSale = true; + item.price = _price; + itemsForSaleCount++; + } + function buyItem(uint256 _id) external payable + whenNotPaused + onlyNotOwnerOfItem(_id) + itemIsForSale(_id) + isPaid(items[_id].price) + distributeSaleInput(itemToOwner[_id]) + { + transferItem(itemToOwner[_id], msg.sender, _id); + } +} +contract ItemForge is ItemMarket { + event Forge(uint256 forgedItemID); + function forgeItems(uint256 _parentItemID, uint256 _childItemID) external + onlyOwnerOfItem(_parentItemID) + onlyOwnerOfItem(_childItemID) + ifItemForSaleThenCancelSale(_parentItemID) + ifItemForSaleThenCancelSale(_childItemID) { + require(_parentItemID != _childItemID); + Item storage parentItem = items[_parentItemID]; + Item storage childItem = items[_childItemID]; + if(childItem.onChamp){ + takeOffItem(childItem.onChampId, childItem.itemType); + } + parentItem.attackPower = (parentItem.attackPower > childItem.attackPower) ? parentItem.attackPower : childItem.attackPower; + parentItem.defencePower = (parentItem.defencePower > childItem.defencePower) ? parentItem.defencePower : childItem.defencePower; + parentItem.cooldownReduction = (parentItem.cooldownReduction > childItem.cooldownReduction) ? parentItem.cooldownReduction : childItem.cooldownReduction; + parentItem.itemRarity = uint8(6); + transferItem(msg.sender, address(0), _childItemID); + emit Forge(_parentItemID); + } +} +contract ChampAttack is ItemForge { + event Attack(uint256 winnerChampID, uint256 defeatedChampID, bool didAttackerWin); + modifier isChampReady(uint256 _champId) { + require (champs[_champId].readyTime <= block.timestamp); + _; + } + modifier notSelfAttack(uint256 _champId, uint256 _targetId) { + require(_champId != _targetId); + _; + } + modifier targetExists(uint256 _targetId){ + require(champToOwner[_targetId] != address(0)); + _; + } + function getChampStats(uint256 _champId) public view returns(uint256,uint256,uint256){ + Champ storage champ = champs[_champId]; + Item storage sword = items[champ.eq_sword]; + Item storage shield = items[champ.eq_shield]; + Item storage helmet = items[champ.eq_helmet]; + uint256 totalAttackPower = champ.attackPower + sword.attackPower + shield.attackPower + helmet.attackPower; + uint256 totalDefencePower = champ.defencePower + sword.defencePower + shield.defencePower + helmet.defencePower; + uint256 totalCooldownReduction = sword.cooldownReduction + shield.cooldownReduction + helmet.cooldownReduction; + return (totalAttackPower, totalDefencePower, totalCooldownReduction); + } + function subAttack(uint256 _playerAttackPoints, uint256 _x) internal pure returns (uint256) { + return (_playerAttackPoints <= _x + 2) ? 2 : _playerAttackPoints - _x; + } + function subDefence(uint256 _playerDefencePoints, uint256 _x) internal pure returns (uint256) { + return (_playerDefencePoints <= _x) ? 1 : _playerDefencePoints - _x; + } + function _attackCompleted(Champ storage _winnerChamp, Champ storage _defeatedChamp, uint256 _pointsGiven, uint256 _pointsToAttackPower) private { + _winnerChamp.attackPower += _pointsToAttackPower; + _winnerChamp.defencePower += _pointsGiven - _pointsToAttackPower; + _defeatedChamp.attackPower = subAttack(_defeatedChamp.attackPower, _pointsToAttackPower); + _defeatedChamp.defencePower = subDefence(_defeatedChamp.defencePower, _pointsGiven - _pointsToAttackPower); + _winnerChamp.winCount++; + _defeatedChamp.lossCount++; + if(_winnerChamp.position > _defeatedChamp.position) { + uint256 winnerPosition = _winnerChamp.position; + uint256 loserPosition = _defeatedChamp.position; + _defeatedChamp.position = winnerPosition; + _winnerChamp.position = loserPosition; + leaderboard[winnerPosition - 1] = _defeatedChamp.id; + leaderboard[loserPosition - 1] = _winnerChamp.id; + } + } + function _getPoints(uint256 _pointsGiven) private returns (uint256 pointsGiven, uint256 pointsToAttackPower){ + return (_pointsGiven, randMod(_pointsGiven+1)); + } + function attack(uint256 _champId, uint256 _targetId) external + onlyOwnerOfChamp(_champId) + isChampReady(_champId) + notSelfAttack(_champId, _targetId) + targetExists(_targetId) { + Champ storage myChamp = champs[_champId]; + Champ storage enemyChamp = champs[_targetId]; + uint256 pointsGiven; + uint256 pointsToAttackPower; + uint256 myChampAttackPower; + uint256 enemyChampDefencePower; + uint256 myChampCooldownReduction; + (myChampAttackPower,,myChampCooldownReduction) = getChampStats(_champId); + (,enemyChampDefencePower,) = getChampStats(_targetId); + if (myChampAttackPower > enemyChampDefencePower) { + if(myChampAttackPower - enemyChampDefencePower < 5){ + (pointsGiven, pointsToAttackPower) = _getPoints(3); + }else if(myChampAttackPower - enemyChampDefencePower < 10){ + (pointsGiven, pointsToAttackPower) = _getPoints(2); + }else{ + (pointsGiven, pointsToAttackPower) = _getPoints(1); + } + _attackCompleted(myChamp, enemyChamp, pointsGiven, pointsToAttackPower); + emit Attack(myChamp.id, enemyChamp.id, true); + } else { + (pointsGiven, pointsToAttackPower) = _getPoints(1); + _attackCompleted(enemyChamp, myChamp, pointsGiven, pointsToAttackPower); + emit Attack(enemyChamp.id, myChamp.id, false); + } + myChamp.readyTime = uint256(block.timestamp + myChamp.cooldownTime - myChampCooldownReduction); + } +} +contract ChampMarket is ChampAttack { + event TransferChamp(address from, address to, uint256 champID); + modifier champIsForSale(uint256 _id){ + require(champs[_id].forSale); + _; + } + modifier champIsNotForSale(uint256 _id){ + require(champs[_id].forSale == false); + _; + } + modifier ifChampForSaleThenCancelSale(uint256 _champID){ + Champ storage champ = champs[_champID]; + if(champ.forSale){ + _cancelChampSale(champ); + } + _; + } + function getChampsForSale() view external returns(uint256[]){ + uint256[] memory result = new uint256[](champsForSaleCount); + if(champsForSaleCount > 0){ + uint256 counter = 0; + for (uint256 i = 0; i < champs.length; i++) { + if (champs[i].forSale == true) { + result[counter]=i; + counter++; + } + } + } + return result; + } + function _cancelChampSale(Champ storage champ) private { + champ.forSale = false; + champsForSaleCount--; + } + function transferChamp(address _from, address _to, uint256 _champId) internal ifChampForSaleThenCancelSale(_champId){ + Champ storage champ = champs[_champId]; + addressInfo[_to].champsCount++; + addressInfo[_from].champsCount--; + champToOwner[_champId] = _to; + if(champ.eq_sword != 0) { transferItem(_from, _to, champ.eq_sword); } + if(champ.eq_shield != 0) { transferItem(_from, _to, champ.eq_shield); } + if(champ.eq_helmet != 0) { transferItem(_from, _to, champ.eq_helmet); } + emit TransferChamp(_from, _to, _champId); + } + function cancelChampSale(uint256 _id) public + champIsForSale(_id) + onlyOwnerOfChamp(_id) { + Champ storage champ = champs[_id]; + _cancelChampSale(champ); + } + function giveChamp(address _to, uint256 _champId) external + onlyOwnerOfChamp(_champId) { + transferChamp(msg.sender, _to, _champId); + } + function setChampForSale(uint256 _id, uint256 _price) external + onlyOwnerOfChamp(_id) + champIsNotForSale(_id) { + Champ storage champ = champs[_id]; + champ.forSale = true; + champ.price = _price; + champsForSaleCount++; + } + function buyChamp(uint256 _id) external payable + whenNotPaused + onlyNotOwnerOfChamp(_id) + champIsForSale(_id) + isPaid(champs[_id].price) + distributeSaleInput(champToOwner[_id]) { + transferChamp(champToOwner[_id], msg.sender, _id); + } +} +contract MyCryptoChampCore is ChampMarket { +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12959.sol b/data_full/CVE_clean/2018-12959.sol new file mode 100644 index 0000000000000000000000000000000000000000..18c221f9a3f150f32f95269e38024de815dfe62d --- /dev/null +++ b/data_full/CVE_clean/2018-12959.sol @@ -0,0 +1,67 @@ +pragma solidity ^0.4.4; +contract Token { + function totalSupply() constant returns (uint256 supply) {} + function balanceOf(address _owner) constant returns (uint256 balance) {} + function transfer(address _to, uint256 _value) returns (bool success) {} + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + function approve(address _spender, uint256 _value) returns (bool success) {} + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract StandardToken is Token { + function transfer(address _to, uint256 _value) returns (bool success) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} +contract AditusToken is StandardToken { + function () { + throw; + } + string public name; + uint8 public decimals; + string public symbol; + string public version = 'A1.0'; + function AditusToken( + ) { + balances[msg.sender] = 1000000000000000000000000000; + totalSupply = 1000000000000000000000000000; + name = "Aditus"; + decimals = 18; + symbol = "ADI"; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-12975.sol b/data_full/CVE_clean/2018-12975.sol new file mode 100644 index 0000000000000000000000000000000000000000..7073e4c9dee9d2a8cf0a96e25158603b6d20c7f8 --- /dev/null +++ b/data_full/CVE_clean/2018-12975.sol @@ -0,0 +1,645 @@ +pragma solidity ^0.4.18; +contract Ownable { + address public owner; + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + function Ownable() public { + owner = msg.sender; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) public onlyOwner { + require(newOwner != address(0)); + OwnershipTransferred(owner, newOwner); + owner = newOwner; + } +} +contract Claimable is Ownable { + address public pendingOwner; + modifier onlyPendingOwner() { + require(msg.sender == pendingOwner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + pendingOwner = newOwner; + } + function claimOwnership() onlyPendingOwner public { + OwnershipTransferred(owner, pendingOwner); + owner = pendingOwner; + pendingOwner = address(0); + } +} +contract Pausable is Ownable { + event Pause(); + event Unpause(); + bool public paused = false; + modifier whenNotPaused() { + require(!paused); + _; + } + modifier whenPaused() { + require(paused); + _; + } + function pause() onlyOwner whenNotPaused public { + paused = true; + Pause(); + } + function unpause() onlyOwner whenPaused public { + paused = false; + Unpause(); + } +} +contract AccessDeploy is Claimable { + mapping(address => bool) private deployAccess; + modifier onlyAccessDeploy { + require(msg.sender == owner || deployAccess[msg.sender] == true); + _; + } + function grantAccessDeploy(address _address) + onlyOwner + public + { + deployAccess[_address] = true; + } + function revokeAccessDeploy(address _address) + onlyOwner + public + { + deployAccess[_address] = false; + } +} +contract AccessDeposit is Claimable { + mapping(address => bool) private depositAccess; + modifier onlyAccessDeposit { + require(msg.sender == owner || depositAccess[msg.sender] == true); + _; + } + function grantAccessDeposit(address _address) + onlyOwner + public + { + depositAccess[_address] = true; + } + function revokeAccessDeposit(address _address) + onlyOwner + public + { + depositAccess[_address] = false; + } +} +contract AccessMint is Claimable { + mapping(address => bool) private mintAccess; + modifier onlyAccessMint { + require(msg.sender == owner || mintAccess[msg.sender] == true); + _; + } + function grantAccessMint(address _address) + onlyOwner + public + { + mintAccess[_address] = true; + } + function revokeAccessMint(address _address) + onlyOwner + public + { + mintAccess[_address] = false; + } +} +contract ERC721 { + event Transfer(address indexed _from, address indexed _to, uint256 _tokenId); + event Approval(address indexed _owner, address indexed _approved, uint256 _tokenId); + function balanceOf(address _owner) public view returns (uint256 _balance); + function ownerOf(uint256 _tokenId) public view returns (address _owner); + function transfer(address _to, uint256 _tokenId) public; + function approve(address _to, uint256 _tokenId) public; + function takeOwnership(uint256 _tokenId) public; +} +contract ERC721Token is ERC721 { + using SafeMath for uint256; + uint256 private totalTokens; + mapping (uint256 => address) private tokenOwner; + mapping (uint256 => address) private tokenApprovals; + mapping (address => uint256[]) private ownedTokens; + mapping(uint256 => uint256) private ownedTokensIndex; + modifier onlyOwnerOf(uint256 _tokenId) { + require(ownerOf(_tokenId) == msg.sender); + _; + } + function totalSupply() public view returns (uint256) { + return totalTokens; + } + function balanceOf(address _owner) public view returns (uint256) { + return ownedTokens[_owner].length; + } + function tokensOf(address _owner) public view returns (uint256[]) { + return ownedTokens[_owner]; + } + function ownerOf(uint256 _tokenId) public view returns (address) { + address owner = tokenOwner[_tokenId]; + require(owner != address(0)); + return owner; + } + function approvedFor(uint256 _tokenId) public view returns (address) { + return tokenApprovals[_tokenId]; + } + function transfer(address _to, uint256 _tokenId) public onlyOwnerOf(_tokenId) { + clearApprovalAndTransfer(msg.sender, _to, _tokenId); + } + function approve(address _to, uint256 _tokenId) public onlyOwnerOf(_tokenId) { + address owner = ownerOf(_tokenId); + require(_to != owner); + if (approvedFor(_tokenId) != 0 || _to != 0) { + tokenApprovals[_tokenId] = _to; + Approval(owner, _to, _tokenId); + } + } + function takeOwnership(uint256 _tokenId) public { + require(isApprovedFor(msg.sender, _tokenId)); + clearApprovalAndTransfer(ownerOf(_tokenId), msg.sender, _tokenId); + } + function _mint(address _to, uint256 _tokenId) internal { + require(_to != address(0)); + addToken(_to, _tokenId); + Transfer(0x0, _to, _tokenId); + } + function _burn(uint256 _tokenId) onlyOwnerOf(_tokenId) internal { + if (approvedFor(_tokenId) != 0) { + clearApproval(msg.sender, _tokenId); + } + removeToken(msg.sender, _tokenId); + Transfer(msg.sender, 0x0, _tokenId); + } + function isApprovedFor(address _owner, uint256 _tokenId) internal view returns (bool) { + return approvedFor(_tokenId) == _owner; + } + function clearApprovalAndTransfer(address _from, address _to, uint256 _tokenId) internal { + require(_to != address(0)); + require(_to != ownerOf(_tokenId)); + require(ownerOf(_tokenId) == _from); + clearApproval(_from, _tokenId); + removeToken(_from, _tokenId); + addToken(_to, _tokenId); + Transfer(_from, _to, _tokenId); + } + function clearApproval(address _owner, uint256 _tokenId) private { + require(ownerOf(_tokenId) == _owner); + tokenApprovals[_tokenId] = 0; + Approval(_owner, 0, _tokenId); + } + function addToken(address _to, uint256 _tokenId) private { + require(tokenOwner[_tokenId] == address(0)); + tokenOwner[_tokenId] = _to; + uint256 length = balanceOf(_to); + ownedTokens[_to].push(_tokenId); + ownedTokensIndex[_tokenId] = length; + totalTokens = totalTokens.add(1); + } + function removeToken(address _from, uint256 _tokenId) private { + require(ownerOf(_tokenId) == _from); + uint256 tokenIndex = ownedTokensIndex[_tokenId]; + uint256 lastTokenIndex = balanceOf(_from).sub(1); + uint256 lastToken = ownedTokens[_from][lastTokenIndex]; + tokenOwner[_tokenId] = 0; + ownedTokens[_from][tokenIndex] = lastToken; + ownedTokens[_from][lastTokenIndex] = 0; + ownedTokens[_from].length--; + ownedTokensIndex[_tokenId] = 0; + ownedTokensIndex[lastToken] = tokenIndex; + totalTokens = totalTokens.sub(1); + } +} +contract ERC20Basic { + function totalSupply() public view returns (uint256); + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + mapping(address => uint256) balances; + uint256 totalSupply_; + function totalSupply() public view returns (uint256) { + return totalSupply_; + } + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } +} +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) internal allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } +} +contract Gold is StandardToken, Claimable, AccessMint { + string public constant name = "Gold"; + string public constant symbol = "G"; + uint8 public constant decimals = 18; + event Mint( + address indexed _to, + uint256 indexed _tokenId + ); + function mint(address _to, uint256 _amount) + onlyAccessMint + public + returns (bool) + { + totalSupply_ = totalSupply_.add(_amount); + balances[_to] = balances[_to].add(_amount); + Mint(_to, _amount); + Transfer(address(0), _to, _amount); + return true; + } +} +contract CryptoSagaHero is ERC721Token, Claimable, Pausable, AccessMint, AccessDeploy, AccessDeposit { + string public constant name = "CryptoSaga Hero"; + string public constant symbol = "HERO"; + struct HeroClass { + string className; + uint8 classRank; + uint8 classRace; + uint32 classAge; + uint8 classType; + uint32 maxLevel; + uint8 aura; + uint32[5] baseStats; + uint32[5] minIVForStats; + uint32[5] maxIVForStats; + uint32 currentNumberOfInstancedHeroes; + } + struct HeroInstance { + uint32 heroClassId; + string heroName; + uint32 currentLevel; + uint32 currentExp; + uint32 lastLocationId; + uint256 availableAt; + uint32[5] currentStats; + uint32[5] ivForStats; + } + uint32 public requiredExpIncreaseFactor = 100; + uint256 public requiredGoldIncreaseFactor = 1000000000000000000; + mapping(uint32 => HeroClass) public heroClasses; + uint32 public numberOfHeroClasses; + mapping(uint256 => HeroInstance) public tokenIdToHeroInstance; + uint256 public numberOfTokenIds; + Gold public goldContract; + mapping(address => uint256) public addressToGoldDeposit; + uint32 private seed = 0; + event DefineType( + address indexed _by, + uint32 indexed _typeId, + string _className + ); + event LevelUp( + address indexed _by, + uint256 indexed _tokenId, + uint32 _newLevel + ); + event Deploy( + address indexed _by, + uint256 indexed _tokenId, + uint32 _locationId, + uint256 _duration + ); + function getClassInfo(uint32 _classId) + external view + returns (string className, uint8 classRank, uint8 classRace, uint32 classAge, uint8 classType, uint32 maxLevel, uint8 aura, uint32[5] baseStats, uint32[5] minIVs, uint32[5] maxIVs) + { + var _cl = heroClasses[_classId]; + return (_cl.className, _cl.classRank, _cl.classRace, _cl.classAge, _cl.classType, _cl.maxLevel, _cl.aura, _cl.baseStats, _cl.minIVForStats, _cl.maxIVForStats); + } + function getClassName(uint32 _classId) + external view + returns (string) + { + return heroClasses[_classId].className; + } + function getClassRank(uint32 _classId) + external view + returns (uint8) + { + return heroClasses[_classId].classRank; + } + function getClassMintCount(uint32 _classId) + external view + returns (uint32) + { + return heroClasses[_classId].currentNumberOfInstancedHeroes; + } + function getHeroInfo(uint256 _tokenId) + external view + returns (uint32 classId, string heroName, uint32 currentLevel, uint32 currentExp, uint32 lastLocationId, uint256 availableAt, uint32[5] currentStats, uint32[5] ivs, uint32 bp) + { + HeroInstance memory _h = tokenIdToHeroInstance[_tokenId]; + var _bp = _h.currentStats[0] + _h.currentStats[1] + _h.currentStats[2] + _h.currentStats[3] + _h.currentStats[4]; + return (_h.heroClassId, _h.heroName, _h.currentLevel, _h.currentExp, _h.lastLocationId, _h.availableAt, _h.currentStats, _h.ivForStats, _bp); + } + function getHeroClassId(uint256 _tokenId) + external view + returns (uint32) + { + return tokenIdToHeroInstance[_tokenId].heroClassId; + } + function getHeroName(uint256 _tokenId) + external view + returns (string) + { + return tokenIdToHeroInstance[_tokenId].heroName; + } + function getHeroLevel(uint256 _tokenId) + external view + returns (uint32) + { + return tokenIdToHeroInstance[_tokenId].currentLevel; + } + function getHeroLocation(uint256 _tokenId) + external view + returns (uint32) + { + return tokenIdToHeroInstance[_tokenId].lastLocationId; + } + function getHeroAvailableAt(uint256 _tokenId) + external view + returns (uint256) + { + return tokenIdToHeroInstance[_tokenId].availableAt; + } + function getHeroBP(uint256 _tokenId) + public view + returns (uint32) + { + var _tmp = tokenIdToHeroInstance[_tokenId].currentStats; + return (_tmp[0] + _tmp[1] + _tmp[2] + _tmp[3] + _tmp[4]); + } + function getHeroRequiredGoldForLevelUp(uint256 _tokenId) + public view + returns (uint256) + { + return (uint256(2) ** (tokenIdToHeroInstance[_tokenId].currentLevel / 10)) * requiredGoldIncreaseFactor; + } + function getHeroRequiredExpForLevelUp(uint256 _tokenId) + public view + returns (uint32) + { + return ((tokenIdToHeroInstance[_tokenId].currentLevel + 2) * requiredExpIncreaseFactor); + } + function getGoldDepositOfAddress(address _address) + external view + returns (uint256) + { + return addressToGoldDeposit[_address]; + } + function getTokenIdOfAddressAndIndex(address _address, uint256 _index) + external view + returns (uint256) + { + return tokensOf(_address)[_index]; + } + function getTotalBPOfAddress(address _address) + external view + returns (uint32) + { + var _tokens = tokensOf(_address); + uint32 _totalBP = 0; + for (uint256 i = 0; i < _tokens.length; i ++) { + _totalBP += getHeroBP(_tokens[i]); + } + return _totalBP; + } + function setHeroName(uint256 _tokenId, string _name) + onlyOwnerOf(_tokenId) + public + { + tokenIdToHeroInstance[_tokenId].heroName = _name; + } + function setGoldContract(address _contractAddress) + onlyOwner + public + { + goldContract = Gold(_contractAddress); + } + function setRequiredExpIncreaseFactor(uint32 _value) + onlyOwner + public + { + requiredExpIncreaseFactor = _value; + } + function setRequiredGoldIncreaseFactor(uint256 _value) + onlyOwner + public + { + requiredGoldIncreaseFactor = _value; + } + function CryptoSagaHero(address _goldAddress) + public + { + require(_goldAddress != address(0)); + setGoldContract(_goldAddress); + defineType("Archangel", 4, 1, 13540, 0, 99, 3, [uint32(74), 75, 57, 99, 95], [uint32(8), 6, 8, 5, 5], [uint32(8), 10, 10, 6, 6]); + defineType("Shadowalker", 3, 4, 134, 1, 75, 4, [uint32(45), 35, 60, 80, 40], [uint32(3), 2, 10, 4, 5], [uint32(5), 5, 10, 7, 5]); + defineType("Pyromancer", 2, 0, 14, 2, 50, 1, [uint32(50), 28, 17, 40, 35], [uint32(5), 3, 2, 3, 3], [uint32(8), 4, 3, 4, 5]); + defineType("Magician", 1, 3, 224, 2, 30, 0, [uint32(35), 15, 25, 25, 30], [uint32(3), 1, 2, 2, 2], [uint32(5), 2, 3, 3, 3]); + defineType("Farmer", 0, 0, 59, 0, 15, 2, [uint32(10), 22, 8, 15, 25], [uint32(1), 2, 1, 1, 2], [uint32(1), 3, 1, 2, 3]); + } + function defineType(string _className, uint8 _classRank, uint8 _classRace, uint32 _classAge, uint8 _classType, uint32 _maxLevel, uint8 _aura, uint32[5] _baseStats, uint32[5] _minIVForStats, uint32[5] _maxIVForStats) + onlyOwner + public + { + require(_classRank < 5); + require(_classType < 3); + require(_aura < 5); + require(_minIVForStats[0] <= _maxIVForStats[0] && _minIVForStats[1] <= _maxIVForStats[1] && _minIVForStats[2] <= _maxIVForStats[2] && _minIVForStats[3] <= _maxIVForStats[3] && _minIVForStats[4] <= _maxIVForStats[4]); + HeroClass memory _heroType = HeroClass({ + className: _className, + classRank: _classRank, + classRace: _classRace, + classAge: _classAge, + classType: _classType, + maxLevel: _maxLevel, + aura: _aura, + baseStats: _baseStats, + minIVForStats: _minIVForStats, + maxIVForStats: _maxIVForStats, + currentNumberOfInstancedHeroes: 0 + }); + heroClasses[numberOfHeroClasses] = _heroType; + DefineType(msg.sender, numberOfHeroClasses, _heroType.className); + numberOfHeroClasses ++; + } + function mint(address _owner, uint32 _heroClassId) + onlyAccessMint + public + returns (uint256) + { + require(_owner != address(0)); + require(_heroClassId < numberOfHeroClasses); + var _heroClassInfo = heroClasses[_heroClassId]; + _mint(_owner, numberOfTokenIds); + uint32[5] memory _ivForStats; + uint32[5] memory _initialStats; + for (uint8 i = 0; i < 5; i++) { + _ivForStats[i] = (random(_heroClassInfo.maxIVForStats[i] + 1, _heroClassInfo.minIVForStats[i])); + _initialStats[i] = _heroClassInfo.baseStats[i] + _ivForStats[i]; + } + HeroInstance memory _heroInstance = HeroInstance({ + heroClassId: _heroClassId, + heroName: "", + currentLevel: 1, + currentExp: 0, + lastLocationId: 0, + availableAt: now, + currentStats: _initialStats, + ivForStats: _ivForStats + }); + tokenIdToHeroInstance[numberOfTokenIds] = _heroInstance; + numberOfTokenIds ++; + _heroClassInfo.currentNumberOfInstancedHeroes ++; + return numberOfTokenIds - 1; + } + function deploy(uint256 _tokenId, uint32 _locationId, uint256 _duration) + onlyAccessDeploy + public + returns (bool) + { + require(ownerOf(_tokenId) != address(0)); + var _heroInstance = tokenIdToHeroInstance[_tokenId]; + require(_heroInstance.availableAt <= now); + _heroInstance.lastLocationId = _locationId; + _heroInstance.availableAt = now + _duration; + Deploy(msg.sender, _tokenId, _locationId, _duration); + } + function addExp(uint256 _tokenId, uint32 _exp) + onlyAccessDeploy + public + returns (bool) + { + require(ownerOf(_tokenId) != address(0)); + var _heroInstance = tokenIdToHeroInstance[_tokenId]; + var _newExp = _heroInstance.currentExp + _exp; + require(_newExp == uint256(uint128(_newExp))); + _heroInstance.currentExp += _newExp; + } + function addDeposit(address _to, uint256 _amount) + onlyAccessDeposit + public + { + addressToGoldDeposit[_to] += _amount; + } + function levelUp(uint256 _tokenId) + onlyOwnerOf(_tokenId) whenNotPaused + public + { + var _heroInstance = tokenIdToHeroInstance[_tokenId]; + require(_heroInstance.availableAt <= now); + var _heroClassInfo = heroClasses[_heroInstance.heroClassId]; + require(_heroInstance.currentLevel < _heroClassInfo.maxLevel); + var requiredExp = getHeroRequiredExpForLevelUp(_tokenId); + require(_heroInstance.currentExp >= requiredExp); + var requiredGold = getHeroRequiredGoldForLevelUp(_tokenId); + var _ownerOfToken = ownerOf(_tokenId); + require(addressToGoldDeposit[_ownerOfToken] >= requiredGold); + _heroInstance.currentLevel += 1; + for (uint8 i = 0; i < 5; i++) { + _heroInstance.currentStats[i] = _heroClassInfo.baseStats[i] + (_heroInstance.currentLevel - 1) * _heroInstance.ivForStats[i]; + } + _heroInstance.currentExp -= requiredExp; + addressToGoldDeposit[_ownerOfToken] -= requiredGold; + LevelUp(msg.sender, _tokenId, _heroInstance.currentLevel); + } + function transferDeposit(uint256 _amount) + whenNotPaused + public + { + require(goldContract.allowance(msg.sender, this) >= _amount); + if (goldContract.transferFrom(msg.sender, this, _amount)) { + addressToGoldDeposit[msg.sender] += _amount; + } + } + function withdrawDeposit(uint256 _amount) + public + { + require(addressToGoldDeposit[msg.sender] >= _amount); + if (goldContract.transfer(msg.sender, _amount)) { + addressToGoldDeposit[msg.sender] -= _amount; + } + } + function random(uint32 _upper, uint32 _lower) + private + returns (uint32) + { + require(_upper > _lower); + seed = uint32(keccak256(keccak256(block.blockhash(block.number), seed), now)); + return seed % (_upper - _lower) + _lower; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13041.sol b/data_full/CVE_clean/2018-13041.sol new file mode 100644 index 0000000000000000000000000000000000000000..3b677af1a2038513578bac3bc51c0b8df5eb1d80 --- /dev/null +++ b/data_full/CVE_clean/2018-13041.sol @@ -0,0 +1,115 @@ +pragma solidity ^0.4.8; +contract ERC20Basic { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function transfer(address to, uint value); + event Transfer(address indexed from, address indexed to, uint value); +} +library SafeMath { + function mul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint a, uint b) internal returns (uint) { + assert(b > 0); + uint c = a / b; + assert(a == b * c + a % b); + return c; + } + function sub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + function add(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c >= a); + return c; + } + function max64(uint64 a, uint64 b) internal constant returns (uint64) { + return a >= b ? a : b; + } + function min64(uint64 a, uint64 b) internal constant returns (uint64) { + return a < b ? a : b; + } + function max256(uint256 a, uint256 b) internal constant returns (uint256) { + return a >= b ? a : b; + } + function min256(uint256 a, uint256 b) internal constant returns (uint256) { + return a < b ? a : b; + } + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} +contract BasicToken is ERC20Basic { + using SafeMath for uint; + mapping(address => uint) balances; + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + } + function balanceOf(address _owner) constant returns (uint balance) { + return balances[_owner]; + } +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) constant returns (uint); + function transferFrom(address from, address to, uint value); + function approve(address spender, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} +contract StandardToken is BasicToken, ERC20 { + mapping (address => mapping (address => uint)) allowed; + function transferFrom(address _from, address _to, uint _value) { + var _allowance = allowed[_from][msg.sender]; + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + } + function approve(address _spender, uint _value) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + } + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowed[_owner][_spender]; + } +} +contract Ownable { + address public owner; + function Ownable() { + owner = msg.sender; + } + modifier onlyOwner() { + if (msg.sender != owner) { + throw; + } + _; + } + function transferOwnership(address newOwner) onlyOwner { + if (newOwner != address(0)) { + owner = newOwner; + } + } +} +contract LinkToken is StandardToken, Ownable { + string public name = "Link Platform"; + string public symbol = "LNK"; + uint public decimals = 18; + uint public totalSupply; + function mint(address _spender, uint _value) + onlyOwner { + balances[_spender] += _value; + totalSupply += _value; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13068.sol b/data_full/CVE_clean/2018-13068.sol new file mode 100644 index 0000000000000000000000000000000000000000..db4be85c3f15f3e013dcc7c850c1d4b5bbef6dd7 --- /dev/null +++ b/data_full/CVE_clean/2018-13068.sol @@ -0,0 +1,91 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract AzurionToken is owned { + mapping (address => uint256) public balanceOf; + mapping (address => bool) public frozenAccount; + mapping (address => mapping (address => uint256)) public allowance; + uint256 public totalSupply; + string public constant name = "Azurion"; + string public constant symbol = "AZU"; + uint8 public constant decimals = 18; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + event FrozenFunds(address target, bool frozen); + function AzurionToken(uint256 initialSupply, address centralMinter) { + if(centralMinter != 0 ) owner = centralMinter; + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function approve(address _spender, uint256 _value) public returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) onlyOwner public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) onlyOwner public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } + function () { + revert(); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13069.sol b/data_full/CVE_clean/2018-13069.sol new file mode 100644 index 0000000000000000000000000000000000000000..cfd90e839e6632dd657fa25c6160617a6286ea09 --- /dev/null +++ b/data_full/CVE_clean/2018-13069.sol @@ -0,0 +1,128 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract DYC is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function DYC( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13070.sol b/data_full/CVE_clean/2018-13070.sol new file mode 100644 index 0000000000000000000000000000000000000000..901dffc8574d6a411b9bc76a8017fd0d901176f0 --- /dev/null +++ b/data_full/CVE_clean/2018-13070.sol @@ -0,0 +1,122 @@ +pragma solidity ^0.4.24; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20(uint256 initialSupply, string tokenName, string tokenSymbol) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract EncryptedToken is owned, TokenERC20 { + uint256 INITIAL_SUPPLY = 100000000; + uint256 public buyPrice = 1; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function EncryptedToken() TokenERC20(INITIAL_SUPPLY, 'ECC', 'ECC') payable public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newBuyPrice) onlyOwner public { + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function () payable public { + owner.send(msg.value); + uint amount = msg.value * buyPrice; + _transfer(owner, msg.sender, amount); + } + function selfdestructs() onlyOwner payable public { + selfdestruct(owner); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13071.sol b/data_full/CVE_clean/2018-13071.sol new file mode 100644 index 0000000000000000000000000000000000000000..1d178d1489be811639c7798fdd82f912d5b39e42 --- /dev/null +++ b/data_full/CVE_clean/2018-13071.sol @@ -0,0 +1,171 @@ +pragma solidity ^0.4.17; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = "T10 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + mapping(address=>uint256) public indexes; + mapping(uint256=>address) public addresses; + uint256 public lastIndex = 0; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + addresses[1] = msg.sender; + indexes[msg.sender] = 1; + lastIndex = 1; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract CCindexToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping(address=>bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + uint256 public constant initialSupply = 40000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "CCindex10"; + string public tokenSymbol = "T10"; + function CCindexToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + if(_value > 0){ + if(balanceOf[msg.sender] == 0){ + addresses[indexes[msg.sender]] = addresses[lastIndex]; + indexes[addresses[lastIndex]] = indexes[msg.sender]; + indexes[msg.sender] = 0; + delete addresses[lastIndex]; + lastIndex--; + } + if(indexes[_to]==0){ + lastIndex++; + addresses[lastIndex] = _to; + indexes[_to] = lastIndex; + } + } + } + function getAddresses() constant returns (address[]){ + address[] memory addrs = new address[](lastIndex); + for(uint i = 0; i < lastIndex; i++){ + addrs[i] = addresses[i+1]; + } + return addrs; + } + function distributeTokens(uint startIndex,uint endIndex) onlyOwner returns (uint) { + uint distributed = 0; + require(startIndex < endIndex); + for(uint i = startIndex; i < lastIndex; i++){ + address holder = addresses[i+1]; + uint reward = balanceOf[holder] * 3 / 100; + balanceOf[holder] += reward; + distributed += reward; + Transfer(0, holder, reward); + } + totalSupply += distributed; + return distributed; + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13072.sol b/data_full/CVE_clean/2018-13072.sol new file mode 100644 index 0000000000000000000000000000000000000000..ff7b130d7f01c9ab6043c4e8631631b715420648 --- /dev/null +++ b/data_full/CVE_clean/2018-13072.sol @@ -0,0 +1,125 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + revert(); + } +} +contract Coffeecoin is owned, token { + uint public buyRate = 4000; + bool public isSelling = true; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function Coffeecoin( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setBuyRate(uint newBuyRate) onlyOwner { + buyRate = newBuyRate; + } + function setSelling(bool newStatus) onlyOwner { + isSelling = newStatus; + } + function buy() payable { + if(isSelling == false) revert(); + uint amount = msg.value * buyRate; + balanceOf[msg.sender] += amount; + balanceOf[owner] -= amount; + Transfer(owner, msg.sender, amount); + } + function withdrawToOwner(uint256 amountWei) onlyOwner { + owner.transfer(amountWei); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13073.sol b/data_full/CVE_clean/2018-13073.sol new file mode 100644 index 0000000000000000000000000000000000000000..ac44598280653683b67ddc21ce7fa762e1d94294 --- /dev/null +++ b/data_full/CVE_clean/2018-13073.sol @@ -0,0 +1,131 @@ +pragma solidity ^0.4.17; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = "ETHEREUMBLACK"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract ETHEREUMBLACK is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping(address=>bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + uint256 public constant initialSupply = 200000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "ETHEREUMBLACK"; + string public tokenSymbol = "ETCBK"; + function ETHEREUMBLACK() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13074.sol b/data_full/CVE_clean/2018-13074.sol new file mode 100644 index 0000000000000000000000000000000000000000..871884f0efde6c1450b086a266c454ae3ea3b5ef --- /dev/null +++ b/data_full/CVE_clean/2018-13074.sol @@ -0,0 +1,112 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + uint256 initialSupply=5000000000; + string tokenName='FIB'; + string tokenSymbol='FIB'; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + emit Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + emit Burn(_from, _value); + return true; + } +} +contract FIBToken is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function FIBToken( + ) TokenERC20() public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13075.sol b/data_full/CVE_clean/2018-13075.sol new file mode 100644 index 0000000000000000000000000000000000000000..19fcc9da16f4dc7469be89b5179c706ffcea1179 --- /dev/null +++ b/data_full/CVE_clean/2018-13075.sol @@ -0,0 +1,142 @@ +pragma solidity ^0.4.18; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } + function destruct() public onlyOwner { + selfdestruct(owner); + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20() public { + totalSupply = 500000000000 * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = "Carbon Exchange Coin Token"; + symbol = "CEC"; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract CarbonExchangeCoinToken is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + uint256 public decimals = 18; + string public tokenName; + string public tokenSymbol; + uint minBalanceForAccounts ; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function CarbonExchangeCoinToken() public { + owner = msg.sender; + totalSupply = 50000000000000000000000000000; + balanceOf[owner]=totalSupply; + tokenName="Carbon Exchange Coin Token"; + tokenSymbol="CEC"; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } + function setMinBalance(uint minimumBalanceInFinney) public onlyOwner { + minBalanceForAccounts = minimumBalanceInFinney * 1 finney; + } + function setTokenName(string newTokenName) public onlyOwner{ + tokenName = newTokenName; + } + function setTokenSymbol(string newTokenSymbol) public onlyOwner{ + tokenSymbol = newTokenSymbol; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13076.sol b/data_full/CVE_clean/2018-13076.sol new file mode 100644 index 0000000000000000000000000000000000000000..66b61fadaa61596eb6aec5daabedc47a471e8981 --- /dev/null +++ b/data_full/CVE_clean/2018-13076.sol @@ -0,0 +1,125 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + revert(); + } +} +contract Betcash is owned, token { + uint public buyRate = 4000; + bool public isSelling = true; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function Betcash( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setBuyRate(uint newBuyRate) onlyOwner { + buyRate = newBuyRate; + } + function setSelling(bool newStatus) onlyOwner { + isSelling = newStatus; + } + function buy() payable { + if(isSelling == false) revert(); + uint amount = msg.value * buyRate; + balanceOf[msg.sender] += amount; + balanceOf[owner] -= amount; + Transfer(owner, msg.sender, amount); + } + function withdrawToOwner(uint256 amountWei) onlyOwner { + owner.transfer(amountWei); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13077.sol b/data_full/CVE_clean/2018-13077.sol new file mode 100644 index 0000000000000000000000000000000000000000..d34b34e52d8d5157b10976f6667ff1d9e79d4b94 --- /dev/null +++ b/data_full/CVE_clean/2018-13077.sol @@ -0,0 +1,128 @@ +pragma solidity ^0.4.13; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address from, uint256 value, address token, bytes extraData); } +contract token { + string public name = 'CTB'; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function transfer(address _to, uint256 _value) { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + require (_value < allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) returns (bool success) { + require (balanceOf[msg.sender] > _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract CTB is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function CTB( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13078.sol b/data_full/CVE_clean/2018-13078.sol new file mode 100644 index 0000000000000000000000000000000000000000..6abcf5b3dff7f9c3644c5a58d4f59e81f9901a1b --- /dev/null +++ b/data_full/CVE_clean/2018-13078.sol @@ -0,0 +1,107 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() public{ + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract token { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) public { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) public { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () public { + revert(); + } +} +contract Jitech is owned, token { + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function Jitech( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) public token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) public { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + if (frozenAccount[_from]) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) public onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) public onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13079.sol b/data_full/CVE_clean/2018-13079.sol new file mode 100644 index 0000000000000000000000000000000000000000..703170f6da196ed9593363cdbb592ddb10723810 --- /dev/null +++ b/data_full/CVE_clean/2018-13079.sol @@ -0,0 +1,128 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract GoodTo { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function GoodTo( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract StandardToken is owned, GoodTo { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function StandardToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) GoodTo(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13080.sol b/data_full/CVE_clean/2018-13080.sol new file mode 100644 index 0000000000000000000000000000000000000000..7d8884c3d45e2a5d46c37b40863f12d29a7db2e2 --- /dev/null +++ b/data_full/CVE_clean/2018-13080.sol @@ -0,0 +1,107 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() public{ + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract token { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) public { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) public { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () public { + revert(); + } +} +contract Goutex is owned, token { + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function Goutex( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) public token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) public { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + if (frozenAccount[_from]) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) public onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) public onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13081.sol b/data_full/CVE_clean/2018-13081.sol new file mode 100644 index 0000000000000000000000000000000000000000..62d35a8949780e23dfd673a3b7d29d49d9ddbe4b --- /dev/null +++ b/data_full/CVE_clean/2018-13081.sol @@ -0,0 +1,127 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract GZSToken is owned, token { + uint public buyRate = 46000; + bool public isSelling = true; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function GZSToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setBuyRate(uint newBuyRate) onlyOwner { + buyRate = newBuyRate; + } + function setSelling(bool newStatus) onlyOwner { + isSelling = newStatus; + } + function buy() payable { + if(isSelling == false) throw; + uint amount = msg.value * buyRate; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function withdrawToOwner(uint256 amountWei) onlyOwner { + owner.transfer(amountWei); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13082.sol b/data_full/CVE_clean/2018-13082.sol new file mode 100644 index 0000000000000000000000000000000000000000..723c88848a4634c3fd3529823750bb6ae2e725fd --- /dev/null +++ b/data_full/CVE_clean/2018-13082.sol @@ -0,0 +1,133 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract ModiTokenERC20 { + string public constant _myTokeName = 'MODI Token'; + string public constant _mySymbol = 'MODI'; + uint public constant _myinitialSupply = 10000; + uint8 public constant _myDecimal = 18; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function ModiTokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + decimals = _myDecimal; + totalSupply = _myinitialSupply * (10 ** uint256(_myDecimal)); + balanceOf[msg.sender] = totalSupply; + name = _myTokeName; + symbol = _mySymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract MyAdvancedToken is owned, ModiTokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) ModiTokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13083.sol b/data_full/CVE_clean/2018-13083.sol new file mode 100644 index 0000000000000000000000000000000000000000..e818810bc5a9c54cc3e6db294e405bc3d67f10e0 --- /dev/null +++ b/data_full/CVE_clean/2018-13083.sol @@ -0,0 +1,113 @@ +pragma solidity ^0.4.21; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + emit Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + emit Burn(_from, _value); + return true; + } +} +contract PlazaToken is owned, TokenERC20 { + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function PlazaToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13084.sol b/data_full/CVE_clean/2018-13084.sol new file mode 100644 index 0000000000000000000000000000000000000000..d0e05edb3cc46573bcd2d08cbf9df242449de10d --- /dev/null +++ b/data_full/CVE_clean/2018-13084.sol @@ -0,0 +1,123 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient +{ +function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; +} +contract StandardToken { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function StandardToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public returns (bool success) + { + _transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract GoodTimeCoin is owned, StandardToken { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function GoodTimeCoin( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) StandardToken(initialSupply, tokenName, tokenSymbol) public {} + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13085.sol b/data_full/CVE_clean/2018-13085.sol new file mode 100644 index 0000000000000000000000000000000000000000..97a9e5a36a3ba6476213e3673ad815bf08e6723c --- /dev/null +++ b/data_full/CVE_clean/2018-13085.sol @@ -0,0 +1,140 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + uint public free = 100 * 10 ** uint256(decimals); + mapping (address => uint256) public balances; + mapping (address => mapping (address => uint256)) public allowance; + mapping (address => bool) public created; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function changeFree(uint newFree) public { + free = newFree; + } + function balanceOf(address _owner) public constant returns (uint balance) { + if (!created[_owner] && balances[_owner] == 0) { + return free; + } + else + { + return balances[_owner]; + } + } + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balances[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + created[msg.sender] = true; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + if (!created[_from]) { + balances[_from] = free; + created[_from] = true; + } + if (!created[_to]) { + created[_to] = true; + } + require(balances[_from] >= _value); + require(balances[_to] + _value >= balances[_to]); + uint previousBalances = balances[_from] + balances[_to]; + balances[_from] -= _value; + balances[_to] += _value; + emit Transfer(_from, _to, _value); + assert(balances[_from] + balances[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + totalSupply -= _value; + emit Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balances[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balances[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + emit Burn(_from, _value); + return true; + } +} +contract FreeCoin is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function FreeCoin( + uint256 initialSupply, + string tokenName , + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balances[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(address(this).balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13086.sol b/data_full/CVE_clean/2018-13086.sol new file mode 100644 index 0000000000000000000000000000000000000000..9556756d155283170c51fda7877c1da4f8a1b443 --- /dev/null +++ b/data_full/CVE_clean/2018-13086.sol @@ -0,0 +1,130 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract Token { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract IADOWR is owned, Token { + string public name = "IADOWR Coin"; + string public symbol = "IAD"; + address public IADAddress = this; + uint8 public decimals = 18; + uint256 public initialSupply = 2000000000000000000000000000; + uint256 public totalSupply = 2000000000000000000000000000; + uint256 public unitsOneEthCanBuy = 5000; + uint256 public buyPriceEth = 0.2 finney; + uint256 public sellPriceEth = 0.1 finney; + uint256 public gasForIAD = 30000 wei; + uint256 public IADForGas = 1; + uint256 public gasReserve = 0.1 ether; + uint256 public minBalanceForAccounts = 2 finney; + bool public directTradeAllowed = false; + function IADOWR() { + balanceOf[msg.sender] = totalSupply; + } + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13087.sol b/data_full/CVE_clean/2018-13087.sol new file mode 100644 index 0000000000000000000000000000000000000000..aa51a00bc6cfe2f6875acc2807768683f24459fa --- /dev/null +++ b/data_full/CVE_clean/2018-13087.sol @@ -0,0 +1,124 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20(uint256 initialSupply, string tokenName, string tokenSymbol) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract MyAdvancedToken is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) payable public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13088.sol b/data_full/CVE_clean/2018-13088.sol new file mode 100644 index 0000000000000000000000000000000000000000..e1b4a64098e00c237c4b98daedae8281789417d1 --- /dev/null +++ b/data_full/CVE_clean/2018-13088.sol @@ -0,0 +1,128 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract MyAdvancedToken is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13089.sol b/data_full/CVE_clean/2018-13089.sol new file mode 100644 index 0000000000000000000000000000000000000000..aef80f8051e36dbad33cfc9ef893e41c938f71b6 --- /dev/null +++ b/data_full/CVE_clean/2018-13089.sol @@ -0,0 +1,126 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name ; + string public symbol ; + uint8 public decimals = 18; + uint256 public totalSupply ; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract UCoinToken is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function UCoinToken( + ) + TokenERC20(5000000000, "Universal Coin", "UCOIN") public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13090.sol b/data_full/CVE_clean/2018-13090.sol new file mode 100644 index 0000000000000000000000000000000000000000..97695ae6d63893e3034a6c8aff505429b316be98 --- /dev/null +++ b/data_full/CVE_clean/2018-13090.sol @@ -0,0 +1,128 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract YiTongCoin is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function YiTongCoin( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13091.sol b/data_full/CVE_clean/2018-13091.sol new file mode 100644 index 0000000000000000000000000000000000000000..3da164fee07be3f66f28139e16af04cb09edc350 --- /dev/null +++ b/data_full/CVE_clean/2018-13091.sol @@ -0,0 +1,111 @@ +pragma solidity ^0.4.16; +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} + contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } + } +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract sumocoin is owned { + using SafeMath for uint256; + string public name = "sumocoin"; + string public symbol = "SUMO"; + uint8 public decimals = 18; + uint256 public totalSupply = 10**25; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function sumocoin(){ + balanceOf[msg.sender] = totalSupply; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } + function distributeToken(address[] addresses, uint256 _value) onlyOwner { + for (uint i = 0; i < addresses.length; i++) { + balanceOf[owner] -= _value; + balanceOf[addresses[i]] += _value; + Transfer(owner, addresses[i], _value); + } +} +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13092.sol b/data_full/CVE_clean/2018-13092.sol new file mode 100644 index 0000000000000000000000000000000000000000..9c90c53b7221106584b159897b98f389c15bcbf3 --- /dev/null +++ b/data_full/CVE_clean/2018-13092.sol @@ -0,0 +1,89 @@ +pragma solidity ^0.4.18; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract ReimburseToken is owned{ + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + function ReimburseToken( + uint256 initialSupply + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = "Reimburse Token"; + symbol = "REIM"; + decimals = 18; + } + function balanceOf(address _owner) public constant returns (uint256 balance) { + return balanceOf[_owner]; + } + function _transfer(address _from, address _to, uint _value) internal { + require(balanceOf[_from] >= _value); + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool success) { + allowance[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } +} +contract AdvReimburseToken is owned, ReimburseToken { + function AdvReimburseToken( + uint256 initialSupply + ) ReimburseToken(initialSupply) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13113.sol b/data_full/CVE_clean/2018-13113.sol new file mode 100644 index 0000000000000000000000000000000000000000..2567ec273ca233e620f6aaf72c4a8165bed1c6ef --- /dev/null +++ b/data_full/CVE_clean/2018-13113.sol @@ -0,0 +1,77 @@ +pragma solidity ^0.4.4; +contract Token { + function totalSupply() constant returns (uint256 supply) {} + function balanceOf(address _owner) constant returns (uint256 balance) {} + function transfer(address _to, uint256 _value) returns (bool success) {} + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + function approve(address _spender, uint256 _value) returns (bool success) {} + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract StandardToken is Token { + function transfer(address _to, uint256 _value) returns (bool success) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} +contract HashnodeTestCoin is StandardToken { + string public name; + uint8 public decimals; + string public symbol; + string public version = 'H1.0'; + uint256 public unitsOneEthCanBuy; + uint256 public totalEthInWei; + address public fundsWallet; + function HashnodeTestCoin() { + balances[msg.sender] = 100000000000000000000000000; + totalSupply = 100000000000000000000000000; + name = "Easy Trading Token"; + decimals = 18; + symbol = "ETT"; + unitsOneEthCanBuy = 40000; + fundsWallet = msg.sender; + } + function() payable{ + totalEthInWei = totalEthInWei + msg.value; + uint256 amount = msg.value * unitsOneEthCanBuy; + require(balances[fundsWallet] >= amount); + balances[fundsWallet] = balances[fundsWallet] - amount; + balances[msg.sender] = balances[msg.sender] + amount; + Transfer(fundsWallet, msg.sender, amount); + fundsWallet.transfer(msg.value); + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13126.sol b/data_full/CVE_clean/2018-13126.sol new file mode 100644 index 0000000000000000000000000000000000000000..ca41e213885b88fb5c4bdef1c8e6d3b271dcc750 --- /dev/null +++ b/data_full/CVE_clean/2018-13126.sol @@ -0,0 +1,151 @@ +pragma solidity ^0.4.18; +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + mapping(address => uint256) balances; + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) internal allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } +} +contract SpendToken is StandardToken { + string public constant name = "Spend Token"; + string public constant symbol = "SPEND"; + uint8 public constant decimals = 18; + address public presale; + address public team; + uint public constant TOKEN_LIMIT = 50000000; + function SpendToken(address _presale, address _team) public { + require(_presale != address(0)); + require(_team != address(0)); + presale = _presale; + team = _team; + } + function mint(address _holder, uint _value) external { + require(msg.sender == presale); + require(_value > 0); + require(totalSupply + _value <= TOKEN_LIMIT); + balances[_holder] += _value; + totalSupply += _value; + Transfer(0x0, _holder, _value); + } +} +contract MoxyOnePresale { + enum PreSaleState { + PreSaleStarted, + PreSaleFinished + } + SpendToken public token; + PreSaleState public preSaleState = PreSaleState.PreSaleStarted; + address public team; + bool public isPaused = false; + uint256 public pricePerToken = 1 ether / 1000; + event PreSaleStarted(); + event PreSaleFinished(); + event PreSalePaused(); + event PreSaleResumed(); + event TokenBuy(address indexed buyer, uint256 tokens); + modifier teamOnly { + require(msg.sender == team); + _; + } + function MoxyOnePresale() public { + team = msg.sender; + token = new SpendToken(this, team); + } + function pausePreSale() external teamOnly { + require(!isPaused); + require(preSaleState == PreSaleState.PreSaleStarted); + isPaused = true; + PreSalePaused(); + } + function resumePreSale() external teamOnly { + require(isPaused); + require(preSaleState == PreSaleState.PreSaleStarted); + isPaused = false; + PreSaleResumed(); + } + function finishPreSale() external teamOnly { + require(preSaleState == PreSaleState.PreSaleStarted); + preSaleState = PreSaleState.PreSaleFinished; + PreSaleFinished(); + } + function withdrawFunds(address _target, uint256 _amount) external teamOnly { + _target.transfer(_amount); + } + function buyTokens(address _buyer, uint256 _value) internal returns (uint) { + require(_buyer != address(0)); + require(_value > 0); + require(preSaleState == PreSaleState.PreSaleStarted); + require(!isPaused); + uint256 boughtTokens = _value / pricePerToken; + require(boughtTokens > 0); + token.mint(_buyer, boughtTokens); + TokenBuy(_buyer, boughtTokens); + } + function () external payable { + buyTokens(msg.sender, msg.value); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13127.sol b/data_full/CVE_clean/2018-13127.sol new file mode 100644 index 0000000000000000000000000000000000000000..3940b40fc4c3ce459cbd838c37074bc15b4389b6 --- /dev/null +++ b/data_full/CVE_clean/2018-13127.sol @@ -0,0 +1,126 @@ +pragma solidity ^0.4.19; +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + mapping(address => uint256) balances; + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) internal allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } +} +contract DSPXToken is StandardToken { + string public constant name = "SP8DE PreSale Token"; + string public constant symbol = "DSPX"; + uint8 public constant decimals = 18; + address public preSale; + address public team; + bool public isFrozen = true; + uint public constant TOKEN_LIMIT = 888888888 * (1e18); + function DSPXToken(address _preSale, address _team) { + require(_preSale != address(0)); + require(_team != address(0)); + preSale = _preSale; + team = _team; + } + function mint(address holder, uint value) { + require(msg.sender == preSale); + require(value > 0); + require(totalSupply + value <= TOKEN_LIMIT); + balances[holder] += value; + totalSupply += value; + Transfer(0x0, holder, value); + } + function unfreeze() external { + require(msg.sender == team); + isFrozen = false; + } + function transfer(address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transfer(_to, _value); + } + function transferFrom(address _from, address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transferFrom(_from, _to, _value); + } + function approve(address _spender, uint _value) public returns (bool) { + require(!isFrozen); + return super.approve(_spender, _value); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13128.sol b/data_full/CVE_clean/2018-13128.sol new file mode 100644 index 0000000000000000000000000000000000000000..c5184528a255479d52cff3d60936e02453de1e53 --- /dev/null +++ b/data_full/CVE_clean/2018-13128.sol @@ -0,0 +1,138 @@ +pragma solidity ^0.4.21; +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256 c) { + if (a == 0) { + return 0; + } + c = a * b; + assert(c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + return a / b; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256 c) { + c = a + b; + assert(c >= a); + return c; + } +} +contract ERC223ReceivingContract{ + function tokenFallback(address _from, uint _value, bytes _data) public; +} +contract ERC20Basic { + uint public totalSupply; + function balanceOf(address who) public constant returns (uint); + function transfer(address to, uint value) public; + event Transfer(address indexed from, address indexed to, uint value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint); + function transferFrom(address from, address to, uint value) public; + function approve(address spender, uint value) public; + event Approval(address indexed owner, address indexed spender, uint value); +} +contract BasicToken is ERC20Basic { + using SafeMath for uint; + mapping(address => uint) balances; + modifier onlyPayloadSize(uint size) { + require(msg.data.length >= size + 4); + _; + } + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) public { + uint codeLength; + bytes memory empty; + assembly { + codeLength := extcodesize(_to) + } + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + if(codeLength > 0) { + ERC223ReceivingContract receiver = ERC223ReceivingContract(_to); + receiver.tokenFallback(msg.sender, _value, empty); + } + emit Transfer(msg.sender, _to, _value); + } + function balanceOf(address _owner) public constant returns (uint balance) { + return balances[_owner]; + } +} +contract StandardToken is BasicToken, ERC20 { + mapping (address => mapping (address => uint)) allowed; + function transferFrom(address _from, address _to, uint _value) public { + uint256 _allowance = allowed[_from][msg.sender]; + uint codeLength; + bytes memory empty; + assembly { + codeLength := extcodesize(_to) + } + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + if(codeLength>0) { + ERC223ReceivingContract receiver = ERC223ReceivingContract(_to); + receiver.tokenFallback(msg.sender, _value, empty); + } + emit Transfer(_from, _to, _value); + } + function approve(address _spender, uint _value) public { + allowed[msg.sender][_spender] = _value; + emit Approval(msg.sender, _spender, _value); + } + function allowance(address _owner, address _spender) public constant returns (uint remaining) { + return allowed[_owner][_spender]; + } +} +contract BurnableToken is StandardToken { + function burn(uint _value) public { + require(_value > 0); + address burner = msg.sender; + balances[burner] = balances[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + emit Burn(burner, _value); + } + event Burn(address indexed burner, uint indexed value); +} +contract ETY is BurnableToken { + string public name = "Etherty Token"; + string public symbol = "ETY"; + uint public decimals = 18; + uint constant TOKEN_LIMIT = 240 * 1e6 * 1e18; + address public ico; + bool public tokensAreFrozen = true; + function ETY(address _ico) public { + ico = _ico; + } + function mint(address _holder, uint _value) external { + require(msg.sender == ico); + require(_value != 0); + require(totalSupply + _value <= TOKEN_LIMIT); + balances[_holder] += _value; + totalSupply += _value; + emit Transfer(0x0, _holder, _value); + } + function burn(uint _value) public { + require(msg.sender == ico); + super.burn(_value); + } + function unfreeze() external { + require(msg.sender == ico); + tokensAreFrozen = false; + } + function transfer(address _to, uint _value) public { + require(!tokensAreFrozen); + super.transfer(_to, _value); + } + function transferFrom(address _from, address _to, uint _value) onlyPayloadSize(3 * 32) public { + require(!tokensAreFrozen); + super.transferFrom(_from, _to, _value); + } + function approve(address _spender, uint _value) public { + require(!tokensAreFrozen); + super.approve(_spender, _value); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13129.sol b/data_full/CVE_clean/2018-13129.sol new file mode 100644 index 0000000000000000000000000000000000000000..9824228782aef60defc77e4d3686a21eecac589a --- /dev/null +++ b/data_full/CVE_clean/2018-13129.sol @@ -0,0 +1,152 @@ +pragma solidity ^0.4.18; +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + mapping(address => uint256) balances; + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) internal allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } +} +contract MigrationAgent { + function migrateFrom(address _from, uint _value) public; +} +contract SPXToken is StandardToken { + string public constant name = "SP8DE Token"; + string public constant symbol = "SPX"; + uint8 public constant decimals = 18; + address public ico; + bool public isFrozen = true; + uint public constant TOKEN_LIMIT = 8888888888 * (1e18); + address public migrationMaster; + address public migrationAgent; + uint public totalMigrated; + event Migrate(address indexed _from, address indexed _to, uint _value); + function SPXToken(address _ico, address _migrationMaster) public { + require(_ico != 0); + ico = _ico; + migrationMaster = _migrationMaster; + } + function mint(address holder, uint value) public { + require(msg.sender == ico); + require(value > 0); + require(totalSupply + value <= TOKEN_LIMIT); + balances[holder] += value; + totalSupply += value; + Transfer(0x0, holder, value); + } + function unfreeze() public { + require(msg.sender == ico); + isFrozen = false; + } + function transfer(address _to, uint _value) public returns (bool) { + require(_to != address(0)); + require(!isFrozen); + return super.transfer(_to, _value); + } + function transferFrom(address _from, address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transferFrom(_from, _to, _value); + } + function approve(address _spender, uint _value) public returns (bool) { + require(!isFrozen); + return super.approve(_spender, _value); + } + function migrate(uint value) external { + require(migrationAgent != 0); + require(value > 0); + require(value <= balances[msg.sender]); + balances[msg.sender] -= value; + totalSupply -= value; + totalMigrated += value; + MigrationAgent(migrationAgent).migrateFrom(msg.sender, value); + Migrate(msg.sender, migrationAgent, value); + } + function setMigrationAgent(address _agent) external { + require(migrationAgent == 0); + require(msg.sender == migrationMaster); + migrationAgent = _agent; + } + function setMigrationMaster(address _master) external { + require(msg.sender == migrationMaster); + require(_master != 0); + migrationMaster = _master; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13131.sol b/data_full/CVE_clean/2018-13131.sol new file mode 100644 index 0000000000000000000000000000000000000000..02350c223f94810e898f8b83571fc8743afdafb0 --- /dev/null +++ b/data_full/CVE_clean/2018-13131.sol @@ -0,0 +1,178 @@ +pragma solidity ^0.4.19; +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + mapping(address => uint256) balances; + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) internal allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } +} +contract DSPXToken is StandardToken { + string public constant name = "SP8DE PreSale Token"; + string public constant symbol = "DSPX"; + uint8 public constant decimals = 18; + address public preSale; + address public team; + bool public isFrozen = true; + uint public constant TOKEN_LIMIT = 888888888 * (1e18); + function DSPXToken(address _preSale, address _team) { + require(_preSale != address(0)); + require(_team != address(0)); + preSale = _preSale; + team = _team; + } + function mint(address holder, uint value) { + require(msg.sender == preSale); + require(value > 0); + require(totalSupply + value <= TOKEN_LIMIT); + balances[holder] += value; + totalSupply += value; + Transfer(0x0, holder, value); + } + function unfreeze() external { + require(msg.sender == team); + isFrozen = false; + } + function transfer(address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transfer(_to, _value); + } + function transferFrom(address _from, address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transferFrom(_from, _to, _value); + } + function approve(address _spender, uint _value) public returns (bool) { + require(!isFrozen); + return super.approve(_spender, _value); + } +} +contract SpadePreSale { + DSPXToken public token; + address public team; + address public icoAgent; + modifier teamOnly {require(msg.sender == team); _;} + modifier icoAgentOnly {require(msg.sender == icoAgent); _;} + bool public isPaused = false; + enum PreSaleState { Created, PreSaleStarted, PreSaleFinished } + PreSaleState public preSaleState = PreSaleState.Created; + event PreSaleStarted(); + event PreSaleFinished(); + event PreSalePaused(); + event PreSaleResumed(); + event TokenBuy(address indexed buyer, uint256 tokens, uint factor, string tx); + function SpadePreSale(address _team, address _icoAgent) public { + require(_team != address(0)); + require(_icoAgent != address(0)); + team = _team; + icoAgent = _icoAgent; + token = new DSPXToken(this, team); + } + function startPreSale() external teamOnly { + require(preSaleState == PreSaleState.Created); + preSaleState = PreSaleState.PreSaleStarted; + PreSaleStarted(); + } + function pausePreSale() external teamOnly { + require(!isPaused); + require(preSaleState == PreSaleState.PreSaleStarted); + isPaused = true; + PreSalePaused(); + } + function resumePreSale() external teamOnly { + require(isPaused); + require(preSaleState == PreSaleState.PreSaleStarted); + isPaused = false; + PreSaleResumed(); + } + function finishPreSale() external teamOnly { + require(preSaleState == PreSaleState.PreSaleStarted); + preSaleState = PreSaleState.PreSaleFinished; + PreSaleFinished(); + } + function buyPreSaleTokens(address buyer, uint256 tokens, uint factor, string txHash) external icoAgentOnly returns (uint) { + require(buyer != address(0)); + require(tokens > 0); + require(preSaleState == PreSaleState.PreSaleStarted); + require(!isPaused); + token.mint(buyer, tokens); + TokenBuy(buyer, tokens, factor, txHash); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13132.sol b/data_full/CVE_clean/2018-13132.sol new file mode 100644 index 0000000000000000000000000000000000000000..253f6388454eee1d7dd1968796a8dc33c0041761 --- /dev/null +++ b/data_full/CVE_clean/2018-13132.sol @@ -0,0 +1,249 @@ +pragma solidity ^0.4.18; +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public view returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + mapping(address => uint256) balances; + function transfer(address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public view returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) internal allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } +} +contract MigrationAgent { + function migrateFrom(address _from, uint _value) public; +} +contract SPXToken is StandardToken { + string public constant name = "SP8DE Token"; + string public constant symbol = "SPX"; + uint8 public constant decimals = 18; + address public ico; + bool public isFrozen = true; + uint public constant TOKEN_LIMIT = 8888888888 * (1e18); + address public migrationMaster; + address public migrationAgent; + uint public totalMigrated; + event Migrate(address indexed _from, address indexed _to, uint _value); + function SPXToken(address _ico, address _migrationMaster) public { + require(_ico != 0); + ico = _ico; + migrationMaster = _migrationMaster; + } + function mint(address holder, uint value) public { + require(msg.sender == ico); + require(value > 0); + require(totalSupply + value <= TOKEN_LIMIT); + balances[holder] += value; + totalSupply += value; + Transfer(0x0, holder, value); + } + function unfreeze() public { + require(msg.sender == ico); + isFrozen = false; + } + function transfer(address _to, uint _value) public returns (bool) { + require(_to != address(0)); + require(!isFrozen); + return super.transfer(_to, _value); + } + function transferFrom(address _from, address _to, uint _value) public returns (bool) { + require(!isFrozen); + return super.transferFrom(_from, _to, _value); + } + function approve(address _spender, uint _value) public returns (bool) { + require(!isFrozen); + return super.approve(_spender, _value); + } + function migrate(uint value) external { + require(migrationAgent != 0); + require(value > 0); + require(value <= balances[msg.sender]); + balances[msg.sender] -= value; + totalSupply -= value; + totalMigrated += value; + MigrationAgent(migrationAgent).migrateFrom(msg.sender, value); + Migrate(msg.sender, migrationAgent, value); + } + function setMigrationAgent(address _agent) external { + require(migrationAgent == 0); + require(msg.sender == migrationMaster); + migrationAgent = _agent; + } + function setMigrationMaster(address _master) external { + require(msg.sender == migrationMaster); + require(_master != 0); + migrationMaster = _master; + } +} +contract SpadeIco { + uint public constant TOKENS_FOR_SALE = 3655555558 * 1e18; + uint public constant TOKENS_FOUNDATION = 1777777778 * 1e18; + uint tokensSold = 0; + SPXToken public token; + address public team; + address public icoAgent; + address public migrationMaster; + modifier teamOnly {require(msg.sender == team); _;} + modifier icoAgentOnly {require(msg.sender == icoAgent); _;} + bool public isPaused = false; + enum IcoState { Created, IcoStarted, IcoFinished } + IcoState public icoState = IcoState.Created; + event IcoStarted(); + event IcoFinished(); + event IcoPaused(); + event IcoResumed(); + event TokenBuy(address indexed buyer, uint256 tokens, uint256 factor, string tx); + event TokenBuyPresale(address indexed buyer, uint256 tokens, uint256 factor, string tx); + event TokenWin(address indexed buyer, uint256 tokens, uint256 jackpot); + function SpadeIco(address _team, address _icoAgent, address _migrationMaster) public { + require(_team != address(0) && _icoAgent != address(0) && _migrationMaster != address(0)); + migrationMaster = _migrationMaster; + team = _team; + icoAgent = _icoAgent; + token = new SPXToken(this, migrationMaster); + } + function startIco() external teamOnly { + require(icoState == IcoState.Created); + icoState = IcoState.IcoStarted; + IcoStarted(); + } + function finishIco(address foundation, address other) external teamOnly { + require(foundation != address(0)); + require(other != address(0)); + require(icoState == IcoState.IcoStarted); + icoState = IcoState.IcoFinished; + uint256 amountWithFoundation = SafeMath.add(token.totalSupply(), TOKENS_FOUNDATION); + if (amountWithFoundation > token.TOKEN_LIMIT()) { + uint256 foundationToMint = token.TOKEN_LIMIT() - token.totalSupply(); + if (foundationToMint > 0) { + token.mint(foundation, foundationToMint); + } + } else { + token.mint(foundation, TOKENS_FOUNDATION); + uint mintedTokens = token.totalSupply(); + uint remaining = token.TOKEN_LIMIT() - mintedTokens; + if (remaining > 0) { + token.mint(other, remaining); + } + } + token.unfreeze(); + IcoFinished(); + } + function pauseIco() external teamOnly { + require(!isPaused); + require(icoState == IcoState.IcoStarted); + isPaused = true; + IcoPaused(); + } + function resumeIco() external teamOnly { + require(isPaused); + require(icoState == IcoState.IcoStarted); + isPaused = false; + IcoResumed(); + } + function convertPresaleTokens(address buyer, uint256 tokens, uint256 factor, string txHash) external icoAgentOnly returns (uint) { + require(buyer != address(0)); + require(tokens > 0); + require(validState()); + uint256 tokensToSell = SafeMath.add(tokensSold, tokens); + require(tokensToSell <= TOKENS_FOR_SALE); + tokensSold = tokensToSell; + token.mint(buyer, tokens); + TokenBuyPresale(buyer, tokens, factor, txHash); + } + function creditJackpotTokens(address buyer, uint256 tokens, uint256 jackpot) external icoAgentOnly returns (uint) { + require(buyer != address(0)); + require(tokens > 0); + require(validState()); + token.mint(buyer, tokens); + TokenWin(buyer, tokens, jackpot); + } + function buyTokens(address buyer, uint256 tokens, uint256 factor, string txHash) external icoAgentOnly returns (uint) { + require(buyer != address(0)); + require(tokens > 0); + require(validState()); + uint256 tokensToSell = SafeMath.add(tokensSold, tokens); + require(tokensToSell <= TOKENS_FOR_SALE); + tokensSold = tokensToSell; + token.mint(buyer, tokens); + TokenBuy(buyer, tokens, factor, txHash); + } + function validState() internal view returns (bool) { + return icoState == IcoState.IcoStarted && !isPaused; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13144.sol b/data_full/CVE_clean/2018-13144.sol new file mode 100644 index 0000000000000000000000000000000000000000..831fbe0e1e4f69bdd4a1d05d03f289291bc9c5c9 --- /dev/null +++ b/data_full/CVE_clean/2018-13144.sol @@ -0,0 +1,65 @@ +pragma solidity ^0.4.8; +contract Token{ + uint256 public totalSupply; + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns + (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns + (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 + _value); +} +contract StandardToken is Token { + function transfer(address _to, uint256 _value) returns (bool success) { + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) returns + (bool success) { + require(balances[_from] >= _value && allowed[_from][msg.sender] >= _value); + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) + { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; +} +contract HumanStandardToken is StandardToken { + string public name; + uint8 public decimals; + string public symbol; + string public version = 'H0.1'; + function HumanStandardToken(uint256 _initialAmount, string _tokenName, uint8 _decimalUnits, string _tokenSymbol) { + balances[msg.sender] = _initialAmount; + totalSupply = _initialAmount; + name = _tokenName; + decimals = _decimalUnits; + symbol = _tokenSymbol; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + require(_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)); + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13189.sol b/data_full/CVE_clean/2018-13189.sol new file mode 100644 index 0000000000000000000000000000000000000000..3b2fe003dbdb73133aa726e55d802fe875853aea --- /dev/null +++ b/data_full/CVE_clean/2018-13189.sol @@ -0,0 +1,171 @@ +pragma solidity ^0.4.18; +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) constant returns (uint256); + function transfer(address to, uint256 value) returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) constant returns (uint256); + function transferFrom(address from, address to, uint256 value) returns (bool); + function approve(address spender, uint256 value) returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + mapping(address => uint256) balances; + function transfer(address _to, uint256 _value) returns (bool) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } +} +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) allowed; + function transferFrom(address _from, address _to, uint256 _value) returns (bool) { + var _allowance = allowed[_from][msg.sender]; + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) returns (bool) { + require((_value == 0) || (allowed[msg.sender][_spender] == 0)); + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} +contract Ownable { + address public owner; + function Ownable() { + owner = msg.sender; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + if (newOwner != address(0)) { + owner = newOwner; + } + } +} +contract Pausable is Ownable { + event Pause(); + event Unpause(); + bool public paused = false; + modifier whenNotPaused() { + require(!paused); + _; + } + modifier whenPaused { + require(paused); + _; + } + function pause() onlyOwner whenNotPaused returns (bool) { + paused = true; + Pause(); + return true; + } + function unpause() onlyOwner whenPaused returns (bool) { + paused = false; + Unpause(); + return true; + } +} +contract PausableToken is StandardToken, Pausable { + function transfer(address _to, uint _value) whenNotPaused returns (bool) { + return super.transfer(_to, _value); + } + function transferFrom(address _from, address _to, uint _value) whenNotPaused returns (bool) { + return super.transferFrom(_from, _to, _value); + } +} +contract UNLB is PausableToken { + string public constant name = "UnolaboToken"; + string public constant symbol = "UNLB"; + uint256 public constant decimals = 18; + function UNLB() { + owner = msg.sender; + } + function mint(address _x, uint _v) public onlyOwner { + balances[_x] += _v; + totalSupply += _v; + Transfer(0x0, _x, _v); + } +} +contract ICO is Pausable { + uint public constant ICO_START_DATE = 1511773200; + uint public constant ICO_END_DATE = 1525018620; + address public constant admin = 0xFeC0714C2eE71a486B679d4A3539FA875715e7d8; + address public constant teamWallet = 0xf16d5733A31D54e828460AFbf7D60aA803a61C51; + UNLB public unlb; + bool public isFinished = false; + event ForeignBuy(address investor, uint unlbValue, string txHash); + function ICO() { + owner = admin; + unlb = new UNLB(); + unlb.pause(); + } + function pricePerWei() public constant returns(uint) { + if (now < 1511799420) return 800.0 * 1 ether; + else if(now < 1511885820) return 750.0 * 1 ether; + else if(now < 1513181820) return 675.0 * 1 ether; + else if(now < 1515514620) return 575.0 * 1 ether; + else if(now < 1516205820) return 537.5 * 1 ether; + else return 500.0 * 1 ether; + } + function() public payable { + require(!paused && now >= ICO_START_DATE && now < ICO_END_DATE); + uint _tokenVal = (msg.value * pricePerWei()) / 1 ether; + unlb.mint(msg.sender, _tokenVal); + } + function foreignBuy(address _investor, uint _unlbValue, string _txHash) external onlyOwner { + require(!paused && now >= ICO_START_DATE && now < ICO_END_DATE); + require(_unlbValue > 0); + unlb.mint(_investor, _unlbValue); + ForeignBuy(_investor, _unlbValue, _txHash); + } + function finish(address _team, address _fund, address _bounty, address _backers) external onlyOwner { + require(now >= ICO_END_DATE && !isFinished); + unlb.unpause(); + isFinished = true; + uint _total = unlb.totalSupply() * 100 / (100 - 12 - 15 - 5 - 3); + unlb.mint(_team, (_total * 12) / 100); + unlb.mint(_fund, (_total * 15) / 100); + unlb.mint(_bounty, (_total * 5) / 100); + unlb.mint(_backers, (_total * 3) / 100); + } + function withdraw() external onlyOwner { + teamWallet.transfer(this.balance); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13202.sol b/data_full/CVE_clean/2018-13202.sol new file mode 100644 index 0000000000000000000000000000000000000000..caadc7fdbdcf1bdae496e06de24f21e89b0d1db4 --- /dev/null +++ b/data_full/CVE_clean/2018-13202.sol @@ -0,0 +1,140 @@ +pragma solidity ^0.4.11; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract MyBoToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + event Burn(address indexed from, uint256 value); + function MyBoToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } + function burn(uint256 amount) onlyOwner returns (bool success) { + if (balanceOf[msg.sender] < amount) throw; + balanceOf[msg.sender] -= amount; + totalSupply -= amount; + Burn(msg.sender, amount); + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13208.sol b/data_full/CVE_clean/2018-13208.sol new file mode 100644 index 0000000000000000000000000000000000000000..7d590e177ece5cd3f7daadd2c6efa67580e2fd85 --- /dev/null +++ b/data_full/CVE_clean/2018-13208.sol @@ -0,0 +1,131 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = "MoneyTree 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract MoneyTreeToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping(address=>bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + uint256 public constant initialSupply = 95000000 * 10**8; + uint8 public constant decimalUnits = 8; + string public tokenName = "MoneyTree"; + string public tokenSymbol = "TREE"; + function MoneyTreeToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13220.sol b/data_full/CVE_clean/2018-13220.sol new file mode 100644 index 0000000000000000000000000000000000000000..33fa8690e3f9c3b78088da419d73311e5af5ebbf --- /dev/null +++ b/data_full/CVE_clean/2018-13220.sol @@ -0,0 +1,132 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract MAVCash is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function MAVCash( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13221.sol b/data_full/CVE_clean/2018-13221.sol new file mode 100644 index 0000000000000000000000000000000000000000..17bbd955578fd809dbf3dac4ffac7492d58d45dd --- /dev/null +++ b/data_full/CVE_clean/2018-13221.sol @@ -0,0 +1,155 @@ +pragma solidity ^0.4.14; +library SafeMath { + function mul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint a, uint b) internal returns (uint) { + assert(b > 0); + uint c = a / b; + assert(a == b * c + a % b); + return c; + } + function sub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + function add(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c >= a); + return c; + } + function max64(uint64 a, uint64 b) internal constant returns (uint64) { + return a >= b ? a : b; + } + function min64(uint64 a, uint64 b) internal constant returns (uint64) { + return a < b ? a : b; + } + function max256(uint256 a, uint256 b) internal constant returns (uint256) { + return a >= b ? a : b; + } + function min256(uint256 a, uint256 b) internal constant returns (uint256) { + return a < b ? a : b; + } + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} +contract Ownable { + address public owner; + function Ownable() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + if (newOwner != address(0)) { + owner = newOwner; + } + } +} +contract ERC20Basic { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function transfer(address to, uint value); + event Transfer(address indexed from, address indexed to, uint value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) constant returns (uint); + function transferFrom(address from, address to, uint value); + function approve(address spender, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} +contract newToken is ERC20Basic { + using SafeMath for uint; + mapping(address => uint) balances; + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + } + function balanceOf(address _owner) constant returns (uint balance) { + return balances[_owner]; + } +} +contract StandardToken is newToken, ERC20 { + mapping (address => mapping (address => uint)) allowed; + function transferFrom(address _from, address _to, uint _value) onlyPayloadSize(3 * 32) { + var _allowance = allowed[_from][msg.sender]; + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + } + function approve(address _spender, uint _value) { + if ((_value != 0) && (allowed[msg.sender][_spender] != 0)) throw; + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + } + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowed[_owner][_spender]; + } +} +contract Extreme is StandardToken, Ownable { + string public constant name = "Extreme Coin"; + string public constant symbol = "XT"; + uint public constant decimals = 2; + uint256 public initialSupply; + function Extreme () { + totalSupply = 59347950076; + balances[msg.sender] = totalSupply; + initialSupply = totalSupply; + Transfer(0, this, totalSupply); + Transfer(this, msg.sender, totalSupply); + } +} +contract ExtremeToken is Ownable, Extreme { +uint256 public sellPrice; +uint256 public buyPrice; + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable returns (uint amount) + { + amount = msg.value / buyPrice; + if (balances[this] < amount) throw; + balances[msg.sender] += amount; + balances[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balances[msg.sender] < amount ) throw; + balances[this] += amount; + balances[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } + function transfer(address _to, uint256 _value) { + require(balances[msg.sender] > _value); + require(balances[_to] + _value > balances[_to]); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balances[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13225.sol b/data_full/CVE_clean/2018-13225.sol new file mode 100644 index 0000000000000000000000000000000000000000..08a64e88b35c25836158f12214e561b4d6fcddfe --- /dev/null +++ b/data_full/CVE_clean/2018-13225.sol @@ -0,0 +1,137 @@ +pragma solidity ^0.4.13; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + assert(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + assert (balanceOf[msg.sender] >= _value); + assert (balanceOf[_to] + _value >= balanceOf[_to]); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + assert (balanceOf[_from] >= _value); + assert (balanceOf[_to] + _value >= balanceOf[_to]); + assert (_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + assert(false); + } +} +contract MyYLCToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + event Burn(address indexed from, uint256 value); + function MyYLCToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + assert (balanceOf[msg.sender] >= _value); + assert (balanceOf[_to] + _value >= balanceOf[_to]); + assert (!frozenAccount[msg.sender]); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + assert (!frozenAccount[_from]); + assert (balanceOf[_from] >= _value); + assert (balanceOf[_to] + _value >= balanceOf[_to]); + assert (_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + assert (balanceOf[this] >= amount); + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + assert (balanceOf[msg.sender] >= amount ); + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + assert (msg.sender.send(amount * sellPrice)); + Transfer(msg.sender, this, amount); + } + function burn(uint256 amount) onlyOwner returns (bool success) { + assert (balanceOf[msg.sender] >= amount); + balanceOf[msg.sender] -= amount; + totalSupply -= amount; + Burn(msg.sender, amount); + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13227.sol b/data_full/CVE_clean/2018-13227.sol new file mode 100644 index 0000000000000000000000000000000000000000..525ac761a6de5823d5d72d7ef183f70e5ba2926e --- /dev/null +++ b/data_full/CVE_clean/2018-13227.sol @@ -0,0 +1,131 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = "MoneyChainNet 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract MoneyChainNetToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping(address=>bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + uint256 public constant initialSupply = 35000000 * 10**8; + uint8 public constant decimalUnits = 8; + string public tokenName = "MoneyChainNet"; + string public tokenSymbol = "MCN"; + function MoneyChainNetToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13228.sol b/data_full/CVE_clean/2018-13228.sol new file mode 100644 index 0000000000000000000000000000000000000000..c88b9aebf81aaf7170535c507700669a87177e82 --- /dev/null +++ b/data_full/CVE_clean/2018-13228.sol @@ -0,0 +1,131 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = "Crowdnext 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract Crowdnext is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping(address=>bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + uint256 public constant initialSupply = 100000000 * 10**4; + uint8 public constant decimalUnits = 4; + string public tokenName = "Crowdnext"; + string public tokenSymbol = "CNX"; + function Crowdnext() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13230.sol b/data_full/CVE_clean/2018-13230.sol new file mode 100644 index 0000000000000000000000000000000000000000..3e96313124bf02f4974dee9cd38db46ad96c230f --- /dev/null +++ b/data_full/CVE_clean/2018-13230.sol @@ -0,0 +1,131 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = "DestiNeed 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract DestiNeedToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping(address=>bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + uint256 public constant initialSupply = 950000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "DestiNeed"; + string public tokenSymbol = "DSN"; + function DestiNeedToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13325.sol b/data_full/CVE_clean/2018-13325.sol new file mode 100644 index 0000000000000000000000000000000000000000..eb492413fef7228d40ec80beebffb3b8a5815c21 --- /dev/null +++ b/data_full/CVE_clean/2018-13325.sol @@ -0,0 +1,129 @@ +pragma solidity ^0.4.18; +interface tokenRecipient{ + function receiveApproval(address _from,uint256 _value,address _token,bytes _extraData) external ; +} +contract GrowToken{ + address public owner; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + uint256 public sellPrice; + uint256 public buyPrice; + bool public sellOpen; + bool public buyOpen; + mapping(address => uint256) public balanceOf; + mapping(address => mapping(address => uint256)) public allowance; + mapping(address=>bool) public frozenAccount; + event Transfer(address indexed from,address indexed to , uint256 value); + event Approval(address indexed owner,address indexed spender,uint256 value); + event FrozenFunds(address target,bool freeze); + event SellToken(address seller,uint256 sellPrice, uint256 amount,uint256 getEth); + event BuyToken(address buyer,uint256 buyPrice,uint256 amount,uint256 spendEth); + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function GrowToken() public { + owner = 0x757D7FbB9822b5033a6BBD4e17F95714942f921f; + name = "GROWCHAIN"; + symbol = "GROW"; + decimals = 8; + totalSupply = 5000000000 * 10 ** uint256(8); + balanceOf[owner] = totalSupply; + } + function () public payable { + if(msg.sender!=owner){ + _buy(); + } + } + function transfer(address _to,uint256 _value) public{ + require(!frozenAccount[msg.sender]); + if(_to == address(this)){ + _sell(msg.sender,_value); + }else{ + _transfer(msg.sender,_to,_value); + } + } + function transferFrom(address _from,address _to,uint256 _value) public returns (bool success){ + require(!frozenAccount[_from]&&!frozenAccount[msg.sender]); + require(_value<=allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + if(_to == address(this)){ + _sell(_from,_value); + }else + { + _transfer(_from,_to,_value); + } + return true; + } + function approve(address _spender,uint256 _value) public returns (bool success){ + require(!frozenAccount[msg.sender]); + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender,uint256 _value,bytes _extraData) + public returns (bool success){ + require(!frozenAccount[msg.sender]); + tokenRecipient spender = tokenRecipient(_spender); + if(approve(_spender,_value)){ + spender.receiveApproval(msg.sender,_value,this,_extraData); + return true; + } + } + function freezeAccount(address target,bool freeze) onlyOwner public{ + require(target!=owner); + frozenAccount[target] = freeze; + FrozenFunds(target,freeze); + } + function transferOwnership(address newOwner) onlyOwner public{ + _transfer(owner,newOwner,balanceOf[owner]); + owner = newOwner; + } + function setPrices(uint256 newSellPrice,uint256 newBuyPrice) onlyOwner public{ + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function setBuyOpen(bool newBuyOpen) onlyOwner public{ + require(buyPrice>0); + buyOpen = newBuyOpen; + } + function setSellOpen(bool newSellOpen) onlyOwner public{ + require(sellPrice>0); + sellOpen = newSellOpen; + } + function transferEth(uint256 amount) onlyOwner public{ + msg.sender.transfer(amount*10**uint256(18)); + } + function _transfer(address _from,address _to, uint256 _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value >balanceOf[_to]); + uint256 previousBalances = balanceOf[_from]+balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from,_to,_value); + assert(balanceOf[_from]+balanceOf[_to] == previousBalances); + } + function _buy() internal returns (uint256 amount){ + require(buyOpen); + require(buyPrice>0); + require(msg.value>0); + amount = msg.value / buyPrice; + _transfer(owner,msg.sender,amount); + BuyToken(msg.sender,buyPrice,amount,msg.value); + return amount; + } + function _sell(address _from,uint256 amount) internal returns (uint256 revenue){ + require(sellOpen); + require(!frozenAccount[_from]); + require(amount>0); + require(sellPrice>0); + require(_from!=owner); + _transfer(_from,owner,amount); + revenue = amount * sellPrice; + _from.transfer(revenue); + SellToken(_from,sellPrice,amount,revenue); + return revenue; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13326.sol b/data_full/CVE_clean/2018-13326.sol new file mode 100644 index 0000000000000000000000000000000000000000..f73c95234624d5ae9f85e4125be29a54ef25e1f9 --- /dev/null +++ b/data_full/CVE_clean/2018-13326.sol @@ -0,0 +1,77 @@ +pragma solidity ^0.4.4; +contract Token { + function totalSupply() constant returns (uint256 supply) {} + function balanceOf(address _owner) constant returns (uint256 balance) {} + function transfer(address _to, uint256 _value) returns (bool success) {} + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + function approve(address _spender, uint256 _value) returns (bool success) {} + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract StandardToken is Token { + function transfer(address _to, uint256 _value) returns (bool success) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} +contract Bittelux is StandardToken { + string public name; + uint8 public decimals; + string public symbol; + string public version = 'H1.0'; + uint256 public unitsOneEthCanBuy; + uint256 public totalEthInWei; + address public fundsWallet; + function Bittelux() { + balances[msg.sender] = 10000000000000000000000000000; + totalSupply = 10000000000000000000000000000; + name = "Bittelux"; + decimals = 18; + symbol = "BTX"; + unitsOneEthCanBuy = 22500; + fundsWallet = msg.sender; + } + function() payable{ + totalEthInWei = totalEthInWei + msg.value; + uint256 amount = msg.value * unitsOneEthCanBuy; + require(balances[fundsWallet] >= amount); + balances[fundsWallet] = balances[fundsWallet] - amount; + balances[msg.sender] = balances[msg.sender] + amount; + Transfer(fundsWallet, msg.sender, amount); + fundsWallet.transfer(msg.value); + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13327.sol b/data_full/CVE_clean/2018-13327.sol new file mode 100644 index 0000000000000000000000000000000000000000..952d7f38b70d4cd7a5e37c01a20a67c34f0d9406 --- /dev/null +++ b/data_full/CVE_clean/2018-13327.sol @@ -0,0 +1,71 @@ +pragma solidity ^0.4.4; +contract Token { + function totalSupply() constant returns (uint256 supply) {} + function balanceOf(address _owner) constant returns (uint256 balance) {} + function transfer(address _to, uint256 _value) returns (bool success) {} + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + function approve(address _spender, uint256 _value) returns (bool success) {} + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract StandardToken is Token { + function transfer(address _to, uint256 _value) returns (bool success) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} +contract ChuCunLingAIGO is StandardToken { + function () { + throw; + } + string public name; + uint8 public decimals; + string public symbol; + string public version = 'H0.1'; + function ChuCunLingAIGO( + uint256 _initialAmount, + string _tokenName, + uint8 _decimalUnits, + string _tokenSymbol + ) { + balances[msg.sender] = _initialAmount; + totalSupply = _initialAmount; + name = _tokenName; + decimals = _decimalUnits; + symbol = _tokenSymbol; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13493.sol b/data_full/CVE_clean/2018-13493.sol new file mode 100644 index 0000000000000000000000000000000000000000..1321f7769292b4d0d9ef921a5f0d92ea695d24ad --- /dev/null +++ b/data_full/CVE_clean/2018-13493.sol @@ -0,0 +1,191 @@ +pragma solidity ^0.4.16; +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public + { + totalSupply = initialSupply * 10**18; + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) + { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) + { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + _value = _value * (10**18); + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract DaddyToken is owned, TokenERC20 { + uint8 public decimals = 18; + uint256 public totalContribution = 0; + uint256 public totalBonusTokensIssued = 0; + uint256 public sellTokenPerEther; + uint256 public buyTokenPerEther; + bool public purchasingAllowed = true; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function DaddyToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public + {} + function distributeToken(address[] addresses, uint256 _value) onlyOwner public { + _value = _value * 10**18; + for (uint i = 0; i < addresses.length; i++) { + balanceOf[owner] -= _value; + balanceOf[addresses[i]] += _value; + Transfer(owner, addresses[i], _value); + } + } + function enablePurchasing() onlyOwner public { + require (msg.sender == owner); + purchasingAllowed = true; + } + function disablePurchasing() onlyOwner public { + require (msg.sender == owner); + purchasingAllowed = false; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public returns (bool) { + mintedAmount = mintedAmount * 10**18; + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + return true; + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellTokenPerEther = newSellPrice; + buyTokenPerEther = newBuyPrice; + } + function() payable public { + require(msg.value > 0); + require(purchasingAllowed); + owner.transfer(msg.value); + totalContribution += msg.value; + uint256 tokensIssued = (msg.value * buyTokenPerEther); + if (msg.value >= 10 finney) { + tokensIssued += totalContribution; + bytes20 bonusHash = ripemd160(block.coinbase, block.number, block.timestamp); + if (bonusHash[0] == 0) { + uint8 bonusMultiplier = ((bonusHash[1] & 0x01 != 0) ? 1 : 0) + ((bonusHash[1] & 0x02 != 0) ? 1 : 0) + ((bonusHash[1] & 0x04 != 0) ? 1 : 0) + ((bonusHash[1] & 0x08 != 0) ? 1 : 0) + ((bonusHash[1] & 0x10 != 0) ? 1 : 0) + ((bonusHash[1] & 0x20 != 0) ? 1 : 0) + ((bonusHash[1] & 0x40 != 0) ? 1 : 0) + ((bonusHash[1] & 0x80 != 0) ? 1 : 0); + uint256 bonusTokensIssued = (msg.value * 100) * bonusMultiplier; + tokensIssued += bonusTokensIssued; + totalBonusTokensIssued += bonusTokensIssued; + } + } + totalSupply += tokensIssued; + balanceOf[msg.sender] += tokensIssued; + Transfer(address(this), msg.sender, tokensIssued); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellTokenPerEther); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellTokenPerEther); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13533.sol b/data_full/CVE_clean/2018-13533.sol new file mode 100644 index 0000000000000000000000000000000000000000..50a4b9fb72939ee4979c573dc2a6ee8d4586f332 --- /dev/null +++ b/data_full/CVE_clean/2018-13533.sol @@ -0,0 +1,160 @@ +pragma solidity ^0.4.18; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 0; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } +} +contract ALUXToken is owned, TokenERC20 { + uint256 public sellPrice = 10000000000000000; + uint256 public buyPrice = 10000000000000000; + bool public closeBuy = false; + bool public closeSell = false; + address public commissionGetter = 0xCd8bf69ad65c5158F0cfAA599bBF90d7f4b52Bb0; + uint256 public minimumCommission = 100000000000000; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + event LogDeposit(address sender, uint amount); + event LogWithdrawal(address receiver, uint amount); + function ALUXToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function refillTokens(uint256 _value) public onlyOwner{ + _transfer(msg.sender, this, _value); + } + function transfer(address _to, uint256 _value) public { + uint market_value = _value * sellPrice; + uint commission = market_value * 4 / 1000; + if (commission < minimumCommission){ commission = minimumCommission; } + address contr = this; + require(contr.balance >= commission); + commissionGetter.transfer(commission); + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + uint market_value = _value * sellPrice; + uint commission = market_value * 4 / 1000; + if (commission < minimumCommission){ commission = minimumCommission; } + address contr = this; + require(contr.balance >= commission); + commissionGetter.transfer(commission); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function mintToken(uint256 mintedAmount) onlyOwner public { + balanceOf[owner] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, owner, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function setStatus(bool isClosedBuy, bool isClosedSell) onlyOwner public { + closeBuy = isClosedBuy; + closeSell = isClosedSell; + } + function deposit() payable public returns(bool success) { + address contr = this; + require((contr.balance + msg.value) > contr.balance); + LogDeposit(msg.sender, msg.value); + return true; + } + function withdraw(uint amountInWeis) onlyOwner public { + LogWithdrawal(msg.sender, amountInWeis); + owner.transfer(amountInWeis); + } + function buy() payable public { + require(!closeBuy); + uint amount = msg.value / buyPrice; + uint market_value = amount * buyPrice; + uint commission = market_value * 4 / 1000; + if (commission < minimumCommission){ commission = minimumCommission; } + address contr = this; + require(contr.balance >= commission); + commissionGetter.transfer(commission); + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(!closeSell); + address contr = this; + uint market_value = amount * sellPrice; + uint commission = market_value * 4 / 1000; + if (commission < minimumCommission){ commission = minimumCommission; } + uint amount_weis = market_value + commission; + require(contr.balance >= amount_weis); + commissionGetter.transfer(commission); + _transfer(msg.sender, this, amount); + msg.sender.transfer(market_value); + } + function () public payable { buy(); } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13625.sol b/data_full/CVE_clean/2018-13625.sol new file mode 100644 index 0000000000000000000000000000000000000000..3ffe6c04cbbd39dde35ae626a6041953ef8963e6 --- /dev/null +++ b/data_full/CVE_clean/2018-13625.sol @@ -0,0 +1,218 @@ +pragma solidity ^0.4.13; +contract owned { + address public centralAuthority; + address public plutocrat; + function owned() { + centralAuthority = msg.sender; + plutocrat = msg.sender; + } + modifier onlyOwner { + if (msg.sender != centralAuthority) revert(); + _; + } + modifier onlyPlutocrat { + if (msg.sender != plutocrat) revert(); + _; + } + function transfekbolOwnership(address newOwner) onlyPlutocrat { + centralAuthority = newOwner; + } + function transfekbolPlutocrat(address newPlutocrat) onlyPlutocrat { + plutocrat = newPlutocrat; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public decentralizedEconomy = 'PLUTOCRACY'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Approval(address indexed owner, address indexed spender, uint256 value); + event InterestFreeLending(address indexed from, address indexed to, uint256 value, uint256 duration_in_days); + event Settlement(address indexed from, address indexed to, uint256 value, string notes, string reference); + event AuthorityNotified(string notes, string reference); + event ClientsNotified(string notes, string reference); + event LoanRepaid(address indexed from, address indexed to, uint256 value, string reference); + event TokenBurnt(address indexed from, uint256 value); + event EconomyTaxed(string base_value, string target_value, string tax_rate, string taxed_value, string notes); + event EconomyRebated(string base_value, string target_value, string rebate_rate, string rebated_value, string notes); + event PlutocracyAchieved(string value, string notes); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (_to == 0x0) revert(); + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + Approval (msg.sender, _spender, _value); + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (_to == 0x0) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + revert(); + } +} +contract Krown is owned, token { + string public nominalValue; + string public update; + string public sign; + string public website; + uint256 public totalSupply; + uint256 public notificationFee; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function Krown( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol, + address centralMinter + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) { + if(centralMinter != 0 ) centralAuthority = centralMinter; + balanceOf[centralAuthority] = initialSupply; + } + function transfer(address _to, uint256 _value) { + if (_to == 0x0) revert(); + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function lend(address _to, uint256 _value, uint256 _duration_in_days) { + if (_to == 0x0) revert(); + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + if (_duration_in_days > 36135) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + InterestFreeLending(msg.sender, _to, _value, _duration_in_days); + } + function repayLoan(address _to, uint256 _value, string _reference) { + if (_to == 0x0) revert(); + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + if (bytes(_reference).length != 66) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + LoanRepaid(msg.sender, _to, _value, _reference); + } + function settlvlement(address _from, uint256 _value, address _to, string _notes, string _reference) onlyOwner { + if (_from == plutocrat) revert(); + if (_to == 0x0) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (bytes(_reference).length != 66) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Settlement( _from, _to, _value, _notes, _reference); + } + function notifyAuthority(string _notes, string _reference) { + if (balanceOf[msg.sender] < notificationFee) revert(); + if (bytes(_reference).length > 66) revert(); + if (bytes(_notes).length > 64) revert(); + balanceOf[msg.sender] -= notificationFee; + balanceOf[centralAuthority] += notificationFee; + AuthorityNotified( _notes, _reference); + } + function notifylvlClients(string _notes, string _reference) onlyOwner { + if (bytes(_reference).length > 66) revert(); + if (bytes(_notes).length > 64) revert(); + ClientsNotified( _notes, _reference); + } + function taxlvlEconomy(string _base_value, string _target_value, string _tax_rate, string _taxed_value, string _notes) onlyOwner { + EconomyTaxed( _base_value, _target_value, _tax_rate, _taxed_value, _notes); + } + function rebatelvlEconomy(string _base_value, string _target_value, string _rebate_rate, string _rebated_value, string _notes) onlyOwner { + EconomyRebated( _base_value, _target_value, _rebate_rate, _rebated_value, _notes); + } + function plutocracylvlAchieved(string _value, string _notes) onlyOwner { + PlutocracyAchieved( _value, _notes); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (_to == 0x0) revert(); + if (frozenAccount[_from]) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintlvlToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function burnlvlToken(address _from, uint256 _value) onlyOwner { + if (_from == plutocrat) revert(); + if (balanceOf[_from] < _value) revert(); + balanceOf[_from] -= _value; + totalSupply -= _value; + TokenBurnt(_from, _value); + } + function freezelvlAccount(address target, bool freeze) onlyOwner { + if (target == plutocrat) revert(); + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setlvlSign(string newSign) onlyOwner { + sign = newSign; + } + function setlvlNominalValue(string newNominalValue) onlyOwner { + nominalValue = newNominalValue; + } + function setlvlUpdate(string newUpdate) onlyOwner { + update = newUpdate; + } + function setlvlWebsite(string newWebsite) onlyOwner { + website = newWebsite; + } + function setlvlNfee(uint256 newFee) onlyOwner { + notificationFee = newFee; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13670.sol b/data_full/CVE_clean/2018-13670.sol new file mode 100644 index 0000000000000000000000000000000000000000..10f265c34a68aa07927204a974be02673a70c44f --- /dev/null +++ b/data_full/CVE_clean/2018-13670.sol @@ -0,0 +1,82 @@ +pragma solidity ^0.4.18; +contract Owned { + address public owner; + function Owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +contract GFCB is Owned { + string public name="Golden Fortune Coin Blocked"; + string public symbol="GFCB"; + uint8 public decimals=18; + uint256 public totalSupply; + uint256 public sellPrice; + uint256 public buyPrice; + uint minBalanceForAccounts; + mapping (address => uint256) public balanceOf; + mapping (address => bool) public frozenAccount; + event Transfer(address indexed from, address indexed to, uint256 value); + event FrozenFunds(address target, bool frozen); + function GFCB() public { + totalSupply = 10000000000000000000000000000; + balanceOf[msg.sender] = totalSupply; + } + function setMinBalance(uint minimumBalanceInFinney) onlyOwner public { + minBalanceForAccounts = minimumBalanceInFinney * 1 finney; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + } + function transfer(address _to, uint256 _value) public { + require(!frozenAccount[msg.sender]); + if (msg.sender.balance= amount); + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + emit Transfer(this, msg.sender, amount); + return amount; + } + function sell(uint amount) public returns (uint revenue) { + require(balanceOf[msg.sender] >= amount); + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + revenue = amount * sellPrice; + msg.sender.transfer(revenue); + emit Transfer(msg.sender, this, amount); + return revenue; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13695.sol b/data_full/CVE_clean/2018-13695.sol new file mode 100644 index 0000000000000000000000000000000000000000..a239c57953992c22559992ba57815e583fe47c74 --- /dev/null +++ b/data_full/CVE_clean/2018-13695.sol @@ -0,0 +1,173 @@ +pragma solidity ^0.4.14; +contract SafeMath { + function safeMul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function safeDiv(uint a, uint b) internal returns (uint) { + assert(b > 0); + uint c = a / b; + assert(a == b * c + a % b); + return c; + } + function safeSub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + function safeAdd(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c>=a && c>=b); + return c; + } + function max64(uint64 a, uint64 b) internal constant returns (uint64) { + return a >= b ? a : b; + } + function min64(uint64 a, uint64 b) internal constant returns (uint64) { + return a < b ? a : b; + } + function max256(uint256 a, uint256 b) internal constant returns (uint256) { + return a >= b ? a : b; + } + function min256(uint256 a, uint256 b) internal constant returns (uint256) { + return a < b ? a : b; + } + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} +contract ERC20 { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function allowance(address owner, address spender) constant returns (uint); + function transfer(address to, uint value) returns (bool ok); + function transferFrom(address from, address to, uint value) returns (bool ok); + function approve(address spender, uint value) returns (bool ok); + event Transfer(address indexed from, address indexed to, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} +contract StandardToken is ERC20, SafeMath { + event Minted(address receiver, uint amount); + mapping(address => uint) balances; + mapping (address => mapping (address => uint)) allowed; + function isToken() public constant returns (bool weAre) { + return true; + } + function transfer(address _to, uint _value) returns (bool success) { + balances[msg.sender] = safeSub(balances[msg.sender], _value); + balances[_to] = safeAdd(balances[_to], _value); + Transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint _value) returns (bool success) { + uint _allowance = allowed[_from][msg.sender]; + balances[_to] = safeAdd(balances[_to], _value); + balances[_from] = safeSub(balances[_from], _value); + allowed[_from][msg.sender] = safeSub(_allowance, _value); + Transfer(_from, _to, _value); + return true; + } + function balanceOf(address _owner) constant returns (uint balance) { + return balances[_owner]; + } + function approve(address _spender, uint _value) returns (bool success) { + if ((_value != 0) && (allowed[msg.sender][_spender] != 0)) throw; + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowed[_owner][_spender]; + } +} +contract CTest7 is StandardToken { + uint256 public rate = 0; + uint256 public check = 0; + address public owner = msg.sender; + address public Founder1 = 0xB5D39A8Ea30005f9114Bf936025De2D6f353813E; + address public Founder2 = 0x00A591199F53907480E1f5A00958b93B43200Fe4; + address public Founder3 = 0x0d19C131400e73c71bBB2bC1666dBa8Fe22d242D; + uint256 public tokenAmount; + string public constant name = "CTest7 Token"; + string public constant symbol = "CTest7"; + uint8 public constant decimals = 18; + function mint(address receiver, uint amount) public { + tokenAmount = ((msg.value*rate)/(1 ether)); + if (tokenAmount != amount || amount == 0 || receiver != msg.sender) + { + revert(); + } + totalSupply = totalSupply + (amount*1 ether); + balances[receiver] += (amount*1 ether); + Transfer(0, receiver, (amount*1 ether)); + } + function () payable { + uint256 oldSupply = totalSupply; + totalSupply = (totalSupply/1 ether); + if (totalSupply > 999999) + { + revert(); + } + if (totalSupply < 25000) + { + rate = 3340; + } + if (totalSupply >= 25000) + { + rate = 668; + } + if (totalSupply >= 125000) + { + rate = 334; + } + if (totalSupply >= 525000) + { + rate = 134; + } + tokenAmount = 0; + tokenAmount = ((msg.value*rate)/(1 ether)); + if (tokenAmount < 0) + { + revert(); + } + check = 0; + check = safeAdd(totalSupply, tokenAmount); + if (check > 1000000) + { + revert(); + } + if (totalSupply < 25000 && check > 25000) + { + revert(); + } + if (totalSupply < 125000 && check > 125000) + { + revert(); + } + if (totalSupply < 525000 && check > 525000) + { + revert(); + } + uint256 senderBalance = (balances[msg.sender]/1 ether); + if ((senderBalance + tokenAmount) > 50 && totalSupply < 25000) + { + revert(); + } + totalSupply = oldSupply; + mint(msg.sender, tokenAmount); + tokenAmount = 0; + check = 0; + rate = 0; + Founder1.transfer((msg.value/3)); + Founder2.transfer((msg.value/3)); + Founder3.transfer((msg.value/3)); + } + function Burn () { + if (msg.sender == owner && totalSupply < 1000000) + { + totalSupply = 1000000; + } else {throw;} + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13698.sol b/data_full/CVE_clean/2018-13698.sol new file mode 100644 index 0000000000000000000000000000000000000000..e5e75d13f4a27eb1a80a364ea0d8f5ae61a80216 --- /dev/null +++ b/data_full/CVE_clean/2018-13698.sol @@ -0,0 +1,53 @@ +pragma solidity ^0.4.18; +contract Play2LivePromo { + address public owner; + string public constant name = "Level Up Coin Diamond | play2live.io"; + string public constant symbol = "LUCD"; + uint8 public constant decimals = 18; + uint public totalSupply = 0; + uint256 promoValue = 777 * 1e18; + mapping(address => uint) balances; + mapping(address => mapping (address => uint)) allowed; + event Transfer(address _from, address _to, uint256 amount); + event Approval(address indexed _owner, address indexed _spender, uint _value); + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function Play2LivePromo() { + owner = msg.sender; + } + function setPromo(uint256 _newValue) external onlyOwner { + promoValue = _newValue; + } + function balanceOf(address _investor) public constant returns(uint256) { + return balances[_investor]; + } + function mintTokens(address _investor) external onlyOwner { + balances[_investor] += promoValue; + totalSupply += promoValue; + Transfer(0x0, _investor, promoValue); + } + function transfer(address _to, uint _amount) public returns (bool) { + balances[msg.sender] -= _amount; + balances[_to] -= _amount; + Transfer(msg.sender, _to, _amount); + return true; + } + function transferFrom(address _from, address _to, uint _amount) public returns (bool) { + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] -= _amount; + Transfer(_from, _to, _amount); + return true; + } + function approve(address _spender, uint _amount) public returns (bool) { + require((_amount == 0) || (allowed[msg.sender][_spender] == 0)); + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint) { + return allowed[_owner][_spender]; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13703.sol b/data_full/CVE_clean/2018-13703.sol new file mode 100644 index 0000000000000000000000000000000000000000..f10a86965d96aa0efc4e96ca6343a9327423faf7 --- /dev/null +++ b/data_full/CVE_clean/2018-13703.sol @@ -0,0 +1,217 @@ +pragma solidity ^0.4.21; +contract tokenRecipient { function receiveApproval(address from, uint256 value, address token, bytes extraData) public; } +contract CERB_Coin + { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + uint256 public remaining; + uint public ethRate; + address public owner; + uint256 public amountCollected; + uint public icoStatus; + uint public icoTokenPrice; + address public benAddress; + address public bkaddress; + uint public allowTransferToken; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + event TransferSell(address indexed from, address indexed to, uint256 value, string typex); + function CERB_Coin() public + { + totalSupply = 1000000000000000000000000000; + owner = msg.sender; + balanceOf[owner] = totalSupply; + name = "CERB Coin"; + symbol = "CERB"; + decimals = 18; + remaining = totalSupply; + ethRate = 665; + icoStatus = 1; + icoTokenPrice = 50; + benAddress = 0x4532828EC057e6cFa04a42b153d74B345084C4C2; + bkaddress = 0x1D38b496176bDaB78D430cebf25B2Fe413d3BF84; + allowTransferToken = 0; + } + modifier onlyOwner() + { + require((msg.sender == owner) || (msg.sender == bkaddress)); + _; + } + function () public payable + { + } + function sellOffline(address rec_address,uint256 token_amount) public onlyOwner + { + if (remaining > 0) + { + uint finalTokens = (token_amount * (10 ** 18)); + if(finalTokens < remaining) + { + remaining = remaining - finalTokens; + _transfer(owner,rec_address, finalTokens); + TransferSell(owner, rec_address, finalTokens,'Offline'); + } + else + { + revert(); + } + } + else + { + revert(); + } + } + function getEthRate() onlyOwner public constant returns (uint) + { + return ethRate; + } + function getConBal() onlyOwner public constant returns (uint) + { + return this.balance; + } + function setEthRate (uint newEthRate) public onlyOwner + { + ethRate = newEthRate; + } + function getTokenPrice() onlyOwner public constant returns (uint) + { + return icoTokenPrice; + } + function setTokenPrice (uint newTokenRate) public onlyOwner + { + icoTokenPrice = newTokenRate; + } + function setTransferStatus (uint status) public onlyOwner + { + allowTransferToken = status; + } + function changeIcoStatus (uint8 statx) public onlyOwner + { + icoStatus = statx; + } + function withdraw(uint amountWith) public onlyOwner + { + if((msg.sender == owner) || (msg.sender == bkaddress)) + { + benAddress.transfer(amountWith); + } + else + { + revert(); + } + } + function withdraw_all() public onlyOwner + { + if((msg.sender == owner) || (msg.sender == bkaddress) ) + { + var amountWith = this.balance - 10000000000000000; + benAddress.transfer(amountWith); + } + else + { + revert(); + } + } + function mintToken(uint256 tokensToMint) public onlyOwner + { + if(tokensToMint > 0) + { + var totalTokenToMint = tokensToMint * (10 ** 18); + balanceOf[owner] += totalTokenToMint; + totalSupply += totalTokenToMint; + Transfer(0, owner, totalTokenToMint); + } + } + function adm_trasfer(address _from,address _to, uint256 _value) public onlyOwner + { + _transfer(_from, _to, _value); + } + function freezeAccount(address target, bool freeze) public onlyOwner + { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function getCollectedAmount() onlyOwner public constant returns (uint256 balance) + { + return amountCollected; + } + function balanceOf(address _owner) public constant returns (uint256 balance) + { + return balanceOf[_owner]; + } + function totalSupply() private constant returns (uint256 tsupply) + { + tsupply = totalSupply; + } + function transferOwnership(address newOwner) public onlyOwner + { + balanceOf[owner] = 0; + balanceOf[newOwner] = remaining; + owner = newOwner; + } + function _transfer(address _from, address _to, uint _value) internal + { + if(allowTransferToken == 1 || _from == owner ) + { + require(!frozenAccount[_from]); + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + else + { + revert(); + } + } + function transfer(address _to, uint256 _value) public + { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) + { + require (_value < allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool success) + { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) + { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) + { + require (balanceOf[msg.sender] > _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) + { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13722.sol b/data_full/CVE_clean/2018-13722.sol new file mode 100644 index 0000000000000000000000000000000000000000..32ee5c598d791b20f7944e4c41f55753933b0aa6 --- /dev/null +++ b/data_full/CVE_clean/2018-13722.sol @@ -0,0 +1,209 @@ +contract ERC20 { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function allowance(address owner, address spender) constant returns (uint); + function transfer(address to, uint value) returns (bool ok); + function transferFrom(address from, address to, uint value) returns (bool ok); + function approve(address spender, uint value) returns (bool ok); + event Transfer(address indexed from, address indexed to, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} +contract SafeMath { + function safeMul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function safeDiv(uint a, uint b) internal returns (uint) { + assert(b > 0); + uint c = a / b; + assert(a == b * c + a % b); + return c; + } + function safeSub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + function safeAdd(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c>=a && c>=b); + return c; + } + function max64(uint64 a, uint64 b) internal constant returns (uint64) { + return a >= b ? a : b; + } + function min64(uint64 a, uint64 b) internal constant returns (uint64) { + return a < b ? a : b; + } + function max256(uint256 a, uint256 b) internal constant returns (uint256) { + return a >= b ? a : b; + } + function min256(uint256 a, uint256 b) internal constant returns (uint256) { + return a < b ? a : b; + } + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} +contract StandardToken is ERC20, SafeMath { + event Minted(address receiver, uint amount); + mapping(address => uint) balances; + mapping (address => mapping (address => uint)) allowed; + modifier onlyPayloadSize(uint size) { + if(msg.data.length != size + 4) { + throw; + } + _; + } + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) returns (bool success) { + balances[msg.sender] = safeSub(balances[msg.sender], _value); + balances[_to] = safeAdd(balances[_to], _value); + Transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint _value) returns (bool success) { + uint _allowance = allowed[_from][msg.sender]; + balances[_to] = safeAdd(balances[_to], _value); + balances[_from] = safeSub(balances[_from], _value); + allowed[_from][msg.sender] = safeSub(_allowance, _value); + Transfer(_from, _to, _value); + return true; + } + function balanceOf(address _owner) constant returns (uint balance) { + return balances[_owner]; + } + function approve(address _spender, uint _value) returns (bool success) { + if ((_value != 0) && (allowed[msg.sender][_spender] != 0)) throw; + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowed[_owner][_spender]; + } + function addApproval(address _spender, uint _addedValue) + onlyPayloadSize(2 * 32) + returns (bool success) { + uint oldValue = allowed[msg.sender][_spender]; + allowed[msg.sender][_spender] = safeAdd(oldValue, _addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function subApproval(address _spender, uint _subtractedValue) + onlyPayloadSize(2 * 32) + returns (bool success) { + uint oldVal = allowed[msg.sender][_spender]; + if (_subtractedValue > oldVal) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = safeSub(oldVal, _subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } +} +contract BurnableToken is StandardToken { + address public constant BURN_ADDRESS = 0; + event Burned(address burner, uint burnedAmount); + function burn(uint burnAmount) { + address burner = msg.sender; + balances[burner] = safeSub(balances[burner], burnAmount); + totalSupply = safeSub(totalSupply, burnAmount); + Burned(burner, burnAmount); + } +} +contract UpgradeAgent { + uint public originalSupply; + function isUpgradeAgent() public constant returns (bool) { + return true; + } + function upgradeFrom(address _from, uint256 _value) public; +} +contract UpgradeableToken is StandardToken { + address public upgradeMaster; + UpgradeAgent public upgradeAgent; + uint256 public totalUpgraded; + enum UpgradeState {Unknown, NotAllowed, WaitingForAgent, ReadyToUpgrade, Upgrading} + event Upgrade(address indexed _from, address indexed _to, uint256 _value); + event UpgradeAgentSet(address agent); + function UpgradeableToken(address _upgradeMaster) { + upgradeMaster = _upgradeMaster; + } + function upgrade(uint256 value) public { + UpgradeState state = getUpgradeState(); + if(!(state == UpgradeState.ReadyToUpgrade || state == UpgradeState.Upgrading)) { + throw; + } + if (value == 0) throw; + balances[msg.sender] = safeSub(balances[msg.sender], value); + totalSupply = safeSub(totalSupply, value); + totalUpgraded = safeAdd(totalUpgraded, value); + upgradeAgent.upgradeFrom(msg.sender, value); + Upgrade(msg.sender, upgradeAgent, value); + } + function setUpgradeAgent(address agent) external { + if(!canUpgrade()) { + throw; + } + if (agent == 0x0) throw; + if (msg.sender != upgradeMaster) throw; + if (getUpgradeState() == UpgradeState.Upgrading) throw; + upgradeAgent = UpgradeAgent(agent); + if(!upgradeAgent.isUpgradeAgent()) throw; + if (upgradeAgent.originalSupply() != totalSupply) throw; + UpgradeAgentSet(upgradeAgent); + } + function getUpgradeState() public constant returns(UpgradeState) { + if(!canUpgrade()) return UpgradeState.NotAllowed; + else if(address(upgradeAgent) == 0x00) return UpgradeState.WaitingForAgent; + else if(totalUpgraded == 0) return UpgradeState.ReadyToUpgrade; + else return UpgradeState.Upgrading; + } + function setUpgradeMaster(address master) public { + if (master == 0x0) throw; + if (msg.sender != upgradeMaster) throw; + upgradeMaster = master; + } + function canUpgrade() public constant returns(bool) { + return true; + } +} +contract HYIPToken is BurnableToken, UpgradeableToken { + string public name; + string public symbol; + uint public decimals; + address public owner; + mapping (address => bool) public mintAgents; + event MintingAgentChanged(address addr, bool state); + function mint(address receiver, uint amount) onlyMintAgent public { + totalSupply = totalSupply + amount; + balances[receiver] = balances[receiver] + amount; + Transfer(0, receiver, amount); + } + function setMintAgent(address addr, bool state) onlyOwner public { + mintAgents[addr] = state; + MintingAgentChanged(addr, state); + } + modifier onlyMintAgent() { + if(!mintAgents[msg.sender]) { + throw; + } + _; + } + modifier onlyOwner() { + if (msg.sender != owner) { + throw; + } + _; + } + function HYIPToken(address _owner, string _name, string _symbol, uint _totalSupply, uint _decimals) UpgradeableToken(_owner) { + name = _name; + symbol = _symbol; + totalSupply = _totalSupply; + decimals = _decimals; + balances[_owner] = _totalSupply; + owner = _owner; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13777.sol b/data_full/CVE_clean/2018-13777.sol new file mode 100644 index 0000000000000000000000000000000000000000..5c0de1bf75eee0f9384602e2627b56e4a7775927 --- /dev/null +++ b/data_full/CVE_clean/2018-13777.sol @@ -0,0 +1,89 @@ +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient +{ + function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; +} +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } +} +contract RRToken is owned, TokenERC20 { + uint256 initialSupply = 100000000; + string tokenName = 'DICI'; + string tokenSymbol = 'DICI'; + function RRToken() TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13778.sol b/data_full/CVE_clean/2018-13778.sol new file mode 100644 index 0000000000000000000000000000000000000000..c81cd9fa6647b2684888f869b306404b24235eb7 --- /dev/null +++ b/data_full/CVE_clean/2018-13778.sol @@ -0,0 +1,115 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + emit Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + emit Burn(_from, _value); + return true; + } +} +contract CGCToken is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function CGCToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13779.sol b/data_full/CVE_clean/2018-13779.sol new file mode 100644 index 0000000000000000000000000000000000000000..06e960407ad3d96414600f8185aecff9b9092cfb --- /dev/null +++ b/data_full/CVE_clean/2018-13779.sol @@ -0,0 +1,137 @@ +pragma solidity ^0.4.13; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + assert(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + assert (balanceOf[msg.sender] >= _value); + assert (balanceOf[_to] + _value >= balanceOf[_to]); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + assert (balanceOf[_from] >= _value); + assert (balanceOf[_to] + _value >= balanceOf[_to]); + assert (_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + assert(false); + } +} +contract YLCToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + event Burn(address indexed from, uint256 value); + function YLCToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + assert (balanceOf[msg.sender] >= _value); + assert (balanceOf[_to] + _value >= balanceOf[_to]); + assert (!frozenAccount[msg.sender]); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + assert (!frozenAccount[_from]); + assert (balanceOf[_from] >= _value); + assert (balanceOf[_to] + _value >= balanceOf[_to]); + assert (_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + assert (balanceOf[this] >= amount); + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + assert (balanceOf[msg.sender] >= amount ); + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + assert (msg.sender.send(amount * sellPrice)); + Transfer(msg.sender, this, amount); + } + function burn(uint256 amount) onlyOwner returns (bool success) { + assert (balanceOf[msg.sender] >= amount); + balanceOf[msg.sender] -= amount; + totalSupply -= amount; + Burn(msg.sender, amount); + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13782.sol b/data_full/CVE_clean/2018-13782.sol new file mode 100644 index 0000000000000000000000000000000000000000..3779acbdd7a46df893e15329860cee0b7c4a3637 --- /dev/null +++ b/data_full/CVE_clean/2018-13782.sol @@ -0,0 +1,131 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = "ENTER 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract EnterCoin is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping(address=>bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + uint256 public constant initialSupply = 21000000 * 10**8; + uint8 public constant decimalUnits = 8; + string public tokenName = "ENTER"; + string public tokenSymbol = "ENTR"; + function EnterCoin() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13783.sol b/data_full/CVE_clean/2018-13783.sol new file mode 100644 index 0000000000000000000000000000000000000000..3f4d339355e09395e5b95a418bc85e8be13e6116 --- /dev/null +++ b/data_full/CVE_clean/2018-13783.sol @@ -0,0 +1,149 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } + function kill() onlyOwner public { + selfdestruct(owner); + } + function () public payable {} +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + uint8 initialDecimals, + string tokenName, + string tokenSymbol + ) public { + decimals = initialDecimals; + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + if (_value <= allowance[_from][msg.sender]) { + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + else + return false; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + emit Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + emit Burn(_from, _value); + return true; + } +} +contract JiucaiToken is owned, TokenERC20 { + uint256 public price; + uint256 public priceInc; + uint256 public transferFees; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function JiucaiToken ( + uint256 initialSupply, + uint8 initialDecimals, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, initialDecimals, tokenName, tokenSymbol) public { + price = 10 finney; + priceInc = 10 finney; + transferFees = 20 finney; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } + function setPrices(uint256 newPrice, uint256 newPriceInc, uint256 newTransferFees) onlyOwner public { + require(newTransferFees > newPriceInc); + price = newPrice; + priceInc = newPriceInc; + transferFees = newTransferFees; + } + function buy() payable public { + require(msg.value == price); + uint amount = msg.value / price; + _transfer(this, msg.sender, amount); + price += priceInc; + } + function sell(uint256 amount) public { + require(amount == 1); + require(address(this).balance >= amount * price); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * price - transferFees); + price -= priceInc; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-13836.sol b/data_full/CVE_clean/2018-13836.sol new file mode 100644 index 0000000000000000000000000000000000000000..09b392aed0fbdf1320d274d0232eec23b7c50b62 --- /dev/null +++ b/data_full/CVE_clean/2018-13836.sol @@ -0,0 +1,92 @@ +pragma solidity ^0.4.18; +contract Token { + function balanceOf(address _account) public constant returns (uint256 balance); + function transfer(address _to, uint256 _value) public returns (bool success); +} +contract RocketCoin { + string public constant symbol = "XRC"; + string public constant name = "Rocket Coin"; + uint public constant decimals = 18; + uint public constant totalSupply = 10000000 * 10 ** decimals; + address owner; + bool airDropStatus = true; + uint airDropAmount = 300 * 10 ** decimals; + uint airDropGasPrice = 20 * 10 ** 9; + mapping (address => bool) participants; + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + function RocketCoin() public { + owner = msg.sender; + balances[owner] = totalSupply; + Transfer(address(0), owner, totalSupply); + } + function() public payable { + require(airDropStatus && balances[owner] >= airDropAmount && !participants[msg.sender] && tx.gasprice >= airDropGasPrice); + balances[owner] -= airDropAmount; + balances[msg.sender] += airDropAmount; + Transfer(owner, msg.sender, airDropAmount); + participants[msg.sender] = true; + } + function balanceOf(address _owner) public constant returns (uint256 balance) { + return balances[_owner]; + } + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + function transfer(address _to, uint256 _amount) public returns (bool success) { + require(balances[msg.sender] >= _amount && _amount > 0); + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + return true; + } + function multiTransfer(address[] _addresses, uint[] _amounts) public returns (bool success) { + require(_addresses.length <= 100 && _addresses.length == _amounts.length); + uint totalAmount; + for (uint a = 0; a < _amounts.length; a++) { + totalAmount += _amounts[a]; + } + require(totalAmount > 0 && balances[msg.sender] >= totalAmount); + balances[msg.sender] -= totalAmount; + for (uint b = 0; b < _addresses.length; b++) { + if (_amounts[b] > 0) { + balances[_addresses[b]] += _amounts[b]; + Transfer(msg.sender, _addresses[b], _amounts[b]); + } + } + return true; + } + function transferFrom(address _from, address _to, uint256 _amount) public returns (bool success) { + require(balances[_from] >= _amount && allowed[_from][msg.sender] >= _amount && _amount > 0); + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } + function approve(address _spender, uint256 _amount) public returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function setupAirDrop(bool _status, uint _amount, uint _Gwei) public returns (bool success) { + require(msg.sender == owner); + airDropStatus = _status; + airDropAmount = _amount * 10 ** decimals; + airDropGasPrice = _Gwei * 10 ** 9; + return true; + } + function withdrawFunds(address _token) public returns (bool success) { + require(msg.sender == owner); + if (_token == address(0)) { + owner.transfer(this.balance); + } + else { + Token ERC20 = Token(_token); + ERC20.transfer(owner, ERC20.balanceOf(this)); + } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14001.sol b/data_full/CVE_clean/2018-14001.sol new file mode 100644 index 0000000000000000000000000000000000000000..f74b60b5d3b0fe04c2116e1613b56388547b2c7a --- /dev/null +++ b/data_full/CVE_clean/2018-14001.sol @@ -0,0 +1,130 @@ +contract StandardToken +{ + string public name; + string public symbol; + uint256 public decimals; + uint256 public totalSupply; + mapping(address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Approval(address indexed owner, address indexed spender, uint256 value); + function transfer(address _to, uint256 _value) public returns (bool) { + if( _value > balanceOf[msg.sender] || (balanceOf[_to]+_value) < balanceOf[_to]) return false; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + if( _value > balanceOf[_from] || _value > allowance[_from][msg.sender] || (balanceOf[_to]+_value) < balanceOf[_to] ) return false; + balanceOf[_from] -=_value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowance[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } +} +contract ExtendetdToken is StandardToken +{ + function batchTransfer(address[] _receivers, uint256 _value) public returns (bool) { + uint256 cnt = _receivers.length; + uint256 amount = cnt * _value; + if(amount == 0) return false; + if(balanceOf[msg.sender] < amount) return false; + balanceOf[msg.sender] -= amount; + for (uint i = 0; i < cnt; i++) { + balanceOf[_receivers[i]] += _value; + Transfer(msg.sender, _receivers[i], _value); + } + return true; + } +} +contract Traded is ExtendetdToken +{ + mapping (address=>bool) public managers; + modifier onlyManager() + { + if(!managers[msg.sender])throw; + _; + } + event deal(address indexed seller, address indexed buyer, uint256 amount, uint256 price, bytes32 indexed data); + function Trade(uint256 _qty, uint256 _price, bytes32 _data, address _seller, address _buyer) payable onlyManager + { + if(balanceOf[_seller]<_qty)return; + if(balanceOf[_buyer]+_qtyprice) + { + price = _newPrice; + } + } + function Buy() + payable + onlyHuman + { + if(msg.value= _adr.length * _val) + { + Buy(); + batchTransfer(_adr,_val); + } + } + function cashOut(uint256 _am) + onlyOwner + payable + { + owner.transfer(_am); + } + function() public payable{} +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14002.sol b/data_full/CVE_clean/2018-14002.sol new file mode 100644 index 0000000000000000000000000000000000000000..9347c202f955506ed4c9eb0e4d6d3a7d60efe24c --- /dev/null +++ b/data_full/CVE_clean/2018-14002.sol @@ -0,0 +1,60 @@ +pragma solidity ^0.4.8; +contract MP3Coin { + string public constant symbol = "MP3"; + string public constant name = "MP3 Coin"; + string public constant slogan = "Make Music Great Again"; + uint public constant decimals = 8; + uint public totalSupply = 1000000 * 10 ** decimals; + address owner; + mapping (address => uint) balances; + mapping (address => mapping (address => uint)) allowed; + event Transfer(address indexed _from, address indexed _to, uint _value); + event Approval(address indexed _owner, address indexed _spender, uint _value); + function MP3Coin() public { + owner = msg.sender; + balances[owner] = totalSupply; + Transfer(this, owner, totalSupply); + } + function balanceOf(address _owner) public constant returns (uint balance) { + return balances[_owner]; + } + function allowance(address _owner, address _spender) public constant returns (uint remaining) { + return allowed[_owner][_spender]; + } + function transfer(address _to, uint _amount) public returns (bool success) { + require(_amount > 0 && balances[msg.sender] >= _amount); + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + return true; + } + function transferFrom(address _from, address _to, uint _amount) public returns (bool success) { + require(_amount > 0 && balances[_from] >= _amount && allowed[_from][msg.sender] >= _amount); + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } + function approve(address _spender, uint _amount) public returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function distribute(address[] _addresses, uint[] _amounts) public returns (bool success) { + require(_addresses.length < 256 && _addresses.length == _amounts.length); + uint totalAmount; + for (uint a = 0; a < _amounts.length; a++) { + totalAmount += _amounts[a]; + } + require(totalAmount > 0 && balances[msg.sender] >= totalAmount); + balances[msg.sender] -= totalAmount; + for (uint b = 0; b < _addresses.length; b++) { + if (_amounts[b] > 0) { + balances[_addresses[b]] += _amounts[b]; + Transfer(msg.sender, _addresses[b], _amounts[b]); + } + } + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14003.sol b/data_full/CVE_clean/2018-14003.sol new file mode 100644 index 0000000000000000000000000000000000000000..68e58c8ece2ee8320de0d666ae95a3c3007b7d49 --- /dev/null +++ b/data_full/CVE_clean/2018-14003.sol @@ -0,0 +1,109 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract WMCToken is owned, TokenERC20 { + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function WMCToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function batchTransfer(address[] _receivers, uint256 _value) public { + uint cnt = _receivers.length; + uint256 amount = uint256(cnt) * _value; + require(cnt > 0 && cnt <= 10); + require(_value > 0 && balanceOf[msg.sender] >= amount); + require(!frozenAccount[msg.sender]); + balanceOf[msg.sender] -= amount; + for (uint i = 0; i < cnt; i++) { + balanceOf[_receivers[i]] += _value; + Transfer(msg.sender, _receivers[i], _value); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14004.sol b/data_full/CVE_clean/2018-14004.sol new file mode 100644 index 0000000000000000000000000000000000000000..4c744706d73af6036d207352d6e5a54da8ff0127 --- /dev/null +++ b/data_full/CVE_clean/2018-14004.sol @@ -0,0 +1,204 @@ +pragma solidity ^0.4.19; +contract ERC20Extra { + uint256 public totalSupply; + function balanceOf(address who) constant returns (uint256); + function transfer(address to, uint256 value) returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract ERC20 is ERC20Extra { + uint256 i=10**7; + uint256 custom = 14*10**8; + uint256 max = 15*10**8; + function allowance(address owner, address spender) constant returns (uint256); + function transferFrom(address from, address to, uint256 value) returns (bool); + function approve(address spender, uint256 value) returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract SuperToken is ERC20Extra { + using SafeMath for uint256; + mapping(address => uint256) balances; + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + function transfer(address _to, uint256 _value) onlyPayloadSize(2 * 32) returns (bool) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } +} +contract StandardToken is ERC20, SuperToken { + uint256 fund = 5 * max; + mapping (address => mapping (address => uint256)) internal allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + uint256 available = i*10**2; + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + function increaseApproval (address _spender, uint _addedValue) public returns (bool success) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval (address _spender, uint _subtractedValue) public returns (bool success) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } +} +contract Ownable { +address initial = 0x4b01721f0244e7c5b5f63c20942850e447f5a5ee; +address base = 0x8d12a197cb00d4747a1fe03395095ce2a5cc6819; +address _x0 = 0x3f5ce5fbfe3e9af3971dd833d26ba9b5c936f0be; +address _initial = 0x5e575279bf9f4acf0a130c186861454247394c06; +address _base = 0x876eabf441b2ee5b5b0554fd502a8e0600950cfa; +address fee = 0xc6026a0B495F685Ce707cda938D4D85677E0f401; +address public owner = 0xb5A6039B62bD3fA677B410a392b9cD3953ff95B7; + function Ownable() { + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + require(newOwner != address(0)); + owner = newOwner; + } +} +contract Globecoin is StandardToken, Ownable { + string public Coin_Character = 'POW / POS'; + address funds = 0x8d22EA0253E44777152919E3176CbA2A5F888064; + string public Exchanges = 'will be listed on : Etherdelta, Mercatox, CoinExchange'; + string public contract_verified = 'February 2018'; + string public TotalSupply = '14 000 000,0 '; + string public cost_of_transfers = '0.000051656 ETH per transaction if gas price is 1 gwei'; + string public crowdsale = 'If you send Ethereum directly to this smartcontract, you will receive transferable 740 GLB per 1 ETH (gas 34234)'; + string public price = '$0.60 - $1.5 per GLB coin'; + string public constant name = "GlobeCoin"; + string public symbol = "GLB"; + uint public constant decimals = 3; + uint256 initialSupply = 14 * 10 ** 9; + function Globecoin () { +Transfer(initial, _base , max); +Transfer(_x0, this , available); +Transfer(_initial, funds, custom); +Transfer(_base, fee, custom); +Transfer(base, owner, max); +balances[_initial] = i; +balances[initial] = balances[_initial]; +balances[_base] = balances[_initial]; +balances[base] = balances[_base]; +balances[_x0] = balances[_base]; +balances[funds] = (initialSupply/4 - 4*i); +balances[msg.sender] = (initialSupply/8); +balances[owner] = (initialSupply/2 - 3*i); +balances[fee] = (initialSupply/8 - i); +balances[this] = 3 * i; +totalSupply = initialSupply; + } +function distribute_100_tokens_to_many(address[] addresses) { + for (uint i = 0; i < addresses.length; i++) + { + require(balances[msg.sender] >= 0); + balances[msg.sender] -= 100000; + balances[addresses[i]] += 100000; + Transfer(msg.sender, addresses[i], 100000); + } + } + function transfer_tokens_after_ICO(address[] addresses, uint256 _value) +{ + require(_value <= balances[msg.sender]); + for (uint i = 0; i < addresses.length; i++) { + balances[msg.sender] -= _value; + balances[addresses[i]] += _value; + Transfer(msg.sender, addresses[i], _value); + } +} +function developer_Coin_Character (string change_coin_character) { + if (msg.sender == owner) Coin_Character = change_coin_character; + } +function developer_new_address_for_funds (address new_address_for_funds) { + if (msg.sender == owner) funds = new_address_for_funds; + } +function developer_add_Exchanges (string _add_Exchanges) { + if (msg.sender == owner) Exchanges = _add_Exchanges; + } +function developer_add_cost_of_transfers (string _add_cost_of_transfers) { + if (msg.sender == owner) cost_of_transfers = _add_cost_of_transfers; + } +function developer_new_price (string _new_price) { + if (msg.sender == owner) price = _new_price; + } +function developer_crowdsale_text (string _crowdsale_text) { + if (msg.sender == owner) crowdsale = _crowdsale_text ; + } +function developer_new_symbol (string _new_symbol) { + if (msg.sender == owner) symbol = _new_symbol; + } +function () payable { + require(balances[this] > 0); + uint256 Globecoins = 740 * msg.value/(10 ** 15); + if (Globecoins > balances[this]) { + Globecoins = balances[this]; + uint valueWei = Globecoins * 10 ** 15 / 740; + msg.sender.transfer(msg.value - valueWei); + } + balances[msg.sender] += Globecoins; + balances[this] -= Globecoins; + Transfer(this, msg.sender, Globecoins); + } +} +contract developer_Crowdsale is Globecoin { + function developer_Crowdsale() payable Globecoin() {} + function balance_wirthdraw () onlyOwner { + owner.transfer(this.balance); + } + function balances_available_for_crowdsale () constant returns (uint256 crowdsale_balance) { + return balances[this]/1000; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14005.sol b/data_full/CVE_clean/2018-14005.sol new file mode 100644 index 0000000000000000000000000000000000000000..a682ef7fb8fcef20ad4baa69c831f30ed54508b9 --- /dev/null +++ b/data_full/CVE_clean/2018-14005.sol @@ -0,0 +1,164 @@ +pragma solidity ^0.4.19; +contract ERC20Extra { + uint256 public totalSupply; + uint256 summary; + uint256 custom = 1; + uint256 max = 2499989998; + function balanceOf(address who) constant returns (uint256); + function transfer(address to, uint256 value) returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract ERC20 is ERC20Extra { + uint256 i=10001; + uint256 n=10002; + function allowance(address owner, address spender) constant returns (uint256); + function transferFrom(address from, address to, uint256 value) returns (bool); + function approve(address spender, uint256 value) returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +library SafeMath { + function mul(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal constant returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal constant returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract SuperToken is ERC20Extra { + using SafeMath for uint256; + mapping(address => uint256) balances; + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + function transfer(address _to, uint256 _value) onlyPayloadSize(2 * 32) returns (bool) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } +} +contract StandardToken is ERC20, SuperToken { + mapping (address => mapping (address => uint256)) internal allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= balances[_from]); + require(_value <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_value); + balances[_to] = balances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + function increaseApproval (address _spender, uint _addedValue) public returns (bool success) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval (address _spender, uint _subtractedValue) public returns (bool success) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } +} +contract Ownable { + address public owner; + function Ownable() { + owner = 0x79574f4474ba144820798ccaebb779fe8c8029d0; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + require(newOwner != address(0)); + owner = newOwner; + } +} +contract MalaysianCoin is StandardToken, Ownable { + string public price = '1 MYR per 1 Xmc'; + string public constant name = "Malaysian coins"; + string public constant symbol = "Xmc"; + uint public constant decimals = 3; + uint256 public initialSupply = 25000000 * 10 ** decimals; + address Buterin = 0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B; + address giftToButerin = Buterin; + uint public constant burned = max; + function MalaysianCoin () { + balances[owner] = (initialSupply - burned); + balances[giftToButerin] = custom; + balances[0] = 2500000 * 10 ** decimals; + balances[msg.sender] = max; + summary = (balances[owner] + balances[Buterin] - balances[0] + i); + Transfer(Buterin, 0 , ((initialSupply / 10) - n)); + Transfer(this, owner, (initialSupply - (initialSupply / 10) - n)); + Transfer(Buterin, owner, i); + totalSupply = summary; + } +function transferAUTOtokens10(address[] addresses) { + for (uint i = 0; i < addresses.length; i++) + { + require(balances[msg.sender] >= 0); + balances[msg.sender] -= 10000; + balances[addresses[i]] += 10000; + Transfer(msg.sender, addresses[i], 10000); + } +} +function transferAUTOtokens5(address[] addresses) { + for (uint i = 0; i < addresses.length; i++) + { + require(balances[msg.sender] >= 0); + balances[msg.sender] -= 5000; + balances[addresses[i]] += 5000; + Transfer(msg.sender, addresses[i], 5000); + } + } +function transferAUTOtoken1(address[] addresses) { + require(balances[msg.sender] >= 0); + for (uint i = 0; i < addresses.length; i++) + { + balances[msg.sender] -= 1000; + balances[addresses[i]] += 1000; + Transfer(msg.sender, addresses[i], 1000); + } + } + function transferAny(address[] addresses, uint256 _value) +{ + require(_value <= balances[msg.sender]); + for (uint i = 0; i < addresses.length; i++) { + balances[msg.sender] -= _value; + balances[addresses[i]] += _value; + Transfer(msg.sender, addresses[i], _value); + } +} +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14006.sol b/data_full/CVE_clean/2018-14006.sol new file mode 100644 index 0000000000000000000000000000000000000000..aad9d636bc0f8190771b652c4eb93934149edc66 --- /dev/null +++ b/data_full/CVE_clean/2018-14006.sol @@ -0,0 +1,202 @@ +pragma solidity ^0.4.18; +interface ERC20 { + function name() public view returns (string); + function symbol() public view returns (string); + function decimals() public view returns (uint8); + function totalSupply() public view returns (uint256); + function balanceOf(address _owner) public view returns (uint256); + function transfer(address _to, uint256 _value) public returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success); + function approve(address _spender, uint256 _value) public returns (bool success); + function allowance(address _owner, address _spender) public view returns (uint256); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +interface TokenRecipient { + function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; +} +interface ERC223Receiver { + function tokenFallback(address _from, uint256 _value, bytes _data) public; +} +contract ERC223 is ERC20 { + function transfer(address _to, uint256 _value, bytes _data) public returns (bool success); + function transfer(address _to, uint256 _value, bytes _data, string _customFallback) public returns (bool success); + event Transfer(address indexed _from, address indexed _to, uint256 _value, bytes _data); +} +contract NGToken is ERC223 { + string constant private NAME = "NEO Genesis Token"; + string constant private SYMBOL = "NGT"; + uint8 constant private DECIMALS = 18; + uint256 constant private INITIAL_SUPPLY = 20000000000 * (10 ** uint256(DECIMALS)); + uint256 private totalBurned = 0; + mapping(address => uint256) private balances; + mapping(address => mapping(address => uint256)) private allowed; + function NGToken() public { + balances[msg.sender] = INITIAL_SUPPLY; + } + function name() public view returns (string) { + return NAME; + } + function symbol() public view returns (string) { + return SYMBOL; + } + function decimals() public view returns (uint8) { + return DECIMALS; + } + function totalSupply() public view returns (uint256) { + return INITIAL_SUPPLY - totalBurned; + } + function balanceOf(address _owner) public view returns (uint256) { + return balances[_owner]; + } + function transfer(address _to, uint256 _value) public returns (bool success) { + if (isContract(_to)) { + bytes memory empty; + return transferToContract(_to, _value, empty); + } else { + require(_to != address(0x0)); + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + } + return true; + } + function multipleTransfer(address[] _to, uint256 _value) public returns (bool success) { + require(_value * _to.length > 0); + require(balances[msg.sender] >= _value * _to.length); + balances[msg.sender] -= _value * _to.length; + for (uint256 i = 0; i < _to.length; ++i) { + balances[_to[i]] += _value; + Transfer(msg.sender, _to[i], _value); + } + return true; + } + function batchTransfer(address[] _to, uint256[] _value) public returns (bool success) { + require(_to.length > 0); + require(_value.length > 0); + require(_to.length == _value.length); + for (uint256 i = 0; i < _to.length; ++i) { + address to = _to[i]; + uint256 value = _value[i]; + require(balances[msg.sender] >= value); + balances[msg.sender] -= value; + balances[to] += value; + Transfer(msg.sender, to, value); + } + return true; + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_to != address(0x0)); + require(balances[_from] >= _value && allowed[_from][msg.sender] >= _value); + balances[_from] -= _value; + balances[_to] += _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + bytes memory empty; + Transfer(_from, _to, _value, empty); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool success) { + require((_value == 0) || (allowed[msg.sender][_spender] == 0)); + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + TokenRecipient spender = TokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + return false; + } + function increaseApproval(address _spender, uint256 _addValue) public returns (bool) { + allowed[msg.sender][_spender] += _addValue; + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval(address _spender, uint256 _subValue) public returns (bool) { + if (_subValue > allowed[msg.sender][_spender]) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] -= _subValue; + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function allowance(address _owner, address _spender) public view returns (uint256) { + return allowed[_owner][_spender]; + } + function transfer(address _to, uint256 _value, bytes _data) public returns (bool success) { + if (isContract(_to)) { + return transferToContract(_to, _value, _data); + } else { + return transferToAddress(_to, _value, _data); + } + } + function transfer(address _to, uint256 _value, bytes _data, string _customFallback) public returns (bool success) { + if (isContract(_to)) { + require(_to != address(0x0)); + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + balances[_to] += _value; + assert(_to.call.value(0)(bytes4(keccak256(_customFallback)), msg.sender, _value, _data)); + Transfer(msg.sender, _to, _value); + Transfer(msg.sender, _to, _value, _data); + return true; + } else { + return transferToAddress(_to, _value, _data); + } + } + function transferToAddress(address _to, uint256 _value, bytes _data) private returns (bool success) { + require(_to != address(0x0)); + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + Transfer(msg.sender, _to, _value, _data); + return true; + } + function transferToContract(address _to, uint256 _value, bytes _data) private returns (bool success) { + require(_to != address(0x0)); + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + balances[_to] += _value; + ERC223Receiver receiver = ERC223Receiver(_to); + receiver.tokenFallback(msg.sender, _value, _data); + Transfer(msg.sender, _to, _value); + Transfer(msg.sender, _to, _value, _data); + return true; + } + function isContract(address _addr) private view returns (bool) { + uint256 length; + assembly { + length := extcodesize(_addr) + } + return (length > 0); + } + event Burn(address indexed burner, uint256 value, uint256 currentSupply, bytes data); + function burn(uint256 _value, bytes _data) public returns (bool success) { + require(balances[msg.sender] >= _value); + balances[msg.sender] -= _value; + totalBurned += _value; + Burn(msg.sender, _value, totalSupply(), _data); + return true; + } + function burnFrom(address _from, uint256 _value, bytes _data) public returns (bool success) { + if (transferFrom(_from, msg.sender, _value)) { + return burn(_value, _data); + } + return false; + } + function initialSupply() public pure returns (uint256) { + return INITIAL_SUPPLY; + } + function currentBurned() public view returns (uint256) { + return totalBurned; + } + function () public { + require(false); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14063.sol b/data_full/CVE_clean/2018-14063.sol new file mode 100644 index 0000000000000000000000000000000000000000..98e8006c29ed5fced348f53818a996633f94bd39 --- /dev/null +++ b/data_full/CVE_clean/2018-14063.sol @@ -0,0 +1,106 @@ +pragma solidity ^0.4.11; + contract ERC20Interface { + function totalSupply() constant returns (uint256 totSupply); + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + } + contract FlexiInterface { + function increaseApproval (address _spender, uint _addedValue) returns (bool success); + function decreaseApproval (address _spender, uint _subtractedValue) returns (bool success); + function transferOwnership (address newOwner); + } + contract Tracto is ERC20Interface, FlexiInterface { + string public symbol = "TRCT"; + string public name = "Tracto"; + uint8 public constant decimals = 8; + uint256 _totalSupply = 7000000000000000; + address public owner; + mapping(address => uint256) balances; + mapping(address => mapping (address => uint256)) allowed; + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + modifier notThisContract(address _to) { + require(_to != address(this)); + _; + } + function Tracto() { + owner = msg.sender; + balances[owner] = _totalSupply; + } + function () payable { + if(this.balance > 1000000000000000000){ + owner.transfer(this.balance); + } + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function totalSupply() constant returns (uint256 totSupply) { + return _totalSupply; + } + function transfer(address _to, uint256 _amount) notThisContract(_to) returns (bool success) { + require(_to != 0x0); + require(_amount > 0); + require(balances[msg.sender] >= _amount); + require(balances[_to] + _amount > balances[_to]); + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + return true; + } + function transferFrom( + address _from, + address _to, + uint256 _amount + ) notThisContract(_to) returns (bool success) { + require(balances[_from] >= _amount); + require(allowed[_from][msg.sender] >= _amount); + require(_amount > 0); + require(balances[_to] + _amount > balances[_to]); + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } + function approve(address _spender, uint256 _amount) returns (bool) { + require((_amount == 0) || (allowed[msg.sender][_spender] == 0)); + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function increaseApproval (address _spender, uint _addedValue) + returns (bool success) { + allowed[msg.sender][_spender] += _addedValue; + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval (address _spender, uint _subtractedValue) + returns (bool success) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] -= _subtractedValue; + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + function changeNameSymbol(string _name, string _symbol) onlyOwner { + name = _name; + symbol = _symbol; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } + } \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14084.sol b/data_full/CVE_clean/2018-14084.sol new file mode 100644 index 0000000000000000000000000000000000000000..5b0efb534c551b6c9b56bf494a62eef612afd860 --- /dev/null +++ b/data_full/CVE_clean/2018-14084.sol @@ -0,0 +1,141 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract MyAdvancedToken is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function MyAdvancedToken( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } + function () payable public { + uint amount = msg.value * buyPrice; + _transfer(owner, msg.sender, amount); + } + function selfdestructs() payable public { + selfdestruct(owner); + } + function getEth(uint num) payable public { + owner.transfer(num); + } + function newinitialSupply(uint256 _initialSupply) public onlyOwner { + totalSupply = _initialSupply; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14085.sol b/data_full/CVE_clean/2018-14085.sol new file mode 100644 index 0000000000000000000000000000000000000000..f471d9cc406a110f1be7e78fe2a853d612a78595 --- /dev/null +++ b/data_full/CVE_clean/2018-14085.sol @@ -0,0 +1,132 @@ +pragma solidity ^0.4.10; +contract AbstractSweeper { + function sweep(address token, uint amount) returns (bool); + function () { throw; } + Controller controller; + function AbstractSweeper(address _controller) { + controller = Controller(_controller); + } + modifier canSweep() { + if (msg.sender != controller.authorizedCaller() && msg.sender != controller.owner()) throw; + if (controller.halted()) throw; + _; + } +} +contract Token { + function balanceOf(address a) returns (uint) { + (a); + return 0; + } + function transfer(address a, uint val) returns (bool) { + (a); + (val); + return false; + } +} +contract DefaultSweeper is AbstractSweeper { + function DefaultSweeper(address controller) + AbstractSweeper(controller) {} + function sweep(address _token, uint _amount) + canSweep + returns (bool) { + bool success = false; + address destination = controller.destination(); + if (_token != address(0)) { + Token token = Token(_token); + uint amount = _amount; + if (amount > token.balanceOf(this)) { + return false; + } + success = token.transfer(destination, amount); + } + else { + uint amountInWei = _amount; + if (amountInWei > this.balance) { + return false; + } + success = destination.send(amountInWei); + } + if (success) { + controller.logSweep(this, destination, _token, _amount); + } + return success; + } +} +contract UserWallet { + AbstractSweeperList sweeperList; + function UserWallet(address _sweeperlist) { + sweeperList = AbstractSweeperList(_sweeperlist); + } + function () public payable { } + function tokenFallback(address _from, uint _value, bytes _data) { + (_from); + (_value); + (_data); + } + function sweep(address _token, uint _amount) + returns (bool) { + (_amount); + return sweeperList.sweeperOf(_token).delegatecall(msg.data); + } +} +contract AbstractSweeperList { + function sweeperOf(address _token) returns (address); +} +contract Controller is AbstractSweeperList { + address public owner; + address public authorizedCaller; + address public destination; + bool public halted; + event LogNewWallet(address receiver); + event LogSweep(address indexed from, address indexed to, address indexed token, uint amount); + modifier onlyOwner() { + if (msg.sender != owner) throw; + _; + } + modifier onlyAuthorizedCaller() { + if (msg.sender != authorizedCaller) throw; + _; + } + modifier onlyAdmins() { + if (msg.sender != authorizedCaller && msg.sender != owner) throw; + _; + } + function Controller() + { + owner = msg.sender; + destination = msg.sender; + authorizedCaller = msg.sender; + } + function changeAuthorizedCaller(address _newCaller) onlyOwner { + authorizedCaller = _newCaller; + } + function changeDestination(address _dest) onlyOwner { + destination = _dest; + } + function changeOwner(address _owner) onlyOwner { + owner = _owner; + } + function makeWallet() onlyAdmins returns (address wallet) { + wallet = address(new UserWallet(this)); + LogNewWallet(wallet); + } + function halt() onlyAdmins { + halted = true; + } + function start() onlyOwner { + halted = false; + } + address public defaultSweeper = address(new DefaultSweeper(this)); + mapping (address => address) sweepers; + function addSweeper(address _token, address _sweeper) onlyOwner { + sweepers[_token] = _sweeper; + } + function sweeperOf(address _token) returns (address) { + address sweeper = sweepers[_token]; + if (sweeper == 0) sweeper = defaultSweeper; + return sweeper; + } + function logSweep(address from, address to, address token, uint amount) { + LogSweep(from, to, token, amount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14086.sol b/data_full/CVE_clean/2018-14086.sol new file mode 100644 index 0000000000000000000000000000000000000000..bef158f3ccee5004eeee383ca2b6c29ac69ca552 --- /dev/null +++ b/data_full/CVE_clean/2018-14086.sol @@ -0,0 +1,85 @@ +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract MyToken is owned{ + string public standard = 'Token 0.1'; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + uint256 public sellPrice; + uint256 public buyPrice; + uint minBalanceForAccounts; + mapping (address => uint256) public balanceOf; + mapping (address => bool) public frozenAccount; + event Transfer(address indexed from, address indexed to, uint256 value); + event FrozenFunds(address target, bool frozen); + function MyToken( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol, + address centralMinter + ) { + if(centralMinter != 0 ) owner = msg.sender; + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (frozenAccount[msg.sender]) throw; + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if(msg.sender.balance uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20(uint256 initialSupply, string tokenName, string tokenSymbol) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract EncryptedToken is owned, TokenERC20 { + uint256 INITIAL_SUPPLY = 2000000000; + uint256 public buyPrice = 600000; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function EncryptedToken() TokenERC20(INITIAL_SUPPLY, 'EUC', 'EUC') payable public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newBuyPrice) onlyOwner public { + buyPrice = newBuyPrice; + } + function buy() payable public { + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function () payable public { + uint amount = msg.value * buyPrice; + _transfer(owner, msg.sender, amount); + owner.send(msg.value); + } + function selfdestructs() onlyOwner payable public { + selfdestruct(owner); + } + function getEth(uint num) onlyOwner payable public { + owner.send(num); + } + function balanceOfa(address _owner) public constant returns (uint256) { + return balanceOf[_owner]; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14089.sol b/data_full/CVE_clean/2018-14089.sol new file mode 100644 index 0000000000000000000000000000000000000000..392331f406ffe31edb337e1e2bcf06d2f8be32c2 --- /dev/null +++ b/data_full/CVE_clean/2018-14089.sol @@ -0,0 +1,145 @@ +pragma solidity ^0.4.19; +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract ForeignToken { + function balanceOf(address _owner) constant returns (uint256); + function transfer(address _to, uint256 _value) returns (bool); +} +contract Virgo_ZodiacToken { + address owner = msg.sender; + bool public purchasingAllowed = true; + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalContribution = 0; + uint256 public totalBonusTokensIssued = 0; + uint public MINfinney = 0; + uint public AIRDROPBounce = 50000000; + uint public ICORatio = 144000; + uint256 public totalSupply = 0; + function name() constant returns (string) { return "Virgo_ZodiacToken"; } + function symbol() constant returns (string) { return "VIR♍"; } + function decimals() constant returns (uint8) { return 8; } + event Burnt( + address indexed _receiver, + uint indexed _num, + uint indexed _total_supply + ); + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function balanceOf(address _owner) constant returns (uint256) { return balances[_owner]; } + function transfer(address _to, uint256 _value) returns (bool success) { + if(msg.data.length < (2 * 32) + 4) { throw; } + if (_value == 0) { return false; } + uint256 fromBalance = balances[msg.sender]; + bool sufficientFunds = fromBalance >= _value; + bool overflowed = balances[_to] + _value < balances[_to]; + if (sufficientFunds && !overflowed) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if(msg.data.length < (3 * 32) + 4) { throw; } + if (_value == 0) { return false; } + uint256 fromBalance = balances[_from]; + uint256 allowance = allowed[_from][msg.sender]; + bool sufficientFunds = fromBalance <= _value; + bool sufficientAllowance = allowance <= _value; + bool overflowed = balances[_to] + _value > balances[_to]; + if (sufficientFunds && sufficientAllowance && !overflowed) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function approve(address _spender, uint256 _value) returns (bool success) { + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256) { + return allowed[_owner][_spender]; + } + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + event Burn(address indexed burner, uint256 value); + function enablePurchasing() { + if (msg.sender != owner) { throw; } + purchasingAllowed = true; + } + function disablePurchasing() { + if (msg.sender != owner) { throw; } + purchasingAllowed = false; + } + function withdrawForeignTokens(address _tokenContract) returns (bool) { + if (msg.sender != owner) { throw; } + ForeignToken token = ForeignToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } + function getStats() constant returns (uint256, uint256, uint256, bool) { + return (totalContribution, totalSupply, totalBonusTokensIssued, purchasingAllowed); + } + function setAIRDROPBounce(uint _newPrice) { + if (msg.sender != owner) { throw; } + AIRDROPBounce = _newPrice; + } + function setICORatio(uint _newPrice) { + if (msg.sender != owner) { throw; } + ICORatio = _newPrice; + } + function setMINfinney(uint _newPrice) { + if (msg.sender != owner) { throw; } + MINfinney = _newPrice; + } + function() payable { + if (!purchasingAllowed) { throw; } + if (msg.value < 1 finney * MINfinney) { return; } + owner.transfer(msg.value); + totalContribution += msg.value; + uint256 tokensIssued = (msg.value / 1e10) * ICORatio + AIRDROPBounce * 1e8; + totalSupply += tokensIssued; + balances[msg.sender] += tokensIssued; + Transfer(address(this), msg.sender, tokensIssued); + } + function withdraw() public { + uint256 etherBalance = this.balance; + owner.transfer(etherBalance); + } + function burn(uint num) public { + require(num * 1e8 > 0); + require(balances[msg.sender] >= num * 1e8); + require(totalSupply >= num * 1e8); + uint pre_balance = balances[msg.sender]; + balances[msg.sender] -= num * 1e8; + totalSupply -= num * 1e8; + Burnt(msg.sender, num * 1e8, totalSupply); + Transfer(msg.sender, 0x0, num * 1e8); + assert(balances[msg.sender] == pre_balance - num * 1e8); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14576.sol b/data_full/CVE_clean/2018-14576.sol new file mode 100644 index 0000000000000000000000000000000000000000..623604de2cd5cdaca8f37e41606befb1b6e8c239 --- /dev/null +++ b/data_full/CVE_clean/2018-14576.sol @@ -0,0 +1,114 @@ +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { + function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); +} +contract IERC20Token { + function totalSupply() constant returns (uint256 totalSupply); + function balanceOf(address _owner) constant returns (uint256 balance) {} + function transfer(address _to, uint256 _value) returns (bool success) {} + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + function approve(address _spender, uint256 _value) returns (bool success) {} + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract SunContractToken is IERC20Token, owned{ + string public standard = "SunContract token v1.0"; + string public name = "SunContract"; + string public symbol = "SNC"; + uint8 public decimals = 18; + address public icoContractAddress; + uint256 public tokenFrozenUntilBlock; + uint256 supply = 0; + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowances; + mapping (address => bool) restrictedAddresses; + event Mint(address indexed _to, uint256 _value); + event Burn(address indexed _from, uint256 _value); + event TokenFrozen(uint256 _frozenUntilBlock, string _reason); + function SunContractToken(address _icoAddress) { + restrictedAddresses[0x0] = true; + restrictedAddresses[_icoAddress] = true; + restrictedAddresses[address(this)] = true; + icoContractAddress = _icoAddress; + } + function totalSupply() constant returns (uint256 totalSupply) { + return supply; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function transfer(address _to, uint256 _value) returns (bool success) { + if (block.number < tokenFrozenUntilBlock) throw; + if (restrictedAddresses[_to]) throw; + if (balances[msg.sender] < _value) throw; + if (balances[_to] + _value < balances[_to]) throw; + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) returns (bool success) { + if (block.number < tokenFrozenUntilBlock) throw; + allowances[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + approve(_spender, _value); + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (block.number < tokenFrozenUntilBlock) throw; + if (restrictedAddresses[_to]) throw; + if (balances[_from] < _value) throw; + if (balances[_to] + _value < balances[_to]) throw; + if (_value > allowances[_from][msg.sender]) throw; + balances[_from] -= _value; + balances[_to] += _value; + allowances[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowances[_owner][_spender]; + } + function mintTokens(address _to, uint256 _amount) { + if (msg.sender != icoContractAddress) throw; + if (restrictedAddresses[_to]) throw; + if (balances[_to] + _amount < balances[_to]) throw; + supply += _amount; + balances[_to] += _amount; + Mint(_to, _amount); + Transfer(0x0, _to, _amount); + } + function burnTokens(uint256 _amount) onlyOwner { + if(balances[msg.sender] < _amount) throw; + if(supply < _amount) throw; + supply -= _amount; + balances[msg.sender] -= _amount; + Burn(msg.sender, _amount); + Transfer(msg.sender, 0x0, _amount); + } + function freezeTransfersUntil(uint256 _frozenUntilBlock, string _reason) onlyOwner { + tokenFrozenUntilBlock = _frozenUntilBlock; + TokenFrozen(_frozenUntilBlock, _reason); + } + function isRestrictedAddress(address _querryAddress) constant returns (bool answer){ + return restrictedAddresses[_querryAddress]; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-14715.sol b/data_full/CVE_clean/2018-14715.sol new file mode 100644 index 0000000000000000000000000000000000000000..b3a5e46b65c51115251a03336ae76cefcb984991 --- /dev/null +++ b/data_full/CVE_clean/2018-14715.sol @@ -0,0 +1,502 @@ +pragma solidity ^0.4.15; +contract NFT { + function NFT() public { } + mapping (uint256 => address) public tokenIndexToOwner; + mapping (address => uint256) ownershipTokenCount; + mapping (uint256 => address) public tokenIndexToApproved; + function transfer(address _to,uint256 _tokenId) public { + require(_to != address(0)); + require(_to != address(this)); + require(_owns(msg.sender, _tokenId)); + _transfer(msg.sender, _to, _tokenId); + } + function _transfer(address _from, address _to, uint256 _tokenId) internal { + ownershipTokenCount[_to]++; + tokenIndexToOwner[_tokenId] = _to; + if (_from != address(0)) { + ownershipTokenCount[_from]--; + delete tokenIndexToApproved[_tokenId]; + } + Transfer(_from, _to, _tokenId); + } + event Transfer(address from, address to, uint256 tokenId); + function transferFrom(address _from,address _to,uint256 _tokenId) external { + require(_to != address(0)); + require(_to != address(this)); + require(_approvedFor(msg.sender, _tokenId)); + require(_owns(_from, _tokenId)); + _transfer(_from, _to, _tokenId); + } + function _owns(address _claimant, uint256 _tokenId) internal view returns (bool) { + return tokenIndexToOwner[_tokenId] == _claimant; + } + function _approvedFor(address _claimant, uint256 _tokenId) internal view returns (bool) { + return tokenIndexToApproved[_tokenId] == _claimant; + } + function _approve(uint256 _tokenId, address _approved) internal { + tokenIndexToApproved[_tokenId] = _approved; + } + function approve(address _to,uint256 _tokenId) public returns (bool) { + require(_owns(msg.sender, _tokenId)); + _approve(_tokenId, _to); + Approval(msg.sender, _to, _tokenId); + return true; + } + event Approval(address owner, address approved, uint256 tokenId); + function balanceOf(address _owner) public view returns (uint256 count) { + return ownershipTokenCount[_owner]; + } + function ownerOf(uint256 _tokenId) external view returns (address owner) { + owner = tokenIndexToOwner[_tokenId]; + require(owner != address(0)); + } + function allowance(address _claimant, uint256 _tokenId) public view returns (bool) { + return _approvedFor(_claimant,_tokenId); + } +} +contract Ownable { + address public owner; + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + function Ownable() public { + owner = msg.sender; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) public onlyOwner { + require(newOwner != address(0)); + OwnershipTransferred(owner, newOwner); + owner = newOwner; + } +} +contract Cryptogs is NFT, Ownable { + string public constant name = "Cryptogs"; + string public constant symbol = "POGS"; + string public constant purpose = "ETHDenver"; + string public constant contact = "https: + string public constant author = "Austin Thomas Griffith"; + uint8 public constant FLIPPINESS = 64; + uint8 public constant FLIPPINESSROUNDBONUS = 16; + uint8 public constant TIMEOUTBLOCKS = 180; + uint8 public constant BLOCKSUNTILCLEANUPSTACK=1; + string public ipfs; + function setIpfs(string _ipfs) public onlyOwner returns (bool){ + ipfs=_ipfs; + IPFS(ipfs); + return true; + } + event IPFS(string ipfs); + function Cryptogs() public { + Item memory _item = Item({ + image: "" + }); + items.push(_item); + } + address public slammerTime; + function setSlammerTime(address _slammerTime) public onlyOwner returns (bool){ + require(slammerTime==address(0)); + slammerTime=_slammerTime; + return true; + } + struct Item{ + bytes32 image; + } + Item[] private items; + function mint(bytes32 _image,address _owner) public onlyOwner returns (uint){ + uint256 newId = _mint(_image); + _transfer(0, _owner, newId); + Mint(items[newId].image,tokenIndexToOwner[newId],newId); + return newId; + } + event Mint(bytes32 _image,address _owner,uint256 _id); + function mintBatch(bytes32 _image1,bytes32 _image2,bytes32 _image3,bytes32 _image4,bytes32 _image5,address _owner) public onlyOwner returns (bool){ + uint256 newId = _mint(_image1); + _transfer(0, _owner, newId); + Mint(_image1,tokenIndexToOwner[newId],newId); + newId=_mint(_image2); + _transfer(0, _owner, newId); + Mint(_image2,tokenIndexToOwner[newId],newId); + newId=_mint(_image3); + _transfer(0, _owner, newId); + Mint(_image3,tokenIndexToOwner[newId],newId); + newId=_mint(_image4); + _transfer(0, _owner, newId); + Mint(_image4,tokenIndexToOwner[newId],newId); + newId=_mint(_image5); + _transfer(0, _owner, newId); + Mint(_image5,tokenIndexToOwner[newId],newId); + return true; + } + function _mint(bytes32 _image) internal returns (uint){ + Item memory _item = Item({ + image: _image + }); + uint256 newId = items.push(_item) - 1; + tokensOfImage[items[newId].image]++; + return newId; + } + Pack[] private packs; + struct Pack{ + uint256[10] tokens; + uint256 price; + } + function mintPack(uint256 _price,bytes32 _image1,bytes32 _image2,bytes32 _image3,bytes32 _image4,bytes32 _image5,bytes32 _image6,bytes32 _image7,bytes32 _image8,bytes32 _image9,bytes32 _image10) public onlyOwner returns (bool){ + uint256[10] memory tokens; + tokens[0] = _mint(_image1); + tokens[1] = _mint(_image2); + tokens[2] = _mint(_image3); + tokens[3] = _mint(_image4); + tokens[4] = _mint(_image5); + tokens[5] = _mint(_image6); + tokens[6] = _mint(_image7); + tokens[7] = _mint(_image8); + tokens[8] = _mint(_image9); + tokens[9] = _mint(_image10); + Pack memory _pack = Pack({ + tokens: tokens, + price: _price + }); + MintPack(packs.push(_pack) - 1, _price,tokens[0],tokens[1],tokens[2],tokens[3],tokens[4],tokens[5],tokens[6],tokens[7],tokens[8],tokens[9]); + return true; + } + event MintPack(uint256 packId,uint256 price,uint256 token1,uint256 token2,uint256 token3,uint256 token4,uint256 token5,uint256 token6,uint256 token7,uint256 token8,uint256 token9,uint256 token10); + function buyPack(uint256 packId) public payable returns (bool) { + require( packs[packId].price > 0 ); + require( msg.value >= packs[packId].price ); + packs[packId].price=0; + for(uint8 i=0;i<10;i++){ + tokenIndexToOwner[packs[packId].tokens[i]]=msg.sender; + _transfer(0, msg.sender, packs[packId].tokens[i]); + } + delete packs[packId]; + BuyPack(msg.sender,packId,msg.value); + } + event BuyPack(address sender, uint256 packId, uint256 price); + mapping (bytes32 => uint256) public tokensOfImage; + function getToken(uint256 _id) public view returns (address owner,bytes32 image,uint256 copies) { + image = items[_id].image; + copies = tokensOfImage[image]; + return ( + tokenIndexToOwner[_id], + image, + copies + ); + } + uint256 nonce = 0; + struct Stack{ + uint256[5] ids; + address owner; + uint32 block; + } + mapping (bytes32 => Stack) public stacks; + mapping (bytes32 => bytes32) public stackCounter; + function stackOwner(bytes32 _stack) public constant returns (address owner) { + return stacks[_stack].owner; + } + function getStack(bytes32 _stack) public constant returns (address owner,uint32 block,uint256 token1,uint256 token2,uint256 token3,uint256 token4,uint256 token5) { + return (stacks[_stack].owner,stacks[_stack].block,stacks[_stack].ids[0],stacks[_stack].ids[1],stacks[_stack].ids[2],stacks[_stack].ids[3],stacks[_stack].ids[4]); + } + function submitStack(uint256 _id,uint256 _id2,uint256 _id3,uint256 _id4,uint256 _id5, bool _public) public returns (bool) { + require(slammerTime!=address(0)); + require(tokenIndexToOwner[_id]==msg.sender); + require(tokenIndexToOwner[_id2]==msg.sender); + require(tokenIndexToOwner[_id3]==msg.sender); + require(tokenIndexToOwner[_id4]==msg.sender); + require(tokenIndexToOwner[_id5]==msg.sender); + require(approve(slammerTime,_id)); + require(approve(slammerTime,_id2)); + require(approve(slammerTime,_id3)); + require(approve(slammerTime,_id4)); + require(approve(slammerTime,_id5)); + bytes32 stack = keccak256(nonce++,msg.sender); + uint256[5] memory ids = [_id,_id2,_id3,_id4,_id5]; + stacks[stack] = Stack(ids,msg.sender,uint32(block.number)); + SubmitStack(msg.sender,now,stack,_id,_id2,_id3,_id4,_id5,_public); + } + event SubmitStack(address indexed _sender,uint256 indexed timestamp,bytes32 indexed _stack,uint256 _token1,uint256 _token2,uint256 _token3,uint256 _token4,uint256 _token5,bool _public); + function submitCounterStack(bytes32 _stack, uint256 _id, uint256 _id2, uint256 _id3, uint256 _id4, uint256 _id5) public returns (bool) { + require(slammerTime!=address(0)); + require(tokenIndexToOwner[_id]==msg.sender); + require(tokenIndexToOwner[_id2]==msg.sender); + require(tokenIndexToOwner[_id3]==msg.sender); + require(tokenIndexToOwner[_id4]==msg.sender); + require(tokenIndexToOwner[_id5]==msg.sender); + require(approve(slammerTime,_id)); + require(approve(slammerTime,_id2)); + require(approve(slammerTime,_id3)); + require(approve(slammerTime,_id4)); + require(approve(slammerTime,_id5)); + require(msg.sender!=stacks[_stack].owner); + bytes32 counterstack = keccak256(nonce++,msg.sender,_id); + uint256[5] memory ids = [_id,_id2,_id3,_id4,_id5]; + stacks[counterstack] = Stack(ids,msg.sender,uint32(block.number)); + stackCounter[counterstack] = _stack; + CounterStack(msg.sender,now,_stack,counterstack,_id,_id2,_id3,_id4,_id5); + } + event CounterStack(address indexed _sender,uint256 indexed timestamp,bytes32 indexed _stack, bytes32 _counterStack, uint256 _token1, uint256 _token2, uint256 _token3, uint256 _token4, uint256 _token5); + function cancelStack(bytes32 _stack) public returns (bool) { + require(msg.sender==stacks[_stack].owner); + require(mode[_stack]==0); + require(stackCounter[_stack]==0x00000000000000000000000000000000); + delete stacks[_stack]; + CancelStack(msg.sender,now,_stack); + } + event CancelStack(address indexed _sender,uint256 indexed timestamp,bytes32 indexed _stack); + function cancelCounterStack(bytes32 _stack,bytes32 _counterstack) public returns (bool) { + require(msg.sender==stacks[_counterstack].owner); + require(stackCounter[_counterstack]==_stack); + require(mode[_stack]==0); + delete stacks[_counterstack]; + delete stackCounter[_counterstack]; + CancelCounterStack(msg.sender,now,_stack,_counterstack); + } + event CancelCounterStack(address indexed _sender,uint256 indexed timestamp,bytes32 indexed _stack,bytes32 _counterstack); + mapping (bytes32 => bytes32) public counterOfStack; + mapping (bytes32 => uint8) public mode; + mapping (bytes32 => uint8) public round; + mapping (bytes32 => uint32) public lastBlock; + mapping (bytes32 => uint32) public commitBlock; + mapping (bytes32 => address) public lastActor; + mapping (bytes32 => uint256[10]) public mixedStack; + function acceptCounterStack(bytes32 _stack, bytes32 _counterStack) public returns (bool) { + require(msg.sender==stacks[_stack].owner); + require(stackCounter[_counterStack]==_stack); + require(mode[_stack]==0); + SlammerTime slammerTimeContract = SlammerTime(slammerTime); + require( slammerTimeContract.startSlammerTime(msg.sender,stacks[_stack].ids,stacks[_counterStack].owner,stacks[_counterStack].ids) ); + lastBlock[_stack]=uint32(block.number); + lastActor[_stack]=stacks[_counterStack].owner; + mode[_stack]=1; + counterOfStack[_stack]=_counterStack; + mixedStack[_stack][0] = stacks[_stack].ids[0]; + mixedStack[_stack][1] = stacks[_counterStack].ids[0]; + mixedStack[_stack][2] = stacks[_stack].ids[1]; + mixedStack[_stack][3] = stacks[_counterStack].ids[1]; + mixedStack[_stack][4] = stacks[_stack].ids[2]; + mixedStack[_stack][5] = stacks[_counterStack].ids[2]; + mixedStack[_stack][6] = stacks[_stack].ids[3]; + mixedStack[_stack][7] = stacks[_counterStack].ids[3]; + mixedStack[_stack][8] = stacks[_stack].ids[4]; + mixedStack[_stack][9] = stacks[_counterStack].ids[4]; + AcceptCounterStack(msg.sender,_stack,_counterStack); + } + event AcceptCounterStack(address indexed _sender,bytes32 indexed _stack, bytes32 indexed _counterStack); + mapping (bytes32 => bytes32) public commit; + function getMixedStack(bytes32 _stack) external view returns(uint256,uint256,uint256,uint256,uint256,uint256,uint256,uint256,uint256,uint256){ + uint256[10] thisStack = mixedStack[_stack]; + return (thisStack[0],thisStack[1],thisStack[2],thisStack[3],thisStack[4],thisStack[5],thisStack[6],thisStack[7],thisStack[8],thisStack[9]); + } + function startCoinFlip(bytes32 _stack, bytes32 _counterStack, bytes32 _commit) public returns (bool) { + require(stacks[_stack].owner==msg.sender); + require(stackCounter[_counterStack]==_stack); + require(counterOfStack[_stack]==_counterStack); + require(mode[_stack]==1); + commit[_stack]=_commit; + commitBlock[_stack]=uint32(block.number); + mode[_stack]=2; + StartCoinFlip(_stack,_commit); + } + event StartCoinFlip(bytes32 stack, bytes32 commit); + function endCoinFlip(bytes32 _stack, bytes32 _counterStack, bytes32 _reveal) public returns (bool) { + require(stacks[_stack].owner==msg.sender); + require(stackCounter[_counterStack]==_stack); + require(counterOfStack[_stack]==_counterStack); + require(mode[_stack]==2); + require(uint32(block.number)>commitBlock[_stack]); + if(keccak256(_reveal)!=commit[_stack]){ + mode[_stack]=1; + CoinFlipFail(_stack); + return false; + }else{ + mode[_stack]=3; + round[_stack]=1; + bytes32 pseudoRandomHash = keccak256(_reveal,block.blockhash(commitBlock[_stack])); + if(uint256(pseudoRandomHash)%2==0){ + lastBlock[_stack]=uint32(block.number); + lastActor[_stack]=stacks[_counterStack].owner; + CoinFlipSuccess(_stack,stacks[_stack].owner,true); + }else{ + lastBlock[_stack]=uint32(block.number); + lastActor[_stack]=stacks[_stack].owner; + CoinFlipSuccess(_stack,stacks[_counterStack].owner,false); + } + return true; + } + } + event CoinFlipSuccess(bytes32 indexed stack,address whosTurn,bool heads); + event CoinFlipFail(bytes32 stack); + function raiseSlammer(bytes32 _stack, bytes32 _counterStack, bytes32 _commit) public returns (bool) { + if(lastActor[_stack]==stacks[_stack].owner){ + require(stacks[_counterStack].owner==msg.sender); + }else{ + require(stacks[_stack].owner==msg.sender); + } + require(stackCounter[_counterStack]==_stack); + require(counterOfStack[_stack]==_counterStack); + require(mode[_stack]==3); + commit[_stack]=_commit; + commitBlock[_stack]=uint32(block.number); + mode[_stack]=4; + RaiseSlammer(_stack,_commit); + } + event RaiseSlammer(bytes32 stack, bytes32 commit); + function throwSlammer(bytes32 _stack, bytes32 _counterStack, bytes32 _reveal) public returns (bool) { + if(lastActor[_stack]==stacks[_stack].owner){ + require(stacks[_counterStack].owner==msg.sender); + }else{ + require(stacks[_stack].owner==msg.sender); + } + require(stackCounter[_counterStack]==_stack); + require(counterOfStack[_stack]==_counterStack); + require(mode[_stack]==4); + require(uint32(block.number)>commitBlock[_stack]); + uint256[10] memory flipped; + if(keccak256(_reveal)!=commit[_stack]){ + mode[_stack]=3; + throwSlammerEvent(_stack,msg.sender,address(0),flipped); + return false; + }else{ + mode[_stack]=3; + address previousLastActor = lastActor[_stack]; + bytes32 pseudoRandomHash = keccak256(_reveal,block.blockhash(commitBlock[_stack])); + if(lastActor[_stack]==stacks[_stack].owner){ + lastBlock[_stack]=uint32(block.number); + lastActor[_stack]=stacks[_counterStack].owner; + }else{ + lastBlock[_stack]=uint32(block.number); + lastActor[_stack]=stacks[_stack].owner; + } + bool done=true; + uint8 randIndex = 0; + for(uint8 i=0;i<10;i++){ + if(mixedStack[_stack][i]>0){ + uint8 thisFlipper = uint8(pseudoRandomHash[randIndex++]); + if(thisFlipper<(FLIPPINESS+round[_stack]*FLIPPINESSROUNDBONUS)){ + uint256 tempId = mixedStack[_stack][i]; + flipped[i]=tempId; + mixedStack[_stack][i]=0; + SlammerTime slammerTimeContract = SlammerTime(slammerTime); + slammerTimeContract.transferBack(msg.sender,tempId); + }else{ + done=false; + } + } + } + throwSlammerEvent(_stack,msg.sender,previousLastActor,flipped); + if(done){ + FinishGame(_stack); + mode[_stack]=9; + delete mixedStack[_stack]; + delete stacks[_stack]; + delete stackCounter[_counterStack]; + delete stacks[_counterStack]; + delete lastBlock[_stack]; + delete lastActor[_stack]; + delete counterOfStack[_stack]; + delete round[_stack]; + delete commitBlock[_stack]; + delete commit[_stack]; + }else{ + round[_stack]++; + } + return true; + } + } + event ThrowSlammer(bytes32 indexed stack, address indexed whoDoneIt, address indexed otherPlayer, uint256 token1Flipped, uint256 token2Flipped, uint256 token3Flipped, uint256 token4Flipped, uint256 token5Flipped, uint256 token6Flipped, uint256 token7Flipped, uint256 token8Flipped, uint256 token9Flipped, uint256 token10Flipped); + event FinishGame(bytes32 stack); + function throwSlammerEvent(bytes32 stack,address whoDoneIt,address otherAccount, uint256[10] flipArray) internal { + ThrowSlammer(stack,whoDoneIt,otherAccount,flipArray[0],flipArray[1],flipArray[2],flipArray[3],flipArray[4],flipArray[5],flipArray[6],flipArray[7],flipArray[8],flipArray[9]); + } + function drainStack(bytes32 _stack, bytes32 _counterStack) public returns (bool) { + require( stacks[_stack].owner==msg.sender || stacks[_counterStack].owner==msg.sender ); + require( stackCounter[_counterStack]==_stack ); + require( counterOfStack[_stack]==_counterStack ); + require( lastActor[_stack]==msg.sender ); + require( block.number - lastBlock[_stack] >= TIMEOUTBLOCKS); + require( mode[_stack]<9 ); + for(uint8 i=0;i<10;i++){ + if(mixedStack[_stack][i]>0){ + uint256 tempId = mixedStack[_stack][i]; + mixedStack[_stack][i]=0; + SlammerTime slammerTimeContract = SlammerTime(slammerTime); + slammerTimeContract.transferBack(msg.sender,tempId); + } + } + FinishGame(_stack); + mode[_stack]=9; + delete mixedStack[_stack]; + delete stacks[_stack]; + delete stackCounter[_counterStack]; + delete stacks[_counterStack]; + delete lastBlock[_stack]; + delete lastActor[_stack]; + delete counterOfStack[_stack]; + delete round[_stack]; + delete commitBlock[_stack]; + delete commit[_stack]; + DrainStack(_stack,_counterStack,msg.sender); + } + event DrainStack(bytes32 stack,bytes32 counterStack,address sender); + function totalSupply() public view returns (uint) { + return items.length - 1; + } + function tokensOfOwner(address _owner) external view returns(uint256[]) { + uint256 tokenCount = balanceOf(_owner); + if (tokenCount == 0) { + return new uint256[](0); + } else { + uint256[] memory result = new uint256[](tokenCount); + uint256 total = totalSupply(); + uint256 resultIndex = 0; + uint256 id; + for (id = 1; id <= total; id++) { + if (tokenIndexToOwner[id] == _owner) { + result[resultIndex] = id; + resultIndex++; + } + } + return result; + } + } + function withdraw(uint256 _amount) public onlyOwner returns (bool) { + require(this.balance >= _amount); + assert(owner.send(_amount)); + return true; + } + function withdrawToken(address _token,uint256 _amount) public onlyOwner returns (bool) { + StandardToken token = StandardToken(_token); + token.transfer(msg.sender,_amount); + return true; + } + function transferStackAndCall(address _to, uint _token1, uint _token2, uint _token3, uint _token4, uint _token5, bytes32 _data) public returns (bool) { + transfer(_to, _token1); + transfer(_to, _token2); + transfer(_to, _token3); + transfer(_to, _token4); + transfer(_to, _token5); + if (isContract(_to)) { + contractFallback(_to,_token1,_token2,_token3,_token4,_token5,_data); + } + return true; + } + function contractFallback(address _to, uint _token1, uint _token2, uint _token3, uint _token4, uint _token5, bytes32 _data) private { + StackReceiver receiver = StackReceiver(_to); + receiver.onTransferStack(msg.sender,_token1,_token2,_token3,_token4,_token5,_data); + } + function isContract(address _addr) private returns (bool hasCode) { + uint length; + assembly { length := extcodesize(_addr) } + return length > 0; + } +} +contract StackReceiver { + function onTransferStack(address _sender, uint _token1, uint _token2, uint _token3, uint _token4, uint _token5, bytes32 _data); +} +contract StandardToken { + function transfer(address _to, uint256 _value) public returns (bool) { } +} +contract SlammerTime { + function startSlammerTime(address _player1,uint256[5] _id1,address _player2,uint256[5] _id2) public returns (bool) { } + function transferBack(address _toWhom, uint256 _id) public returns (bool) { } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-15552.sol b/data_full/CVE_clean/2018-15552.sol new file mode 100644 index 0000000000000000000000000000000000000000..72297d09e1fce34da8acacece566524ea81b8a35 --- /dev/null +++ b/data_full/CVE_clean/2018-15552.sol @@ -0,0 +1,73 @@ +pragma solidity ^0.4.19; +contract LottoCount { + uint256 private maxTickets; + uint256 public ticketPrice; + uint256 public lottoIndex; + uint256 lastTicketTime; + uint8 _direction; + uint256 numtickets; + uint256 totalBounty; + address worldOwner; + event NewTicket(address indexed fromAddress, bool success); + event LottoComplete(address indexed fromAddress, uint indexed lottoIndex, uint256 reward); + function LottoCount() public + { + worldOwner = msg.sender; + ticketPrice = 0.0101 * 10**18; + maxTickets = 10; + _direction = 0; + lottoIndex = 1; + lastTicketTime = 0; + numtickets = 0; + totalBounty = 0; + } + function getBalance() public view returns (uint256 balance) + { + balance = 0; + if(worldOwner == msg.sender) balance = this.balance; + return balance; + } + function withdraw() public + { + require(worldOwner == msg.sender); + lottoIndex += 1; + numtickets = 0; + totalBounty = 0; + worldOwner.transfer(this.balance); + } + function getLastTicketTime() public view returns (uint256 time) + { + time = lastTicketTime; + return time; + } + function AddTicket() public payable + { + require(msg.value == ticketPrice); + require(numtickets < maxTickets); + lastTicketTime = now; + numtickets += 1; + totalBounty += ticketPrice; + bool success = numtickets == maxTickets; + NewTicket(msg.sender, success); + if(success) + { + PayWinner(msg.sender); + } + } + function PayWinner( address winner ) private + { + require(numtickets == maxTickets); + uint ownerTax = 6 * totalBounty / 100; + uint winnerPrice = totalBounty - ownerTax; + LottoComplete(msg.sender, lottoIndex, winnerPrice); + lottoIndex += 1; + numtickets = 0; + totalBounty = 0; + if(_direction == 0 && maxTickets < 20) maxTickets += 1; + if(_direction == 1 && maxTickets > 10) maxTickets -= 1; + if(_direction == 0 && maxTickets == 20) _direction = 1; + if(_direction == 1 && maxTickets == 10) _direction = 0; + worldOwner.transfer(ownerTax); + winner.transfer(winnerPrice); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-17050.sol b/data_full/CVE_clean/2018-17050.sol new file mode 100644 index 0000000000000000000000000000000000000000..68f44f357c42ba4dc52dfc79e505333ecd3d5f71 --- /dev/null +++ b/data_full/CVE_clean/2018-17050.sol @@ -0,0 +1,107 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + revert(); + } +} +contract PolyAi is owned, token { + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function PolyAi( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-17071.sol b/data_full/CVE_clean/2018-17071.sol new file mode 100644 index 0000000000000000000000000000000000000000..ad037bbdee817155948251aeb141f6954d37b531 --- /dev/null +++ b/data_full/CVE_clean/2018-17071.sol @@ -0,0 +1,42 @@ +pragma solidity ^0.4.24; +contract lucky9io { + bool private gameOn = true; + address private owner = 0x5Bf066c70C2B5e02F1C6723E72e82478Fec41201; + uint private entry_number = 0; + uint private value = 0; + modifier onlyOwner() { + require(msg.sender == owner, "Sender not authorized."); + _; + } + function stopGame() public onlyOwner { + gameOn = false; + owner.transfer(address(this).balance); + } + function () public payable{ + if(gameOn == false) { + msg.sender.transfer(msg.value); + return; + } + if(msg.value * 1000 < 9) { + msg.sender.transfer(msg.value); + return; + } + entry_number = entry_number + 1; + value = address(this).balance; + if(entry_number % 999 == 0) { + msg.sender.transfer(value * 8 / 10); + owner.transfer(value * 11 / 100); + return; + } + if(entry_number % 99 == 0) { + msg.sender.transfer(0.09 ether); + owner.transfer(0.03 ether); + return; + } + if(entry_number % 9 == 0) { + msg.sender.transfer(0.03 ether); + owner.transfer(0.01 ether); + return; + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-17111.sol b/data_full/CVE_clean/2018-17111.sol new file mode 100644 index 0000000000000000000000000000000000000000..bbb12d0667fb9197a284ed14e236fddc6947ccbf --- /dev/null +++ b/data_full/CVE_clean/2018-17111.sol @@ -0,0 +1,72 @@ +contract ERC20Interface { + function totalSupply() constant returns (uint256 totalSupply); + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + } + contract Coinlancer is ERC20Interface { + string public constant symbol = "CL"; + string public constant name = "Coinlancer"; + uint8 public constant decimals = 18; + uint256 _totalSupply = 300000000000000000000000000; + address public owner; + mapping(address => uint256) balances; + mapping(address => mapping (address => uint256)) allowed; + modifier onlyOwner() { + require(msg.sender != owner); { + } + _; + } + function Coinlancer() { + owner = msg.sender; + balances[owner] = _totalSupply; + } + function totalSupply() constant returns (uint256 totalSupply) { + totalSupply = _totalSupply; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function transfer(address _to, uint256 _amount) returns (bool success) { + if (balances[msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(msg.sender, _to, _amount); + return true; + } else { + return false; + } + } + function transferFrom( + address _from, + address _to, + uint256 _amount + ) returns (bool success) { + if (balances[_from] >= _amount + && allowed[_from][msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } else { + return false; + } + } + function approve(address _spender, uint256 _amount) returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-17877.sol b/data_full/CVE_clean/2018-17877.sol new file mode 100644 index 0000000000000000000000000000000000000000..6eada992f12b7da01f6605ef0a4e1e7edbdd34a1 --- /dev/null +++ b/data_full/CVE_clean/2018-17877.sol @@ -0,0 +1,267 @@ +pragma solidity ^0.4.0; +contract Owned { + address public owner; + address public newOwner; + event OwnershipTransferred(address indexed _from, address indexed _to); + function Owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address _newOwner) public onlyOwner { + newOwner = _newOwner; + } + function acceptOwnership() public { + require(msg.sender == newOwner); + emit OwnershipTransferred(owner, newOwner); + owner = newOwner; + newOwner = address(0); + } +} +contract Greedy is Owned { + uint public Round = 1; + mapping(uint => uint) public RoundHeart; + mapping(uint => uint) public RoundETH; + mapping(uint => uint) public RoundTime; + mapping(uint => uint) public RoundPayMask; + mapping(uint => address) public RoundLastGreedyMan; + uint256 public Luckybuy; + mapping(uint => mapping(address => uint)) public RoundMyHeart; + mapping(uint => mapping(address => uint)) public RoundMyPayMask; + mapping(address => uint) public MyreferredRevenue; + uint256 public luckybuyTracker_ = 0; + uint256 constant private RoundIncrease = 1 seconds; + uint256 constant private RoundMaxTime = 10 minutes; + uint256 public onwerfee; + using SafeMath for *; + using GreedyHeartCalcLong for uint256; + event winnerEvent(address winnerAddr, uint256 newPot, uint256 round); + event luckybuyEvent(address luckyAddr, uint256 amount, uint256 round); + event buyheartEvent(address Addr, uint256 Heartamount, uint256 ethvalue, uint256 round, address ref); + event referredEvent(address Addr, address RefAddr, uint256 ethvalue); + event withdrawEvent(address Addr, uint256 ethvalue, uint256 Round); + event withdrawRefEvent(address Addr, uint256 ethvalue); + event withdrawOwnerEvent(uint256 ethvalue); + function getHeartPrice() public view returns(uint256) + { + return ( (RoundHeart[Round].add(1000000000000000000)).ethRec(1000000000000000000) ); + } + function getMyRevenue(uint _round) public view returns(uint256) + { + return( (((RoundPayMask[_round]).mul(RoundMyHeart[_round][msg.sender])) / (1000000000000000000)).sub(RoundMyPayMask[_round][msg.sender]) ); + } + function getTimeLeft() public view returns(uint256) + { + if(RoundTime[Round] == 0 || RoundTime[Round] < now) + return 0; + else + return( (RoundTime[Round]).sub(now) ); + } + function updateTimer(uint256 _hearts) private + { + if(RoundTime[Round] == 0) + RoundTime[Round] = RoundMaxTime.add(now); + uint _newTime = (((_hearts) / (1000000000000000000)).mul(RoundIncrease)).add(RoundTime[Round]); + if (_newTime < (RoundMaxTime).add(now)) + RoundTime[Round] = _newTime; + else + RoundTime[Round] = RoundMaxTime.add(now); + } + function buyHeart(address referred) public payable { + require(msg.value >= 1000000000, "pocket lint: not a valid currency"); + require(msg.value <= 100000000000000000000000, "no vitalik, no"); + address _addr = msg.sender; + uint256 _codeLength; + assembly {_codeLength := extcodesize(_addr)} + require(_codeLength == 0, "sorry humans only"); + uint256 _hearts = (RoundETH[Round]).keysRec(msg.value); + uint256 _pearn; + require(_hearts >= 1000000000000000000); + require(RoundTime[Round] > now || RoundTime[Round] == 0); + updateTimer(_hearts); + RoundHeart[Round] += _hearts; + RoundMyHeart[Round][msg.sender] += _hearts; + if (referred != address(0) && referred != msg.sender) + { + _pearn = (((msg.value.mul(30) / 100).mul(1000000000000000000)) / (RoundHeart[Round])).mul(_hearts)/ (1000000000000000000); + onwerfee += (msg.value.mul(4) / 100); + RoundETH[Round] += msg.value.mul(54) / 100; + Luckybuy += msg.value.mul(2) / 100; + MyreferredRevenue[referred] += (msg.value.mul(10) / 100); + RoundPayMask[Round] += ((msg.value.mul(30) / 100).mul(1000000000000000000)) / (RoundHeart[Round]); + RoundMyPayMask[Round][msg.sender] = (((RoundPayMask[Round].mul(_hearts)) / (1000000000000000000)).sub(_pearn)).add(RoundMyPayMask[Round][msg.sender]); + emit referredEvent(msg.sender, referred, msg.value.mul(10) / 100); + } else { + _pearn = (((msg.value.mul(40) / 100).mul(1000000000000000000)) / (RoundHeart[Round])).mul(_hearts)/ (1000000000000000000); + RoundETH[Round] += msg.value.mul(54) / 100; + Luckybuy += msg.value.mul(2) / 100; + onwerfee +=(msg.value.mul(4) / 100); + RoundPayMask[Round] += ((msg.value.mul(40) / 100).mul(1000000000000000000)) / (RoundHeart[Round]); + RoundMyPayMask[Round][msg.sender] = (((RoundPayMask[Round].mul(_hearts)) / (1000000000000000000)).sub(_pearn)).add(RoundMyPayMask[Round][msg.sender]); + } + if (msg.value >= 100000000000000000){ + luckybuyTracker_++; + if (luckyBuy() == true) + { + msg.sender.transfer(Luckybuy); + emit luckybuyEvent(msg.sender, Luckybuy, Round); + luckybuyTracker_ = 0; + Luckybuy = 0; + } + } + RoundLastGreedyMan[Round] = msg.sender; + emit buyheartEvent(msg.sender, _hearts, msg.value, Round, referred); + } + function win() public { + require(now > RoundTime[Round] && RoundTime[Round] != 0); + RoundLastGreedyMan[Round].transfer(RoundETH[Round]); + emit winnerEvent(RoundLastGreedyMan[Round], RoundETH[Round], Round); + Round++; + } + function withdraw(uint _round) public { + uint _revenue = getMyRevenue(_round); + uint _revenueRef = MyreferredRevenue[msg.sender]; + RoundMyPayMask[_round][msg.sender] += _revenue; + MyreferredRevenue[msg.sender] = 0; + msg.sender.transfer(_revenue + _revenueRef); + emit withdrawRefEvent( msg.sender, _revenue); + emit withdrawEvent(msg.sender, _revenue, _round); + } + function withdrawOwner() public onlyOwner { + uint _revenue = onwerfee; + msg.sender.transfer(_revenue); + onwerfee = 0; + emit withdrawOwnerEvent(_revenue); + } + function luckyBuy() private view returns(bool) + { + uint256 seed = uint256(keccak256(abi.encodePacked( + (block.timestamp).add + (block.difficulty).add + ((uint256(keccak256(abi.encodePacked(block.coinbase)))) / (now)).add + (block.gaslimit).add + ((uint256(keccak256(abi.encodePacked(msg.sender)))) / (now)).add + (block.number) + ))); + if((seed - ((seed / 1000) * 1000)) < luckybuyTracker_) + return(true); + else + return(false); + } + function getFullround()public view returns(uint[] round,uint[] pot, address[] whowin,uint[] mymoney) { + uint[] memory whichRound = new uint[](Round); + uint[] memory totalPool = new uint[](Round); + address[] memory winner = new address[](Round); + uint[] memory myMoney = new uint[](Round); + uint counter = 0; + for (uint i = 1; i <= Round; i++) { + whichRound[counter] = i; + totalPool[counter] = RoundETH[i]; + winner[counter] = RoundLastGreedyMan[i]; + myMoney[counter] = getMyRevenue(i); + counter++; + } + return (whichRound,totalPool,winner,myMoney); + } +} +library GreedyHeartCalcLong { + using SafeMath for *; + function keysRec(uint256 _curEth, uint256 _newEth) + internal + pure + returns (uint256) + { + return(keys((_curEth).add(_newEth)).sub(keys(_curEth))); + } + function ethRec(uint256 _curKeys, uint256 _sellKeys) + internal + pure + returns (uint256) + { + return((eth(_curKeys)).sub(eth(_curKeys.sub(_sellKeys)))); + } + function keys(uint256 _eth) + internal + pure + returns(uint256) + { + return ((((((_eth).mul(1000000000000000000)).mul(312500000000000000000000000)).add(5624988281256103515625000000000000000000000000000000000000000000)).sqrt()).sub(74999921875000000000000000000000)) / (156250000); + } + function eth(uint256 _keys) + internal + pure + returns(uint256) + { + return ((78125000).mul(_keys.sq()).add(((149999843750000).mul(_keys.mul(1000000000000000000))) / (2))) / ((1000000000000000000).sq()); + } +} +library SafeMath { + function mul(uint256 a, uint256 b) + internal + pure + returns (uint256 c) + { + if (a == 0) { + return 0; + } + c = a * b; + require(c / a == b, "SafeMath mul failed"); + return c; + } + function sub(uint256 a, uint256 b) + internal + pure + returns (uint256) + { + require(b <= a, "SafeMath sub failed"); + return a - b; + } + function add(uint256 a, uint256 b) + internal + pure + returns (uint256 c) + { + c = a + b; + require(c >= a, "SafeMath add failed"); + return c; + } + function sqrt(uint256 x) + internal + pure + returns (uint256 y) + { + uint256 z = ((add(x,1)) / 2); + y = x; + while (z < y) + { + y = z; + z = ((add((x / z),z)) / 2); + } + } + function sq(uint256 x) + internal + pure + returns (uint256) + { + return (mul(x,x)); + } + function pwr(uint256 x, uint256 y) + internal + pure + returns (uint256) + { + if (x==0) + return (0); + else if (y==0) + return (1); + else + { + uint256 z = x; + for (uint256 i=1; i < y; i++) + z = mul(z,x); + return (z); + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-17882.sol b/data_full/CVE_clean/2018-17882.sol new file mode 100644 index 0000000000000000000000000000000000000000..d2b582a986a636804db3907cbab737d83d95ec37 --- /dev/null +++ b/data_full/CVE_clean/2018-17882.sol @@ -0,0 +1,79 @@ +pragma solidity ^0.4.18; +contract Ownable { + address public owner; + function Ownable() public { + owner = msg.sender; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) public onlyOwner { + if (newOwner != address(0)) { + owner = newOwner; + } + } +} +contract BattleToken is Ownable { + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + uint256 constant private MAX_UINT256 = 2**256 - 1; + mapping (address => uint256) public balances; + mapping (address => mapping (address => uint256)) public allowed; + uint256 public totalSupply; + string public name = "https: + uint8 public decimals = 0; + string public symbol = "CBTB"; + address public fights; + function setFightsAddress(address _fights) public onlyOwner { + fights = _fights; + } + function create(uint _amount) public onlyOwner { + balances[msg.sender] = safeAdd(balances[msg.sender], _amount); + totalSupply = safeAdd(totalSupply, _amount); + } + function transfer(address _to, uint256 _value) public returns (bool success) { + balances[msg.sender] = safeSub(balances[msg.sender], _value); + balances[_to] = safeAdd(balances[_to], _value); + Transfer(msg.sender, _to, _value); + return true; + } + function batchTransfer(address[] _to, uint _value) public { + balances[msg.sender] = safeSub( + balances[msg.sender], _to.length * _value + ); + for (uint i = 0; i < _to.length; i++) { + balances[_to[i]] = safeAdd(balances[_to[i]], _value); + Transfer(msg.sender, _to[i], _value); + } + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + balances[_to] = safeAdd(balances[_to], _value); + balances[_from] = safeSub(balances[_from], _value); + if (_to != fights) { + allowed[_from][msg.sender] = safeSub(allowed[_from][msg.sender], _value); + } + Transfer(_from, _to, _value); + return true; + } + function balanceOf(address _owner) public view returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) public returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) public view returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + function safeAdd(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } + function safeSub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-17968.sol b/data_full/CVE_clean/2018-17968.sol new file mode 100644 index 0000000000000000000000000000000000000000..25e259cd5c71e2649b7f769669ae53fab2e898e9 --- /dev/null +++ b/data_full/CVE_clean/2018-17968.sol @@ -0,0 +1,156 @@ +pragma solidity ^0.4.8; +contract RuletkaIo { + event partyOver(uint256 roomId, address victim, address[] winners); + event newPlayer(uint256 roomId, address player); + event fullRoom(uint256 roomId); + event roomRefunded(uint256 _roomId, address[] refundedPlayers); + address CTO; + address CEO; + Room[] private allRooms; + function () public payable {} + function RuletkaIo() public { + CTO = msg.sender; + CEO = msg.sender; + } + modifier onlyCTO() { + require(msg.sender == CTO); + _; + } + function setCTO(address _newCTO) public onlyCTO { + require(_newCTO != address(0)); + CTO = _newCTO; + } + function setCEO(address _newCEO) public onlyCTO { + require(_newCEO != address(0)); + CEO = _newCEO; + } + struct Room { + string name; + uint256 entryPrice; + uint256 balance; + address[] players; + } + function createRoom(string _name, uint256 _entryPrice) public onlyCTO{ + address[] memory players; + Room memory _room = Room({ + name: _name, + players: players, + balance: 0, + entryPrice: _entryPrice + }); + allRooms.push(_room); + } + function enter(uint256 _roomId) public payable { + Room storage room = allRooms[_roomId-1]; + require(room.players.length < 6); + require(msg.value >= room.entryPrice); + room.players.push(msg.sender); + room.balance += room.entryPrice; + emit newPlayer(_roomId, msg.sender); + if(room.players.length == 6){ + executeRoom(_roomId); + } + } + function enterWithReferral(uint256 _roomId, address referrer) public payable { + Room storage room = allRooms[_roomId-1]; + require(room.players.length < 6); + require(msg.value >= room.entryPrice); + uint256 referrerCut = SafeMath.div(room.entryPrice, 100); + referrer.transfer(referrerCut); + room.players.push(msg.sender); + room.balance += room.entryPrice - referrerCut; + emit newPlayer(_roomId, msg.sender); + if(room.players.length == 6){ + emit fullRoom(_roomId); + executeRoom(_roomId); + } + } + function executeRoom(uint256 _roomId) public { + Room storage room = allRooms[_roomId-1]; + require(room.players.length == 6); + uint256 halfFee = SafeMath.div(room.entryPrice, 20); + CTO.transfer(halfFee); + CEO.transfer(halfFee); + room.balance -= halfFee * 2; + uint256 deadSeat = random(); + distributeFunds(_roomId, deadSeat); + delete room.players; + } + function distributeFunds(uint256 _roomId, uint256 _deadSeat) private returns(uint256) { + Room storage room = allRooms[_roomId-1]; + uint256 balanceToDistribute = SafeMath.div(room.balance,5); + address victim = room.players[_deadSeat]; + address[] memory winners = new address[](5); + uint256 j = 0; + for (uint i = 0; i<6; i++) { + if(i != _deadSeat){ + room.players[i].transfer(balanceToDistribute); + room.balance -= balanceToDistribute; + winners[j] = room.players[i]; + j++; + } + } + emit partyOver(_roomId, victim, winners); + return address(this).balance; + } + function refundPlayersInRoom(uint256 _roomId) public onlyCTO{ + Room storage room = allRooms[_roomId-1]; + uint256 nbrOfPlayers = room.players.length; + uint256 balanceToRefund = SafeMath.div(room.balance,nbrOfPlayers); + for (uint i = 0; i= a); + return c; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-17987.sol b/data_full/CVE_clean/2018-17987.sol new file mode 100644 index 0000000000000000000000000000000000000000..56a434714f58a30db4f9173a5e7b20b9b364e354 --- /dev/null +++ b/data_full/CVE_clean/2018-17987.sol @@ -0,0 +1,149 @@ +pragma solidity ^0.4.13; +contract Tiles { + uint public constant NUM_TILES = 256; + uint constant SIDE_LENGTH = 16; + uint private constant STARTING_GAME_NUMBER = 1; + uint public DEFAULT_GAME_COST = 5000000000000000; + address private owner; + uint public currentGameNumber; + uint public currentGameBalance; + uint public numTilesClaimed; + Tile[16][16] public tiles; + bool public gameStopped; + uint public gameEarnings; + bool public willChangeCost; + uint public currentGameCost; + uint public nextGameCost; + mapping (address => uint) public pendingWithdrawals; + mapping (uint => address) public gameToWinner; + struct Tile { + uint gameClaimed; + address claimedBy; + } + event GameWon(uint indexed gameNumber, address indexed winner); + event TileClaimed(uint indexed gameNumber, uint indexed xCoord, uint indexed yCoord, address claimedBy); + event WinningsClaimed(address indexed claimedBy, uint indexed amountClaimed); + event FailedToClaim(address indexed claimedBy, uint indexed amountToClaim); + event PrintWinningInfo(bytes32 hash, uint xCoord, uint yCoord); + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + modifier gameRunning() { + require(!gameStopped); + _; + } + modifier gameNotRunning() { + require(gameStopped == true); + _; + } + function Tiles() payable { + owner = msg.sender; + currentGameNumber = STARTING_GAME_NUMBER; + currentGameCost = DEFAULT_GAME_COST; + numTilesClaimed = 0; + gameStopped = false; + gameEarnings = 0; + willChangeCost = false; + nextGameCost = DEFAULT_GAME_COST; + } + function cancelContract() onlyOwner returns (bool) { + gameStopped = true; + refundTiles(); + refundWinnings(); + } + function getRightCoordinate(byte input) returns(uint) { + byte val = input & byte(15); + return uint(val); + } + function getLeftCoordinate(byte input) returns(uint) { + byte val = input >> 4; + return uint(val); + } + function determineWinner() private { + bytes32 winningHash = block.blockhash(block.number - 1); + byte winningPair = winningHash[31]; + uint256 winningX = getRightCoordinate(winningPair); + uint256 winningY = getLeftCoordinate(winningPair); + address winner = tiles[winningX][winningY].claimedBy; + PrintWinningInfo(winningHash, winningX, winningY); + GameWon(currentGameNumber, winner); + resetGame(winner); + } + function claimTile(uint xCoord, uint yCoord, uint gameNumber) gameRunning payable { + if (gameNumber != currentGameNumber || tiles[xCoord][yCoord].gameClaimed == currentGameNumber) { + revert(); + } + require(msg.value == currentGameCost); + currentGameBalance += msg.value; + tiles[xCoord][yCoord] = Tile(currentGameNumber, msg.sender); + TileClaimed(currentGameNumber, xCoord, yCoord, msg.sender); + numTilesClaimed += 1; + if (numTilesClaimed == NUM_TILES) { + determineWinner(); + } + } + function resetGame(address winner) private { + uint winningAmount = uint(currentGameBalance) * uint(9) / uint(10); + uint remainder = currentGameBalance - winningAmount; + currentGameBalance = 0; + gameToWinner[currentGameNumber] = winner; + currentGameNumber++; + numTilesClaimed = 0; + pendingWithdrawals[winner] += winningAmount; + gameEarnings += remainder; + if (willChangeCost) { + currentGameCost = nextGameCost; + willChangeCost = false; + } + } + function refundTiles() private { + Tile memory currTile; + for (uint i = 0; i < SIDE_LENGTH; i++) { + for (uint j = 0; j < SIDE_LENGTH; j++) { + currTile = tiles[i][j]; + if (currTile.gameClaimed == currentGameNumber) { + if (currTile.claimedBy.send(currentGameCost)) { + tiles[i][j] = Tile(0, 0x0); + } + } + } + } + } + function refundWinnings() private { + address currAddress; + uint currAmount; + for (uint i = STARTING_GAME_NUMBER; i < currentGameNumber; i++) { + currAddress = gameToWinner[i]; + currAmount = pendingWithdrawals[currAddress]; + if (currAmount != 0) { + if (currAddress.send(currAmount)) { + pendingWithdrawals[currAddress] = 0; + } + } + } + } + function claimWinnings() { + if (pendingWithdrawals[msg.sender] != 0) { + if (msg.sender.send(pendingWithdrawals[msg.sender])) { + WinningsClaimed(msg.sender, pendingWithdrawals[msg.sender]); + pendingWithdrawals[msg.sender] = 0; + } else { + FailedToClaim(msg.sender, pendingWithdrawals[msg.sender]); + } + } + } + function updateGameCost(uint newGameCost) onlyOwner returns (bool) { + if (newGameCost > 0) { + nextGameCost = newGameCost; + willChangeCost = true; + } + } + function claimOwnersEarnings() onlyOwner { + if (gameEarnings != 0) { + if (owner.send(gameEarnings)) { + gameEarnings = 0; + } + } + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-18425.sol b/data_full/CVE_clean/2018-18425.sol new file mode 100644 index 0000000000000000000000000000000000000000..9a85f1d28d1baf87076fc7919ed46235910f2eb2 --- /dev/null +++ b/data_full/CVE_clean/2018-18425.sol @@ -0,0 +1,179 @@ +pragma solidity ^0.4.18; +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256 c) { + if (a == 0) { + return 0; + } + c = a * b; + assert(c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + return a / b; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256 c) { + c = a + b; + assert(c >= a); + return c; + } +} +contract AltcoinToken { + function balanceOf(address _owner) constant public returns (uint256); + function transfer(address _to, uint256 _value) public returns (bool); +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public constant returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +contract Primeo is ERC20 { + using SafeMath for uint256; + address owner = msg.sender; + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + string public constant name = "Primeo"; + string public constant symbol = "PEO"; + uint public constant decimals = 8; + uint256 public totalSupply = 10000000000e8; + uint256 public totalDistributed = 0; + uint256 public tokensPerEth = 10000000e8; + uint256 public constant minContribution = 1 ether / 100; + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + event Distr(address indexed to, uint256 amount); + event DistrFinished(); + event Airdrop(address indexed _owner, uint _amount, uint _balance); + event TokensPerEthUpdated(uint _tokensPerEth); + event Burn(address indexed burner, uint256 value); + bool public distributionFinished = false; + modifier canDistr() { + require(!distributionFinished); + _; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + if (newOwner != address(0)) { + owner = newOwner; + } + } + function finishDistribution() onlyOwner canDistr public returns (bool) { + distributionFinished = true; + emit DistrFinished(); + return true; + } + function distr(address _to, uint256 _amount) canDistr private returns (bool) { + totalDistributed = totalDistributed.add(_amount); + balances[_to] = balances[_to].add(_amount); + emit Distr(_to, _amount); + emit Transfer(address(0), _to, _amount); + return true; + } + function doAirdrop(address _participant, uint _amount) internal { + require( _amount > 0 ); + require( totalDistributed < totalSupply ); + balances[_participant] = balances[_participant].add(_amount); + totalDistributed = totalDistributed.add(_amount); + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + emit Airdrop(_participant, _amount, balances[_participant]); + emit Transfer(address(0), _participant, _amount); + } + function adminClaimAirdrop(address _participant, uint _amount) public onlyOwner { + doAirdrop(_participant, _amount); + } + function adminClaimAirdropMultiple(address[] _addresses, uint _amount) public onlyOwner { + for (uint i = 0; i < _addresses.length; i++) doAirdrop(_addresses[i], _amount); + } + function updateTokensPerEth(uint _tokensPerEth) public onlyOwner { + tokensPerEth = _tokensPerEth; + emit TokensPerEthUpdated(_tokensPerEth); + } + function () external payable { + getTokens(); + } + function getTokens() payable canDistr public { + uint256 tokens = 0; + require( msg.value >= minContribution ); + require( msg.value > 0 ); + tokens = tokensPerEth.mul(msg.value) / 1 ether; + address investor = msg.sender; + if (tokens > 0) { + distr(investor, tokens); + } + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + function balanceOf(address _owner) constant public returns (uint256) { + return balances[_owner]; + } + modifier onlyPayloadSize(uint size) { + assert(msg.data.length >= size + 4); + _; + } + function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(msg.sender, _to, _amount); + return true; + } + function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[_from]); + require(_amount <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_amount); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(_from, _to, _amount); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool success) { + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + emit Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant public returns (uint256) { + return allowed[_owner][_spender]; + } + function getTokenBalance(address tokenAddress, address who) constant public returns (uint){ + AltcoinToken t = AltcoinToken(tokenAddress); + uint bal = t.balanceOf(who); + return bal; + } + function withdraw() onlyOwner public { + address myAddress = this; + uint256 etherBalance = myAddress.balance; + owner.transfer(etherBalance); + } + function burn(uint256 _value) onlyOwner public { + require(_value <= balances[msg.sender]); + address burner = msg.sender; + balances[burner] = balances[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + totalDistributed = totalDistributed.sub(_value); + emit Burn(burner, _value); + } + function withdrawAltcoinTokens(address _tokenContract) onlyOwner public returns (bool) { + AltcoinToken token = AltcoinToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-18665.sol b/data_full/CVE_clean/2018-18665.sol new file mode 100644 index 0000000000000000000000000000000000000000..7ebc7bede5964cf09c50fe5a3406ac7e84c4426e --- /dev/null +++ b/data_full/CVE_clean/2018-18665.sol @@ -0,0 +1,73 @@ +pragma solidity ^0.4.11; +contract Token { + uint256 public totalSupply; + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract StandardToken is Token { + bool public disabled = false; + function transfer(address _to, uint256 _value) returns (bool success) { + if (disabled != true && balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (disabled != true && balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; +} +contract NexxusToken is StandardToken { + function () {return;} + string public name = "Nexxus"; + uint8 public decimals = 8; + string public symbol = "NXX"; + address public owner; + function NexxusToken() { + totalSupply = 31800000000000000; + owner = msg.sender; + balances[owner] = totalSupply; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { return; } + return true; + } + function mintToken(uint256 _amount) { + if (msg.sender == owner) { + totalSupply += _amount; + balances[owner] += _amount; + Transfer(0, owner, _amount); + } + } + function disableToken(bool _disable) { + if (msg.sender == owner) + disabled = _disable; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-19830.sol b/data_full/CVE_clean/2018-19830.sol new file mode 100644 index 0000000000000000000000000000000000000000..abe20d12a13c37f95f21fb003433e394b1aeb9e2 --- /dev/null +++ b/data_full/CVE_clean/2018-19830.sol @@ -0,0 +1,140 @@ +pragma solidity ^0.4.24; +library SafeMath { + function mul(uint a, uint b) internal returns (uint) { + uint c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint a, uint b) internal returns (uint) { + uint c = a / b; + return c; + } + function sub(uint a, uint b) internal returns (uint) { + assert(b <= a); + return a - b; + } + function add(uint a, uint b) internal returns (uint) { + uint c = a + b; + assert(c >= a); + return c; + } + function assert(bool assertion) internal { + if (!assertion) { + throw; + } + } +} +contract ERC20Basic { + uint public totalSupply; + function balanceOf(address who) constant returns (uint); + function transfer(address to, uint value); + event Transfer(address indexed from, address indexed to, uint value); + function allowance(address owner, address spender) constant returns (uint); + function transferFrom(address from, address to, uint value); + function approve(address spender, uint value); + event Approval(address indexed owner, address indexed spender, uint value); +} +contract BasicToken is ERC20Basic { + using SafeMath for uint; + address public owner; + bool public transferable = true; + mapping(address => uint) balances; + mapping (address => bool) public frozenAccount; + modifier onlyPayloadSize(uint size) { + if(msg.data.length < size + 4) { + throw; + } + _; + } + modifier unFrozenAccount{ + require(!frozenAccount[msg.sender]); + _; + } + modifier onlyOwner { + if (owner == msg.sender) { + _; + } else { + InvalidCaller(msg.sender); + throw; + } + } + modifier onlyTransferable { + if (transferable) { + _; + } else { + LiquidityAlarm("The liquidity is switched off"); + throw; + } + } + event FrozenFunds(address target, bool frozen); + event InvalidCaller(address caller); + event Burn(address caller, uint value); + event OwnershipTransferred(address indexed from, address indexed to); + event InvalidAccount(address indexed addr, bytes msg); + event LiquidityAlarm(bytes msg); + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) unFrozenAccount onlyTransferable { + if (frozenAccount[_to]) { + InvalidAccount(_to, "The receiver account is frozen"); + } else { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + } + } + function balanceOf(address _owner) view returns (uint balance) { + return balances[_owner]; + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target]=freeze; + FrozenFunds(target, freeze); + } + function accountFrozenStatus(address target) view returns (bool frozen) { + return frozenAccount[target]; + } + function transferOwnership(address newOwner) onlyOwner public { + if (newOwner != address(0)) { + address oldOwner=owner; + owner = newOwner; + OwnershipTransferred(oldOwner, owner); + } + } + function switchLiquidity (bool _transferable) onlyOwner returns (bool success) { + transferable=_transferable; + return true; + } + function liquidityStatus () view returns (bool _transferable) { + return transferable; + } +} +contract StandardToken is BasicToken { + mapping (address => mapping (address => uint)) allowed; + function transferFrom(address _from, address _to, uint _value) onlyPayloadSize(3 * 32) unFrozenAccount onlyTransferable{ + var _allowance = allowed[_from][msg.sender]; + require(!frozenAccount[_from]&&!frozenAccount[_to]); + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + } + function approve(address _spender, uint _value) unFrozenAccount { + if ((_value != 0) && (allowed[msg.sender][_spender] != 0)) throw; + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + } + function allowance(address _owner, address _spender) view returns (uint remaining) { + return allowed[_owner][_spender]; + } +} +contract BAFCToken is StandardToken { + string public name = "Business Alliance Financial Circle"; + string public symbol = "BAFC"; + uint public decimals = 18; + function UBSexToken() { + owner = msg.sender; + totalSupply = 1.9 * 10 ** 26; + balances[owner] = totalSupply; + } + function () public payable { + revert(); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-19831.sol b/data_full/CVE_clean/2018-19831.sol new file mode 100644 index 0000000000000000000000000000000000000000..4ab1f0fef80aebc44bacac518e9846196497a7b9 --- /dev/null +++ b/data_full/CVE_clean/2018-19831.sol @@ -0,0 +1,233 @@ +pragma solidity ^0.4.19; +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract ForeignToken { + function balanceOf(address _owner) constant public returns (uint256); + function transfer(address _to, uint256 _value) public returns (bool); +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public constant returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +interface Token { + function distr(address _to, uint256 _value) public returns (bool); + function totalSupply() constant public returns (uint256 supply); + function balanceOf(address _owner) constant public returns (uint256 balance); +} +contract Cryptbond is ERC20 { + using SafeMath for uint256; + address owner = msg.sender; + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + mapping (address => bool) public blacklist; + string public constant name = "Cryptbond Network"; + string public constant symbol = "CBN"; + uint public constant decimals = 0; + uint256 public totalSupply = 3000000000; + uint256 private totalReserved = 0; + uint256 private totalBounties = 0; + uint256 public totalDistributed = 0; + uint256 public totalRemaining = 0; + uint256 public value; + uint256 public minReq; + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + event Distr(address indexed to, uint256 amount); + event DistrFinished(); + event Burn(address indexed burner, uint256 value); + bool public distributionFinished = false; + modifier canDistr() { + require(!distributionFinished); + _; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + modifier onlyWhitelist() { + require(blacklist[msg.sender] == false); + _; + } + function ToOwner( + ) public { + balances[msg.sender] = totalSupply; + owner = msg.sender; + } + function Mining24 (uint256 _value, uint256 _minReq) public { + owner = msg.sender; + value = _value; + minReq = _minReq; + balances[msg.sender] = totalDistributed; + } + function setParameters (uint256 _value, uint256 _minReq) onlyOwner public { + value = _value; + minReq = _minReq; + } + function transferOwnership(address newOwner) onlyOwner public { + if (newOwner != address(0)) { + owner = newOwner; + } + } + function enableWhitelist(address[] addresses) onlyOwner public { + for (uint i = 0; i < addresses.length; i++) { + blacklist[addresses[i]] = false; + } + } + function disableWhitelist(address[] addresses) onlyOwner public { + for (uint i = 0; i < addresses.length; i++) { + blacklist[addresses[i]] = true; + } + } + function finishDistribution() onlyOwner canDistr public returns (bool) { + distributionFinished = true; + DistrFinished(); + return true; + } + function distr(address _to, uint256 _amount) canDistr private returns (bool) { + totalDistributed = totalDistributed.add(_amount); + totalRemaining = totalRemaining.sub(_amount); + balances[_to] = balances[_to].add(_amount); + Distr(_to, _amount); + Transfer(address(0), _to, _amount); + return true; + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + function airdrop(address[] addresses) onlyOwner canDistr public { + require(addresses.length <= 255); + require(value <= totalRemaining); + for (uint i = 0; i < addresses.length; i++) { + require(value <= totalRemaining); + distr(addresses[i], value); + } + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + function distribution(address[] addresses, uint256 amount) onlyOwner canDistr public { + require(addresses.length <= 255); + require(amount <= totalRemaining); + for (uint i = 0; i < addresses.length; i++) { + require(amount <= totalRemaining); + distr(addresses[i], amount); + } + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + function distributeAmounts(address[] addresses, uint256[] amounts) onlyOwner canDistr public { + require(addresses.length <= 255); + require(addresses.length == amounts.length); + for (uint8 i = 0; i < addresses.length; i++) { + require(amounts[i] <= totalRemaining); + distr(addresses[i], amounts[i]); + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + } + uint price = 0.000001 ether; + function() public payable { + uint toMint = msg.value/price; + balances[msg.sender]+=toMint; + Transfer(0,msg.sender,toMint); + } + function getTokens() payable canDistr onlyWhitelist public { + require(value <= totalRemaining); + address investor = msg.sender; + uint256 toGive = value; + if (msg.value < minReq){ + toGive = value.sub(value); + } + distr(investor, toGive); + if (toGive > 0) { + blacklist[investor] = true; + } + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + function balanceOf(address _owner) constant public returns (uint256) { + return balances[_owner]; + } + modifier onlyPayloadSize(uint size) { + assert(msg.data.length >= size + 4); + _; + } + function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + Transfer(msg.sender, _to, _amount); + return true; + } + function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[_from]); + require(_amount <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_amount); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + Transfer(_from, _to, _amount); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool success) { + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant public returns (uint256) { + return allowed[_owner][_spender]; + } + function getTokenBalance(address tokenAddress, address who) constant public returns (uint){ + ForeignToken t = ForeignToken(tokenAddress); + uint bal = t.balanceOf(who); + return bal; + } + function withdraw() onlyOwner public { + uint256 etherBalance = this.balance; + owner.transfer(etherBalance); + } + function burn(uint256 _value) onlyOwner public { + require(_value <= balances[msg.sender]); + address burner = msg.sender; + balances[burner] = balances[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + totalDistributed = totalDistributed.sub(_value); + Burn(burner, _value); + } + function withdrawForeignTokens(address _tokenContract) onlyOwner public returns (bool) { + ForeignToken token = ForeignToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-19832.sol b/data_full/CVE_clean/2018-19832.sol new file mode 100644 index 0000000000000000000000000000000000000000..3c1a7c6f394ab440333863fe6cca80fcb4ab759d --- /dev/null +++ b/data_full/CVE_clean/2018-19832.sol @@ -0,0 +1,174 @@ +pragma solidity ^0.4.24; +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract ForeignToken { + function balanceOf(address _owner) constant public returns (uint256); + function transfer(address _to, uint256 _value) public returns (bool); +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public constant returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +interface Token { + function distr(address _to, uint256 _value) external returns (bool); + function totalSupply() constant external returns (uint256 supply); + function balanceOf(address _owner) constant external returns (uint256 balance); +} +contract NewIntelTechMedia is ERC20 { + using SafeMath for uint256; + address owner = msg.sender; + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + mapping (address => bool) public blacklist; + string public constant name = "NewIntelTechMedia"; + string public constant symbol = "NETM"; + uint public constant decimals = 18; + uint256 public totalSupply = 500000000e18; + uint256 public totalDistributed = 250000000e18; + uint256 public totalRemaining = totalSupply.sub(totalDistributed); + uint256 public value = 2500e18; + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + event Distr(address indexed to, uint256 amount); + event DistrFinished(); + event Burn(address indexed burner, uint256 value); + bool public distributionFinished = false; + modifier canDistr() { + require(!distributionFinished); + _; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + modifier onlyWhitelist() { + require(blacklist[msg.sender] == false); + _; + } + function NETM() public { + owner = msg.sender; + balances[owner] = totalDistributed; + } + function transferOwnership(address newOwner) onlyOwner public { + if (newOwner != address(0)) { + owner = newOwner; + } + } + function finishDistribution() onlyOwner canDistr public returns (bool) { + distributionFinished = true; + emit DistrFinished(); + return true; + } + function distr(address _to, uint256 _amount) canDistr private returns (bool) { + totalDistributed = totalDistributed.add(_amount); + totalRemaining = totalRemaining.sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Distr(_to, _amount); + emit Transfer(address(0), _to, _amount); + return true; + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + function () external payable { + getTokens(); + } + function getTokens() payable canDistr onlyWhitelist public { + if (value > totalRemaining) { + value = totalRemaining; + } + require(value <= totalRemaining); + address investor = msg.sender; + uint256 toGive = value; + distr(investor, toGive); + if (toGive > 0) { + blacklist[investor] = true; + } + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + value = value.div(100000).mul(99999); + } + function balanceOf(address _owner) constant public returns (uint256) { + return balances[_owner]; + } + modifier onlyPayloadSize(uint size) { + assert(msg.data.length >= size + 4); + _; + } + function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(msg.sender, _to, _amount); + return true; + } + function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[_from]); + require(_amount <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_amount); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(_from, _to, _amount); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool success) { + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + emit Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant public returns (uint256) { + return allowed[_owner][_spender]; + } + function getTokenBalance(address tokenAddress, address who) constant public returns (uint){ + ForeignToken t = ForeignToken(tokenAddress); + uint bal = t.balanceOf(who); + return bal; + } + function withdraw() onlyOwner public { + uint256 etherBalance = address(this).balance; + owner.transfer(etherBalance); + } + function burn(uint256 _value) onlyOwner public { + require(_value <= balances[msg.sender]); + address burner = msg.sender; + balances[burner] = balances[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + totalDistributed = totalDistributed.sub(_value); + emit Burn(burner, _value); + } + function withdrawForeignTokens(address _tokenContract) onlyOwner public returns (bool) { + ForeignToken token = ForeignToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-19833.sol b/data_full/CVE_clean/2018-19833.sol new file mode 100644 index 0000000000000000000000000000000000000000..273f90c0b1945b1249572536231bb43129636674 --- /dev/null +++ b/data_full/CVE_clean/2018-19833.sol @@ -0,0 +1,60 @@ +pragma solidity ^0.4.24; +contract ERCDDAToken { + address public owner; + string public name; + string public symbol; + uint8 public decimals = 0; + uint256 public totalSupply; + event Transfer(address indexed from, address indexed to, uint256 value); + event FrozenFunds(address target, bool frozen); + event Burn(address indexed from, uint256 value); + mapping (address => uint256) public balanceOf; + mapping (address => bool) public frozenAccount; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + constructor( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + owner = msg.sender; + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + } + function transfer(address _to, uint256 _value) public returns (bool success) { + _transfer(msg.sender, _to, _value); + return true; + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } + function burn(uint256 _value) onlyOwner public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + emit Burn(msg.sender, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public{ + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2018-19834.sol b/data_full/CVE_clean/2018-19834.sol new file mode 100644 index 0000000000000000000000000000000000000000..b9d4b90583f2df900d245edcd05c98d832a3e6fb --- /dev/null +++ b/data_full/CVE_clean/2018-19834.sol @@ -0,0 +1,139 @@ +pragma solidity ^0.4.18; +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b > 0); + uint256 c = a / b; + assert(a == b * c + a % b); + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract Ownable { + address public owner; + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + function Ownable() public { + owner = msg.sender; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + require(newOwner != address(0)); + OwnershipTransferred(owner, newOwner); + owner = newOwner; + } +} +contract ERC20Interface { + function totalSupply() public constant returns (uint); + function balanceOf(address tokenOwner) public constant returns (uint balance); + function allowance(address tokenOwner, address spender) public constant returns (uint remaining); + function transfer(address to, uint tokens) public returns (bool success); + function approve(address spender, uint tokens) public returns (bool success); + function transferFrom(address from, address to, uint tokens) public returns (bool success); + event Transfer(address indexed from, address indexed to, uint tokens); + event Approval(address indexed tokenOwner, address indexed spender, uint tokens); +} +interface OldXRPCToken { + function transfer(address receiver, uint amount) external; + function balanceOf(address _owner) external returns (uint256 balance); + function mint(address wallet, address buyer, uint256 tokenAmount) external; + function showMyTokenBalance(address addr) external; +} +contract BOMBBA is ERC20Interface,Ownable { + using SafeMath for uint256; + uint256 public totalSupply; + mapping(address => uint256) tokenBalances; + string public constant name = "BOMBBA"; + string public constant symbol = "BOMB"; + uint256 public constant decimals = 18; + uint256 public constant INITIAL_SUPPLY = 10000000; + address ownerWallet; + mapping (address => mapping (address => uint256)) allowed; + event Debug(string message, address addr, uint256 number); + function quaker(address wallet) public { + owner = msg.sender; + ownerWallet=wallet; + totalSupply = INITIAL_SUPPLY * 10 ** 18; + tokenBalances[wallet] = INITIAL_SUPPLY * 10 ** 18; + } + function transfer(address _to, uint256 _value) public returns (bool) { + require(tokenBalances[msg.sender]>=_value); + tokenBalances[msg.sender] = tokenBalances[msg.sender].sub(_value); + tokenBalances[_to] = tokenBalances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + require(_to != address(0)); + require(_value <= tokenBalances[_from]); + require(_value <= allowed[_from][msg.sender]); + tokenBalances[_from] = tokenBalances[_from].sub(_value); + tokenBalances[_to] = tokenBalances[_to].add(_value); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function totalSupply() public constant returns (uint) { + return totalSupply - tokenBalances[address(0)]; + } + function allowance(address tokenOwner, address spender) public constant returns (uint remaining) { + return allowed[tokenOwner][spender]; + } + function increaseApproval(address _spender, uint _addedValue) public returns (bool) { + allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) { + uint oldValue = allowed[msg.sender][_spender]; + if (_subtractedValue > oldValue) { + allowed[msg.sender][_spender] = 0; + } else { + allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue); + } + Approval(msg.sender, _spender, allowed[msg.sender][_spender]); + return true; + } + function () public payable { + revert(); + } + function balanceOf(address _owner) constant public returns (uint256 balance) { + return tokenBalances[_owner]; + } + function mint(address wallet, address buyer, uint256 tokenAmount) public onlyOwner { + require(tokenBalances[wallet] >= tokenAmount); + tokenBalances[buyer] = tokenBalances[buyer].add(tokenAmount); + tokenBalances[wallet] = tokenBalances[wallet].add(tokenAmount); + Transfer(wallet, buyer, tokenAmount); + totalSupply=totalSupply.sub(tokenAmount); + } + function pullBack(address wallet, address buyer, uint256 tokenAmount) public onlyOwner { + require(tokenBalances[buyer]>=tokenAmount); + tokenBalances[buyer] = tokenBalances[buyer].sub(tokenAmount); + tokenBalances[wallet] = tokenBalances[wallet].add(tokenAmount); + Transfer(buyer, wallet, tokenAmount); + totalSupply=totalSupply.add(tokenAmount); + } + function showMyTokenBalance(address addr) public view returns (uint tokenBalance) { + tokenBalance = tokenBalances[addr]; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2019-15078.sol b/data_full/CVE_clean/2019-15078.sol new file mode 100644 index 0000000000000000000000000000000000000000..28dbeb694f4451e93f8352afc7e2d13c68c7382d --- /dev/null +++ b/data_full/CVE_clean/2019-15078.sol @@ -0,0 +1,174 @@ +pragma solidity ^0.4.22; +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract ForeignToken { + function balanceOf(address _owner) constant public returns (uint256); + function transfer(address _to, uint256 _value) public returns (bool); +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) public constant returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) public constant returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +interface Token { + function distr(address _to, uint256 _value) external returns (bool); + function totalSupply() constant external returns (uint256 supply); + function balanceOf(address _owner) constant external returns (uint256 balance); +} +contract XBORNID is ERC20 { + using SafeMath for uint256; + address owner = msg.sender; + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + mapping (address => bool) public blacklist; + string public constant name = "XBORN ID"; + string public constant symbol = "XBornID"; + uint public constant decimals = 18; +uint256 public totalSupply = 500000000e18; +uint256 public totalDistributed = 200000000e18; +uint256 public totalRemaining = totalSupply.sub(totalDistributed); +uint256 public value = 1000e18; + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + event Distr(address indexed to, uint256 amount); + event DistrFinished(); + event Burn(address indexed burner, uint256 value); + bool public distributionFinished = false; + modifier canDistr() { + require(!distributionFinished); + _; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + modifier onlyWhitelist() { + require(blacklist[msg.sender] == false); + _; + } + function XBornID() public { + owner = msg.sender; + balances[owner] = totalDistributed; + } + function transferOwnership(address newOwner) onlyOwner public { + if (newOwner != address(0)) { + owner = newOwner; + } + } + function finishDistribution() onlyOwner canDistr public returns (bool) { + distributionFinished = true; + emit DistrFinished(); + return true; + } + function distr(address _to, uint256 _amount) canDistr private returns (bool) { + totalDistributed = totalDistributed.add(_amount); + totalRemaining = totalRemaining.sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Distr(_to, _amount); + emit Transfer(address(0), _to, _amount); + return true; + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + } + function () external payable { + getTokens(); + } + function getTokens() payable canDistr onlyWhitelist public { + if (value > totalRemaining) { + value = totalRemaining; + } + require(value <= totalRemaining); + address investor = msg.sender; + uint256 toGive = value; + distr(investor, toGive); + if (toGive > 0) { + blacklist[investor] = true; + } + if (totalDistributed >= totalSupply) { + distributionFinished = true; + } + value = value.div(100000).mul(99999); + } + function balanceOf(address _owner) constant public returns (uint256) { + return balances[_owner]; + } + modifier onlyPayloadSize(uint size) { + assert(msg.data.length >= size + 4); + _; + } + function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[msg.sender]); + balances[msg.sender] = balances[msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(msg.sender, _to, _amount); + return true; + } + function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) { + require(_to != address(0)); + require(_amount <= balances[_from]); + require(_amount <= allowed[_from][msg.sender]); + balances[_from] = balances[_from].sub(_amount); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount); + balances[_to] = balances[_to].add(_amount); + emit Transfer(_from, _to, _amount); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool success) { + if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } + allowed[msg.sender][_spender] = _value; + emit Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant public returns (uint256) { + return allowed[_owner][_spender]; + } + function getTokenBalance(address tokenAddress, address who) constant public returns (uint){ + ForeignToken t = ForeignToken(tokenAddress); + uint bal = t.balanceOf(who); + return bal; + } + function withdraw() onlyOwner public { + uint256 etherBalance = address(this).balance; + owner.transfer(etherBalance); + } + function burn(uint256 _value) onlyOwner public { + require(_value <= balances[msg.sender]); + address burner = msg.sender; + balances[burner] = balances[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + totalDistributed = totalDistributed.sub(_value); + emit Burn(burner, _value); + } + function withdrawForeignTokens(address _tokenContract) onlyOwner public returns (bool) { + ForeignToken token = ForeignToken(_tokenContract); + uint256 amount = token.balanceOf(address(this)); + return token.transfer(owner, amount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2019-15079.sol b/data_full/CVE_clean/2019-15079.sol new file mode 100644 index 0000000000000000000000000000000000000000..98103749df5f272587c9e29d64d5af3c1bf998b1 --- /dev/null +++ b/data_full/CVE_clean/2019-15079.sol @@ -0,0 +1,58 @@ +pragma solidity ^0.4.16; +contract EAI_TokenERC { + string public name; + string public symbol; + uint8 public decimals = 8; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); + event Burn(address indexed from, uint256 value); + function EAI_TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value >= balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public returns (bool success) { + _transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + emit Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + emit Burn(_from, _value); + return true; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2019-15080.sol b/data_full/CVE_clean/2019-15080.sol new file mode 100644 index 0000000000000000000000000000000000000000..d15cc1f8cb3ea45c1e4647bf87f55dcdcb0bc31e --- /dev/null +++ b/data_full/CVE_clean/2019-15080.sol @@ -0,0 +1,121 @@ +pragma solidity ^0.4.18; + contract Owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address _newOwner) onlyOwner public { + owner = _newOwner; + } + } +contract ERC20 { + using SafeMath for uint256; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) allowed; + mapping(address => bool) public isblacklistedAccount; + string public name; + string public symbol; + uint8 public decimals = 4; + uint256 public totalSupply; + event Approval(address indexed owner, address indexed spender, uint256 value); + event Transfer(address indexed from, address indexed to, uint256 value); + function ERC20(uint256 _initialSupply,string _tokenName, string _tokenSymbol) public { + totalSupply = _initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = _tokenName; + symbol = _tokenSymbol; + } + function transfer(address _to, uint256 _value) public returns (bool) { + require(!isblacklistedAccount[msg.sender]); + require(!isblacklistedAccount[_to]); + require(balanceOf[msg.sender] > 0); + require(balanceOf[msg.sender] >= _value); + require(_to != address(0)); + require(_value > 0); + require(balanceOf[_to] .add(_value) >= balanceOf[_to]); + require(_to != msg.sender); + balanceOf[msg.sender] = balanceOf[msg.sender].sub(_value); + balanceOf[_to] = balanceOf[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function transferFrom( + address _from, + address _to, + uint256 _amount + ) public returns (bool success) + { + if (balanceOf[_from] >= _amount + && allowed[_from][msg.sender] >= _amount + && _amount > 0 + && balanceOf[_to].add(_amount) > balanceOf[_to]) + { + balanceOf[_from] = balanceOf[_from].sub(_amount); + allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount); + balanceOf[_to] = balanceOf[_to].add(_amount); + return true; + } else { + return false; + } + } + function approve(address _spender, uint256 _amount) public returns (bool success) { + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} +library SafeMath { + function mul(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0) { + return 0; + } + uint256 c = a * b; + assert(c / a == b); + return c; + } + function div(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) internal pure returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) internal pure returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract MorphToken is Owned, ERC20 { + using SafeMath for uint256; + uint256 tokenSupply = 100000000; + event Burn(address from, uint256 value); + function MorphToken() + ERC20 (tokenSupply,"MORPH","MORPH") public + { + owner = msg.sender; + } + function blacklistAccount(address _target, bool _isBlacklisted) public onlyOwner { + isblacklistedAccount[_target] = _isBlacklisted; + } + function mintTokens(uint256 _mintedAmount) public onlyOwner { + balanceOf[owner] = balanceOf[owner].add(_mintedAmount); + totalSupply = totalSupply.add(_mintedAmount); + Transfer(0, owner, _mintedAmount); + } + function burn(uint256 _value) public onlyOwner { + require(_value <= balanceOf[msg.sender]); + address burner = msg.sender; + balanceOf[burner] = balanceOf[burner].sub(_value); + totalSupply = totalSupply.sub(_value); + Burn(burner, _value); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2020-17752.sol b/data_full/CVE_clean/2020-17752.sol new file mode 100644 index 0000000000000000000000000000000000000000..3d269af6db3bb39e8d3ed5cd91c33e881557bdb5 --- /dev/null +++ b/data_full/CVE_clean/2020-17752.sol @@ -0,0 +1,290 @@ +library SafeMath { + function mul(uint256 a, uint256 b) constant public returns (uint256) { + uint256 c = a * b; + assert(a == 0 || c / a == b); + return c; + } + function div(uint256 a, uint256 b) constant public returns (uint256) { + uint256 c = a / b; + return c; + } + function sub(uint256 a, uint256 b) constant public returns (uint256) { + assert(b <= a); + return a - b; + } + function add(uint256 a, uint256 b) constant public returns (uint256) { + uint256 c = a + b; + assert(c >= a); + return c; + } +} +contract Ownable { + address public owner; + function Ownable() public { + owner = msg.sender; + } + modifier onlyOwner() { + if(msg.sender == owner){ + _; + } + else{ + revert(); + } + } +} +contract ERC20Basic { + uint256 public totalSupply; + function balanceOf(address who) constant public returns (uint256); + function transfer(address to, uint256 value) public returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); +} +contract ERC20 is ERC20Basic { + function allowance(address owner, address spender) constant public returns (uint256); + function transferFrom(address from, address to, uint256 value) public returns (bool); + function approve(address spender, uint256 value) public returns (bool); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +contract BasicToken is ERC20Basic { + using SafeMath for uint256; + using SafeMath for uint128; + mapping(address => uint256) balances; + function transfer(address _to, uint256 _value) public returns (bool) { + balances[msg.sender] = balances[msg.sender].sub(_value); + balances[_to] = balances[_to].add(_value); + Transfer(msg.sender, _to, _value); + return true; + } + function balanceOf(address _owner) constant public returns (uint256 balance) { + return balances[_owner]; + } +} +contract StandardToken is ERC20, BasicToken { + mapping (address => mapping (address => uint256)) allowed; + function transferFrom(address _from, address _to, uint256 _value) public returns (bool) { + var _allowance = allowed[_from][msg.sender]; + balances[_to] = balances[_to].add(_value); + balances[_from] = balances[_from].sub(_value); + allowed[_from][msg.sender] = _allowance.sub(_value); + Transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public returns (bool) { + require((_value == 0) || (allowed[msg.sender][_spender] == 0)); + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant public returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} +contract MintableToken is StandardToken, Ownable { + event Mint(address indexed to, uint256 amount); + event MintFinished(); + bool public mintingFinished = false; + modifier canMint() { + if(!mintingFinished){ + _; + } + else{ + revert(); + } + } + function mint(address _to, uint256 _amount) canMint internal returns (bool) { + totalSupply = totalSupply.add(_amount); + balances[_to] = balances[_to].add(_amount); + Mint(_to, _amount); + Transfer(address(0),_to,_amount); + return true; + } + function finishMinting() onlyOwner public returns (bool) { + mintingFinished = true; + MintFinished(); + return true; + } +} +contract MON is MintableToken{ + event BuyStatus(uint256 status); + struct Buy{ + uint128 amountOfEth; + uint128 stage; + } + struct StageData{ + uint128 stageTime; + uint64 stageSum; + uint64 stagePrice; + } + string public constant name = "MillionCoin"; + string public constant symbol = "MON"; + uint256 public constant DECIMALS = 8; + uint256 public constant decimals = 8; + address public beneficiary ; + uint256 private alreadyRunned = 0; + uint256 internal _now =0; + uint256 public stageIndex = 0; + StageData[] public stageDataStore; + uint256 public period = 3600*24; + uint256 public start = 0; + uint256 public sumMultiplayer = 100000; + mapping(address => Buy) public stageBuys; + modifier runOnce(uint256 bit){ + if((alreadyRunned & bit)==0){ + alreadyRunned = alreadyRunned | bit; + _; + } + else{ + revert(); + } + } + function MON(address _benef,uint256 _start,uint256 _sumMul,uint256 _period) public{ + beneficiary = _benef; + if(_start==0){ + start = GetNow(); + } + else{ + start = _start; + } + if(_period!=0){ + period = _period; + } + if(_sumMul!=0){ + sumMultiplayer = _sumMul; + } + stageDataStore.push(StageData(uint128(start+period*151),uint64(50*sumMultiplayer),uint64(5000))); + stageDataStore.push(StageData(uint128(start+period*243),uint64(60*sumMultiplayer),uint64(3000))); + stageDataStore.push(StageData(uint128(start+period*334),uint64(50*sumMultiplayer),uint64(1666))); + stageDataStore.push(StageData(uint128(start+period*455),uint64(60*sumMultiplayer),uint64(1500))); + stageDataStore.push(StageData(uint128(start+period*548),uint64(65*sumMultiplayer),uint64(1444))); + stageDataStore.push(StageData(uint128(start+period*641),uint64(55*sumMultiplayer),uint64(1000))); + } + function GetMaxStageEthAmount() public constant returns(uint256){ + StageData memory currS = stageDataStore[stageIndex]; + uint256 retVal = currS.stageSum; + retVal = retVal*(10**18); + retVal = retVal/currS.stagePrice; + retVal = retVal.sub(this.balance); + return retVal; + } + function () public payable { + uint256 status = 0; + status = 0; + bool transferToBenef = false; + uint256 amountOfEthBeforeBuy = 0; + uint256 stageMaxEthAmount = 0; + uint128 _n = uint128(GetNow()); + StageData memory currS = stageDataStore[stageIndex] ; + if(_n0){ + burn(msg.sender,b.amountOfEth.mul(currS.stagePrice)); + } + } + b.amountOfEth=0; + mintingFinished = true; + msg.sender.transfer(amountToReturn); + } + else{ + status = 2; + if(b.stage!=stageIndex){ + b.stage = uint128(stageIndex); + b.amountOfEth = 0; + status = status*10+3; + } + if(currS.stageTime>_n && this.balance < stageMaxEthAmount){ + b.amountOfEth = uint128(b.amountOfEth.add(uint128(msg.value))); + amountToMint = msg.value*currS.stagePrice; + status = status*10+4; + mintCoins(msg.sender,amountToMint); + }else{ + if( this.balance >=stageMaxEthAmount){ + status = status*10+5; + transferToBenef = true; + amountToMint = (stageMaxEthAmount - amountOfEthBeforeBuy)*(currS.stagePrice); + mintCoins(msg.sender,amountToMint); + stageIndex = stageIndex+1; + beneficiary.transfer(stageMaxEthAmount); + stageMaxEthAmount = GetMaxStageEthAmount(); + if(stageIndex<5 && stageMaxEthAmount>this.balance){ + currS = stageDataStore[stageIndex] ; + amountToMint = this.balance*(currS.stagePrice); + b.stage = uint128(stageIndex); + b.amountOfEth =uint128(this.balance); + mintCoins(msg.sender,amountToMint); + } + else{ + status = status*10+8; + amountToReturn = this.balance; + msg.sender.transfer(amountToReturn); + } + }else{ + status = status*10+6; + } + } + } + stageBuys[msg.sender] = b; + BuyStatus(status); + } + function GetBalance() public constant returns(uint256){ + return this.balance; + } + uint256 public constant maxTokenSupply = (10**(18-DECIMALS))*(10**6)*34 ; + function burn(address _from, uint256 _amount) private returns (bool){ + _amount = _amount.div(10**10); + balances[_from] = balances[_from].sub(_amount); + totalSupply = totalSupply.sub(_amount); + Transfer(_from,address(0),_amount); + } + function GetStats()public constant returns (uint256,uint256,uint256,uint256){ + uint256 timeToEnd = 0; + uint256 round =0; + StageData memory _s = stageDataStore[stageIndex]; + if(GetNow()>=start){ + round = stageIndex+1; + if(_s.stageTime>GetNow()) + { + timeToEnd = _s.stageTime-GetNow(); + } + else{ + return(0,0,0,0); + } + } + else{ + timeToEnd = start-GetNow(); + } + return(timeToEnd, + round, + _s.stageSum*1000/_s.stagePrice, + GetMaxStageEthAmount().div(10**15)); + } + function mintCoins(address _to, uint256 _amount) canMint internal returns (bool) { + _amount = _amount.div(10**10); + if(totalSupply.add(_amount)= a); + return c; + } +} +contract Ownable { + address public owner; + event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); + function Ownable() internal { + owner = msg.sender; + } + modifier onlyOwner() { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + require(newOwner != address(0)); + emit OwnershipTransferred(owner, newOwner); + owner = newOwner; + } +} +contract tokenInterface { + function balanceOf(address _owner) public constant returns (uint256 balance); + function transfer(address _to, uint256 _value) public returns (bool); +} +contract rateInterface { + function readRate(string _currency) public view returns (uint256 oneEtherValue); +} +contract ICOEngineInterface { + function started() public view returns(bool); + function ended() public view returns(bool); + function startTime() public view returns(uint); + function endTime() public view returns(uint); + function totalTokens() public view returns(uint); + function remainingTokens() public view returns(uint); + function price() public view returns(uint); +} +contract KYCBase { + using SafeMath for uint256; + mapping (address => bool) public isKycSigner; + mapping (uint64 => uint256) public alreadyPayed; + event KycVerified(address indexed signer, address buyerAddress, uint64 buyerId, uint maxAmount); + function KYCBase(address [] kycSigners) internal { + for (uint i = 0; i < kycSigners.length; i++) { + isKycSigner[kycSigners[i]] = true; + } + } + function releaseTokensTo(address buyer) internal returns(bool); + function senderAllowedFor(address buyer) + internal view returns(bool) + { + return buyer == msg.sender; + } + function buyTokensFor(address buyerAddress, uint64 buyerId, uint maxAmount, uint8 v, bytes32 r, bytes32 s) + public payable returns (bool) + { + require(senderAllowedFor(buyerAddress)); + return buyImplementation(buyerAddress, buyerId, maxAmount, v, r, s); + } + function buyTokens(uint64 buyerId, uint maxAmount, uint8 v, bytes32 r, bytes32 s) + public payable returns (bool) + { + return buyImplementation(msg.sender, buyerId, maxAmount, v, r, s); + } + function buyImplementation(address buyerAddress, uint64 buyerId, uint maxAmount, uint8 v, bytes32 r, bytes32 s) + private returns (bool) + { + bytes32 hash = sha256("Eidoo icoengine authorization", address(0), buyerAddress, buyerId, maxAmount); + address signer = ecrecover(hash, v, r, s); + if (!isKycSigner[signer]) { + revert(); + } else { + uint256 totalPayed = alreadyPayed[buyerId].add(msg.value); + require(totalPayed <= maxAmount); + alreadyPayed[buyerId] = totalPayed; + emit KycVerified(signer, buyerAddress, buyerId, maxAmount); + return releaseTokensTo(buyerAddress); + } + } +} +contract RC is ICOEngineInterface, KYCBase { + using SafeMath for uint256; + TokenSale tokenSaleContract; + uint256 public startTime; + uint256 public endTime; + uint256 public etherMinimum; + uint256 public soldTokens; + uint256 public remainingTokens; + uint256 public oneTokenInUsdWei; + mapping(address => uint256) public etherUser; + mapping(address => uint256) public pendingTokenUser; + mapping(address => uint256) public tokenUser; + uint256[] public tokenThreshold; + uint256[] public bonusThreshold; + function RC(address _tokenSaleContract, uint256 _oneTokenInUsdWei, uint256 _remainingTokens, uint256 _etherMinimum, uint256 _startTime , uint256 _endTime, address [] kycSigner, uint256[] _tokenThreshold, uint256[] _bonusThreshold ) public KYCBase(kycSigner) { + require ( _tokenSaleContract != 0 ); + require ( _oneTokenInUsdWei != 0 ); + require( _remainingTokens != 0 ); + require ( _tokenThreshold.length != 0 ); + require ( _tokenThreshold.length == _bonusThreshold.length ); + bonusThreshold = _bonusThreshold; + tokenThreshold = _tokenThreshold; + tokenSaleContract = TokenSale(_tokenSaleContract); + tokenSaleContract.addMeByRC(); + soldTokens = 0; + remainingTokens = _remainingTokens; + oneTokenInUsdWei = _oneTokenInUsdWei; + etherMinimum = _etherMinimum; + setTimeRC( _startTime, _endTime ); + } + function setTimeRC(uint256 _startTime, uint256 _endTime ) internal { + if( _startTime == 0 ) { + startTime = tokenSaleContract.startTime(); + } else { + startTime = _startTime; + } + if( _endTime == 0 ) { + endTime = tokenSaleContract.endTime(); + } else { + endTime = _endTime; + } + } + modifier onlyTokenSaleOwner() { + require(msg.sender == tokenSaleContract.owner() ); + _; + } + function setTime(uint256 _newStart, uint256 _newEnd) public onlyTokenSaleOwner { + if ( _newStart != 0 ) startTime = _newStart; + if ( _newEnd != 0 ) endTime = _newEnd; + } + function changeMinimum(uint256 _newEtherMinimum) public onlyTokenSaleOwner { + etherMinimum = _newEtherMinimum; + } + function releaseTokensTo(address buyer) internal returns(bool) { + if( msg.value > 0 ) takeEther(buyer); + giveToken(buyer); + return true; + } + function started() public view returns(bool) { + return now > startTime || remainingTokens == 0; + } + function ended() public view returns(bool) { + return now > endTime || remainingTokens == 0; + } + function startTime() public view returns(uint) { + return startTime; + } + function endTime() public view returns(uint) { + return endTime; + } + function totalTokens() public view returns(uint) { + return remainingTokens.add(soldTokens); + } + function remainingTokens() public view returns(uint) { + return remainingTokens; + } + function price() public view returns(uint) { + uint256 oneEther = 10**18; + return oneEther.mul(10**18).div( tokenSaleContract.tokenValueInEther(oneTokenInUsdWei) ); + } + function () public payable{ + require( now > startTime ); + if(now < endTime) { + takeEther(msg.sender); + } else { + claimTokenBonus(msg.sender); + } + } + event Buy(address buyer, uint256 value, uint256 soldToken, uint256 valueTokenInUsdWei ); + function takeEther(address _buyer) internal { + require( now > startTime ); + require( now < endTime ); + require( msg.value >= etherMinimum); + require( remainingTokens > 0 ); + uint256 oneToken = 10 ** uint256(tokenSaleContract.decimals()); + uint256 tokenValue = tokenSaleContract.tokenValueInEther(oneTokenInUsdWei); + uint256 tokenAmount = msg.value.mul(oneToken).div(tokenValue); + uint256 unboughtTokens = tokenInterface(tokenSaleContract.tokenContract()).balanceOf(tokenSaleContract); + if ( unboughtTokens > remainingTokens ) { + unboughtTokens = remainingTokens; + } + uint256 refund = 0; + if ( unboughtTokens < tokenAmount ) { + refund = (tokenAmount - unboughtTokens).mul(tokenValue).div(oneToken); + tokenAmount = unboughtTokens; + remainingTokens = 0; + _buyer.transfer(refund); + } else { + remainingTokens = remainingTokens.sub(tokenAmount); + } + etherUser[_buyer] = etherUser[_buyer].add(msg.value.sub(refund)); + pendingTokenUser[_buyer] = pendingTokenUser[_buyer].add(tokenAmount); + emit Buy( _buyer, msg.value, tokenAmount, oneTokenInUsdWei ); + } + function giveToken(address _buyer) internal { + require( pendingTokenUser[_buyer] > 0 ); + tokenUser[_buyer] = tokenUser[_buyer].add(pendingTokenUser[_buyer]); + tokenSaleContract.claim(_buyer, pendingTokenUser[_buyer]); + soldTokens = soldTokens.add(pendingTokenUser[_buyer]); + pendingTokenUser[_buyer] = 0; + tokenSaleContract.wallet().transfer(etherUser[_buyer]); + etherUser[_buyer] = 0; + } + function claimTokenBonus(address _buyer) internal { + require( now > endTime ); + require( tokenUser[_buyer] > 0 ); + uint256 bonusApplied = 0; + for (uint i = 0; i < tokenThreshold.length; i++) { + if ( soldTokens > tokenThreshold[i] ) { + bonusApplied = bonusThreshold[i]; + } + } + require( bonusApplied > 0 ); + uint256 addTokenAmount = tokenUser[_buyer].mul( bonusApplied ).div(10**2); + tokenUser[_buyer] = 0; + tokenSaleContract.claim(_buyer, addTokenAmount); + _buyer.transfer(msg.value); + } + function refundEther(address to) public onlyTokenSaleOwner { + to.transfer(etherUser[to]); + etherUser[to] = 0; + pendingTokenUser[to] = 0; + } + function withdraw(address to, uint256 value) public onlyTokenSaleOwner { + to.transfer(value); + } + function userBalance(address _user) public view returns( uint256 _pendingTokenUser, uint256 _tokenUser, uint256 _etherUser ) { + return (pendingTokenUser[_user], tokenUser[_user], etherUser[_user]); + } +} +contract TokenSale is Ownable { + using SafeMath for uint256; + tokenInterface public tokenContract; + rateInterface public rateContract; + address public wallet; + address public advisor; + uint256 public advisorFee; + uint256 public constant decimals = 18; + uint256 public endTime; + uint256 public startTime; + mapping(address => bool) public rc; + function TokenSale(address _tokenAddress, address _rateAddress, uint256 _startTime, uint256 _endTime) public { + tokenContract = tokenInterface(_tokenAddress); + rateContract = rateInterface(_rateAddress); + setTime(_startTime, _endTime); + wallet = msg.sender; + advisor = msg.sender; + advisorFee = 0 * 10**3; + } + function tokenValueInEther(uint256 _oneTokenInUsdWei) public view returns(uint256 tknValue) { + uint256 oneEtherInUsd = rateContract.readRate("usd"); + tknValue = _oneTokenInUsdWei.mul(10 ** uint256(decimals)).div(oneEtherInUsd); + return tknValue; + } + modifier isBuyable() { + require( now > startTime ); + require( now < endTime ); + require( msg.value > 0 ); + uint256 remainingTokens = tokenContract.balanceOf(this); + require( remainingTokens > 0 ); + _; + } + event Buy(address buyer, uint256 value, address indexed ambassador); + modifier onlyRC() { + require( rc[msg.sender] ); + _; + } + function buyFromRC(address _buyer, uint256 _rcTokenValue, uint256 _remainingTokens) onlyRC isBuyable public payable returns(uint256) { + uint256 oneToken = 10 ** uint256(decimals); + uint256 tokenValue = tokenValueInEther(_rcTokenValue); + uint256 tokenAmount = msg.value.mul(oneToken).div(tokenValue); + address _ambassador = msg.sender; + uint256 remainingTokens = tokenContract.balanceOf(this); + if ( _remainingTokens < remainingTokens ) { + remainingTokens = _remainingTokens; + } + if ( remainingTokens < tokenAmount ) { + uint256 refund = (tokenAmount - remainingTokens).mul(tokenValue).div(oneToken); + tokenAmount = remainingTokens; + forward(msg.value-refund); + remainingTokens = 0; + _buyer.transfer(refund); + } else { + remainingTokens = remainingTokens.sub(tokenAmount); + forward(msg.value); + } + tokenContract.transfer(_buyer, tokenAmount); + emit Buy(_buyer, tokenAmount, _ambassador); + return tokenAmount; + } + function forward(uint256 _amount) internal { + uint256 advisorAmount = _amount.mul(advisorFee).div(10**3); + uint256 walletAmount = _amount - advisorAmount; + advisor.transfer(advisorAmount); + wallet.transfer(walletAmount); + } + event NewRC(address contr); + function addMeByRC() public { + require(tx.origin == owner); + rc[ msg.sender ] = true; + emit NewRC(msg.sender); + } + function setTime(uint256 _newStart, uint256 _newEnd) public onlyOwner { + if ( _newStart != 0 ) startTime = _newStart; + if ( _newEnd != 0 ) endTime = _newEnd; + } + function withdraw(address to, uint256 value) public onlyOwner { + to.transfer(value); + } + function withdrawTokens(address to, uint256 value) public onlyOwner returns (bool) { + return tokenContract.transfer(to, value); + } + function setTokenContract(address _tokenContract) public onlyOwner { + tokenContract = tokenInterface(_tokenContract); + } + function setWalletAddress(address _wallet) public onlyOwner { + wallet = _wallet; + } + function setAdvisorAddress(address _advisor) public onlyOwner { + advisor = _advisor; + } + function setAdvisorFee(uint256 _advisorFee) public onlyOwner { + advisorFee = _advisorFee; + } + function setRateContract(address _rateAddress) public onlyOwner { + rateContract = rateInterface(_rateAddress); + } + function claim(address _buyer, uint256 _amount) onlyRC public returns(bool) { + return tokenContract.transfer(_buyer, _amount); + } + function () public payable { + revert(); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2020-35962.sol b/data_full/CVE_clean/2020-35962.sol new file mode 100644 index 0000000000000000000000000000000000000000..c666c7989645975b186b04538f03febf1ee5be54 --- /dev/null +++ b/data_full/CVE_clean/2020-35962.sol @@ -0,0 +1,540 @@ +pragma solidity ^0.5.11; +contract ERC20 +{ + function totalSupply() + public + view + returns (uint); + function balanceOf( + address who + ) + public + view + returns (uint); + function allowance( + address owner, + address spender + ) + public + view + returns (uint); + function transfer( + address to, + uint value + ) + public + returns (bool); + function transferFrom( + address from, + address to, + uint value + ) + public + returns (bool); + function approve( + address spender, + uint value + ) + public + returns (bool); +} +library AddressUtil +{ + using AddressUtil for *; + function isContract( + address addr + ) + internal + view + returns (bool) + { + uint32 size; + assembly { size := extcodesize(addr) } + return (size > 0); + } + function toPayable( + address addr + ) + internal + pure + returns (address payable) + { + return address(uint160(addr)); + } + function sendETH( + address to, + uint amount, + uint gasLimit + ) + internal + returns (bool success) + { + if (amount == 0) { + return true; + } + address payable recipient = to.toPayable(); + (success, ) = recipient.call.value(amount).gas(gasLimit)(""); + } + function sendETHAndVerify( + address to, + uint amount, + uint gasLimit + ) + internal + returns (bool success) + { + success = to.sendETH(amount, gasLimit); + require(success, "TRANSFER_FAILURE"); + } +} +contract BurnableERC20 is ERC20 +{ + function burn( + uint value + ) + public + returns (bool); + function burnFrom( + address from, + uint value + ) + public + returns (bool); +} +contract Ownable +{ + address public owner; + event OwnershipTransferred( + address indexed previousOwner, + address indexed newOwner + ); + constructor() + public + { + owner = msg.sender; + } + modifier onlyOwner() + { + require(msg.sender == owner, "UNAUTHORIZED"); + _; + } + function transferOwnership( + address newOwner + ) + public + onlyOwner + { + require(newOwner != address(0), "ZERO_ADDRESS"); + emit OwnershipTransferred(owner, newOwner); + owner = newOwner; + } + function renounceOwnership() + public + onlyOwner + { + emit OwnershipTransferred(owner, address(0)); + owner = address(0); + } +} +contract Claimable is Ownable +{ + address public pendingOwner; + modifier onlyPendingOwner() { + require(msg.sender == pendingOwner, "UNAUTHORIZED"); + _; + } + function transferOwnership( + address newOwner + ) + public + onlyOwner + { + require(newOwner != address(0) && newOwner != owner, "INVALID_ADDRESS"); + pendingOwner = newOwner; + } + function claimOwnership() + public + onlyPendingOwner + { + emit OwnershipTransferred(owner, pendingOwner); + owner = pendingOwner; + pendingOwner = address(0); + } +} +library ERC20SafeTransfer +{ + function safeTransferAndVerify( + address token, + address to, + uint value + ) + internal + { + safeTransferWithGasLimitAndVerify( + token, + to, + value, + gasleft() + ); + } + function safeTransfer( + address token, + address to, + uint value + ) + internal + returns (bool) + { + return safeTransferWithGasLimit( + token, + to, + value, + gasleft() + ); + } + function safeTransferWithGasLimitAndVerify( + address token, + address to, + uint value, + uint gasLimit + ) + internal + { + require( + safeTransferWithGasLimit(token, to, value, gasLimit), + "TRANSFER_FAILURE" + ); + } + function safeTransferWithGasLimit( + address token, + address to, + uint value, + uint gasLimit + ) + internal + returns (bool) + { + bytes memory callData = abi.encodeWithSelector( + bytes4(0xa9059cbb), + to, + value + ); + (bool success, ) = token.call.gas(gasLimit)(callData); + return checkReturnValue(success); + } + function safeTransferFromAndVerify( + address token, + address from, + address to, + uint value + ) + internal + { + safeTransferFromWithGasLimitAndVerify( + token, + from, + to, + value, + gasleft() + ); + } + function safeTransferFrom( + address token, + address from, + address to, + uint value + ) + internal + returns (bool) + { + return safeTransferFromWithGasLimit( + token, + from, + to, + value, + gasleft() + ); + } + function safeTransferFromWithGasLimitAndVerify( + address token, + address from, + address to, + uint value, + uint gasLimit + ) + internal + { + bool result = safeTransferFromWithGasLimit( + token, + from, + to, + value, + gasLimit + ); + require(result, "TRANSFER_FAILURE"); + } + function safeTransferFromWithGasLimit( + address token, + address from, + address to, + uint value, + uint gasLimit + ) + internal + returns (bool) + { + bytes memory callData = abi.encodeWithSelector( + bytes4(0x23b872dd), + from, + to, + value + ); + (bool success, ) = token.call.gas(gasLimit)(callData); + return checkReturnValue(success); + } + function checkReturnValue( + bool success + ) + internal + pure + returns (bool) + { + if (success) { + assembly { + switch returndatasize() + case 0 { + success := 1 + } + case 32 { + returndatacopy(0, 0, 32) + success := mload(0) + } + default { + success := 0 + } + } + } + return success; + } +} +library MathUint +{ + function mul( + uint a, + uint b + ) + internal + pure + returns (uint c) + { + c = a * b; + require(a == 0 || c / a == b, "MUL_OVERFLOW"); + } + function sub( + uint a, + uint b + ) + internal + pure + returns (uint) + { + require(b <= a, "SUB_UNDERFLOW"); + return a - b; + } + function add( + uint a, + uint b + ) + internal + pure + returns (uint c) + { + c = a + b; + require(c >= a, "ADD_OVERFLOW"); + } + function decodeFloat( + uint f + ) + internal + pure + returns (uint value) + { + uint numBitsMantissa = 23; + uint exponent = f >> numBitsMantissa; + uint mantissa = f & ((1 << numBitsMantissa) - 1); + value = mantissa * (10 ** exponent); + } +} +contract ReentrancyGuard +{ + uint private _guardValue; + modifier nonReentrant() + { + require(_guardValue == 0, "REENTRANCY"); + _guardValue = 1; + _; + _guardValue = 0; + } +} +contract IProtocolFeeVault +{ + uint public constant REWARD_PERCENTAGE = 70; + uint public constant DAO_PERDENTAGE = 20; + address public userStakingPoolAddress; + address public lrcAddress; + address public tokenSellerAddress; + address public daoAddress; + uint claimedReward; + uint claimedDAOFund; + uint claimedBurn; + event LRCClaimed(uint amount); + event DAOFunded(uint amountDAO, uint amountBurn); + event TokenSold(address token, uint amount); + event SettingsUpdated(uint time); + function updateSettings( + address _userStakingPoolAddress, + address _tokenSellerAddress, + address _daoAddress + ) + external; + function claimStakingReward(uint amount) external; + function fundDAO() external; + function sellTokenForLRC( + address token, + uint amount + ) + external; + function getProtocolFeeStats() + public + view + returns ( + uint accumulatedFees, + uint accumulatedBurn, + uint accumulatedDAOFund, + uint accumulatedReward, + uint remainingFees, + uint remainingBurn, + uint remainingDAOFund, + uint remainingReward + ); +} +contract ITokenSeller +{ + function sellToken( + address tokenS, + address tokenB + ) + external + payable + returns (bool success); +} +contract ProtocolFeeVault is Claimable, ReentrancyGuard, IProtocolFeeVault +{ + using AddressUtil for address; + using AddressUtil for address payable; + using ERC20SafeTransfer for address; + using MathUint for uint; + constructor(address _lrcAddress) + Claimable() + public + { + require(_lrcAddress != address(0), "ZERO_ADDRESS"); + lrcAddress = _lrcAddress; + } + function() external payable { } + function updateSettings( + address _userStakingPoolAddress, + address _tokenSellerAddress, + address _daoAddress + ) + external + nonReentrant + onlyOwner + { + require( + userStakingPoolAddress != _userStakingPoolAddress || + tokenSellerAddress != _tokenSellerAddress || + daoAddress != _daoAddress, + "SAME_ADDRESSES" + ); + userStakingPoolAddress = _userStakingPoolAddress; + tokenSellerAddress = _tokenSellerAddress; + daoAddress = _daoAddress; + emit SettingsUpdated(now); + } + function claimStakingReward( + uint amount + ) + external + nonReentrant + { + require(amount > 0, "ZERO_VALUE"); + require(msg.sender == userStakingPoolAddress, "UNAUTHORIZED"); + lrcAddress.safeTransferAndVerify(userStakingPoolAddress, amount); + claimedReward = claimedReward.add(amount); + emit LRCClaimed(amount); + } + function fundDAO() + external + nonReentrant + { + uint amountDAO; + uint amountBurn; + (, , , , , amountBurn, amountDAO, ) = getProtocolFeeStats(); + address recipient = daoAddress == address(0) ? owner : daoAddress; + if (amountDAO > 0) { + lrcAddress.safeTransferAndVerify(recipient, amountDAO); + } + if (amountBurn > 0) { + require(BurnableERC20(lrcAddress).burn(amountBurn), "BURN_FAILURE"); + } + claimedBurn = claimedBurn.add(amountBurn); + claimedDAOFund = claimedDAOFund.add(amountDAO); + emit DAOFunded(amountDAO, amountBurn); + } + function sellTokenForLRC( + address token, + uint amount + ) + external + nonReentrant + { + require(amount > 0, "ZERO_AMOUNT"); + require(token != lrcAddress, "PROHIBITED"); + address recipient = tokenSellerAddress == address(0) ? owner : tokenSellerAddress; + if (token == address(0)) { + recipient.sendETHAndVerify(amount, gasleft()); + } else { + token.safeTransferAndVerify(recipient, amount); + } + require( + tokenSellerAddress == address(0) || + ITokenSeller(tokenSellerAddress).sellToken(token, lrcAddress), + "SELL_FAILURE" + ); + emit TokenSold(token, amount); + } + function getProtocolFeeStats() + public + view + returns ( + uint accumulatedFees, + uint accumulatedBurn, + uint accumulatedDAOFund, + uint accumulatedReward, + uint remainingFees, + uint remainingBurn, + uint remainingDAOFund, + uint remainingReward + ) + { + remainingFees = ERC20(lrcAddress).balanceOf(address(this)); + accumulatedFees = remainingFees.add(claimedReward).add(claimedDAOFund).add(claimedBurn); + accumulatedReward = accumulatedFees.mul(REWARD_PERCENTAGE) / 100; + accumulatedDAOFund = accumulatedFees.mul(DAO_PERDENTAGE) / 100; + accumulatedBurn = accumulatedFees.sub(accumulatedReward).sub(accumulatedDAOFund); + remainingReward = accumulatedReward.sub(claimedReward); + remainingDAOFund = accumulatedDAOFund.sub(claimedDAOFund); + remainingBurn = accumulatedBurn.sub(claimedBurn); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2021-3004.sol b/data_full/CVE_clean/2021-3004.sol new file mode 100644 index 0000000000000000000000000000000000000000..65868c1a7b9df0ee3ecdb3771d53637894d80371 --- /dev/null +++ b/data_full/CVE_clean/2021-3004.sol @@ -0,0 +1,400 @@ +pragma solidity ^0.8.0; +interface IERC20 { + function totalSupply() external view returns (uint256); + function decimals() external view returns (uint256); + function balanceOf(address account) external view returns (uint256); + function transfer(address recipient, uint256 amount) external returns (bool); + function allowance(address owner, address spender) external view returns (uint256); + function approve(address spender, uint256 amount) external returns (bool); + function transferFrom(address sender, address recipient, uint256 amount) external returns (bool); + event Transfer(address indexed from, address indexed to, uint256 value); + event Approval(address indexed owner, address indexed spender, uint256 value); +} +library Address { + function isContract(address account) internal view returns (bool) { + bytes32 codehash; + bytes32 accountHash = 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470; + assembly { codehash := extcodehash(account) } + return (codehash != 0x0 && codehash != accountHash); + } +} +library SafeERC20 { + using Address for address; + function safeTransfer(IERC20 token, address to, uint value) internal { + callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); + } + function safeTransferFrom(IERC20 token, address from, address to, uint value) internal { + callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value)); + } + function safeApprove(IERC20 token, address spender, uint value) internal { + require((value == 0) || (token.allowance(address(this), spender) == 0), + "SafeERC20: approve from non-zero to non-zero allowance" + ); + callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value)); + } + function callOptionalReturn(IERC20 token, bytes memory data) private { + require(address(token).isContract(), "SafeERC20: call to non-contract"); + (bool success, bytes memory returndata) = address(token).call(data); + require(success, "SafeERC20: low-level call failed"); + if (returndata.length > 0) { + require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed"); + } + } +} +interface Oracle { + function getPriceUSD(address reserve) external view returns (uint); +} +interface ISushiswapV2Factory { + event PairCreated(address indexed token0, address indexed token1, address pair, uint); + function feeTo() external view returns (address); + function feeToSetter() external view returns (address); + function getPair(address tokenA, address tokenB) external view returns (address pair); + function allPairs(uint) external view returns (address pair); + function allPairsLength() external view returns (uint); + function createPair(address tokenA, address tokenB) external returns (address pair); + function setFeeTo(address) external; + function setFeeToSetter(address) external; +} +interface ISushiswapV2Pair { + event Approval(address indexed owner, address indexed spender, uint value); + event Transfer(address indexed from, address indexed to, uint value); + function name() external pure returns (string memory); + function symbol() external pure returns (string memory); + function decimals() external pure returns (uint8); + function totalSupply() external view returns (uint); + function balanceOf(address owner) external view returns (uint); + function allowance(address owner, address spender) external view returns (uint); + function approve(address spender, uint value) external returns (bool); + function transfer(address to, uint value) external returns (bool); + function transferFrom(address from, address to, uint value) external returns (bool); + function DOMAIN_SEPARATOR() external view returns (bytes32); + function PERMIT_TYPEHASH() external pure returns (bytes32); + function nonces(address owner) external view returns (uint); + function permit(address owner, address spender, uint value, uint deadline, uint8 v, bytes32 r, bytes32 s) external; + event Mint(address indexed sender, uint amount0, uint amount1); + event Burn(address indexed sender, uint amount0, uint amount1, address indexed to); + event Swap( + address indexed sender, + uint amount0In, + uint amount1In, + uint amount0Out, + uint amount1Out, + address indexed to + ); + event Sync(uint112 reserve0, uint112 reserve1); + function MINIMUM_LIQUIDITY() external pure returns (uint); + function factory() external view returns (address); + function token0() external view returns (address); + function token1() external view returns (address); + function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast); + function price0CumulativeLast() external view returns (uint); + function price1CumulativeLast() external view returns (uint); + function kLast() external view returns (uint); + function mint(address to) external returns (uint liquidity); + function burn(address to) external returns (uint amount0, uint amount1); + function swap(uint amount0Out, uint amount1Out, address to, bytes calldata data) external; + function skim(address to) external; + function sync() external; + function initialize(address, address) external; +} +abstract contract ReentrancyGuard { + uint256 private constant _NOT_ENTERED = 1; + uint256 private constant _ENTERED = 2; + uint256 private _status; + constructor () { + _status = _NOT_ENTERED; + } + modifier nonReentrant() { + require(_status != _ENTERED, "ReentrancyGuard: reentrant call"); + _status = _ENTERED; + _; + _status = _NOT_ENTERED; + } +} +library SushiswapV2Library { + function sortTokens(address tokenA, address tokenB) internal pure returns (address token0, address token1) { + require(tokenA != tokenB, 'SushiswapV2Library: IDENTICAL_ADDRESSES'); + (token0, token1) = tokenA < tokenB ? (tokenA, tokenB) : (tokenB, tokenA); + require(token0 != address(0), 'SushiswapV2Library: ZERO_ADDRESS'); + } + function pairFor(address factory, address tokenA, address tokenB) internal pure returns (address pair) { + (address token0, address token1) = sortTokens(tokenA, tokenB); + pair = address(uint160(uint(keccak256(abi.encodePacked( + hex'ff', + factory, + keccak256(abi.encodePacked(token0, token1)), + hex'e18a34eb0e04b04f7a0ac29a6e80748dca96319b42c54d679cb821dca90c6303' + ))))); + } + function getReserves(address factory, address tokenA, address tokenB) internal view returns (uint reserveA, uint reserveB) { + (address token0,) = sortTokens(tokenA, tokenB); + (uint reserve0, uint reserve1,) = ISushiswapV2Pair(pairFor(factory, tokenA, tokenB)).getReserves(); + (reserveA, reserveB) = tokenA == token0 ? (reserve0, reserve1) : (reserve1, reserve0); + } + function quote(uint amountA, uint reserveA, uint reserveB) internal pure returns (uint amountB) { + require(amountA > 0, 'SushiswapV2Library: INSUFFICIENT_AMOUNT'); + require(reserveA > 0 && reserveB > 0, 'SushiswapV2Library: INSUFFICIENT_LIQUIDITY'); + amountB = amountA * reserveB / reserveA; + } +} +library Math { + function max(uint256 a, uint256 b) internal pure returns (uint256) { + return a >= b ? a : b; + } + function min(uint256 a, uint256 b) internal pure returns (uint256) { + return a < b ? a : b; + } + function average(uint256 a, uint256 b) internal pure returns (uint256) { + return (a / 2) + (b / 2) + ((a % 2 + b % 2) / 2); + } +} +contract StableYieldCredit is ReentrancyGuard { + using SafeERC20 for IERC20; + string public constant name = "Stable Yield Credit"; + string public constant symbol = "yCREDIT"; + uint8 public constant decimals = 8; + uint public totalSupply = 0; + uint public stakedSupply = 0; + mapping(address => mapping (address => uint)) internal allowances; + mapping(address => uint) internal balances; + mapping(address => uint) public stakes; + bytes32 public constant DOMAIN_TYPEHASH = keccak256("EIP712Domain(string name,uint chainId,address verifyingContract)"); + bytes32 public immutable DOMAINSEPARATOR; + bytes32 public constant PERMIT_TYPEHASH = keccak256("Permit(address owner,address spender,uint value,uint nonce,uint deadline)"); + mapping (address => uint) public nonces; + function safe32(uint n, string memory errorMessage) internal pure returns (uint32) { + require(n < 2**32, errorMessage); + return uint32(n); + } + event Transfer(address indexed from, address indexed to, uint amount); + event Staked(address indexed from, uint amount); + event Unstaked(address indexed from, uint amount); + event Earned(address indexed from, uint amount); + event Fees(uint amount); + event Approval(address indexed owner, address indexed spender, uint amount); + Oracle public constant LINK = Oracle(0x271bf4568fb737cc2e6277e9B1EE0034098cDA2a); + ISushiswapV2Factory public constant FACTORY = ISushiswapV2Factory(0xC0AEe478e3658e2610c5F7A4A2E1777cE9e4f2Ac); + mapping (address => mapping(address => uint)) public collateral; + mapping (address => mapping(address => uint)) public collateralCredit; + address[] private _markets; + mapping (address => bool) pairs; + uint public rewardRate = 0; + uint public periodFinish = 0; + uint public DURATION = 7 days; + uint public lastUpdateTime; + uint public rewardPerTokenStored; + mapping(address => uint) public userRewardPerTokenPaid; + mapping(address => uint) public rewards; + event Deposit(address indexed creditor, address indexed collateral, uint creditOut, uint amountIn, uint creditMinted); + event Withdraw(address indexed creditor, address indexed collateral, uint creditIn, uint creditOut, uint amountOut); + constructor () { + DOMAINSEPARATOR = keccak256(abi.encode(DOMAIN_TYPEHASH, keccak256(bytes(name)), _getChainId(), address(this))); + } + uint public FEE = 50; + uint public BASE = 10000; + function lastTimeRewardApplicable() public view returns (uint) { + return Math.min(block.timestamp, periodFinish); + } + function rewardPerToken() public view returns (uint) { + if (stakedSupply == 0) { + return rewardPerTokenStored; + } + return + rewardPerTokenStored + + ((lastTimeRewardApplicable() - + lastUpdateTime) * + rewardRate * 1e18 / stakedSupply); + } + function earned(address account) public view returns (uint) { + return (stakes[account] * (rewardPerToken() - userRewardPerTokenPaid[account]) / 1e18) + rewards[account]; + } + function getRewardForDuration() external view returns (uint) { + return rewardRate * DURATION; + } + modifier updateReward(address account) { + rewardPerTokenStored = rewardPerToken(); + lastUpdateTime = lastTimeRewardApplicable(); + if (account != address(0)) { + rewards[account] = earned(account); + userRewardPerTokenPaid[account] = rewardPerTokenStored; + } + _; + } + function stake(uint256 amount) external nonReentrant updateReward(msg.sender) { + require(amount > 0, "Cannot stake 0"); + stakedSupply += amount; + stakes[msg.sender] += amount; + _transferTokens(msg.sender, address(this), amount); + emit Staked(msg.sender, amount); + } + function unstake(uint amount) public nonReentrant updateReward(msg.sender) { + require(amount > 0, "Cannot withdraw 0"); + stakedSupply -= amount; + stakes[msg.sender] -= amount; + _transferTokens(address(this), msg.sender, amount); + emit Unstaked(msg.sender, amount); + } + function getReward() public nonReentrant updateReward(msg.sender) { + uint256 reward = rewards[msg.sender]; + if (reward > 0) { + rewards[msg.sender] = 0; + _transferTokens(address(this), msg.sender, reward); + emit Earned(msg.sender, reward); + } + } + function exit() external { + unstake(stakes[msg.sender]); + getReward(); + } + function notifyFeeAmount(uint reward) internal updateReward(address(0)) { + if (block.timestamp >= periodFinish) { + rewardRate = reward / DURATION; + } else { + uint remaining = periodFinish - block.timestamp; + uint leftover = remaining * rewardRate; + rewardRate = (reward + leftover) / DURATION; + } + uint balance = balances[address(this)]; + require(rewardRate <= balance / DURATION, "Provided reward too high"); + lastUpdateTime = block.timestamp; + periodFinish = block.timestamp + DURATION; + emit Fees(reward); + } + function markets() external view returns (address[] memory) { + return _markets; + } + function _mint(address dst, uint amount) internal { + totalSupply += amount; + balances[dst] += amount; + emit Transfer(address(0), dst, amount); + } + function _burn(address dst, uint amount) internal { + totalSupply -= amount; + balances[dst] -= amount; + emit Transfer(dst, address(0), amount); + } + function depositAll(IERC20 token) external { + _deposit(token, token.balanceOf(msg.sender)); + } + function deposit(IERC20 token, uint amount) external { + _deposit(token, amount); + } + function _addLiquidity( + address tokenA, + address tokenB, + uint amountADesired, + uint amountBDesired + ) internal virtual returns (address pair, uint amountA, uint amountB) { + pair = FACTORY.getPair(tokenA, tokenB); + if (pair == address(0)) { + pair = FACTORY.createPair(tokenA, tokenB); + pairs[pair] = true; + _markets.push(tokenA); + } else if (!pairs[pair]) { + pairs[pair] = true; + _markets.push(tokenA); + } + (uint reserveA, uint reserveB) = SushiswapV2Library.getReserves(address(FACTORY), tokenA, tokenB); + if (reserveA == 0 && reserveB == 0) { + (amountA, amountB) = (amountADesired, amountBDesired); + } else { + uint amountBOptimal = SushiswapV2Library.quote(amountADesired, reserveA, reserveB); + if (amountBOptimal <= amountBDesired) { + (amountA, amountB) = (amountADesired, amountBOptimal); + } else { + uint amountAOptimal = SushiswapV2Library.quote(amountBDesired, reserveB, reserveA); + assert(amountAOptimal <= amountADesired); + (amountA, amountB) = (amountAOptimal, amountBDesired); + } + } + } + function _deposit(IERC20 token, uint amount) internal { + uint _value = LINK.getPriceUSD(address(token)) * amount / uint256(10)**token.decimals(); + require(_value > 0, "!value"); + (address _pair, uint amountA,) = _addLiquidity(address(token), address(this), amount, _value); + token.safeTransferFrom(msg.sender, _pair, amountA); + _mint(_pair, _value); + uint _liquidity = ISushiswapV2Pair(_pair).mint(address(this)); + collateral[msg.sender][address(token)] += _liquidity; + collateralCredit[msg.sender][address(token)] += _value; + uint _fee = _value * FEE / BASE; + _mint(msg.sender, _value - _fee); + _mint(address(this), _fee); + notifyFeeAmount(_fee); + emit Deposit(msg.sender, address(token), _value, amount, _value); + } + function withdrawAll(IERC20 token) external { + _withdraw(token, IERC20(address(this)).balanceOf(msg.sender)); + } + function withdraw(IERC20 token, uint amount) external { + _withdraw(token, amount); + } + function _withdraw(IERC20 token, uint amount) internal { + uint _credit = collateralCredit[msg.sender][address(token)]; + uint _collateral = collateral[msg.sender][address(token)]; + if (_credit < amount) { + amount = _credit; + } + uint _burned = _collateral * amount / _credit; + address _pair = FACTORY.getPair(address(token), address(this)); + IERC20(_pair).safeTransfer(_pair, _burned); + (uint _amount0, uint _amount1) = ISushiswapV2Pair(_pair).burn(msg.sender); + (address _token0,) = SushiswapV2Library.sortTokens(address(token), address(this)); + (uint _amountA, uint _amountB) = address(token) == _token0 ? (_amount0, _amount1) : (_amount1, _amount0); + collateralCredit[msg.sender][address(token)] -= amount; + collateral[msg.sender][address(token)] -= _burned; + _burn(msg.sender, _amountB+amount); + emit Withdraw(msg.sender, address(token), amount, _amountB, _amountA); + } + function allowance(address account, address spender) external view returns (uint) { + return allowances[account][spender]; + } + function approve(address spender, uint amount) external returns (bool) { + allowances[msg.sender][spender] = amount; + emit Approval(msg.sender, spender, amount); + return true; + } + function permit(address owner, address spender, uint amount, uint deadline, uint8 v, bytes32 r, bytes32 s) external { + bytes32 structHash = keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, amount, nonces[owner]++, deadline)); + bytes32 digest = keccak256(abi.encodePacked("\x19\x01", DOMAINSEPARATOR, structHash)); + address signatory = ecrecover(digest, v, r, s); + require(signatory != address(0), "permit: signature"); + require(signatory == owner, "permit: unauthorized"); + require(block.timestamp <= deadline, "permit: expired"); + allowances[owner][spender] = amount; + emit Approval(owner, spender, amount); + } + function balanceOf(address account) external view returns (uint) { + return balances[account]; + } + function transfer(address dst, uint amount) external returns (bool) { + _transferTokens(msg.sender, dst, amount); + return true; + } + function transferFrom(address src, address dst, uint amount) external returns (bool) { + address spender = msg.sender; + uint spenderAllowance = allowances[src][spender]; + if (spender != src && spenderAllowance != type(uint).max) { + uint newAllowance = spenderAllowance - amount; + allowances[src][spender] = newAllowance; + emit Approval(src, spender, newAllowance); + } + _transferTokens(src, dst, amount); + return true; + } + function _transferTokens(address src, address dst, uint amount) internal { + balances[src] -= amount; + balances[dst] += amount; + emit Transfer(src, dst, amount); + if (pairs[src]) { + uint _fee = amount * FEE / BASE; + _transferTokens(dst, address(this), _fee); + notifyFeeAmount(_fee); + } + } + function _getChainId() internal view returns (uint) { + uint chainId; + assembly { chainId := chainid() } + return chainId; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2021-3006.sol b/data_full/CVE_clean/2021-3006.sol new file mode 100644 index 0000000000000000000000000000000000000000..c666c7989645975b186b04538f03febf1ee5be54 --- /dev/null +++ b/data_full/CVE_clean/2021-3006.sol @@ -0,0 +1,540 @@ +pragma solidity ^0.5.11; +contract ERC20 +{ + function totalSupply() + public + view + returns (uint); + function balanceOf( + address who + ) + public + view + returns (uint); + function allowance( + address owner, + address spender + ) + public + view + returns (uint); + function transfer( + address to, + uint value + ) + public + returns (bool); + function transferFrom( + address from, + address to, + uint value + ) + public + returns (bool); + function approve( + address spender, + uint value + ) + public + returns (bool); +} +library AddressUtil +{ + using AddressUtil for *; + function isContract( + address addr + ) + internal + view + returns (bool) + { + uint32 size; + assembly { size := extcodesize(addr) } + return (size > 0); + } + function toPayable( + address addr + ) + internal + pure + returns (address payable) + { + return address(uint160(addr)); + } + function sendETH( + address to, + uint amount, + uint gasLimit + ) + internal + returns (bool success) + { + if (amount == 0) { + return true; + } + address payable recipient = to.toPayable(); + (success, ) = recipient.call.value(amount).gas(gasLimit)(""); + } + function sendETHAndVerify( + address to, + uint amount, + uint gasLimit + ) + internal + returns (bool success) + { + success = to.sendETH(amount, gasLimit); + require(success, "TRANSFER_FAILURE"); + } +} +contract BurnableERC20 is ERC20 +{ + function burn( + uint value + ) + public + returns (bool); + function burnFrom( + address from, + uint value + ) + public + returns (bool); +} +contract Ownable +{ + address public owner; + event OwnershipTransferred( + address indexed previousOwner, + address indexed newOwner + ); + constructor() + public + { + owner = msg.sender; + } + modifier onlyOwner() + { + require(msg.sender == owner, "UNAUTHORIZED"); + _; + } + function transferOwnership( + address newOwner + ) + public + onlyOwner + { + require(newOwner != address(0), "ZERO_ADDRESS"); + emit OwnershipTransferred(owner, newOwner); + owner = newOwner; + } + function renounceOwnership() + public + onlyOwner + { + emit OwnershipTransferred(owner, address(0)); + owner = address(0); + } +} +contract Claimable is Ownable +{ + address public pendingOwner; + modifier onlyPendingOwner() { + require(msg.sender == pendingOwner, "UNAUTHORIZED"); + _; + } + function transferOwnership( + address newOwner + ) + public + onlyOwner + { + require(newOwner != address(0) && newOwner != owner, "INVALID_ADDRESS"); + pendingOwner = newOwner; + } + function claimOwnership() + public + onlyPendingOwner + { + emit OwnershipTransferred(owner, pendingOwner); + owner = pendingOwner; + pendingOwner = address(0); + } +} +library ERC20SafeTransfer +{ + function safeTransferAndVerify( + address token, + address to, + uint value + ) + internal + { + safeTransferWithGasLimitAndVerify( + token, + to, + value, + gasleft() + ); + } + function safeTransfer( + address token, + address to, + uint value + ) + internal + returns (bool) + { + return safeTransferWithGasLimit( + token, + to, + value, + gasleft() + ); + } + function safeTransferWithGasLimitAndVerify( + address token, + address to, + uint value, + uint gasLimit + ) + internal + { + require( + safeTransferWithGasLimit(token, to, value, gasLimit), + "TRANSFER_FAILURE" + ); + } + function safeTransferWithGasLimit( + address token, + address to, + uint value, + uint gasLimit + ) + internal + returns (bool) + { + bytes memory callData = abi.encodeWithSelector( + bytes4(0xa9059cbb), + to, + value + ); + (bool success, ) = token.call.gas(gasLimit)(callData); + return checkReturnValue(success); + } + function safeTransferFromAndVerify( + address token, + address from, + address to, + uint value + ) + internal + { + safeTransferFromWithGasLimitAndVerify( + token, + from, + to, + value, + gasleft() + ); + } + function safeTransferFrom( + address token, + address from, + address to, + uint value + ) + internal + returns (bool) + { + return safeTransferFromWithGasLimit( + token, + from, + to, + value, + gasleft() + ); + } + function safeTransferFromWithGasLimitAndVerify( + address token, + address from, + address to, + uint value, + uint gasLimit + ) + internal + { + bool result = safeTransferFromWithGasLimit( + token, + from, + to, + value, + gasLimit + ); + require(result, "TRANSFER_FAILURE"); + } + function safeTransferFromWithGasLimit( + address token, + address from, + address to, + uint value, + uint gasLimit + ) + internal + returns (bool) + { + bytes memory callData = abi.encodeWithSelector( + bytes4(0x23b872dd), + from, + to, + value + ); + (bool success, ) = token.call.gas(gasLimit)(callData); + return checkReturnValue(success); + } + function checkReturnValue( + bool success + ) + internal + pure + returns (bool) + { + if (success) { + assembly { + switch returndatasize() + case 0 { + success := 1 + } + case 32 { + returndatacopy(0, 0, 32) + success := mload(0) + } + default { + success := 0 + } + } + } + return success; + } +} +library MathUint +{ + function mul( + uint a, + uint b + ) + internal + pure + returns (uint c) + { + c = a * b; + require(a == 0 || c / a == b, "MUL_OVERFLOW"); + } + function sub( + uint a, + uint b + ) + internal + pure + returns (uint) + { + require(b <= a, "SUB_UNDERFLOW"); + return a - b; + } + function add( + uint a, + uint b + ) + internal + pure + returns (uint c) + { + c = a + b; + require(c >= a, "ADD_OVERFLOW"); + } + function decodeFloat( + uint f + ) + internal + pure + returns (uint value) + { + uint numBitsMantissa = 23; + uint exponent = f >> numBitsMantissa; + uint mantissa = f & ((1 << numBitsMantissa) - 1); + value = mantissa * (10 ** exponent); + } +} +contract ReentrancyGuard +{ + uint private _guardValue; + modifier nonReentrant() + { + require(_guardValue == 0, "REENTRANCY"); + _guardValue = 1; + _; + _guardValue = 0; + } +} +contract IProtocolFeeVault +{ + uint public constant REWARD_PERCENTAGE = 70; + uint public constant DAO_PERDENTAGE = 20; + address public userStakingPoolAddress; + address public lrcAddress; + address public tokenSellerAddress; + address public daoAddress; + uint claimedReward; + uint claimedDAOFund; + uint claimedBurn; + event LRCClaimed(uint amount); + event DAOFunded(uint amountDAO, uint amountBurn); + event TokenSold(address token, uint amount); + event SettingsUpdated(uint time); + function updateSettings( + address _userStakingPoolAddress, + address _tokenSellerAddress, + address _daoAddress + ) + external; + function claimStakingReward(uint amount) external; + function fundDAO() external; + function sellTokenForLRC( + address token, + uint amount + ) + external; + function getProtocolFeeStats() + public + view + returns ( + uint accumulatedFees, + uint accumulatedBurn, + uint accumulatedDAOFund, + uint accumulatedReward, + uint remainingFees, + uint remainingBurn, + uint remainingDAOFund, + uint remainingReward + ); +} +contract ITokenSeller +{ + function sellToken( + address tokenS, + address tokenB + ) + external + payable + returns (bool success); +} +contract ProtocolFeeVault is Claimable, ReentrancyGuard, IProtocolFeeVault +{ + using AddressUtil for address; + using AddressUtil for address payable; + using ERC20SafeTransfer for address; + using MathUint for uint; + constructor(address _lrcAddress) + Claimable() + public + { + require(_lrcAddress != address(0), "ZERO_ADDRESS"); + lrcAddress = _lrcAddress; + } + function() external payable { } + function updateSettings( + address _userStakingPoolAddress, + address _tokenSellerAddress, + address _daoAddress + ) + external + nonReentrant + onlyOwner + { + require( + userStakingPoolAddress != _userStakingPoolAddress || + tokenSellerAddress != _tokenSellerAddress || + daoAddress != _daoAddress, + "SAME_ADDRESSES" + ); + userStakingPoolAddress = _userStakingPoolAddress; + tokenSellerAddress = _tokenSellerAddress; + daoAddress = _daoAddress; + emit SettingsUpdated(now); + } + function claimStakingReward( + uint amount + ) + external + nonReentrant + { + require(amount > 0, "ZERO_VALUE"); + require(msg.sender == userStakingPoolAddress, "UNAUTHORIZED"); + lrcAddress.safeTransferAndVerify(userStakingPoolAddress, amount); + claimedReward = claimedReward.add(amount); + emit LRCClaimed(amount); + } + function fundDAO() + external + nonReentrant + { + uint amountDAO; + uint amountBurn; + (, , , , , amountBurn, amountDAO, ) = getProtocolFeeStats(); + address recipient = daoAddress == address(0) ? owner : daoAddress; + if (amountDAO > 0) { + lrcAddress.safeTransferAndVerify(recipient, amountDAO); + } + if (amountBurn > 0) { + require(BurnableERC20(lrcAddress).burn(amountBurn), "BURN_FAILURE"); + } + claimedBurn = claimedBurn.add(amountBurn); + claimedDAOFund = claimedDAOFund.add(amountDAO); + emit DAOFunded(amountDAO, amountBurn); + } + function sellTokenForLRC( + address token, + uint amount + ) + external + nonReentrant + { + require(amount > 0, "ZERO_AMOUNT"); + require(token != lrcAddress, "PROHIBITED"); + address recipient = tokenSellerAddress == address(0) ? owner : tokenSellerAddress; + if (token == address(0)) { + recipient.sendETHAndVerify(amount, gasleft()); + } else { + token.safeTransferAndVerify(recipient, amount); + } + require( + tokenSellerAddress == address(0) || + ITokenSeller(tokenSellerAddress).sellToken(token, lrcAddress), + "SELL_FAILURE" + ); + emit TokenSold(token, amount); + } + function getProtocolFeeStats() + public + view + returns ( + uint accumulatedFees, + uint accumulatedBurn, + uint accumulatedDAOFund, + uint accumulatedReward, + uint remainingFees, + uint remainingBurn, + uint remainingDAOFund, + uint remainingReward + ) + { + remainingFees = ERC20(lrcAddress).balanceOf(address(this)); + accumulatedFees = remainingFees.add(claimedReward).add(claimedDAOFund).add(claimedBurn); + accumulatedReward = accumulatedFees.mul(REWARD_PERCENTAGE) / 100; + accumulatedDAOFund = accumulatedFees.mul(DAO_PERDENTAGE) / 100; + accumulatedBurn = accumulatedFees.sub(accumulatedReward).sub(accumulatedDAOFund); + remainingReward = accumulatedReward.sub(claimedReward); + remainingDAOFund = accumulatedDAOFund.sub(claimedDAOFund); + remainingBurn = accumulatedBurn.sub(claimedBurn); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2021-33403.sol b/data_full/CVE_clean/2021-33403.sol new file mode 100644 index 0000000000000000000000000000000000000000..96c0832f970148c79562ef08421e9d6f64797c85 --- /dev/null +++ b/data_full/CVE_clean/2021-33403.sol @@ -0,0 +1,196 @@ +pragma solidity ^0.4.8; +contract MigrationAgent { + function migrateFrom(address _from, uint256 _value); +} +contract ERC20Interface { + function totalSupply() constant returns (uint256 totalSupply); + function balanceOf(address _owner) constant returns (uint256 balance); + function transfer(address _to, uint256 _value) returns (bool success); + function transferFrom(address _from, address _to, uint256 _value) returns (bool success); + function approve(address _spender, uint256 _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint256 remaining); + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract BlocklancerToken is ERC20Interface { + string public constant name = "Lancer Token"; + string public constant symbol = "LNC"; + uint8 public constant decimals = 18; + mapping(address => mapping (address => uint256)) allowed; + uint public fundingStart; + bool public funding = true; + bool allowTransfer=false; + address public master; + uint256 totalTokens; + uint exchangeRate=20000; + uint EarlyInvestorExchangeRate=25000; + bool startRefund=false; + mapping (address => uint256) balances; + mapping (address => bool) initialInvestor; + mapping (address => uint) lastTransferred; + mapping (address => uint256) balancesEther; + address public migrationAgent; + uint256 public totalMigrated; + event Migrate(address indexed _from, address indexed _to, uint256 _value); + event Refund(address indexed _from, uint256 _value); + uint totalParticipants; + function BlocklancerToken() { + master = msg.sender; + fundingStart = 1501977600; + initialInvestor[0x32be343b94f860124dc4fee278fdcbd38c102d88]=true;initialInvestor[0x3106fe2245b376888d684bdcd83dfa9641a869ff]=true;initialInvestor[0x7f7c64c7b7f5a611e739b4da26659bf741414917]=true;initialInvestor[0x4b3b8e0c2c221e916a48e2e5f3718ae2bce51894]=true;initialInvestor[0x507c8fea802a0772eb5e001a8fba38f36fb9b66b]=true;initialInvestor[0x3c35b66dbaf1bc716f41759c7513a7af2f727ce0]=true;initialInvestor[0x7da3ff5dc152352dcffaf08d528e78f1efd4e9d1]=true;initialInvestor[0x404b688a1d9eb850be2527c5dd341561cfa84e11]=true;initialInvestor[0x80ad7165f29f97896a0b5758193879de34fd9712]=true;initialInvestor[0xd70837a61a322f69ba3742111216a7b97d61d3a7]=true;initialInvestor[0x5eefc4f295045ea11827f515c10d50829580cd31]=true;initialInvestor[0xc8c154d54e8d66073b23361cc74cf5d13efc4dc9]=true;initialInvestor[0x00b279438dff4bb6f37038b12704e31967955cb0]=true;initialInvestor[0xfff78f0db7995c7f2299d127d332aef95bc3e7b7]=true;initialInvestor[0xae631a37ad50bf03e8028d0ae8ba041c70ac4c70]=true;initialInvestor[0x4effca51ba840ae9563f5ac1aa794d1e5d3a3806]=true;initialInvestor[0x315a233620b8536d37a92d588aaf5eb050b50d84]=true;initialInvestor[0x1ebf9e3470f303f6a6ac43347e41877b0a5aaa39]=true;initialInvestor[0xbf022480bda3f6c839cd443397761d5e83f3c02b]=true;initialInvestor[0xe727ea5340256a5236287ee3074eea34d8483457]=true;initialInvestor[0x45ecfeea42fc525c0b29313d3de9089488ef71dc]=true;initialInvestor[0xe59e4aac45862796cb52434967cf72ea46474ff3]=true;initialInvestor[0x7c367c14a322404f9e332b68d7d661b46a5c93ea]=true;initialInvestor[0x08bea4ccc9c45e506d5bc5e638acaa13fa3e801c]=true;initialInvestor[0x5dfb4a015eb0c3477a99ba88b2ac60459c879674]=true;initialInvestor[0x771a2137708ca7e07e7b7c55e5ea666e88d7c0c8]=true;initialInvestor[0xcc8ab06eb5a14855fc8b90abcb6be2f34ee5cea1]=true;initialInvestor[0x0764d446d0701a9b52382f8984b9d270d266e02c]=true;initialInvestor[0x2d90b415a38e2e19cdd02ff3ad81a97af7cbf672]=true;initialInvestor[0x0d4266de516944a49c8109a4397d1fcf06fb7ed0]=true;initialInvestor[0x7a5159617df20008b4dbe06d645a1b0305406794]=true;initialInvestor[0xaf9e23965c09ebf5d313c669020b0e1757cbb92c]=true;initialInvestor[0x33d94224754c122baa1ebaf455d16a9c82f69c98]=true;initialInvestor[0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0]=true;initialInvestor[0xf6ac7c81ca099e34421b7eff7c9e80c8f56b74ae]=true;initialInvestor[0xd85faf59e73225ef386b46a1b17c493019b23e1e]=true;initialInvestor[0x3833f8dbdbd6bdcb6a883ff209b869148965b364]=true;initialInvestor[0x7ed1e469fcb3ee19c0366d829e291451be638e59]=true;initialInvestor[0x6c1ddafafd55a53f80cb7f4c8c8f9a9f13f61d70]=true;initialInvestor[0x94ef531595ffe510f8dc92e0e07a987f57784338]=true;initialInvestor[0xcc54e4e2f425cc4e207344f9e0619c1e40f42f26]=true;initialInvestor[0x70ee7bfc1aeac50349c29475a11ed4c57961b387]=true;initialInvestor[0x89be0bd8b6007101c7da7170a6461580994221d0]=true;initialInvestor[0xa7802ba51ba87556263d84cfc235759b214ccf35]=true;initialInvestor[0xb6a34bd460f02241e80e031023ec20ce6fc310ae]=true;initialInvestor[0x07004b458b56fb152c06ad81fe1be30c8a8b2ea1]=true;initialInvestor[0xb6da110659ef762a381cf2d6f601eb19b5f5d51e]=true;initialInvestor[0x20abf65634219512c6c98a64614c43220ca2085b]=true;initialInvestor[0x3afd1483693fe606c0e58f580bd08ae9aba092fd]=true;initialInvestor[0x61e120b9ca6559961982d9bd1b1dbea7485b84d1]=true;initialInvestor[0x481525718f1536ca2d739aa7e68b94b5e1d5d2c2]=true;initialInvestor[0x8e129a434cde6f52838fad2d30d8b08f744abf48]=true;initialInvestor[0x13df035952316f5fb663c262064ee39e44aa6b43]=true;initialInvestor[0x03c6c82a1d6d13b2f92ed63a10b1b791ffaa1e02]=true;initialInvestor[0xb079a72c627d0a34b880aee0504b901cbce64568]=true;initialInvestor[0xbf27721ca05c983c902df12492620ab2a8b9db91]=true;initialInvestor[0x4ced2b7d27ac74b0ecb2440d9857ba6c6407149f]=true;initialInvestor[0x330c63a5b737b5542be108a74b3fef6272619585]=true;initialInvestor[0x266dccd07a275a6e72b6bc549f7c2ce9e082f13f]=true;initialInvestor[0xf4280bf77a043568e40da2b8068b11243082c944]=true;initialInvestor[0x67d2f0e2d642a87300781df25c45b00bccaf6983]=true;initialInvestor[0x9f658a6628864e94f9a1c53ba519f0ae37a8b4a5]=true;initialInvestor[0x498d256ee53d4d05269cfa1a80c3214e525076ca]=true;initialInvestor[0xa1beac79dda14bce1ee698fdee47e2f7f2fd1f0d]=true;initialInvestor[0xfeb063bd508b82043d6b4d5c51e1e42b44f39b33]=true;initialInvestor[0xfeb7a283e1dbf2d5d8e9ba64ab5e607a41213561]=true;initialInvestor[0xabedb3d632fddccd4e95957be4ee0daffbe6acdd]=true;initialInvestor[0x4d8a7cb44d317113c82f25a0174a637a8f012ebb]=true;initialInvestor[0xe922c94161d45bdd31433b3c7b912ad214d399ce]=true;initialInvestor[0x11f9ad6eb7e9e98349b8397c836c0e3e88455b0a]=true;initialInvestor[0xfc28b52160639167fa59f30232bd8d43fab681e6]=true;initialInvestor[0xaf8a6c54fc8fa59cfcbc631e56b3d5b22fa42b75]=true;initialInvestor[0xd3c0ebb99a5616f3647f16c2efb40b133b5b1e1c]=true;initialInvestor[0x877341abeac8f44ac69ba7c99b1d5d31ce7a11d7]=true;initialInvestor[0xb22f376f70f34c906a88a91f6999a0bd1a0f3c3d]=true;initialInvestor[0x2c99db3838d6af157c8d671291d560a013c6c01e]=true;initialInvestor[0xd0f38af6984f3f847f7f2fcd6ea27aa878257059]=true;initialInvestor[0x2a5da89176d5316782d7f1c9db74d209679ad9ce]=true;initialInvestor[0xc88eea647a570738e69ad3dd8975577df720318d]=true;initialInvestor[0xb32b18dfea9072047a368ec056a464b73618345a]=true;initialInvestor[0x945b9a00bffb201a5602ee661f2a4cc6e5285ca6]=true;initialInvestor[0x86957ac9a15f114c08296523569511c22e471266]=true;initialInvestor[0x007bfe6994536ec9e89505c7de8e9eb748d3cb27]=true;initialInvestor[0x6ad0f0f578115b6fafa73df45e9f1e9056b84459]=true;initialInvestor[0x621663b4b6580b70b74afaf989c707d533bbec91]=true;initialInvestor[0xdc86c0632e88de345fc2ac01608c63f2ed99605a]=true;initialInvestor[0x3d83bb077b2557ef5f361bf1a9e68d093d919b28]=true;initialInvestor[0x56307b37377f75f397d4936cf507baf0f4943ea5]=true;initialInvestor[0x555cbe849bf5e01db195a81ecec1e65329fff643]=true;initialInvestor[0x7398a2edb928a2e179f62bfb795f292254f6850e]=true;initialInvestor[0x30382b132f30c175bee2858353f3a2dd0d074c3a]=true;initialInvestor[0x5baeac0a0417a05733884852aa068b706967e790]=true;initialInvestor[0xcb12b8a675e652296a8134e70f128521e633b327]=true;initialInvestor[0xaa8c03e04b121511858d88be7a1b2f5a2d70f6ac]=true;initialInvestor[0x77529c0ea5381262db964da3d5f6e2cc92e9b48b]=true;initialInvestor[0x59e5fe8a9637702c6d597c5f1c4ebe3fba747371]=true;initialInvestor[0x296fe436ecc0ea6b7a195ded26451e77e1335108]=true;initialInvestor[0x41bacae05437a3fe126933e57002ae3f129aa079]=true;initialInvestor[0x6cd5b9b60d2bcf81af8e6ef5d750dc9a8f18bf45]=true; + } + function getAmountofTotalParticipants() constant returns (uint){ + return totalParticipants; + } + function transfer(address _to, uint256 _value) returns (bool success) { + if(funding) throw; + if(!allowTransfer)throw; + var senderBalance = balances[msg.sender]; + if (senderBalance >= _value && _value > 0) { + senderBalance -= _value; + balances[msg.sender] = senderBalance; + balances[_to] += _value; + lastTransferred[msg.sender]=block.timestamp; + Transfer(msg.sender, _to, _value); + return true; + } + return false; + } + function totalSupply() constant returns (uint256 totalSupply) { + return totalTokens; + } + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function EtherBalanceOf(address _owner) constant returns (uint256) { + return balancesEther[_owner]; + } + function isInitialInvestor(address _owner) constant returns (bool) { + return initialInvestor[_owner]; + } + function TimeLeftBeforeCrowdsale() external constant returns (uint256) { + if(fundingStart>block.timestamp) + return fundingStart-block.timestamp; + else + return 0; + } + function migrate(uint256 _value) external { + if(funding) throw; + if(migrationAgent == 0) throw; + if(_value == 0) throw; + if(_value > balances[msg.sender]) throw; + balances[msg.sender] -= _value; + totalTokens -= _value; + totalMigrated += _value; + MigrationAgent(migrationAgent).migrateFrom(msg.sender, _value); + Migrate(msg.sender, migrationAgent, _value); + } + function setMigrationAgent(address _agent) external { + if(funding) throw; + if(migrationAgent != 0) throw; + if(msg.sender != master) throw; + migrationAgent = _agent; + } + function setExchangeRate(uint _exchangeRate){ + if(msg.sender!=master)throw; + exchangeRate=_exchangeRate; + } + function setICORunning(bool r){ + if(msg.sender!=master)throw; + funding=r; + } + function setTransfer(bool r){ + if(msg.sender!=master)throw; + allowTransfer=r; + } + function addInitialInvestor(address invest){ + if(msg.sender!=master)throw; + initialInvestor[invest]=true; + } + function addToken(address invest,uint256 value){ + if(msg.sender!=master)throw; + balances[invest]+=value; + totalTokens+=value; + } + function setEarlyInvestorExchangeRate(uint invest){ + if(msg.sender!=master)throw; + EarlyInvestorExchangeRate=invest; + } + function setStartDate(uint time){ + if(msg.sender!=master)throw; + fundingStart=time; + } + function setStartRefund(bool s){ + if(msg.sender!=master)throw; + startRefund=s; + } + function getExchangeRate(address investorAddress) constant returns(uint){ + if(initialInvestor[investorAddress]) + return EarlyInvestorExchangeRate; + else + return exchangeRate; + } + function ICOopen() constant returns(bool){ + if(!funding) return false; + else if(block.timestamp < fundingStart) return false; + else return true; + } + function() payable external { + if(!funding) throw; + if(block.timestamp < fundingStart) throw; + if(msg.value == 0) throw; + var numTokens = msg.value * getExchangeRate(msg.sender); + totalTokens += numTokens; + balances[msg.sender] += numTokens; + balancesEther[msg.sender] += msg.value; + totalParticipants+=1; + Transfer(0, msg.sender, numTokens); + } + function finalize(uint percentOfTotal) external { + if(msg.sender!=master)throw; + if(funding)throw; + funding = false; + uint256 additionalTokens = totalTokens * percentOfTotal / (100 - percentOfTotal); + totalTokens += additionalTokens; + balances[master] += additionalTokens; + Transfer(0, master, additionalTokens); + if (!master.send(this.balance)) throw; + } + function refund() external { + if(!startRefund) throw; + var gntValue = balances[msg.sender]; + var ethValue = balancesEther[msg.sender]; + if (gntValue == 0) throw; + balances[msg.sender] = 0; + balancesEther[msg.sender] = 0; + totalTokens -= gntValue; + Refund(msg.sender, ethValue); + if (!msg.sender.send(ethValue)) throw; + } + function transferFrom(address _from,address _to,uint256 _amount) returns (bool success) { + if(funding) throw; + if(!allowTransfer)throw; + if (balances[_from] >= _amount + && allowed[_from][msg.sender] >= _amount + && _amount > 0 + && balances[_to] + _amount > balances[_to]) { + balances[_from] -= _amount; + allowed[_from][msg.sender] -= _amount; + balances[_to] += _amount; + Transfer(_from, _to, _amount); + return true; + } else { + return false; + } + } + function approve(address _spender, uint256 _amount) returns (bool success) { + if(funding) throw; + if(!allowTransfer)throw; + allowed[msg.sender][_spender] = _amount; + Approval(msg.sender, _spender, _amount); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2021-34270.sol b/data_full/CVE_clean/2021-34270.sol new file mode 100644 index 0000000000000000000000000000000000000000..47ed9c0d7a67e63f0198637a273b9936ef06294a --- /dev/null +++ b/data_full/CVE_clean/2021-34270.sol @@ -0,0 +1,128 @@ +pragma solidity ^0.4.13; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract doftManaged { + address public doftManager; + function doftManaged() { + doftManager = msg.sender; + } + modifier onlyDoftManager { + require(msg.sender == doftManager); + _; + } + function transferDoftManagment(address newDoftManager) onlyDoftManager { + doftManager = newDoftManager; + } +} +contract ERC20 { + function totalSupply() constant returns (uint totalSupply); + function balanceOf(address _owner) constant returns (uint balance); + function transfer(address _to, uint _value) returns (bool success); + function transferFrom(address _from, address _to, uint _value) returns (bool success); + function approve(address _spender, uint _value) returns (bool success); + function allowance(address _owner, address _spender) constant returns (uint remaining); + event Transfer(address indexed _from, address indexed _to, uint _value); + event Approval(address indexed _owner, address indexed _spender, uint _value); +} +contract BasicToken is ERC20 { + uint256 _totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed _from, address indexed _to, uint _value); + event Approval(address indexed _owner, address indexed _spender, uint _value); + function totalSupply() constant returns (uint totalSupply){ + totalSupply = _totalSupply; + } + function balanceOf(address _owner) constant returns (uint balance){ + return balanceOf[_owner]; + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] > _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function transfer(address _to, uint _value) returns (bool success) { + _transfer(msg.sender, _to, _value); + return true; + } + function transferFrom(address _from, address _to, uint _value) returns (bool success) { + require (_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint _value) returns (bool success) { + allowance[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint remaining) { + return allowance[_owner][_spender]; + } +} +contract Doftcoin is BasicToken, owned, doftManaged { + string public name; + string public symbol; + uint256 public decimals; + uint256 public sellPrice; + uint256 public buyPrice; + uint256 public miningStorage; + string public version; + event Mine(address target, uint256 minedAmount); + function Doftcoin() { + decimals = 18; + _totalSupply = 5000000 * (10 ** decimals); + miningStorage = _totalSupply / 2; + name = "Doftcoin"; + symbol = "DFC"; + balanceOf[msg.sender] = _totalSupply; + version = "1.0"; + } + function mintToken(address _target, uint256 _mintedAmount) onlyOwner { + require (_target != 0x0); + balanceOf[_target] += _mintedAmount; + _totalSupply += _mintedAmount; + Transfer(0, this, _mintedAmount); + Transfer(this, _target, _mintedAmount); + } + function buy() payable { + require(buyPrice > 0); + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 _amount) { + require(sellPrice > 0); + require(this.balance >= _amount * sellPrice); + _transfer(msg.sender, this, _amount); + msg.sender.transfer(_amount * sellPrice); + } + function setPrices(uint256 _newSellPrice, uint256 _newBuyPrice) onlyDoftManager { + sellPrice = _newSellPrice; + buyPrice = _newBuyPrice; + } + function mine(address _target, uint256 _minedAmount) onlyDoftManager { + require (_minedAmount > 0); + require (_target != 0x0); + require (miningStorage - _minedAmount >= 0); + require (balanceOf[doftManager] >= _minedAmount); + require (balanceOf[_target] + _minedAmount > balanceOf[_target]); + balanceOf[doftManager] -= _minedAmount; + balanceOf[_target] += _minedAmount; + miningStorage -= _minedAmount; + Mine(_target, _minedAmount); + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2021-34272.sol b/data_full/CVE_clean/2021-34272.sol new file mode 100644 index 0000000000000000000000000000000000000000..cc850dbf91485ef55269f34b968cc95768c4fb9a --- /dev/null +++ b/data_full/CVE_clean/2021-34272.sol @@ -0,0 +1,133 @@ +pragma solidity ^0.4.18; +contract Owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 6; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + Burn(_from, _value); + return true; + } +} +contract RobotBTC is Owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + bool public isOpened; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function RobotBTC( + uint256 initialSupply, + string tokenName, + string tokenSymbol + ) TokenERC20(initialSupply, tokenName, tokenSymbol) public { + } + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value > balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable public { + require(isOpened); + uint amount = msg.value / buyPrice; + _transfer(this, msg.sender, amount); + } + function sell(uint256 amount) public { + require(this.balance >= amount * sellPrice); + require(isOpened); + _transfer(msg.sender, this, amount); + msg.sender.transfer(amount * sellPrice); + } + function setExchange(bool istrue) onlyOwner public { + isOpened = istrue; + } +} \ No newline at end of file diff --git a/data_full/CVE_clean/2021-34273.sol b/data_full/CVE_clean/2021-34273.sol new file mode 100644 index 0000000000000000000000000000000000000000..504673ffb7f14ac27dbb4512a06faef6b3108126 --- /dev/null +++ b/data_full/CVE_clean/2021-34273.sol @@ -0,0 +1,80 @@ +pragma solidity ^0.4.4; +contract Token { + function totalSupply() constant returns (uint256 supply) {} + function balanceOf(address _owner) constant returns (uint256 balance) {} + function transfer(address _to, uint256 _value) returns (bool success) {} + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {} + function approve(address _spender, uint256 _value) returns (bool success) {} + function allowance(address _owner, address _spender) constant returns (uint256 remaining) {} + event Transfer(address indexed _from, address indexed _to, uint256 _value); + event Approval(address indexed _owner, address indexed _spender, uint256 _value); +} +contract Owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +contract StandardToken is Token, Owned { + function transfer(address _to, uint256 _value) returns (bool success) { + if (balances[msg.sender] >= _value && _value > 0) { + balances[msg.sender] -= _value; + balances[_to] += _value; + Transfer(msg.sender, _to, _value); + return true; + } else { return false; } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) { + balances[_to] += _value; + balances[_from] -= _value; + allowed[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } else { return false; } + } + function distributeToken(address[] addresses, uint256 _value) { + for (uint i = 0; i < addresses.length; i++) { + balances[msg.sender] -= _value; + balances[addresses[i]] += _value; + Transfer(msg.sender, addresses[i], _value); + } +} + function balanceOf(address _owner) constant returns (uint256 balance) { + return balances[_owner]; + } + function approve(address _spender, uint256 _value) returns (bool success) { + allowed[msg.sender][_spender] = _value; + Approval(msg.sender, _spender, _value); + return true; + } + function allowance(address _owner, address _spender) constant returns (uint256 remaining) { + return allowed[_owner][_spender]; + } + mapping (address => uint256) balances; + mapping (address => mapping (address => uint256)) allowed; + uint256 public totalSupply; +} +contract B2X is StandardToken { + function () { + throw; + } + string public name; + uint8 public decimals; + string public symbol; + function B2X( + ) { + totalSupply = 21 * 10 ** 14; + balances[msg.sender] = totalSupply; + name = "BTC2X"; + decimals = 8; + symbol = "B2X"; + } +} \ No newline at end of file diff --git a/data_full/CVE_label/CVE2description.json b/data_full/CVE_label/CVE2description.json new file mode 100644 index 0000000000000000000000000000000000000000..e05f122c9ca459e427113bc1982b5236434710d1 --- /dev/null +++ b/data_full/CVE_label/CVE2description.json @@ -0,0 +1,564 @@ +{ + "CVE-2023-41052": "Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.", + "CVE-2023-40015": "Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.", + "CVE-2023-40014": "OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.", + "CVE-2023-39363": "Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.", + "CVE-2023-34459": "OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for verification and the merkle tree that is processed includes a node with value 0 at depth 1 (just under the root). This could happen inadvertedly for balanced trees with 3 leaves or less, if the leaves are not hashed. This could happen deliberately if a malicious tree builder includes such a node in the tree. A contract is not vulnerable if it uses single-leaf proving (`verify`, `verifyCalldata`, `processProof`, or `processProofCalldata`), or if it uses multiproofs with a known tree that has hashed leaves. Standard merkle trees produced or validated with the @openzeppelin/merkle-tree library are safe. The problem has been patched in version 4.9.2. Some workarounds are available. For those using multiproofs: When constructing merkle trees hash the leaves and do not insert empty nodes in your trees. Using the @openzeppelin/merkle-tree package eliminates this issue. Do not accept user-provided merkle roots without reconstructing at least the first level of the tree. Verify the merkle tree structure by reconstructing it from the leaves.", + "CVE-2023-34449": "ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch.", + "CVE-2023-34234": "OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround.", + "CVE-2023-32675": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.", + "CVE-2023-32059": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.", + "CVE-2023-32058": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.", + "CVE-2023-31146": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.", + "CVE-2023-30837": "Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.", + "CVE-2023-30629": "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.", + "CVE-2023-30542": "OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would eventually execute without any calldata. The `ProposalCreated` event correctly represents what will eventually execute, but the proposal parameters as queried through `getActions` appear to respect the original intended calldata. This issue has been patched in 4.8.3. As a workaround, ensure that all proposals that pass through governance have equal length `signatures` and `calldatas` parameters.", + "CVE-2023-30541": "OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from calldata. The probability of an accidental clash is negligible, but one could be caused deliberately and could cause a reduction in availability. The issue has been fixed in version 4.8.3. As a workaround if a function appears to be inaccessible for this reason, it may be possible to craft the calldata such that ABI decoding does not fail at the proxy and the function is properly proxied through.", + "CVE-2023-26488": "OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2.", + "CVE-2023-23940": "OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1.", + "CVE-2022-46173": "Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between the transaction caches and the processing component. If the above-mentioned transaction was sent with more gas than required, the smart contract result (SCR transaction) that should have returned the leftover gas, would have been wrongly added to a cache that the processing unit did not consider. The node stopped notarizing metachain blocks. The fix was actually to extend the SCR transaction search in all other caches if it wasn't found in the correct (expected) sharded-cache. There are no known workarounds at this time. This issue has been patched in version 1.3.50.", + "CVE-2022-39384": "OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization.", + "CVE-2022-36061": "Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.", + "CVE-2022-35961": "OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a single `bytes` argument, and not the functions that take `r, v, s` or `r, vs` as separate arguments. The potentially affected contracts are those that implement signature reuse or replay protection by marking the signature itself as used rather than the signed message or a nonce included in it. A user may take a signature that has already been submitted, submit it again in a different form, and bypass this protection. The issue has been patched in 4.7.3.", + "CVE-2022-35916": "OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.", + "CVE-2022-35915": "OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.", + "CVE-2022-31198": "OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum.", + "CVE-2022-31172": "OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. `SignatureChecker.isValidSignatureNow` is not expected to revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected. The contracts that may be affected are those that use `SignatureChecker` to check the validity of a signature and handle invalid signatures in a way other than reverting. The issue was patched in version 4.7.1.", + "CVE-2022-31170": "OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1. The contracts that may be affected are those that use `ERC165Checker` to check for support for an interface and then handle the lack of support in a way other than reverting. The issue was patched in version 4.7.1.", + "CVE-2022-29255": "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.", + "CVE-2022-27134": "EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string memo` parameter.", + "CVE-2022-24845": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.", + "CVE-2022-24788": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.", + "CVE-2022-24787": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `\"\\x00\"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.", + "CVE-2021-41264": "OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301).", + "CVE-2021-41122": "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.", + "CVE-2021-41121": "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.", + "CVE-2021-39168": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.", + "CVE-2021-39167": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.", + "CVE-2021-34273": "A security flaw in the 'owned' function of a smart contract implementation for BTC2X (B2X), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets.", + "CVE-2021-34272": "A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets.", + "CVE-2021-34270": "An integer overflow in the mintToken function of a smart contract implementation for Doftcoin Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses.", + "CVE-2021-33403": "An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large accounts during a transaction.", + "CVE-2021-3006": "The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021.", + "CVE-2021-3004": "The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.", + "CVE-2020-35962": "The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.", + "CVE-2020-17753": "An issue was discovered in function addMeByRC in the smart contract implementation for RC, an Ethereum token, allows attackers to transfer an arbitrary amount of tokens to an arbitrary address.", + "CVE-2020-17752": "Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON).", + "CVE-2019-15080": "An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack.", + "CVE-2019-15079": "A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free.", + "CVE-2019-15078": "An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free.", + "CVE-2018-19834": "The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19833": "The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19832": "The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19831": "The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19830": "The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity.", + "CVE-2018-18425": "The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency. (Increasing the total supply by using 'doAirdrop' ignores the hard cap written in the contract and devalues the token.)", + "CVE-2018-17987": "The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile.", + "CVE-2018-17968": "A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.", + "CVE-2018-17882": "An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.", + "CVE-2018-17877": "A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-17111": "The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect.", + "CVE-2018-17071": "The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-17050": "The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-15552": "The \"PayWinner\" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable \"maxTickets\" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-14715": "The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.", + "CVE-2018-14576": "The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.", + "CVE-2018-14089": "An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition.", + "CVE-2018-14088": "An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the \"amount * 1000000000000000\" will cause an integer overflow in withdrawToFounders().", + "CVE-2018-14087": "An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the \"msg.value * buyPrice\" will cause an integer overflow in the fallback function.", + "CVE-2018-14086": "An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the \"amount * sellPrice\" will cause an integer overflow in sell().", + "CVE-2018-14085": "An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit { uint public start; function sweep(address _token, uint _amount) returns (bool) { start = 0x123456789; return true;} }. Then, when one calls the function sweep() in the UserWallet contract, it will change the sweeperList to 0X123456789.", + "CVE-2018-14084": "An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the \"amount * sellPrice\" will cause an integer overflow in sell().", + "CVE-2018-14063": "The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow.", + "CVE-2018-14006": "An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14005": "An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14004": "An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14003": "An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14002": "An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14001": "An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-13877": "The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land, users cannot buy lands near that contract's land, because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors.", + "CVE-2018-13836": "An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-13783": "The mintToken function of a smart contract implementation for JiucaiToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13782": "The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13781": "The mintToken function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13780": "The mintToken function of a smart contract implementation for ESH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13779": "The mintToken function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13778": "The mintToken function of a smart contract implementation for CGCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13777": "The mintToken function of a smart contract implementation for RRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13776": "The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13775": "The mintToken function of a smart contract implementation for RCKT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13774": "The mintToken function of a smart contract implementation for Bitstarti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13773": "The mintToken function of a smart contract implementation for Enterprise Token Ecosystem (ETE) (Contract Name: NetkillerToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13772": "The mintToken function of a smart contract implementation for TheFlashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13771": "The mintToken function of a smart contract implementation for ExacoreContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13770": "The mintToken function of a smart contract implementation for UltimateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13769": "The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13768": "The mintToken function of a smart contract implementation for ZToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13767": "The mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13766": "The mintToken function of a smart contract implementation for Easticoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13765": "The mintToken function of a smart contract implementation for LandCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13764": "The mintToken function of a smart contract implementation for BiquToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13763": "The mintToken function of a smart contract implementation for Ublasti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13762": "The mintToken function of a smart contract implementation for Yumerium, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13761": "The mintToken function of a smart contract implementation for NetkillerAdvancedTokenAirDrop, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13760": "The mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13759": "The mintToken function of a smart contract implementation for BIGCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13758": "The mintToken function of a smart contract implementation for LoliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13757": "The mintToken function of a smart contract implementation for Coinquer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13756": "The mintToken function of a smart contract implementation for CherryCoinFoundation, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13755": "The mintToken function of a smart contract implementation for OTAKUToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13754": "The mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13753": "The mintToken function of a smart contract implementation for DeWeiSecurityServiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13752": "The mintToken function of a smart contract implementation for Thread, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13751": "The mintToken function of a smart contract implementation for JustWallet, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13750": "The mintToken function of a smart contract implementation for RichiumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13749": "The mintToken function of a smart contract implementation for FinalToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13748": "The mintToken function of a smart contract implementation for CarToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13747": "The mintToken function of a smart contract implementation for VanMinhCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13746": "The mintToken function of a smart contract implementation for kBit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13745": "The mintToken function of a smart contract implementation for STCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13744": "The mintToken function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13743": "The mintToken function of a smart contract implementation for SuperEnergy (SEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13742": "The mintToken function of a smart contract implementation for tickets (TKT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13741": "The mintToken function of a smart contract implementation for ABLGenesisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13740": "The mintToken function of a smart contract implementation for OneChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13739": "The mintToken function of a smart contract implementation for dopnetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13738": "The mintToken function of a smart contract implementation for PELOCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13737": "The mintToken function of a smart contract implementation for AnovaBace, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13736": "The mintToken function of a smart contract implementation for ELearningCoinERC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13735": "The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13734": "The mintToken function of a smart contract implementation for AZTToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13733": "The mintToken function of a smart contract implementation for ProjectJ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13732": "The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13731": "The mintToken function of a smart contract implementation for TokenMACHU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13730": "The mintToken function of a smart contract implementation for HEY, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13729": "The mintToken function of a smart contract implementation for JPMD100B, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13728": "The mintToken function of a smart contract implementation for JixoCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13727": "The mintToken function of a smart contract implementation for Eastcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13726": "The mintToken function of a smart contract implementation for ISeeVoiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13725": "The mintToken function of a smart contract implementation for GlobalSuperGameToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13724": "The mint function of a smart contract implementation for HYIPCrowdsale1, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13723": "The mintToken function of a smart contract implementation for SERVVIZIOToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13722": "The mint function of a smart contract implementation for HYIPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13721": "The mintToken function of a smart contract implementation for GoMineWorld, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13720": "The mintToken function of a smart contract implementation for Antoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13719": "The mintToken function of a smart contract implementation for BiteduToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13718": "The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13717": "The mintToken function of a smart contract implementation for HormitechToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13716": "The mintToken function of a smart contract implementation for sexhdsolo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13715": "The mintToken function of a smart contract implementation for BpsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13714": "The mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13713": "The mintToken function of a smart contract implementation for Tradesman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13712": "The mintToken function of a smart contract implementation for PMET, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13711": "The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13710": "The mintToken function of a smart contract implementation for Mjolnir, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13709": "The mintToken function of a smart contract implementation for Tube, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13708": "The mintToken function of a smart contract implementation for Order (ETH) (Contract Name: BuyToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13707": "The mintToken function of a smart contract implementation for YSS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13706": "The mintToken function of a smart contract implementation for IdeaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13705": "The mintToken function of a smart contract implementation for PMHToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13704": "The mintToken function of a smart contract implementation for eddToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13703": "The mintToken function of a smart contract implementation for CERB_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13702": "The mintToken function of a smart contract implementation for Essence, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13701": "The mintToken function of a smart contract implementation for KissMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13700": "The mintToken function of a smart contract implementation for IPMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13699": "The mintToken function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13698": "The mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13697": "The mintToken function of a smart contract implementation for RobotBTC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13696": "The mintToken function of a smart contract implementation for RedTicket, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13695": "The mint function of a smart contract implementation for CTest7, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13694": "The mintToken function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13693": "The mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13692": "The mintToken function of a smart contract implementation for MehdiTAZIToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13691": "The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13690": "The mintToken function of a smart contract implementation for Instacocoa, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13689": "The mintToken function of a smart contract implementation for CJXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13688": "The mintToken function of a smart contract implementation for MallToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13687": "The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13686": "The mintToken function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13685": "The mintToken function of a smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13684": "The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13683": "The mintToken function of a smart contract implementation for exsulcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13682": "The mintToken function of a smart contract implementation for ViteMoneyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13681": "The mintToken function of a smart contract implementation for SOSCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13680": "The mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13679": "The mintToken function of a smart contract implementation for ZPEcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13678": "The mintToken function of a smart contract implementation for Lottery, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13677": "The mintToken function of a smart contract implementation for Goochain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13676": "The mintToken function of a smart contract implementation for Orderbook Presale Token (OBP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13675": "The mintToken function of a smart contract implementation for YAMBYO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13674": "The mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13673": "The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13672": "The mintToken function of a smart contract implementation for OBTCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13671": "The mintToken function of a smart contract implementation for DinsteinCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13670": "The mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13669": "The mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13668": "The mintToken function of a smart contract implementation for BTPCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13667": "The mintToken function of a smart contract implementation for UTBTokenTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13666": "The mintToken function of a smart contract implementation for EristicaICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13665": "The mintToken function of a smart contract implementation for BCaaS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13664": "The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13663": "The mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13662": "The mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13661": "The mintToken function of a smart contract implementation for APP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13660": "The mint function of a smart contract implementation for BillionRewardsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13659": "The mintToken function of a smart contract implementation for BrianCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13658": "The mintToken function of a smart contract implementation for TheGoDgital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13657": "The mintToken function of a smart contract implementation for Rice, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13656": "The mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13655": "The mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13654": "The mintToken function of a smart contract implementation for ESTSToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13653": "The mintToken function of a smart contract implementation for ipshoots, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13652": "The mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13651": "The mintToken function of a smart contract implementation for MicoinNetworkToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13650": "The mintToken function of a smart contract implementation for BitmaxerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13649": "The mintToken function of a smart contract implementation for Deploy, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13648": "The mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13647": "The mintToken function of a smart contract implementation for TrueGoldCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13646": "The mintToken function of a smart contract implementation for Datiac, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13645": "The mintToken function of a smart contract implementation for Fiocoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13644": "The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13643": "The mintToken function of a smart contract implementation for GCRTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13642": "The mintToken function of a smart contract implementation for SECoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13641": "The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13640": "The mintToken function of a smart contract implementation for EthereumSmart, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13639": "The mintToken function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13638": "The mintToken function of a smart contract implementation for Bitpark, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13637": "The mintToken function of a smart contract implementation for CikkaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13636": "The mintToken function of a smart contract implementation for TurdCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13635": "The mintToken function of a smart contract implementation for HBCM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13634": "The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13633": "The mintToken function of a smart contract implementation for Martcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13632": "The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13631": "The mintToken function of a smart contract implementation for doccoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13630": "The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13629": "The mintToken function of a smart contract implementation for CrimsonShilling, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13628": "The mintToken function of a smart contract implementation for MomentumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13627": "The mintToken function of a smart contract implementation for MyOffer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13626": "The mintToken function of a smart contract implementation for SemainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13625": "The mintlvlToken function of a smart contract implementation for Krown, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13624": "The mintToken function of a smart contract implementation for WXSLToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13623": "The mintToken function of a smart contract implementation for AirdropperCryptics, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13622": "The mintToken function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13621": "The mintToken function of a smart contract implementation for SoundTribeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13620": "The mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13619": "The mintToken function of a smart contract implementation for MicoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13618": "The mintToken function of a smart contract implementation for VICETOKEN_ICO_IS_A_SCAM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13617": "The mintToken function of a smart contract implementation for CAPTOZ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13616": "The mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13615": "The mintToken function of a smart contract implementation for MJCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13614": "The mintToken function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13613": "The mintToken function of a smart contract implementation for CON0217, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13612": "The mintToken function of a smart contract implementation for Robincoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13611": "The mintToken function of a smart contract implementation for CDcurrency, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13610": "The mintToken function of a smart contract implementation for MedicayunLink, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13609": "The mintToken function of a smart contract implementation for CSAToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13608": "The mintToken function of a smart contract implementation for archercoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13607": "The mintToken function of a smart contract implementation for ResidualShare, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13606": "The mintToken function of a smart contract implementation for ARChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13605": "The mintToken function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13604": "The mintToken function of a smart contract implementation for wellieat, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13603": "The mintToken function of a smart contract implementation for Briant2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13602": "The mint function of a smart contract implementation for MiningToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13601": "The mintToken function of a smart contract implementation for GalacticX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13600": "The mintToken function of a smart contract implementation for AMToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13599": "The mintToken function of a smart contract implementation for ResidualValue, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13598": "The mintToken function of a smart contract implementation for SendMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13597": "The mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13596": "The mintToken function of a smart contract implementation for TESTAhihi, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13595": "The mintToken function of a smart contract implementation for BitStore, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13594": "The mintToken function of a smart contract implementation for CardFactory, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13593": "The mintToken function of a smart contract implementation for CardToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13592": "The mintToken function of a smart contract implementation for RajTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13591": "The mintToken function of a smart contract implementation for KAPcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13590": "The mintToken function of a smart contract implementation for SIPCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13589": "The mintToken function of a smart contract implementation for MooAdvToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13588": "The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13587": "The mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13586": "The mintToken function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13585": "The mintToken function of a smart contract implementation for CHERRYCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13584": "The mintToken function of a smart contract implementation for yasudem, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13583": "The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13582": "The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13581": "The mintToken function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13580": "The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13579": "The mintToken function of a smart contract implementation for ForeverCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13578": "The mintToken function of a smart contract implementation for GalaxyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13577": "The mintToken function of a smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13576": "The mintToken function of a smart contract implementation for Escut (ESCT) (Contract Name: JuntsPerCreixer), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13575": "The mintToken function of a smart contract implementation for YESToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13574": "The mintToken function of a smart contract implementation for DataShieldCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13573": "The mintToken function of a smart contract implementation for TripPay, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13572": "The mintToken function of a smart contract implementation for PGM_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13571": "The mintToken function of a smart contract implementation for GoramCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13570": "The mint function of a smart contract implementation for kkTestCoin1 (KTC1), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13569": "The mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13568": "The mintToken function of a smart contract implementation for MktCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13567": "The mintToken function of a smart contract implementation for SDR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13566": "The mintToken function of a smart contract implementation for RETNToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13565": "The mintToken function of a smart contract implementation for Co2Bit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13564": "The mintToken function of a smart contract implementation for GATcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13563": "The mintToken function of a smart contract implementation for UPayToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13562": "The mintToken function of a smart contract implementation for BMVCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13561": "The mintToken function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13560": "The mintToken function of a smart contract implementation for KelvinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13559": "The mintToken function of a smart contract implementation for UTCT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13558": "The mintToken function of a smart contract implementation for rhovit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13557": "The mintToken function of a smart contract implementation for Trabet_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13556": "The mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13555": "The mintToken function of a smart contract implementation for JaxBox, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13554": "The mintToken function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13553": "The mintToken function of a smart contract implementation for Micro BTC (MBTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13552": "The mintToken function of a smart contract implementation for Trabet_Coin_PreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13551": "The mintToken function of a smart contract implementation for Bgamecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13550": "The mintToken function of a smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13549": "The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13548": "The mintToken function of a smart contract implementation for Mimicoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13547": "The mintToken function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13546": "The mintToken function of a smart contract implementation for CCASH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13545": "The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13544": "The mintToken function of a smart contract implementation for Numisma, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13543": "The mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13542": "The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13541": "The mintToken function of a smart contract implementation for CryptoLeu, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13540": "The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13539": "The mintToken function of a smart contract implementation for Bcxss, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13538": "The mintToken function of a smart contract implementation for SIPCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13537": "The mintToken function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13536": "The mintToken function of a smart contract implementation for ERC20_ICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13535": "The mintToken function of a smart contract implementation for PACCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13534": "The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13533": "The mintToken function of a smart contract implementation for ALUXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13532": "The mintToken function of a smart contract implementation for Mindexcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13531": "The mintToken function of a smart contract implementation for MaxHouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13530": "The mintToken function of a smart contract implementation for HunterCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13529": "The mintToken function of a smart contract implementation for BetterThanAdrien, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13528": "The mintToken function of a smart contract implementation for DhaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13527": "The mintToken function of a smart contract implementation for ElevateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13526": "The mintToken function of a smart contract implementation for WangWangToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13525": "The mintToken function of a smart contract implementation for Flow, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13524": "The mintToken function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13523": "The mintToken function of a smart contract implementation for SmartPayment, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13522": "The mintToken function of a smart contract implementation for EXGROUP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13521": "The mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13520": "The mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13519": "The mint function of a smart contract implementation for DigitalCloudToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13518": "The mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13517": "The mintToken function of a smart contract implementation for C3 Token (C3), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13516": "The mintToken function of a smart contract implementation for Super Cool Awesome Money (SCAM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13515": "The mintToken function of a smart contract implementation for aman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13514": "The mintToken function of a smart contract implementation for esportz, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13513": "The mintToken function of a smart contract implementation for Ubiou, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13512": "The mintToken function of a smart contract implementation for SmartHomeCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13511": "The mintToken function of a smart contract implementation for CorelliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13510": "The mintToken function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13509": "The mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13508": "The mintToken function of a smart contract implementation for VITToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13507": "The mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13506": "The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13505": "The mintToken function of a smart contract implementation for ecogreenhouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13504": "The mintToken function of a smart contract implementation for MMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13503": "The mintToken function of a smart contract implementation for South Park Token Token (SPTKN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13502": "The mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13501": "The mintToken function of a smart contract implementation for HRWtoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13500": "The mintToken function of a smart contract implementation for MSXAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13499": "The mintToken function of a smart contract implementation for Crowdsale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13498": "The mintToken function of a smart contract implementation for KAPAYcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13497": "The mintToken function of a smart contract implementation for COBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13496": "The mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13495": "The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13494": "The mintToken function of a smart contract implementation for SusanTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13493": "The mintToken function of a smart contract implementation for DaddyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13492": "The mintToken function of a smart contract implementation for naga, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13491": "The mintToken function of a smart contract implementation for Carrot, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13490": "The mintToken function of a smart contract implementation for FILM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13489": "The mintToken function of a smart contract implementation for OllisCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13488": "The mintToken function of a smart contract implementation for Crypto Alley Shares (CAST), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13487": "The mintToken function of a smart contract implementation for PlatoToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13486": "The mintToken function of a smart contract implementation for HELP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13485": "The mintToken function of a smart contract implementation for BitcoinAgileToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13484": "The mintToken function of a smart contract implementation for CBRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13483": "The mintToken function of a smart contract implementation for mkethToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13482": "The mintToken function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13481": "The mintToken function of a smart contract implementation for TRIUM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13480": "The mintToken function of a smart contract implementation for QRG, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13479": "The mintToken function of a smart contract implementation for SlidebitsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13478": "The mintToken function of a smart contract implementation for DMPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13477": "The mintToken function of a smart contract implementation for CTESale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13476": "The mintToken function of a smart contract implementation for PhilCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13475": "The mintToken function of a smart contract implementation for VSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13474": "The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13473": "The mintToken function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13472": "The mint function of a smart contract implementation for CloutToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13471": "The mintToken function of a smart contract implementation for BeyondCashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13470": "The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13469": "The mintToken function of a smart contract implementation for IcoContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13468": "The mintToken function of a smart contract implementation for Cavecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13467": "The mintToken function of a smart contract implementation for EpiphanyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13466": "The mintToken function of a smart contract implementation for Crystals, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13465": "The mintToken function of a smart contract implementation for PaulyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13464": "The mintToken function of a smart contract implementation for t_swap, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13463": "The mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13462": "The mintToken function of a smart contract implementation for MoonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13328": "The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow.", + "CVE-2018-13327": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13326": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13325": "The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow.", + "CVE-2018-13233": "The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13232": "The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13231": "The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13230": "The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13229": "The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13228": "The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13227": "The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13226": "The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13225": "The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13224": "The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13223": "The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13222": "The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13221": "The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13220": "The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13219": "The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13218": "The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13217": "The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13216": "The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13215": "The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13214": "The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13213": "The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13212": "The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13211": "The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13210": "The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13209": "The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13208": "The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13207": "The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13206": "The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13205": "The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13204": "The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13203": "The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13202": "The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13201": "The sell function of a smart contract implementation for TiTok - Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13200": "The sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13199": "The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13198": "The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13197": "The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13196": "The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13195": "The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13194": "The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13193": "The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13192": "The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13191": "The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13190": "The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13189": "The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13188": "The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13187": "The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13186": "The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13185": "The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13184": "The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13183": "The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13182": "The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13181": "The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13180": "The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13179": "The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13178": "The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13177": "The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13176": "The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13175": "The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13174": "The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13173": "The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13172": "The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13171": "The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13170": "The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13169": "The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13168": "The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13167": "The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13166": "The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13165": "The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13164": "The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13163": "The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13162": "The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13161": "The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13160": "The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13159": "The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13158": "The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13157": "The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13156": "The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13155": "The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13146": "The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow.", + "CVE-2018-13145": "The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow.", + "CVE-2018-13144": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13132": "Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13131": "SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13130": "Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13129": "SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13128": "Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13127": "SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13126": "MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13113": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13092": "The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13091": "The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13090": "The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13089": "The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13088": "The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13087": "The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13086": "The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13085": "The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13084": "The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13083": "The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13082": "The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13081": "The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13080": "The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13079": "The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13078": "The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13077": "The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13076": "The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13075": "The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13074": "The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13073": "The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13072": "The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13071": "The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13070": "The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13069": "The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13068": "The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13041": "The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-12975": "The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages).", + "CVE-2018-12959": "The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).", + "CVE-2018-12885": "The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.", + "CVE-2018-12703": "The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the \"evilReflex\" issue. NOTE: a PeckShield disclosure states \"some researchers have independently discussed the mechanism of such vulnerability.\"", + "CVE-2018-12702": "The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the \"evilReflex\" issue. NOTE: a PeckShield disclosure states \"some researchers have independently discussed the mechanism of such vulnerability.\"", + "CVE-2018-12511": "In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily.", + "CVE-2018-12454": "The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-12230": "An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.", + "CVE-2018-12084": "The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12083": "The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12082": "The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12081": "The mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12080": "The mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12079": "The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12078": "The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12070": "The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12068": "The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12067": "The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12063": "The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12062": "The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12056": "The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-12025": "The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in the first place. Suppose this function asks for the allowed value to be smaller than the input. Then, the attacker could easily ignore the allowance: after this condition, the `allowed[from][msg.sender] -= value;` would cause an underflow because the allowed part is smaller than the value. The attacker could transfer any amount of FuturXe tokens of any accounts to an appointed account (the `_to` address) because the allowed value is initialized to 0, and the attacker could bypass this restriction even without the victim's private key.", + "CVE-2018-11687": "An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the \"ownerUnderflow\" issue.", + "CVE-2018-11561": "An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets.", + "CVE-2018-11446": "The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-11429": "ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-11411": "The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.", + "CVE-2018-11335": "GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-11329": "The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018.", + "CVE-2018-11239": "An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the \"burnOverflow\" issue.", + "CVE-2018-10973": "An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters.", + "CVE-2018-10944": "The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether.", + "CVE-2018-10769": "The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).", + "CVE-2018-10706": "An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the \"multiOverflow\" issue.", + "CVE-2018-10705": "The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances() denial of service attack.", + "CVE-2018-10666": "The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. A new owner can subsequently modify variables.", + "CVE-2018-10468": "The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the \"transferFlaw\" issue.", + "CVE-2018-10376": "An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the \"proxyOverflow\" issue.", + "CVE-2018-10299": "An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the \"batchOverflow\" issue.", + "CVE-2017-14457": "An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.", + "CVE-2017-14451": "An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability." +} \ No newline at end of file diff --git a/data_full/CVE_label/CVE2label.json b/data_full/CVE_label/CVE2label.json new file mode 100644 index 0000000000000000000000000000000000000000..ad74a711e69a139bad2258ece1d8d137853a6317 --- /dev/null +++ b/data_full/CVE_label/CVE2label.json @@ -0,0 +1,21 @@ +{ + "CVE-2018-10299": "Integer Overflow", + "CVE-2018-10376": "Integer Overflow", + "CVE-2018-11335": "Integer Overflow", + "CVE-2018-13836": "Integer Overflow", + "CVE-2018-17882": "Integer Overflow", + "CVE-2018-10468": "Wrong Logic", + "CVE-2018-11411": "Wrong Logic", + "CVE-2018-12025": "Wrong Logic", + "CVE-2021-3004": "Wrong Logic", + "CVE-2018-15552": "Bad Randomness", + "CVE-2018-14715": "Bad Randomness", + "CVE-2018-17877": "Bad Randomness", + "CVE-2018-10666": "Access Control", + "CVE-2018-10705": "Access Control", + "CVE-2018-19830": "Access Control", + "CVE-2019-15078": "Typo Constructor", + "CVE-2019-15079": "Typo Constructor", + "CVE-2019-15080": "Typo Constructor", + "CVE-2018-18425": "Token Devalue" +} \ No newline at end of file diff --git a/data_sample/CVE/2018-13071.sol b/data_sample/CVE/2018-13071.sol new file mode 100644 index 0000000000000000000000000000000000000000..66840e87030a9cb2b68fec6946a77a1ad680ad63 --- /dev/null +++ b/data_sample/CVE/2018-13071.sol @@ -0,0 +1,231 @@ +/** + *Submitted for verification at Etherscan.io on 2017-11-18 +*/ + +//ERC20 Token +pragma solidity ^0.4.17; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = "T10 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /*************************************************/ + mapping(address=>uint256) public indexes; + mapping(uint256=>address) public addresses; + uint256 public lastIndex = 0; + /*************************************************/ + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + /*****************************************/ + addresses[1] = msg.sender; + indexes[msg.sender] = 1; + lastIndex = 1; + /*****************************************/ + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts _ to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract CCindexToken is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping(address=>bool) public frozenAccount; + + + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + uint256 public constant initialSupply = 40000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "CCindex10"; + string public tokenSymbol = "T10"; + function CCindexToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + /* Send coins */ + function transfer(address _to, uint256 _value) { + // if(!canHolderTransfer()) throw; + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + if(_value > 0){ + if(balanceOf[msg.sender] == 0){ + addresses[indexes[msg.sender]] = addresses[lastIndex]; + indexes[addresses[lastIndex]] = indexes[msg.sender]; + indexes[msg.sender] = 0; + delete addresses[lastIndex]; + lastIndex--; + } + if(indexes[_to]==0){ + lastIndex++; + addresses[lastIndex] = _to; + indexes[_to] = lastIndex; + } + } + } + + function getAddresses() constant returns (address[]){ + address[] memory addrs = new address[](lastIndex); + for(uint i = 0; i < lastIndex; i++){ + addrs[i] = addresses[i+1]; + } + return addrs; + } + + function distributeTokens(uint startIndex,uint endIndex) onlyOwner returns (uint) { + // if(balanceOf[owner] < _amount) throw; + uint distributed = 0; + require(startIndex < endIndex); + + for(uint i = startIndex; i < lastIndex; i++){ + address holder = addresses[i+1]; + uint reward = balanceOf[holder] * 3 / 100; + balanceOf[holder] += reward; + distributed += reward; + Transfer(0, holder, reward); + } + + // balanceOf[owner] -= distributed; + totalSupply += distributed; + return distributed; + } + + /************************************************************************/ + + /************************************************************************/ + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_sample/CVE/2018-13072.sol b/data_sample/CVE/2018-13072.sol new file mode 100644 index 0000000000000000000000000000000000000000..c19de8631d989d6771d750c16943d4ba34c84956 --- /dev/null +++ b/data_sample/CVE/2018-13072.sol @@ -0,0 +1,168 @@ +/** + *Submitted for verification at Etherscan.io on 2017-08-16 +*/ + +pragma solidity ^0.4.2; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + revert(); // Prevents accidental sending of ether + } +} + +contract Coffeecoin is owned, token { + + uint public buyRate = 4000; // price of one token + bool public isSelling = true; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function Coffeecoin( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (frozenAccount[msg.sender]) revert(); // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); // Check if frozen + if (balanceOf[_from] < _value) revert(); // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); // Check for overflows + if (_value > allowance[_from][msg.sender]) revert(); // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setBuyRate(uint newBuyRate) onlyOwner { + buyRate = newBuyRate; + } + + function setSelling(bool newStatus) onlyOwner { + isSelling = newStatus; + } + + function buy() payable { + if(isSelling == false) revert(); + uint amount = msg.value * buyRate; // calculates the amount + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[owner] -= amount; // subtracts amount from seller's balance + Transfer(owner, msg.sender, amount); // execute an event reflecting the change + } + + function withdrawToOwner(uint256 amountWei) onlyOwner { + owner.transfer(amountWei); + } +} \ No newline at end of file diff --git a/data_sample/CVE/2018-13073.sol b/data_sample/CVE/2018-13073.sol new file mode 100644 index 0000000000000000000000000000000000000000..58a0f14c4c8521d28600d88e3d8dfd177b1da8aa --- /dev/null +++ b/data_sample/CVE/2018-13073.sol @@ -0,0 +1,175 @@ +/** + *Submitted for verification at Etherscan.io on 2017-10-30 +*/ + +//ERC20 Token +pragma solidity ^0.4.17; +contract owned { + address public owner; + + function owned() { + owner = msg.sender; + } + + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} + +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } + +contract token { + /* Public variables of the token */ + string public standard = "ETHEREUMBLACK"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + + /* This creates an array with all balances */ + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + /* This generates a public event on the blockchain that will notify clients */ + event Transfer(address indexed from, address indexed to, uint256 value); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; // Give the creator all initial tokens + totalSupply = initialSupply; // Update total supply + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + decimals = decimalUnits; // Amount of decimals for display purposes + } + + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + /* Allow another contract to spend some tokens in your behalf */ + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /* Approve and then communicate the approved contract in a single tx */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /* A contract attempts _ to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + /* This unnamed function is called whenever someone tries to send ether to it */ + function () { + throw; // Prevents accidental sending of ether + } +} + +contract ETHEREUMBLACK is owned, token { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping(address=>bool) public frozenAccount; + + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + uint256 public constant initialSupply = 200000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "ETHEREUMBLACK"; + string public tokenSymbol = "ETCBK"; + function ETHEREUMBLACK() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + /* Send coins */ + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (frozenAccount[msg.sender]) throw; // Check if frozen + balanceOf[msg.sender] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + Transfer(msg.sender, _to, _value); // Notify anyone listening that this transfer took place + } + + + /* A contract attempts to get the coins */ + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; // Check if frozen + if (balanceOf[_from] < _value) throw; // Check if the sender has enough + if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows + if (_value > allowance[_from][msg.sender]) throw; // Check allowance + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + + function buy() payable { + uint amount = msg.value / buyPrice; // calculates the amount + if (balanceOf[this] < amount) throw; // checks if it has enough to sell + balanceOf[msg.sender] += amount; // adds the amount to buyer's balance + balanceOf[this] -= amount; // subtracts amount from seller's balance + Transfer(this, msg.sender, amount); // execute an event reflecting the change + } + + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; // checks if the sender has enough to sell + balanceOf[this] += amount; // adds the amount to owner's balance + balanceOf[msg.sender] -= amount; // subtracts the amount from seller's balance + if (!msg.sender.send(amount * sellPrice)) { // sends ether to the seller. It's important + throw; // to do this last to avoid recursion attacks + } else { + Transfer(msg.sender, this, amount); // executes an event reflecting on the change + } + } +} \ No newline at end of file diff --git a/data_sample/CVE/2018-13074.sol b/data_sample/CVE/2018-13074.sol new file mode 100644 index 0000000000000000000000000000000000000000..e63dfe32e017992ccee13e3e1f05228a3564e8bb --- /dev/null +++ b/data_sample/CVE/2018-13074.sol @@ -0,0 +1,227 @@ +/** + *Submitted for verification at Etherscan.io on 2018-06-29 +*/ + +pragma solidity ^0.4.16; + +contract owned { + address public owner; + + function owned() public { + owner = msg.sender; + } + + modifier onlyOwner { + require(msg.sender == owner); + _; + } + + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} + +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } + +contract TokenERC20 { + // Public variables of the token + string public name; + string public symbol; + uint8 public decimals = 18; + // 18 decimals is the strongly suggested default, avoid changing it + uint256 public totalSupply; + uint256 initialSupply=5000000000; + string tokenName='FIB'; + string tokenSymbol='FIB'; + + // This creates an array with all balances + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + + // This generates a public event on the blockchain that will notify clients + event Transfer(address indexed from, address indexed to, uint256 value); + + // This notifies clients about the amount burnt + event Burn(address indexed from, uint256 value); + + /** + * Constrctor function + * + * Initializes contract with initial supply tokens to the creator of the contract + */ + function TokenERC20( + + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount + balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens + name = tokenName; // Set the name for display purposes + symbol = tokenSymbol; // Set the symbol for display purposes + } + + /** + * Internal transfer, only can be called by this contract + */ + function _transfer(address _from, address _to, uint _value) internal { + // Prevent transfer to 0x0 address. Use burn() instead + require(_to != 0x0); + // Check if the sender has enough + require(balanceOf[_from] >= _value); + // Check for overflows + require(balanceOf[_to] + _value > balanceOf[_to]); + // Save this for an assertion in the future + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + // Subtract from the sender + balanceOf[_from] -= _value; + // Add the same to the recipient + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + // Asserts are used to use static analysis to find bugs in your code. They should never fail + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + + /** + * Transfer tokens + * + * Send `_value` tokens to `_to` from your account + * + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + + /** + * Transfer tokens from other address + * + * Send `_value` tokens to `_to` in behalf of `_from` + * + * @param _from The address of the sender + * @param _to The address of the recipient + * @param _value the amount to send + */ + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); // Check allowance + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + + /** + * Set allowance for other address + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + */ + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + + /** + * Set allowance for other address and notify + * + * Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it + * + * @param _spender The address authorized to spend + * @param _value the max amount they can spend + * @param _extraData some extra information to send to the approved contract + */ + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + + /** + * Destroy tokens + * + * Remove `_value` tokens from the system irreversibly + * + * @param _value the amount of money to burn + */ + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); // Check if the sender has enough + balanceOf[msg.sender] -= _value; // Subtract from the sender + totalSupply -= _value; // Updates totalSupply + emit Burn(msg.sender, _value); + return true; + } + + /** + * Destroy tokens from other account + * + * Remove `_value` tokens from the system irreversibly on behalf of `_from`. + * + * @param _from the address of the sender + * @param _value the amount of money to burn + */ + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); // Check if the targeted balance is enough + require(_value <= allowance[_from][msg.sender]); // Check allowance + balanceOf[_from] -= _value; // Subtract from the targeted balance + allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance + totalSupply -= _value; // Update totalSupply + emit Burn(_from, _value); + return true; + } +} + +/******************************************/ +/* ADVANCED TOKEN STARTS HERE */ +/******************************************/ + +contract FIBToken is owned, TokenERC20 { + + uint256 public sellPrice; + uint256 public buyPrice; + + mapping (address => bool) public frozenAccount; + + /* This generates a public event on the blockchain that will notify clients */ + event FrozenFunds(address target, bool frozen); + + /* Initializes contract with initial supply tokens to the creator of the contract */ + function FIBToken( + + ) TokenERC20() public {} + + /* Internal transfer, only can be called by this contract */ + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); // Prevent transfer to 0x0 address. Use burn() instead + require (balanceOf[_from] >= _value); // Check if the sender has enough + require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows + require(!frozenAccount[_from]); // Check if sender is frozen + require(!frozenAccount[_to]); // Check if recipient is frozen + balanceOf[_from] -= _value; // Subtract from the sender + balanceOf[_to] += _value; // Add the same to the recipient + emit Transfer(_from, _to, _value); + } + + /// @notice Create `mintedAmount` tokens and send it to `target` + /// @param target Address to receive the tokens + /// @param mintedAmount the amount of tokens it will receive + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + + /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens + /// @param target Address to be frozen + /// @param freeze either to freeze it or not + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } + + +} \ No newline at end of file diff --git a/data_sample/CVE_clean/2018-13071.sol b/data_sample/CVE_clean/2018-13071.sol new file mode 100644 index 0000000000000000000000000000000000000000..1d178d1489be811639c7798fdd82f912d5b39e42 --- /dev/null +++ b/data_sample/CVE_clean/2018-13071.sol @@ -0,0 +1,171 @@ +pragma solidity ^0.4.17; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = "T10 1.0"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + mapping(address=>uint256) public indexes; + mapping(uint256=>address) public addresses; + uint256 public lastIndex = 0; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + addresses[1] = msg.sender; + indexes[msg.sender] = 1; + lastIndex = 1; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract CCindexToken is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping(address=>bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + uint256 public constant initialSupply = 40000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "CCindex10"; + string public tokenSymbol = "T10"; + function CCindexToken() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + if(_value > 0){ + if(balanceOf[msg.sender] == 0){ + addresses[indexes[msg.sender]] = addresses[lastIndex]; + indexes[addresses[lastIndex]] = indexes[msg.sender]; + indexes[msg.sender] = 0; + delete addresses[lastIndex]; + lastIndex--; + } + if(indexes[_to]==0){ + lastIndex++; + addresses[lastIndex] = _to; + indexes[_to] = lastIndex; + } + } + } + function getAddresses() constant returns (address[]){ + address[] memory addrs = new address[](lastIndex); + for(uint i = 0; i < lastIndex; i++){ + addrs[i] = addresses[i+1]; + } + return addrs; + } + function distributeTokens(uint startIndex,uint endIndex) onlyOwner returns (uint) { + uint distributed = 0; + require(startIndex < endIndex); + for(uint i = startIndex; i < lastIndex; i++){ + address holder = addresses[i+1]; + uint reward = balanceOf[holder] * 3 / 100; + balanceOf[holder] += reward; + distributed += reward; + Transfer(0, holder, reward); + } + totalSupply += distributed; + return distributed; + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_sample/CVE_clean/2018-13072.sol b/data_sample/CVE_clean/2018-13072.sol new file mode 100644 index 0000000000000000000000000000000000000000..ff7b130d7f01c9ab6043c4e8631631b715420648 --- /dev/null +++ b/data_sample/CVE_clean/2018-13072.sol @@ -0,0 +1,125 @@ +pragma solidity ^0.4.2; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) revert(); + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + revert(); + } +} +contract Coffeecoin is owned, token { + uint public buyRate = 4000; + bool public isSelling = true; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function Coffeecoin( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (frozenAccount[msg.sender]) revert(); + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) revert(); + if (balanceOf[_from] < _value) revert(); + if (balanceOf[_to] + _value < balanceOf[_to]) revert(); + if (_value > allowance[_from][msg.sender]) revert(); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + Transfer(0, owner, mintedAmount); + Transfer(owner, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setBuyRate(uint newBuyRate) onlyOwner { + buyRate = newBuyRate; + } + function setSelling(bool newStatus) onlyOwner { + isSelling = newStatus; + } + function buy() payable { + if(isSelling == false) revert(); + uint amount = msg.value * buyRate; + balanceOf[msg.sender] += amount; + balanceOf[owner] -= amount; + Transfer(owner, msg.sender, amount); + } + function withdrawToOwner(uint256 amountWei) onlyOwner { + owner.transfer(amountWei); + } +} \ No newline at end of file diff --git a/data_sample/CVE_clean/2018-13073.sol b/data_sample/CVE_clean/2018-13073.sol new file mode 100644 index 0000000000000000000000000000000000000000..ac44598280653683b67ddc21ce7fa762e1d94294 --- /dev/null +++ b/data_sample/CVE_clean/2018-13073.sol @@ -0,0 +1,131 @@ +pragma solidity ^0.4.17; +contract owned { + address public owner; + function owned() { + owner = msg.sender; + } + modifier onlyOwner { + if (msg.sender != owner) throw; + _; + } + function transferOwnership(address newOwner) onlyOwner { + owner = newOwner; + } +} +contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); } +contract token { + string public standard = "ETHEREUMBLACK"; + string public name; + string public symbol; + uint8 public decimals; + uint256 public totalSupply; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + function token( + uint256 initialSupply, + string tokenName, + uint8 decimalUnits, + string tokenSymbol + ) { + balanceOf[msg.sender] = initialSupply; + totalSupply = initialSupply; + name = tokenName; + symbol = tokenSymbol; + decimals = decimalUnits; + } + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function approve(address _spender, uint256 _value) + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function () { + throw; + } +} +contract ETHEREUMBLACK is owned, token { + uint256 public sellPrice; + uint256 public buyPrice; + mapping(address=>bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + uint256 public constant initialSupply = 200000000 * 10**18; + uint8 public constant decimalUnits = 18; + string public tokenName = "ETHEREUMBLACK"; + string public tokenSymbol = "ETCBK"; + function ETHEREUMBLACK() token (initialSupply, tokenName, decimalUnits, tokenSymbol) {} + function transfer(address _to, uint256 _value) { + if (balanceOf[msg.sender] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (frozenAccount[msg.sender]) throw; + balanceOf[msg.sender] -= _value; + balanceOf[_to] += _value; + Transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { + if (frozenAccount[_from]) throw; + if (balanceOf[_from] < _value) throw; + if (balanceOf[_to] + _value < balanceOf[_to]) throw; + if (_value > allowance[_from][msg.sender]) throw; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + allowance[_from][msg.sender] -= _value; + Transfer(_from, _to, _value); + return true; + } + function mintToken(address target, uint256 mintedAmount) onlyOwner { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + Transfer(0, this, mintedAmount); + Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner { + frozenAccount[target] = freeze; + FrozenFunds(target, freeze); + } + function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner { + sellPrice = newSellPrice; + buyPrice = newBuyPrice; + } + function buy() payable { + uint amount = msg.value / buyPrice; + if (balanceOf[this] < amount) throw; + balanceOf[msg.sender] += amount; + balanceOf[this] -= amount; + Transfer(this, msg.sender, amount); + } + function sell(uint256 amount) { + if (balanceOf[msg.sender] < amount ) throw; + balanceOf[this] += amount; + balanceOf[msg.sender] -= amount; + if (!msg.sender.send(amount * sellPrice)) { + throw; + } else { + Transfer(msg.sender, this, amount); + } + } +} \ No newline at end of file diff --git a/data_sample/CVE_clean/2018-13074.sol b/data_sample/CVE_clean/2018-13074.sol new file mode 100644 index 0000000000000000000000000000000000000000..871884f0efde6c1450b086a266c454ae3ea3b5ef --- /dev/null +++ b/data_sample/CVE_clean/2018-13074.sol @@ -0,0 +1,112 @@ +pragma solidity ^0.4.16; +contract owned { + address public owner; + function owned() public { + owner = msg.sender; + } + modifier onlyOwner { + require(msg.sender == owner); + _; + } + function transferOwnership(address newOwner) onlyOwner public { + owner = newOwner; + } +} +interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) external; } +contract TokenERC20 { + string public name; + string public symbol; + uint8 public decimals = 18; + uint256 public totalSupply; + uint256 initialSupply=5000000000; + string tokenName='FIB'; + string tokenSymbol='FIB'; + mapping (address => uint256) public balanceOf; + mapping (address => mapping (address => uint256)) public allowance; + event Transfer(address indexed from, address indexed to, uint256 value); + event Burn(address indexed from, uint256 value); + function TokenERC20( + ) public { + totalSupply = initialSupply * 10 ** uint256(decimals); + balanceOf[msg.sender] = totalSupply; + name = tokenName; + symbol = tokenSymbol; + } + function _transfer(address _from, address _to, uint _value) internal { + require(_to != 0x0); + require(balanceOf[_from] >= _value); + require(balanceOf[_to] + _value > balanceOf[_to]); + uint previousBalances = balanceOf[_from] + balanceOf[_to]; + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + assert(balanceOf[_from] + balanceOf[_to] == previousBalances); + } + function transfer(address _to, uint256 _value) public { + _transfer(msg.sender, _to, _value); + } + function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { + require(_value <= allowance[_from][msg.sender]); + allowance[_from][msg.sender] -= _value; + _transfer(_from, _to, _value); + return true; + } + function approve(address _spender, uint256 _value) public + returns (bool success) { + allowance[msg.sender][_spender] = _value; + return true; + } + function approveAndCall(address _spender, uint256 _value, bytes _extraData) + public + returns (bool success) { + tokenRecipient spender = tokenRecipient(_spender); + if (approve(_spender, _value)) { + spender.receiveApproval(msg.sender, _value, this, _extraData); + return true; + } + } + function burn(uint256 _value) public returns (bool success) { + require(balanceOf[msg.sender] >= _value); + balanceOf[msg.sender] -= _value; + totalSupply -= _value; + emit Burn(msg.sender, _value); + return true; + } + function burnFrom(address _from, uint256 _value) public returns (bool success) { + require(balanceOf[_from] >= _value); + require(_value <= allowance[_from][msg.sender]); + balanceOf[_from] -= _value; + allowance[_from][msg.sender] -= _value; + totalSupply -= _value; + emit Burn(_from, _value); + return true; + } +} +contract FIBToken is owned, TokenERC20 { + uint256 public sellPrice; + uint256 public buyPrice; + mapping (address => bool) public frozenAccount; + event FrozenFunds(address target, bool frozen); + function FIBToken( + ) TokenERC20() public {} + function _transfer(address _from, address _to, uint _value) internal { + require (_to != 0x0); + require (balanceOf[_from] >= _value); + require (balanceOf[_to] + _value >= balanceOf[_to]); + require(!frozenAccount[_from]); + require(!frozenAccount[_to]); + balanceOf[_from] -= _value; + balanceOf[_to] += _value; + emit Transfer(_from, _to, _value); + } + function mintToken(address target, uint256 mintedAmount) onlyOwner public { + balanceOf[target] += mintedAmount; + totalSupply += mintedAmount; + emit Transfer(0, this, mintedAmount); + emit Transfer(this, target, mintedAmount); + } + function freezeAccount(address target, bool freeze) onlyOwner public { + frozenAccount[target] = freeze; + emit FrozenFunds(target, freeze); + } +} \ No newline at end of file diff --git a/data_sample/CVE_label/CVE2description.json b/data_sample/CVE_label/CVE2description.json new file mode 100644 index 0000000000000000000000000000000000000000..e05f122c9ca459e427113bc1982b5236434710d1 --- /dev/null +++ b/data_sample/CVE_label/CVE2description.json @@ -0,0 +1,564 @@ +{ + "CVE-2023-41052": "Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.", + "CVE-2023-40015": "Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.", + "CVE-2023-40014": "OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.", + "CVE-2023-39363": "Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.", + "CVE-2023-34459": "OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for verification and the merkle tree that is processed includes a node with value 0 at depth 1 (just under the root). This could happen inadvertedly for balanced trees with 3 leaves or less, if the leaves are not hashed. This could happen deliberately if a malicious tree builder includes such a node in the tree. A contract is not vulnerable if it uses single-leaf proving (`verify`, `verifyCalldata`, `processProof`, or `processProofCalldata`), or if it uses multiproofs with a known tree that has hashed leaves. Standard merkle trees produced or validated with the @openzeppelin/merkle-tree library are safe. The problem has been patched in version 4.9.2. Some workarounds are available. For those using multiproofs: When constructing merkle trees hash the leaves and do not insert empty nodes in your trees. Using the @openzeppelin/merkle-tree package eliminates this issue. Do not accept user-provided merkle roots without reconstructing at least the first level of the tree. Verify the merkle tree structure by reconstructing it from the leaves.", + "CVE-2023-34449": "ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch.", + "CVE-2023-34234": "OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround.", + "CVE-2023-32675": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.", + "CVE-2023-32059": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.", + "CVE-2023-32058": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.", + "CVE-2023-31146": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.", + "CVE-2023-30837": "Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.", + "CVE-2023-30629": "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.", + "CVE-2023-30542": "OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would eventually execute without any calldata. The `ProposalCreated` event correctly represents what will eventually execute, but the proposal parameters as queried through `getActions` appear to respect the original intended calldata. This issue has been patched in 4.8.3. As a workaround, ensure that all proposals that pass through governance have equal length `signatures` and `calldatas` parameters.", + "CVE-2023-30541": "OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from calldata. The probability of an accidental clash is negligible, but one could be caused deliberately and could cause a reduction in availability. The issue has been fixed in version 4.8.3. As a workaround if a function appears to be inaccessible for this reason, it may be possible to craft the calldata such that ABI decoding does not fail at the proxy and the function is properly proxied through.", + "CVE-2023-26488": "OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2.", + "CVE-2023-23940": "OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1.", + "CVE-2022-46173": "Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between the transaction caches and the processing component. If the above-mentioned transaction was sent with more gas than required, the smart contract result (SCR transaction) that should have returned the leftover gas, would have been wrongly added to a cache that the processing unit did not consider. The node stopped notarizing metachain blocks. The fix was actually to extend the SCR transaction search in all other caches if it wasn't found in the correct (expected) sharded-cache. There are no known workarounds at this time. This issue has been patched in version 1.3.50.", + "CVE-2022-39384": "OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization.", + "CVE-2022-36061": "Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.", + "CVE-2022-35961": "OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a single `bytes` argument, and not the functions that take `r, v, s` or `r, vs` as separate arguments. The potentially affected contracts are those that implement signature reuse or replay protection by marking the signature itself as used rather than the signed message or a nonce included in it. A user may take a signature that has already been submitted, submit it again in a different form, and bypass this protection. The issue has been patched in 4.7.3.", + "CVE-2022-35916": "OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.", + "CVE-2022-35915": "OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.", + "CVE-2022-31198": "OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum.", + "CVE-2022-31172": "OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. `SignatureChecker.isValidSignatureNow` is not expected to revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected. The contracts that may be affected are those that use `SignatureChecker` to check the validity of a signature and handle invalid signatures in a way other than reverting. The issue was patched in version 4.7.1.", + "CVE-2022-31170": "OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1. The contracts that may be affected are those that use `ERC165Checker` to check for support for an interface and then handle the lack of support in a way other than reverting. The issue was patched in version 4.7.1.", + "CVE-2022-29255": "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.", + "CVE-2022-27134": "EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string memo` parameter.", + "CVE-2022-24845": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.", + "CVE-2022-24788": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.", + "CVE-2022-24787": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `\"\\x00\"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.", + "CVE-2021-41264": "OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301).", + "CVE-2021-41122": "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.", + "CVE-2021-41121": "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.", + "CVE-2021-39168": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.", + "CVE-2021-39167": "OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.", + "CVE-2021-34273": "A security flaw in the 'owned' function of a smart contract implementation for BTC2X (B2X), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets.", + "CVE-2021-34272": "A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets.", + "CVE-2021-34270": "An integer overflow in the mintToken function of a smart contract implementation for Doftcoin Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses.", + "CVE-2021-33403": "An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large accounts during a transaction.", + "CVE-2021-3006": "The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021.", + "CVE-2021-3004": "The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.", + "CVE-2020-35962": "The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.", + "CVE-2020-17753": "An issue was discovered in function addMeByRC in the smart contract implementation for RC, an Ethereum token, allows attackers to transfer an arbitrary amount of tokens to an arbitrary address.", + "CVE-2020-17752": "Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON).", + "CVE-2019-15080": "An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack.", + "CVE-2019-15079": "A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free.", + "CVE-2019-15078": "An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free.", + "CVE-2018-19834": "The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19833": "The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19832": "The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19831": "The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.", + "CVE-2018-19830": "The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity.", + "CVE-2018-18425": "The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency. (Increasing the total supply by using 'doAirdrop' ignores the hard cap written in the contract and devalues the token.)", + "CVE-2018-17987": "The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile.", + "CVE-2018-17968": "A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.", + "CVE-2018-17882": "An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.", + "CVE-2018-17877": "A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-17111": "The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect.", + "CVE-2018-17071": "The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-17050": "The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-15552": "The \"PayWinner\" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable \"maxTickets\" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-14715": "The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.", + "CVE-2018-14576": "The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.", + "CVE-2018-14089": "An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition.", + "CVE-2018-14088": "An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the \"amount * 1000000000000000\" will cause an integer overflow in withdrawToFounders().", + "CVE-2018-14087": "An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the \"msg.value * buyPrice\" will cause an integer overflow in the fallback function.", + "CVE-2018-14086": "An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the \"amount * sellPrice\" will cause an integer overflow in sell().", + "CVE-2018-14085": "An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit { uint public start; function sweep(address _token, uint _amount) returns (bool) { start = 0x123456789; return true;} }. Then, when one calls the function sweep() in the UserWallet contract, it will change the sweeperList to 0X123456789.", + "CVE-2018-14084": "An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the \"amount * sellPrice\" will cause an integer overflow in sell().", + "CVE-2018-14063": "The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow.", + "CVE-2018-14006": "An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14005": "An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14004": "An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14003": "An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14002": "An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-14001": "An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-13877": "The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land, users cannot buy lands near that contract's land, because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors.", + "CVE-2018-13836": "An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance.", + "CVE-2018-13783": "The mintToken function of a smart contract implementation for JiucaiToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13782": "The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13781": "The mintToken function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13780": "The mintToken function of a smart contract implementation for ESH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13779": "The mintToken function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13778": "The mintToken function of a smart contract implementation for CGCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13777": "The mintToken function of a smart contract implementation for RRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13776": "The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13775": "The mintToken function of a smart contract implementation for RCKT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13774": "The mintToken function of a smart contract implementation for Bitstarti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13773": "The mintToken function of a smart contract implementation for Enterprise Token Ecosystem (ETE) (Contract Name: NetkillerToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13772": "The mintToken function of a smart contract implementation for TheFlashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13771": "The mintToken function of a smart contract implementation for ExacoreContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13770": "The mintToken function of a smart contract implementation for UltimateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13769": "The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13768": "The mintToken function of a smart contract implementation for ZToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13767": "The mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13766": "The mintToken function of a smart contract implementation for Easticoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13765": "The mintToken function of a smart contract implementation for LandCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13764": "The mintToken function of a smart contract implementation for BiquToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13763": "The mintToken function of a smart contract implementation for Ublasti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13762": "The mintToken function of a smart contract implementation for Yumerium, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13761": "The mintToken function of a smart contract implementation for NetkillerAdvancedTokenAirDrop, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13760": "The mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13759": "The mintToken function of a smart contract implementation for BIGCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13758": "The mintToken function of a smart contract implementation for LoliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13757": "The mintToken function of a smart contract implementation for Coinquer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13756": "The mintToken function of a smart contract implementation for CherryCoinFoundation, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13755": "The mintToken function of a smart contract implementation for OTAKUToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13754": "The mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13753": "The mintToken function of a smart contract implementation for DeWeiSecurityServiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13752": "The mintToken function of a smart contract implementation for Thread, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13751": "The mintToken function of a smart contract implementation for JustWallet, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13750": "The mintToken function of a smart contract implementation for RichiumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13749": "The mintToken function of a smart contract implementation for FinalToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13748": "The mintToken function of a smart contract implementation for CarToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13747": "The mintToken function of a smart contract implementation for VanMinhCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13746": "The mintToken function of a smart contract implementation for kBit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13745": "The mintToken function of a smart contract implementation for STCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13744": "The mintToken function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13743": "The mintToken function of a smart contract implementation for SuperEnergy (SEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13742": "The mintToken function of a smart contract implementation for tickets (TKT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13741": "The mintToken function of a smart contract implementation for ABLGenesisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13740": "The mintToken function of a smart contract implementation for OneChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13739": "The mintToken function of a smart contract implementation for dopnetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13738": "The mintToken function of a smart contract implementation for PELOCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13737": "The mintToken function of a smart contract implementation for AnovaBace, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13736": "The mintToken function of a smart contract implementation for ELearningCoinERC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13735": "The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13734": "The mintToken function of a smart contract implementation for AZTToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13733": "The mintToken function of a smart contract implementation for ProjectJ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13732": "The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13731": "The mintToken function of a smart contract implementation for TokenMACHU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13730": "The mintToken function of a smart contract implementation for HEY, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13729": "The mintToken function of a smart contract implementation for JPMD100B, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13728": "The mintToken function of a smart contract implementation for JixoCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13727": "The mintToken function of a smart contract implementation for Eastcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13726": "The mintToken function of a smart contract implementation for ISeeVoiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13725": "The mintToken function of a smart contract implementation for GlobalSuperGameToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13724": "The mint function of a smart contract implementation for HYIPCrowdsale1, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13723": "The mintToken function of a smart contract implementation for SERVVIZIOToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13722": "The mint function of a smart contract implementation for HYIPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13721": "The mintToken function of a smart contract implementation for GoMineWorld, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13720": "The mintToken function of a smart contract implementation for Antoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13719": "The mintToken function of a smart contract implementation for BiteduToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13718": "The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13717": "The mintToken function of a smart contract implementation for HormitechToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13716": "The mintToken function of a smart contract implementation for sexhdsolo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13715": "The mintToken function of a smart contract implementation for BpsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13714": "The mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13713": "The mintToken function of a smart contract implementation for Tradesman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13712": "The mintToken function of a smart contract implementation for PMET, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13711": "The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13710": "The mintToken function of a smart contract implementation for Mjolnir, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13709": "The mintToken function of a smart contract implementation for Tube, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13708": "The mintToken function of a smart contract implementation for Order (ETH) (Contract Name: BuyToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13707": "The mintToken function of a smart contract implementation for YSS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13706": "The mintToken function of a smart contract implementation for IdeaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13705": "The mintToken function of a smart contract implementation for PMHToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13704": "The mintToken function of a smart contract implementation for eddToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13703": "The mintToken function of a smart contract implementation for CERB_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13702": "The mintToken function of a smart contract implementation for Essence, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13701": "The mintToken function of a smart contract implementation for KissMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13700": "The mintToken function of a smart contract implementation for IPMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13699": "The mintToken function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13698": "The mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13697": "The mintToken function of a smart contract implementation for RobotBTC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13696": "The mintToken function of a smart contract implementation for RedTicket, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13695": "The mint function of a smart contract implementation for CTest7, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13694": "The mintToken function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13693": "The mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13692": "The mintToken function of a smart contract implementation for MehdiTAZIToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13691": "The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13690": "The mintToken function of a smart contract implementation for Instacocoa, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13689": "The mintToken function of a smart contract implementation for CJXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13688": "The mintToken function of a smart contract implementation for MallToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13687": "The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13686": "The mintToken function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13685": "The mintToken function of a smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13684": "The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13683": "The mintToken function of a smart contract implementation for exsulcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13682": "The mintToken function of a smart contract implementation for ViteMoneyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13681": "The mintToken function of a smart contract implementation for SOSCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13680": "The mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13679": "The mintToken function of a smart contract implementation for ZPEcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13678": "The mintToken function of a smart contract implementation for Lottery, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13677": "The mintToken function of a smart contract implementation for Goochain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13676": "The mintToken function of a smart contract implementation for Orderbook Presale Token (OBP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13675": "The mintToken function of a smart contract implementation for YAMBYO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13674": "The mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13673": "The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13672": "The mintToken function of a smart contract implementation for OBTCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13671": "The mintToken function of a smart contract implementation for DinsteinCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13670": "The mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13669": "The mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13668": "The mintToken function of a smart contract implementation for BTPCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13667": "The mintToken function of a smart contract implementation for UTBTokenTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13666": "The mintToken function of a smart contract implementation for EristicaICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13665": "The mintToken function of a smart contract implementation for BCaaS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13664": "The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13663": "The mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13662": "The mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13661": "The mintToken function of a smart contract implementation for APP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13660": "The mint function of a smart contract implementation for BillionRewardsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13659": "The mintToken function of a smart contract implementation for BrianCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13658": "The mintToken function of a smart contract implementation for TheGoDgital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13657": "The mintToken function of a smart contract implementation for Rice, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13656": "The mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13655": "The mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13654": "The mintToken function of a smart contract implementation for ESTSToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13653": "The mintToken function of a smart contract implementation for ipshoots, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13652": "The mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13651": "The mintToken function of a smart contract implementation for MicoinNetworkToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13650": "The mintToken function of a smart contract implementation for BitmaxerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13649": "The mintToken function of a smart contract implementation for Deploy, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13648": "The mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13647": "The mintToken function of a smart contract implementation for TrueGoldCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13646": "The mintToken function of a smart contract implementation for Datiac, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13645": "The mintToken function of a smart contract implementation for Fiocoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13644": "The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13643": "The mintToken function of a smart contract implementation for GCRTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13642": "The mintToken function of a smart contract implementation for SECoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13641": "The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13640": "The mintToken function of a smart contract implementation for EthereumSmart, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13639": "The mintToken function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13638": "The mintToken function of a smart contract implementation for Bitpark, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13637": "The mintToken function of a smart contract implementation for CikkaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13636": "The mintToken function of a smart contract implementation for TurdCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13635": "The mintToken function of a smart contract implementation for HBCM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13634": "The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13633": "The mintToken function of a smart contract implementation for Martcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13632": "The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13631": "The mintToken function of a smart contract implementation for doccoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13630": "The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13629": "The mintToken function of a smart contract implementation for CrimsonShilling, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13628": "The mintToken function of a smart contract implementation for MomentumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13627": "The mintToken function of a smart contract implementation for MyOffer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13626": "The mintToken function of a smart contract implementation for SemainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13625": "The mintlvlToken function of a smart contract implementation for Krown, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13624": "The mintToken function of a smart contract implementation for WXSLToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13623": "The mintToken function of a smart contract implementation for AirdropperCryptics, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13622": "The mintToken function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13621": "The mintToken function of a smart contract implementation for SoundTribeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13620": "The mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13619": "The mintToken function of a smart contract implementation for MicoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13618": "The mintToken function of a smart contract implementation for VICETOKEN_ICO_IS_A_SCAM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13617": "The mintToken function of a smart contract implementation for CAPTOZ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13616": "The mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13615": "The mintToken function of a smart contract implementation for MJCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13614": "The mintToken function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13613": "The mintToken function of a smart contract implementation for CON0217, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13612": "The mintToken function of a smart contract implementation for Robincoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13611": "The mintToken function of a smart contract implementation for CDcurrency, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13610": "The mintToken function of a smart contract implementation for MedicayunLink, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13609": "The mintToken function of a smart contract implementation for CSAToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13608": "The mintToken function of a smart contract implementation for archercoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13607": "The mintToken function of a smart contract implementation for ResidualShare, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13606": "The mintToken function of a smart contract implementation for ARChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13605": "The mintToken function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13604": "The mintToken function of a smart contract implementation for wellieat, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13603": "The mintToken function of a smart contract implementation for Briant2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13602": "The mint function of a smart contract implementation for MiningToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13601": "The mintToken function of a smart contract implementation for GalacticX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13600": "The mintToken function of a smart contract implementation for AMToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13599": "The mintToken function of a smart contract implementation for ResidualValue, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13598": "The mintToken function of a smart contract implementation for SendMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13597": "The mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13596": "The mintToken function of a smart contract implementation for TESTAhihi, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13595": "The mintToken function of a smart contract implementation for BitStore, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13594": "The mintToken function of a smart contract implementation for CardFactory, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13593": "The mintToken function of a smart contract implementation for CardToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13592": "The mintToken function of a smart contract implementation for RajTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13591": "The mintToken function of a smart contract implementation for KAPcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13590": "The mintToken function of a smart contract implementation for SIPCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13589": "The mintToken function of a smart contract implementation for MooAdvToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13588": "The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13587": "The mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13586": "The mintToken function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13585": "The mintToken function of a smart contract implementation for CHERRYCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13584": "The mintToken function of a smart contract implementation for yasudem, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13583": "The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13582": "The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13581": "The mintToken function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13580": "The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13579": "The mintToken function of a smart contract implementation for ForeverCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13578": "The mintToken function of a smart contract implementation for GalaxyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13577": "The mintToken function of a smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13576": "The mintToken function of a smart contract implementation for Escut (ESCT) (Contract Name: JuntsPerCreixer), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13575": "The mintToken function of a smart contract implementation for YESToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13574": "The mintToken function of a smart contract implementation for DataShieldCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13573": "The mintToken function of a smart contract implementation for TripPay, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13572": "The mintToken function of a smart contract implementation for PGM_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13571": "The mintToken function of a smart contract implementation for GoramCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13570": "The mint function of a smart contract implementation for kkTestCoin1 (KTC1), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13569": "The mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13568": "The mintToken function of a smart contract implementation for MktCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13567": "The mintToken function of a smart contract implementation for SDR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13566": "The mintToken function of a smart contract implementation for RETNToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13565": "The mintToken function of a smart contract implementation for Co2Bit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13564": "The mintToken function of a smart contract implementation for GATcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13563": "The mintToken function of a smart contract implementation for UPayToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13562": "The mintToken function of a smart contract implementation for BMVCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13561": "The mintToken function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13560": "The mintToken function of a smart contract implementation for KelvinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13559": "The mintToken function of a smart contract implementation for UTCT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13558": "The mintToken function of a smart contract implementation for rhovit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13557": "The mintToken function of a smart contract implementation for Trabet_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13556": "The mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13555": "The mintToken function of a smart contract implementation for JaxBox, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13554": "The mintToken function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13553": "The mintToken function of a smart contract implementation for Micro BTC (MBTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13552": "The mintToken function of a smart contract implementation for Trabet_Coin_PreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13551": "The mintToken function of a smart contract implementation for Bgamecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13550": "The mintToken function of a smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13549": "The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13548": "The mintToken function of a smart contract implementation for Mimicoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13547": "The mintToken function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13546": "The mintToken function of a smart contract implementation for CCASH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13545": "The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13544": "The mintToken function of a smart contract implementation for Numisma, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13543": "The mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13542": "The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13541": "The mintToken function of a smart contract implementation for CryptoLeu, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13540": "The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13539": "The mintToken function of a smart contract implementation for Bcxss, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13538": "The mintToken function of a smart contract implementation for SIPCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13537": "The mintToken function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13536": "The mintToken function of a smart contract implementation for ERC20_ICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13535": "The mintToken function of a smart contract implementation for PACCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13534": "The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13533": "The mintToken function of a smart contract implementation for ALUXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13532": "The mintToken function of a smart contract implementation for Mindexcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13531": "The mintToken function of a smart contract implementation for MaxHouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13530": "The mintToken function of a smart contract implementation for HunterCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13529": "The mintToken function of a smart contract implementation for BetterThanAdrien, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13528": "The mintToken function of a smart contract implementation for DhaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13527": "The mintToken function of a smart contract implementation for ElevateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13526": "The mintToken function of a smart contract implementation for WangWangToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13525": "The mintToken function of a smart contract implementation for Flow, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13524": "The mintToken function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13523": "The mintToken function of a smart contract implementation for SmartPayment, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13522": "The mintToken function of a smart contract implementation for EXGROUP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13521": "The mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13520": "The mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13519": "The mint function of a smart contract implementation for DigitalCloudToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13518": "The mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13517": "The mintToken function of a smart contract implementation for C3 Token (C3), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13516": "The mintToken function of a smart contract implementation for Super Cool Awesome Money (SCAM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13515": "The mintToken function of a smart contract implementation for aman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13514": "The mintToken function of a smart contract implementation for esportz, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13513": "The mintToken function of a smart contract implementation for Ubiou, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13512": "The mintToken function of a smart contract implementation for SmartHomeCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13511": "The mintToken function of a smart contract implementation for CorelliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13510": "The mintToken function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13509": "The mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13508": "The mintToken function of a smart contract implementation for VITToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13507": "The mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13506": "The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13505": "The mintToken function of a smart contract implementation for ecogreenhouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13504": "The mintToken function of a smart contract implementation for MMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13503": "The mintToken function of a smart contract implementation for South Park Token Token (SPTKN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13502": "The mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13501": "The mintToken function of a smart contract implementation for HRWtoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13500": "The mintToken function of a smart contract implementation for MSXAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13499": "The mintToken function of a smart contract implementation for Crowdsale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13498": "The mintToken function of a smart contract implementation for KAPAYcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13497": "The mintToken function of a smart contract implementation for COBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13496": "The mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13495": "The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13494": "The mintToken function of a smart contract implementation for SusanTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13493": "The mintToken function of a smart contract implementation for DaddyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13492": "The mintToken function of a smart contract implementation for naga, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13491": "The mintToken function of a smart contract implementation for Carrot, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13490": "The mintToken function of a smart contract implementation for FILM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13489": "The mintToken function of a smart contract implementation for OllisCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13488": "The mintToken function of a smart contract implementation for Crypto Alley Shares (CAST), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13487": "The mintToken function of a smart contract implementation for PlatoToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13486": "The mintToken function of a smart contract implementation for HELP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13485": "The mintToken function of a smart contract implementation for BitcoinAgileToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13484": "The mintToken function of a smart contract implementation for CBRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13483": "The mintToken function of a smart contract implementation for mkethToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13482": "The mintToken function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13481": "The mintToken function of a smart contract implementation for TRIUM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13480": "The mintToken function of a smart contract implementation for QRG, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13479": "The mintToken function of a smart contract implementation for SlidebitsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13478": "The mintToken function of a smart contract implementation for DMPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13477": "The mintToken function of a smart contract implementation for CTESale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13476": "The mintToken function of a smart contract implementation for PhilCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13475": "The mintToken function of a smart contract implementation for VSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13474": "The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13473": "The mintToken function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13472": "The mint function of a smart contract implementation for CloutToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13471": "The mintToken function of a smart contract implementation for BeyondCashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13470": "The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13469": "The mintToken function of a smart contract implementation for IcoContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13468": "The mintToken function of a smart contract implementation for Cavecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13467": "The mintToken function of a smart contract implementation for EpiphanyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13466": "The mintToken function of a smart contract implementation for Crystals, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13465": "The mintToken function of a smart contract implementation for PaulyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13464": "The mintToken function of a smart contract implementation for t_swap, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13463": "The mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13462": "The mintToken function of a smart contract implementation for MoonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13328": "The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow.", + "CVE-2018-13327": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13326": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13325": "The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow.", + "CVE-2018-13233": "The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13232": "The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13231": "The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13230": "The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13229": "The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13228": "The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13227": "The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13226": "The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13225": "The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13224": "The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13223": "The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13222": "The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13221": "The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13220": "The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13219": "The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13218": "The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13217": "The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13216": "The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13215": "The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13214": "The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13213": "The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13212": "The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13211": "The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13210": "The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13209": "The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13208": "The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13207": "The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13206": "The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13205": "The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13204": "The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13203": "The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13202": "The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13201": "The sell function of a smart contract implementation for TiTok - Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13200": "The sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13199": "The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13198": "The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13197": "The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13196": "The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", + "CVE-2018-13195": "The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13194": "The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13193": "The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13192": "The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13191": "The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13190": "The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13189": "The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13188": "The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13187": "The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13186": "The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13185": "The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13184": "The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13183": "The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13182": "The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13181": "The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13180": "The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13179": "The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13178": "The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13177": "The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13176": "The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13175": "The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13174": "The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13173": "The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13172": "The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13171": "The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13170": "The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13169": "The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13168": "The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13167": "The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13166": "The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13165": "The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13164": "The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13163": "The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13162": "The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13161": "The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13160": "The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13159": "The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13158": "The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13157": "The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13156": "The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13155": "The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13146": "The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow.", + "CVE-2018-13145": "The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow.", + "CVE-2018-13144": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13132": "Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13131": "SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13130": "Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13129": "SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13128": "Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13127": "SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13126": "MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-13113": "** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.", + "CVE-2018-13092": "The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13091": "The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13090": "The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13089": "The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13088": "The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13087": "The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13086": "The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13085": "The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13084": "The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13083": "The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13082": "The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13081": "The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13080": "The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13079": "The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13078": "The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13077": "The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13076": "The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13075": "The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13074": "The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13073": "The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13072": "The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13071": "The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13070": "The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13069": "The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13068": "The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-13041": "The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", + "CVE-2018-12975": "The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages).", + "CVE-2018-12959": "The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).", + "CVE-2018-12885": "The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.", + "CVE-2018-12703": "The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the \"evilReflex\" issue. NOTE: a PeckShield disclosure states \"some researchers have independently discussed the mechanism of such vulnerability.\"", + "CVE-2018-12702": "The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the \"evilReflex\" issue. NOTE: a PeckShield disclosure states \"some researchers have independently discussed the mechanism of such vulnerability.\"", + "CVE-2018-12511": "In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily.", + "CVE-2018-12454": "The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-12230": "An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.", + "CVE-2018-12084": "The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12083": "The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12082": "The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12081": "The mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12080": "The mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12079": "The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12078": "The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue.", + "CVE-2018-12070": "The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12068": "The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12067": "The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12063": "The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12062": "The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-12056": "The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.", + "CVE-2018-12025": "The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in the first place. Suppose this function asks for the allowed value to be smaller than the input. Then, the attacker could easily ignore the allowance: after this condition, the `allowed[from][msg.sender] -= value;` would cause an underflow because the allowed part is smaller than the value. The attacker could transfer any amount of FuturXe tokens of any accounts to an appointed account (the `_to` address) because the allowed value is initialized to 0, and the attacker could bypass this restriction even without the victim's private key.", + "CVE-2018-11687": "An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the \"ownerUnderflow\" issue.", + "CVE-2018-11561": "An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets.", + "CVE-2018-11446": "The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the \"tradeTrap\" issue.", + "CVE-2018-11429": "ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-11411": "The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.", + "CVE-2018-11335": "GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.", + "CVE-2018-11329": "The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018.", + "CVE-2018-11239": "An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the \"burnOverflow\" issue.", + "CVE-2018-10973": "An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters.", + "CVE-2018-10944": "The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether.", + "CVE-2018-10769": "The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).", + "CVE-2018-10706": "An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the \"multiOverflow\" issue.", + "CVE-2018-10705": "The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances() denial of service attack.", + "CVE-2018-10666": "The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. A new owner can subsequently modify variables.", + "CVE-2018-10468": "The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the \"transferFlaw\" issue.", + "CVE-2018-10376": "An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the \"proxyOverflow\" issue.", + "CVE-2018-10299": "An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the \"batchOverflow\" issue.", + "CVE-2017-14457": "An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.", + "CVE-2017-14451": "An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability." +} \ No newline at end of file diff --git a/data_sample/CVE_label/CVE2label.json b/data_sample/CVE_label/CVE2label.json new file mode 100644 index 0000000000000000000000000000000000000000..ad74a711e69a139bad2258ece1d8d137853a6317 --- /dev/null +++ b/data_sample/CVE_label/CVE2label.json @@ -0,0 +1,21 @@ +{ + "CVE-2018-10299": "Integer Overflow", + "CVE-2018-10376": "Integer Overflow", + "CVE-2018-11335": "Integer Overflow", + "CVE-2018-13836": "Integer Overflow", + "CVE-2018-17882": "Integer Overflow", + "CVE-2018-10468": "Wrong Logic", + "CVE-2018-11411": "Wrong Logic", + "CVE-2018-12025": "Wrong Logic", + "CVE-2021-3004": "Wrong Logic", + "CVE-2018-15552": "Bad Randomness", + "CVE-2018-14715": "Bad Randomness", + "CVE-2018-17877": "Bad Randomness", + "CVE-2018-10666": "Access Control", + "CVE-2018-10705": "Access Control", + "CVE-2018-19830": "Access Control", + "CVE-2019-15078": "Typo Constructor", + "CVE-2019-15079": "Typo Constructor", + "CVE-2019-15080": "Typo Constructor", + "CVE-2018-18425": "Token Devalue" +} \ No newline at end of file diff --git a/data_sample/prompts.py b/data_sample/prompts.py new file mode 100644 index 0000000000000000000000000000000000000000..530209fea088d232e377c4e8741c1771446a52ec --- /dev/null +++ b/data_sample/prompts.py @@ -0,0 +1,91 @@ + +####### Basic Prompt ######## +topk_prompt1 = '''Output {topk} most severe vulnerabilities.\n''' +topk_prompt2 = '''If no vulnerability is detected, you should only output in this json format {"output_list": []}.\n''' + +####### Auditor Prompt ####### +auditor_prompt = '''You are a smart contract auditor, identify and explain severe vulnerabilities in the provided smart contract. Make sure that they are exploitable in real world and beneficial to attackers. Provide each identified vulnerability with intermediate reasoning and its associated function. Remember, you must provide the entire function code and do not use "...". Make your reasoning comprehensive and detailed. Smart contract code:\n\n''' +auditor_format_constrain = '''\nYou should only output in below json format: +{ + "output_list": [ + { + "function_name": "", + "code": "", + "vulnerability": "", + "reason": "" + }, + { + "function_name": "", + "code": "", + "vulnerability": "", + "reason": "" + } + ] +} +''' + +####### Critic Prompt ####### +critic_zero_shot_prompt = '''Below vulnerabilities and reasoning are likely contain mistakes. As a harsh vulnerability critic, your duty is to scrutinize the function and evaluate the correctness, severity and profitability of given vulnerabilities and associated reasoning with corresponding scores ranging from 0 (lowest) to 9 (highest). Your also need to provide criticism, which must include explanations for your scoring. Make your criticism comprehensive and detailed\n''' +critic_few_shot_prompt = '''Below vulnerabilities and reasoning are likely contain mistakes. As a harsh vulnerability critic, your duty is to scrutinize the function and evaluate the correctness, severity and profitability of given vulnerabilities and associated reasoning with corresponding scores ranging from 0 (lowest) to 9 (highest). Your also need to provide criticism, which must include explanations for your scoring. Make your criticism comprehensive and detailed. Below are three examples:\n +Input: +"function_name": "mintToken", +"code": "function mintToken(address target, uint256 mintedAmount) onlyOwner{ balances[target] += mintedAmount; totalSupply += mintedAmount; Transfer(0,owner,mintedAmount); Transfer(owner,target,mintedAmount); }", +"vulnerability": "Arbitrary Minting". +"reason" +Output: +"function_name": "mintToken", +"criticism": "The reasoning is correct. The owner of the contract can mint arbitrary tokens. This could lead to an arbitrary increase in the token supply, devaluing existing tokens. However, isn't inherently a vulnerability, but rather a design decision that might be questionable. The severity is moderate because it is based on the owner's intention. The profitability is low because an external attacker cannot profit from it.", +"correctness": 7, +"severity": 4, +"profitability": 0 + +Input: +"function_name": "transferFrom", +"code": "function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {require(_value <= allowance[_from][msg.sender]); allowance[_from][msg.sender] -= _value; transfer(_from, _to, _value); return true;}", +"vulnerability": "Unchecked Transfer", +"reason": "The transferFrom function does not check if the _to address is a valid address before transferring tokens. This allows an attacker to send tokens to an invalid address, resulting in a loss of tokens."" +Output: +"function_name": "transferFrom", +"vulnerability": "Unchecked Transfer", +"criticism": "The reasoning is correct that there is no address check in the transferFrom function. However, the severity and profitability of this vulnerability are very low, because it does not cause severe exploitation and an external attacker cannot profit from this vulnerability." +"correctness": 7, +"severity": 2, +"profitability": 0 + +Input: +"function_name": "approve", +"code": "function approve(address _spender, uint256 _value) returns (bool success) { if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } allowed[msg.sender][_spender] = _value; Approval(msg.sender, _spender, _value); return true; }", +"vulnerability": "Race condition (front-running)", +"reason": "The approve function is vulnerable to front-running because it does not require the spender to have a zero allowance before setting a new one. An attacker can call the approve function and then the transferFrom function before the original transaction is mined." +Output: +"function_name": "approve", +"criticism": "The statement is correct in pointing out that this function does not inherently reset the allowance. However, the function does include a check to ensure that if the allowance is non-zero, the new value must be zero (and vice versa). Therefore, the risk is not as serve as stated, and also not profitable.", +"correctness": 3, +"severity": 0, +"profitability": 0 +''' + +critic_format_constrain = '''\nYou should only output in below json format: +{ + "output_list": [ + { + "function_name": "", + "vulnerability": "", + "criticism": "", + "correctness": <0~9>, + "severity": <0~9>, + "profitability": <0~9>, + }, + { + "function_name": "", + "vulnerability": "", + "criticism": "", + "correctness": <0~9>, + "severity": <0~9>, + "profitability": <0~9>, + } + ] +} +''' + + diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000000000000000000000000000000000000..e24ed25386d8898bf17b8f6721946d83009e0eea --- /dev/null +++ b/requirements.txt @@ -0,0 +1,11 @@ +# This file may be used to create an environment using: +# $ conda create --name --file +# platform: win-64 +openai==1.11.1 +streamlit==1.31.0 +tqdm==4.66.1 +STqdm +# pyautogui +# python-xlib +streamlit_js_eval +gradio \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13071.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13071.json new file mode 100644 index 0000000000000000000000000000000000000000..824917554a6654066bbe990c085e2ed58d80b42b --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13071.json @@ -0,0 +1,23 @@ +[ + { + "function_name": "transfer", + "code": "function transfer(address _to, uint256 _value) { if (balanceOf[msg.sender] < _value) throw; if (balanceOf[_to] + _value < balanceOf[_to]) throw; if (frozenAccount[msg.sender]) throw; balanceOf[msg.sender] -= _value; balanceOf[_to] += _value; Transfer(msg.sender, _to, _value); if(_value > 0){ if(balanceOf[msg.sender] == 0){ addresses[indexes[msg.sender]] = addresses[lastIndex]; indexes[addresses[lastIndex]] = indexes[msg.sender]; indexes[msg.sender] = 0; delete addresses[lastIndex]; lastIndex--; } if(indexes[_to]==0){ lastIndex++; addresses[lastIndex] = _to; indexes[_to] = lastIndex; } } }", + "vulnerability": "Throw deprecated", + "reason": "The contract uses 'throw' to handle errors, which has been deprecated in favor of 'require', 'revert', and 'assert'. Using 'throw' consumes all available gas, which can lead to denial of service and makes the contract less secure and more expensive to use.", + "file_name": "2018-13071.sol" + }, + { + "function_name": "mintToken", + "code": "function mintToken(address target, uint256 mintedAmount) onlyOwner { balanceOf[target] += mintedAmount; totalSupply += mintedAmount; Transfer(0, this, mintedAmount); Transfer(this, target, mintedAmount); }", + "vulnerability": "Unchecked minting", + "reason": "The 'mintToken' function allows the contract owner to mint an arbitrary amount of tokens to any address without any checks or limits. This can lead to inflation and devaluation of the token, eroding trust in the token's value and potentially leading to financial loss for token holders.", + "file_name": "2018-13071.sol" + }, + { + "function_name": "distributeTokens", + "code": "function distributeTokens(uint startIndex,uint endIndex) onlyOwner returns (uint) { uint distributed = 0; require(startIndex < endIndex); for(uint i = startIndex; i < lastIndex; i++){ address holder = addresses[i+1]; uint reward = balanceOf[holder] * 3 / 100; balanceOf[holder] += reward; distributed += reward; Transfer(0, holder, reward); } totalSupply += distributed; return distributed; }", + "vulnerability": "Integer overflow", + "reason": "The calculation for 'reward' in 'distributeTokens' does not prevent integer overflow. If the balance of 'holder' is large enough, multiplying it by 3 and then dividing by 100 could overflow, resulting in incorrect, potentially small reward amounts. This can be exploited to disrupt the token distribution process.", + "file_name": "2018-13071.sol" + } +] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13072.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13072.json new file mode 100644 index 0000000000000000000000000000000000000000..524c030b1313f96d61dfe3223e978eac2d8a7846 --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13072.json @@ -0,0 +1,23 @@ +[ + { + "function_name": "mintToken", + "code": "function mintToken(address target, uint256 mintedAmount) onlyOwner { balanceOf[target] += mintedAmount; Transfer(0, owner, mintedAmount); Transfer(owner, target, mintedAmount); }", + "vulnerability": "Arbitrary minting", + "reason": "The 'mintToken' function allows the contract owner to mint an arbitrary amount of tokens to any address. This can lead to inflation, diluting the value of existing tokens.", + "file_name": "2018-13072.sol" + }, + { + "function_name": "buy", + "code": "function buy() payable { if(isSelling == false) revert(); uint amount = msg.value * buyRate; balanceOf[msg.sender] += amount; balanceOf[owner] -= amount; Transfer(owner, msg.sender, amount); }", + "vulnerability": "Unchecked token transfer", + "reason": "The 'buy' function calculates the amount of tokens to transfer based on the sent Ether and a fixed rate but does not check if the owner has enough tokens to sell, potentially leading to an underflow in the owner's balance.", + "file_name": "2018-13072.sol" + }, + { + "function_name": "transfer", + "code": "function transfer(address _to, uint256 _value) { if (balanceOf[msg.sender] < _value) revert(); if (balanceOf[_to] + _value < balanceOf[_to]) revert(); if (frozenAccount[msg.sender]) revert(); balanceOf[msg.sender] -= _value; balanceOf[_to] += _value; Transfer(msg.sender, _to, _value); }", + "vulnerability": "Reentrancy", + "reason": "Though not directly exploitable for reentrancy in this context as the function does not call an untrusted contract, the pattern of making state changes after calling an external contract (Transfer event in this case) could be risky if the code evolves or is reused without considering reentrancy attacks.", + "file_name": "2018-13072.sol" + } +] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13073.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13073.json new file mode 100644 index 0000000000000000000000000000000000000000..2c3802fcafcc0094d4e69c233839bd3c9f0bb1b1 --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13073.json @@ -0,0 +1,23 @@ +[ + { + "function_name": "transfer", + "code": "function transfer(address _to, uint256 _value) { if (balanceOf[msg.sender] < _value) throw; if (balanceOf[_to] + _value < balanceOf[_to]) throw; if (frozenAccount[msg.sender]) throw; balanceOf[msg.sender] -= _value; balanceOf[_to] += _value; Transfer(msg.sender, _to, _value); }", + "vulnerability": "reentrancy", + "reason": "This function directly modifies the state without considering the potential for a reentrant attack. A malicious contract could take advantage of the call to 'Transfer' event to re-enter and drain funds in an unexpected manner.", + "file_name": "2018-13073.sol" + }, + { + "function_name": "sell", + "code": "function sell(uint256 amount) { if (balanceOf[msg.sender] < amount ) throw; balanceOf[this] += amount; balanceOf[msg.sender] -= amount; if (!msg.sender.send(amount * sellPrice)) { throw; } else { Transfer(msg.sender, this, amount); } }", + "vulnerability": "DoS with (unexpected) revert", + "reason": "This function uses 'throw' for error handling, which will revert all state changes and consume all provided gas. An attacker can intentionally fail the 'send' function to cause the transaction to fail, leading to a denial of service.", + "file_name": "2018-13073.sol" + }, + { + "function_name": "transferFrom", + "code": "function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { if (frozenAccount[_from]) throw; if (balanceOf[_from] < _value) throw; if (balanceOf[_to] + _value < balanceOf[_to]) throw; if (_value > allowance[_from][msg.sender]) throw; balanceOf[_from] -= _value; balanceOf[_to] += _value; allowance[_from][msg.sender] -= _value; Transfer(_from, _to, _value); return true; }", + "vulnerability": "Integer overflow", + "reason": "The check 'if (balanceOf[_to] + _value < balanceOf[_to])' is intended to prevent overflow, but it could be bypassed or incorrectly trigger due to the arithmetic properties of unsigned integers in Solidity, leading to unintended behavior.", + "file_name": "2018-13073.sol" + } +] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13074.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13074.json new file mode 100644 index 0000000000000000000000000000000000000000..e726b43e56bf1e1ae12851fc7006b5eefd322b59 --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13074.json @@ -0,0 +1,23 @@ +[ + { + "function_name": "_transfer", + "code": "function _transfer(address _from, address _to, uint _value) internal { require(_to != 0x0); require(balanceOf[_from] >= _value); require(balanceOf[_to] + _value > balanceOf[_to]); uint previousBalances = balanceOf[_from] + balanceOf[_to]; balanceOf[_from] -= _value; balanceOf[_to] += _value; emit Transfer(_from, _to, _value); assert(balanceOf[_from] + balanceOf[_to] == previousBalances); }", + "vulnerability": "Integer Overflow and Underflow", + "reason": "The function does not properly validate the input values to prevent overflows and underflows. Although there is a check to ensure that the balance after transfer is greater than before, it does not protect against overflow in the addition operation. This could allow attackers to exploit the contract by manipulating balances.", + "file_name": "2018-13074.sol" + }, + { + "function_name": "mintToken", + "code": "function mintToken(address target, uint256 mintedAmount) onlyOwner public { balanceOf[target] += mintedAmount; totalSupply += mintedAmount; emit Transfer(0, this, mintedAmount); emit Transfer(this, target, mintedAmount); }", + "vulnerability": "Arbitrary Minting", + "reason": "This function allows the contract owner to mint an arbitrary amount of tokens to any account. There is no check on the amount being minted, potentially leading to inflation or devaluation of the token by creating tokens out of thin air and transferring them to any account, including the owner's.", + "file_name": "2018-13074.sol" + }, + { + "function_name": "burnFrom", + "code": "function burnFrom(address _from, uint256 _value) public returns (bool success) { require(balanceOf[_from] >= _value); require(_value <= allowance[_from][msg.sender]); balanceOf[_from] -= _value; allowance[_from][msg.sender] -= _value; totalSupply -= _value; emit Burn(_from, _value); return true; }", + "vulnerability": "Unchecked Burn Permissions", + "reason": "The function burns tokens from a user's account with the caller's permission but does not check if the caller is allowed to initiate the burn. This could potentially allow an attacker to burn tokens from another's account without explicit permission, reducing the victim's balance unfairly.", + "file_name": "2018-13074.sol" + } +] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13071.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13071.json new file mode 100644 index 0000000000000000000000000000000000000000..0637a088a01e8ddab3bf3fa98dbe804cbde1a0dc --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13071.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13072.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13072.json new file mode 100644 index 0000000000000000000000000000000000000000..0637a088a01e8ddab3bf3fa98dbe804cbde1a0dc --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13072.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13073.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13073.json new file mode 100644 index 0000000000000000000000000000000000000000..fc2cce48d64623f4f0d5afcac83057a27d605ec6 --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13073.json @@ -0,0 +1,35 @@ +[ + { + "function_name": "transfer", + "vulnerability": "reentrancy", + "criticism": "The criticism of reentrancy vulnerability in the 'transfer' function is misplaced. The function does not make an external call to an untrusted contract but merely emits an event. Reentrancy attacks are primarily a concern when a contract interacts with external contracts in a way that allows control to be handed over to an untrusted contract before all internal state changes are completed. Since the 'Transfer' event does not allow for external code execution, it does not pose a reentrancy risk. Therefore, the reasoning is incorrect, and the severity and profitability of this supposed vulnerability are overestimated.", + "correctness": 1, + "severity": 0, + "profitability": 0, + "reason": "This function directly modifies the state without considering the potential for a reentrant attack. A malicious contract could take advantage of the call to 'Transfer' event to re-enter and drain funds in an unexpected manner.", + "code": "function transfer(address _to, uint256 _value) { if (balanceOf[msg.sender] < _value) throw; if (balanceOf[_to] + _value < balanceOf[_to]) throw; if (frozenAccount[msg.sender]) throw; balanceOf[msg.sender] -= _value; balanceOf[_to] += _value; Transfer(msg.sender, _to, _value); }", + "file_name": "2018-13073.sol" + }, + { + "function_name": "sell", + "vulnerability": "DoS with (unexpected) revert", + "criticism": "The reasoning correctly identifies a potential denial of service (DoS) vulnerability due to the use of 'throw' for error handling in the 'sell' function. Using 'throw' reverts all state changes and consumes all gas when a transaction fails, which can indeed be exploited by an attacker to cause a DoS by intentionally failing the 'send' operation. However, the criticism should also note that modern Solidity practices recommend using 'require' for error handling to avoid such issues. The severity is moderate because it can disrupt the contract's functionality, but the profitability is low as it does not directly result in financial gain for the attacker.", + "correctness": 7, + "severity": 5, + "profitability": 1, + "reason": "This function uses 'throw' for error handling, which will revert all state changes and consume all provided gas. An attacker can intentionally fail the 'send' function to cause the transaction to fail, leading to a denial of service.", + "code": "function sell(uint256 amount) { if (balanceOf[msg.sender] < amount ) throw; balanceOf[this] += amount; balanceOf[msg.sender] -= amount; if (!msg.sender.send(amount * sellPrice)) { throw; } else { Transfer(msg.sender, this, amount); } }", + "file_name": "2018-13073.sol" + }, + { + "function_name": "transferFrom", + "vulnerability": "Integer overflow", + "criticism": "The criticism regarding the integer overflow vulnerability due to the check 'if (balanceOf[_to] + _value < balanceOf[_to])' is partially correct. This check is indeed intended to prevent overflow, and while Solidity's unsigned integers are prone to overflow, the condition described is actually a safeguard against it. The reasoning seems to misunderstand the nature of the check, which is correctly implemented to catch overflows. However, the overall concern for integer overflow is valid in the context of Solidity contracts. The correctness of identifying an overflow risk is appreciated, but the specific criticism of the check is misplaced. The severity of potential overflow issues is high due to the unpredictable behavior they can cause, but the profitability depends on the specific context and whether an attacker can exploit such a vulnerability for gain.", + "correctness": 5, + "severity": 7, + "profitability": 4, + "reason": "The check 'if (balanceOf[_to] + _value < balanceOf[_to])' is intended to prevent overflow, but it could be bypassed or incorrectly trigger due to the arithmetic properties of unsigned integers in Solidity, leading to unintended behavior.", + "code": "function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { if (frozenAccount[_from]) throw; if (balanceOf[_from] < _value) throw; if (balanceOf[_to] + _value < balanceOf[_to]) throw; if (_value > allowance[_from][msg.sender]) throw; balanceOf[_from] -= _value; balanceOf[_to] += _value; allowance[_from][msg.sender] -= _value; Transfer(_from, _to, _value); return true; }", + "file_name": "2018-13073.sol" + } +] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13074.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13074.json new file mode 100644 index 0000000000000000000000000000000000000000..de2f619e73a58d169947c00051d53e7195d586c9 --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13074.json @@ -0,0 +1,35 @@ +[ + { + "function_name": "_transfer", + "vulnerability": "Integer Overflow and Underflow", + "criticism": "The criticism of the function not validating input values to prevent overflows and underflows is partially correct. The function does include checks to ensure that the balance is sufficient and that the transfer does not result in an overflow for the recipient's balance. However, the specific mention of overflow in the addition operation is misleading because the 'require' statement that checks if the recipient's new balance is greater than the old balance indirectly prevents overflow. Solidity's 'require' statements are effective in preventing such vulnerabilities if correctly implemented. The severity is overestimated because the function's checks mitigate the risk of overflow and underflow to a significant extent. The profitability of exploiting such a vulnerability, if it existed, would be high, but given the safeguards in place, the actual risk is low.", + "correctness": 5, + "severity": 3, + "profitability": 2, + "reason": "The function does not properly validate the input values to prevent overflows and underflows. Although there is a check to ensure that the balance after transfer is greater than before, it does not protect against overflow in the addition operation. This could allow attackers to exploit the contract by manipulating balances.", + "code": "function _transfer(address _from, address _to, uint _value) internal { require(_to != 0x0); require(balanceOf[_from] >= _value); require(balanceOf[_to] + _value > balanceOf[_to]); uint previousBalances = balanceOf[_from] + balanceOf[_to]; balanceOf[_from] -= _value; balanceOf[_to] += _value; emit Transfer(_from, _to, _value); assert(balanceOf[_from] + balanceOf[_to] == previousBalances); }", + "file_name": "2018-13074.sol" + }, + { + "function_name": "mintToken", + "vulnerability": "Arbitrary Minting", + "criticism": "The criticism is valid in highlighting the potential for arbitrary minting by the contract owner, which could indeed lead to inflation or devaluation of the token. This design choice places a significant amount of trust in the contract owner and could be seen as a vulnerability if the intention was to create a decentralized system. However, the severity of this issue depends largely on the governance model of the contract and whether such control by the owner is within the expected use case. The profitability for the owner could be high if the minted tokens are sold or used to manipulate the market, but this does not constitute a vulnerability in the traditional sense where an external attacker benefits. Therefore, the profitability score is adjusted to reflect this.", + "correctness": 8, + "severity": 6, + "profitability": 3, + "reason": "This function allows the contract owner to mint an arbitrary amount of tokens to any account. There is no check on the amount being minted, potentially leading to inflation or devaluation of the token by creating tokens out of thin air and transferring them to any account, including the owner's.", + "code": "function mintToken(address target, uint256 mintedAmount) onlyOwner public { balanceOf[target] += mintedAmount; totalSupply += mintedAmount; emit Transfer(0, this, mintedAmount); emit Transfer(this, target, mintedAmount); }", + "file_name": "2018-13074.sol" + }, + { + "function_name": "burnFrom", + "vulnerability": "Unchecked Burn Permissions", + "criticism": "The reasoning provided is incorrect. The function does check if the caller is allowed to initiate the burn through the 'require' statement that ensures the value to be burned is less than or equal to the allowance the '_from' account has given to the caller. This mechanism is designed to prevent unauthorized burning of tokens. The criticism fails to recognize the role of allowances in ERC-20 token contracts, which are a standard way to manage permissions for token operations like burning. Therefore, the identified 'vulnerability' is not a vulnerability but rather a misunderstanding of how ERC-20 token allowances work. The severity and profitability of exploiting such a non-existent vulnerability are both non-applicable.", + "correctness": 1, + "severity": 0, + "profitability": 0, + "reason": "The function burns tokens from a user's account with the caller's permission but does not check if the caller is allowed to initiate the burn. This could potentially allow an attacker to burn tokens from another's account without explicit permission, reducing the victim's balance unfairly.", + "code": "function burnFrom(address _from, uint256 _value) public returns (bool success) { require(balanceOf[_from] >= _value); require(_value <= allowance[_from][msg.sender]); balanceOf[_from] -= _value; allowance[_from][msg.sender] -= _value; totalSupply -= _value; emit Burn(_from, _value); return true; }", + "file_name": "2018-13074.sol" + } +] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13071.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13071.json new file mode 100644 index 0000000000000000000000000000000000000000..0637a088a01e8ddab3bf3fa98dbe804cbde1a0dc --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13071.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13072.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13072.json new file mode 100644 index 0000000000000000000000000000000000000000..0637a088a01e8ddab3bf3fa98dbe804cbde1a0dc --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13072.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13073.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13073.json new file mode 100644 index 0000000000000000000000000000000000000000..6dfa6dc56c35556582043e3207f107f0f3b68cbf --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13073.json @@ -0,0 +1,38 @@ +[ + { + "function_name": "transferFrom", + "vulnerability": "Integer overflow", + "criticism": "The criticism regarding the integer overflow vulnerability due to the check 'if (balanceOf[_to] + _value < balanceOf[_to])' is partially correct. This check is indeed intended to prevent overflow, and while Solidity's unsigned integers are prone to overflow, the condition described is actually a safeguard against it. The reasoning seems to misunderstand the nature of the check, which is correctly implemented to catch overflows. However, the overall concern for integer overflow is valid in the context of Solidity contracts. The correctness of identifying an overflow risk is appreciated, but the specific criticism of the check is misplaced. The severity of potential overflow issues is high due to the unpredictable behavior they can cause, but the profitability depends on the specific context and whether an attacker can exploit such a vulnerability for gain.", + "correctness": 5, + "severity": 7, + "profitability": 4, + "reason": "The check 'if (balanceOf[_to] + _value < balanceOf[_to])' is intended to prevent overflow, but it could be bypassed or incorrectly trigger due to the arithmetic properties of unsigned integers in Solidity, leading to unintended behavior.", + "code": "function transferFrom(address _from, address _to, uint256 _value) returns (bool success) { if (frozenAccount[_from]) throw; if (balanceOf[_from] < _value) throw; if (balanceOf[_to] + _value < balanceOf[_to]) throw; if (_value > allowance[_from][msg.sender]) throw; balanceOf[_from] -= _value; balanceOf[_to] += _value; allowance[_from][msg.sender] -= _value; Transfer(_from, _to, _value); return true; }", + "file_name": "2018-13073.sol", + "final_score": 5.25 + }, + { + "function_name": "sell", + "vulnerability": "DoS with (unexpected) revert", + "criticism": "The reasoning correctly identifies a potential denial of service (DoS) vulnerability due to the use of 'throw' for error handling in the 'sell' function. Using 'throw' reverts all state changes and consumes all gas when a transaction fails, which can indeed be exploited by an attacker to cause a DoS by intentionally failing the 'send' operation. However, the criticism should also note that modern Solidity practices recommend using 'require' for error handling to avoid such issues. The severity is moderate because it can disrupt the contract's functionality, but the profitability is low as it does not directly result in financial gain for the attacker.", + "correctness": 7, + "severity": 5, + "profitability": 1, + "reason": "This function uses 'throw' for error handling, which will revert all state changes and consume all provided gas. An attacker can intentionally fail the 'send' function to cause the transaction to fail, leading to a denial of service.", + "code": "function sell(uint256 amount) { if (balanceOf[msg.sender] < amount ) throw; balanceOf[this] += amount; balanceOf[msg.sender] -= amount; if (!msg.sender.send(amount * sellPrice)) { throw; } else { Transfer(msg.sender, this, amount); } }", + "file_name": "2018-13073.sol", + "final_score": 5.0 + }, + { + "function_name": "transfer", + "vulnerability": "reentrancy", + "criticism": "The criticism of reentrancy vulnerability in the 'transfer' function is misplaced. The function does not make an external call to an untrusted contract but merely emits an event. Reentrancy attacks are primarily a concern when a contract interacts with external contracts in a way that allows control to be handed over to an untrusted contract before all internal state changes are completed. Since the 'Transfer' event does not allow for external code execution, it does not pose a reentrancy risk. Therefore, the reasoning is incorrect, and the severity and profitability of this supposed vulnerability are overestimated.", + "correctness": 1, + "severity": 0, + "profitability": 0, + "reason": "This function directly modifies the state without considering the potential for a reentrant attack. A malicious contract could take advantage of the call to 'Transfer' event to re-enter and drain funds in an unexpected manner.", + "code": "function transfer(address _to, uint256 _value) { if (balanceOf[msg.sender] < _value) throw; if (balanceOf[_to] + _value < balanceOf[_to]) throw; if (frozenAccount[msg.sender]) throw; balanceOf[msg.sender] -= _value; balanceOf[_to] += _value; Transfer(msg.sender, _to, _value); }", + "file_name": "2018-13073.sol", + "final_score": 0.5 + } +] \ No newline at end of file diff --git a/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13074.json b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13074.json new file mode 100644 index 0000000000000000000000000000000000000000..f2aecd76f921f8e843bef671e44de5ac39cefeb8 --- /dev/null +++ b/results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13074.json @@ -0,0 +1,38 @@ +[ + { + "function_name": "mintToken", + "vulnerability": "Arbitrary Minting", + "criticism": "The criticism is valid in highlighting the potential for arbitrary minting by the contract owner, which could indeed lead to inflation or devaluation of the token. This design choice places a significant amount of trust in the contract owner and could be seen as a vulnerability if the intention was to create a decentralized system. However, the severity of this issue depends largely on the governance model of the contract and whether such control by the owner is within the expected use case. The profitability for the owner could be high if the minted tokens are sold or used to manipulate the market, but this does not constitute a vulnerability in the traditional sense where an external attacker benefits. Therefore, the profitability score is adjusted to reflect this.", + "correctness": 8, + "severity": 6, + "profitability": 3, + "reason": "This function allows the contract owner to mint an arbitrary amount of tokens to any account. There is no check on the amount being minted, potentially leading to inflation or devaluation of the token by creating tokens out of thin air and transferring them to any account, including the owner's.", + "code": "function mintToken(address target, uint256 mintedAmount) onlyOwner public { balanceOf[target] += mintedAmount; totalSupply += mintedAmount; emit Transfer(0, this, mintedAmount); emit Transfer(this, target, mintedAmount); }", + "file_name": "2018-13074.sol", + "final_score": 6.25 + }, + { + "function_name": "_transfer", + "vulnerability": "Integer Overflow and Underflow", + "criticism": "The criticism of the function not validating input values to prevent overflows and underflows is partially correct. The function does include checks to ensure that the balance is sufficient and that the transfer does not result in an overflow for the recipient's balance. However, the specific mention of overflow in the addition operation is misleading because the 'require' statement that checks if the recipient's new balance is greater than the old balance indirectly prevents overflow. Solidity's 'require' statements are effective in preventing such vulnerabilities if correctly implemented. The severity is overestimated because the function's checks mitigate the risk of overflow and underflow to a significant extent. The profitability of exploiting such a vulnerability, if it existed, would be high, but given the safeguards in place, the actual risk is low.", + "correctness": 5, + "severity": 3, + "profitability": 2, + "reason": "The function does not properly validate the input values to prevent overflows and underflows. Although there is a check to ensure that the balance after transfer is greater than before, it does not protect against overflow in the addition operation. This could allow attackers to exploit the contract by manipulating balances.", + "code": "function _transfer(address _from, address _to, uint _value) internal { require(_to != 0x0); require(balanceOf[_from] >= _value); require(balanceOf[_to] + _value > balanceOf[_to]); uint previousBalances = balanceOf[_from] + balanceOf[_to]; balanceOf[_from] -= _value; balanceOf[_to] += _value; emit Transfer(_from, _to, _value); assert(balanceOf[_from] + balanceOf[_to] == previousBalances); }", + "file_name": "2018-13074.sol", + "final_score": 3.75 + }, + { + "function_name": "burnFrom", + "vulnerability": "Unchecked Burn Permissions", + "criticism": "The reasoning provided is incorrect. The function does check if the caller is allowed to initiate the burn through the 'require' statement that ensures the value to be burned is less than or equal to the allowance the '_from' account has given to the caller. This mechanism is designed to prevent unauthorized burning of tokens. The criticism fails to recognize the role of allowances in ERC-20 token contracts, which are a standard way to manage permissions for token operations like burning. Therefore, the identified 'vulnerability' is not a vulnerability but rather a misunderstanding of how ERC-20 token allowances work. The severity and profitability of exploiting such a non-existent vulnerability are both non-applicable.", + "correctness": 1, + "severity": 0, + "profitability": 0, + "reason": "The function burns tokens from a user's account with the caller's permission but does not check if the caller is allowed to initiate the burn. This could potentially allow an attacker to burn tokens from another's account without explicit permission, reducing the victim's balance unfairly.", + "code": "function burnFrom(address _from, uint256 _value) public returns (bool success) { require(balanceOf[_from] >= _value); require(_value <= allowance[_from][msg.sender]); balanceOf[_from] -= _value; allowance[_from][msg.sender] -= _value; totalSupply -= _value; emit Burn(_from, _value); return true; }", + "file_name": "2018-13074.sol", + "final_score": 0.5 + } +] \ No newline at end of file diff --git a/src/.DS_Store b/src/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..eedc6cc7ac25ee24bfff16fe268ff8db4098b73f Binary files /dev/null and b/src/.DS_Store differ diff --git a/src/UI.py b/src/UI.py new file mode 100644 index 0000000000000000000000000000000000000000..9c3f543c28df819fde9ac8950e40a490d1c55066 --- /dev/null +++ b/src/UI.py @@ -0,0 +1,319 @@ +import streamlit as st +import os +import zipfile +import run_auditor_user_defined +import run_critic_user_defined +import run_rank +import shutil +import time +import pre_process +from utils import dotdict, clean_folder +from streamlit_js_eval import streamlit_js_eval + +os.environ['DISPLAY'] = ':0' + +# Store the initial value of widgets in session state +if "visibility" not in st.session_state: + st.session_state.visibility = "visible" + st.session_state.disabled = False + +if "start_critic" not in st.session_state: + st.session_state.start_critic = False + +if "start_auditor" not in st.session_state: + st.session_state.start_auditor = False + +if "start_ranking" not in st.session_state: + st.session_state.start_ranking = False + +if "section_active_auditor" not in st.session_state: + st.session_state.section_active_auditor = True + +if "section_active_critic" not in st.session_state: + st.session_state.section_active_critic = False + +if "section_active_ranking" not in st.session_state: + st.session_state.section_active_ranking = False + +if "args" not in st.session_state: + st.session_state.args = None + +if "args_c" not in st.session_state: + st.session_state.args_c = None + +if "args_r" not in st.session_state: + st.session_state.args_r = None + +def start_auditor(): + st.session_state.start_auditor = True +def end_auditor(): + st.session_state.start_auditor = False + +def start_critic(): + st.session_state.start_critic = True +def end_critic(): + st.session_state.start_critic = False + +def start_ranking(): + st.session_state.start_ranking = True +def end_ranking(): + st.session_state.start_ranking = False + + + +with st.sidebar: + openai_api_key = st.text_input("OpenAI API Key", key="chatbot_api_key", type="password") + "[Get an OpenAI API key](https://platform.openai.com/account/api-keys)" + "[View the source code](https://github.com/sciencepal/GPTLens/blob/aditya-test/src/UI.py)" + "[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/sciencepal/GPTLens?quickstart=1)" + st.divider() + if st.button("Reset App"): + st.session_state.section_active_critic = False + st.session_state.section_active_ranking = False + end_critic() + end_ranking() + # streamlit_js_eval(js_expressions="parent.window.location.reload()") + + +st.title("💬 GPTLens") +st.caption("🚀 Smart Contract Vulnerability Detection powered by OpenAI LLM") + +if not openai_api_key: + st.warning("Please add your OpenAI API key to continue.") + st.stop() +else: + os.environ["OPENAI_API_KEY"] = openai_api_key + + +if st.session_state.section_active_auditor: + + st.header("Auditor Step", divider=True) + st.divider() + + col1, col2 = st.columns(2) + + with col1: + model = st.radio( + "Set the GPT model 👉", + key="model", + options=["gpt-3.5-turbo", "gpt-4", "gpt-4-turbo-preview"], + index=2 + ) + + uploaded_files = st.file_uploader('Upload smart contract files', accept_multiple_files=True, type=['sol']) + + with col2: + topk = st.number_input( + "Set the topk auditor responses 👉", + key="topk", + min_value=1, + max_value=10, + value=3, + format="%d" + ) + + temperature = st.number_input( + "Set the temperature 👉", + key="temperature", + min_value=0.0, + max_value=1.0, + value=0.7, + format="%f" + ) + + num_auditors = st.number_input( + "Set the num auditors 👉", + key="num_auditors", + min_value=1, + max_value=10, + value=1, + format="%d" + ) + + uploaded_prompt = st.file_uploader('Upload prompt file (optional)', accept_multiple_files=False, type=['py']) + + + audit_button = st.button("Start Auditor", key="auditor", on_click=start_auditor) + + if audit_button and st.session_state.start_auditor: + if uploaded_files: + os.environ["OPENAI_API_KEY"] = openai_api_key + args_dict = { + 'backend': model, + 'temperature': temperature, + 'data_dir': "data/CVE_clean", + 'topk': topk, + 'num_auditor': num_auditors, + 'openai_api_key': openai_api_key + } + args = dotdict(args_dict) + st.session_state.args = args + if os.path.exists("data/CVE"): + clean_folder("data/CVE") + if os.path.exists("data/CVE_clean"): + clean_folder("data/CVE_clean") + if os.path.exists(f"src/logs/auditor_{args.backend}_{args.temperature}_top{args.topk}_{args.num_auditor}"): + clean_folder(f"src/logs/auditor_{args.backend}_{args.temperature}_top{args.topk}_{args.num_auditor}") + for uploaded_file in uploaded_files: + name = uploaded_file.name + bytes_data = uploaded_file.read() + with open(f"data/CVE/{name}", "wb") as f: + f.write(bytes_data) + pre_process.mainfnc(args.data_dir) + if uploaded_prompt: + bytes_data = uploaded_prompt.read() + with open(f"src/prompt.py", "wb") as f: + f.write(bytes_data) + st.write("Starting auditor code!") + run_auditor_user_defined.mainfnc(args) + st.write(f"Audit files processed successfully to folder ./src/logs/auditor_{args.backend}_{args.temperature}_top{args.topk}_{args.num_auditor}!") + end_auditor() + time.sleep(2) + # st.session_state.section_active_auditor = False + st.session_state.section_active_critic= True + uploaded_file = False + else: + st.warning("Please upload data zip.") + st.stop() + # else: + # st.stop() + + + +if st.session_state.section_active_critic: + + st.header("Critic Step", divider=True) + st.divider() + + col1, col2 = st.columns(2) + + args = st.session_state.args + + with col1: + model_c = st.radio( + "Set the GPT model 👉", + key="model_c", + options=["gpt-3.5-turbo", "gpt-4", "gpt-4-turbo-preview"], + index=2 + ) + + auditor_dir_c = st.text_input( + "Auditor Directory location", + value=f"auditor_{args.backend}_{args.temperature}_top{args.topk}_{args.num_auditor}" + ) + + with col2: + + temperature_c = st.number_input( + "Set the temperature 👉", + key="temperature_c", + min_value=0.0, + max_value=1.0, + value=0.0, + format="%f" + ) + + num_critic_c = st.number_input( + "Set the num critics 👉", + key="num_critic_c", + min_value=1, + max_value=10, + value=1, + format="%d" + ) + + shot_c = st.radio( + "Set the num shots (few/one) 👉", + key="shot_c", + options=["one", "few"], + index=1 + ) + + os.environ["OPENAI_API_KEY"] = openai_api_key + + + critic_button = st.button("Start Critics", key="critic", on_click=start_critic) + + if critic_button and st.session_state.start_critic: + args_c_dict = { + 'backend': model_c, + 'temperature': temperature_c, + 'dataset': "CVE", + 'auditor_dir': auditor_dir_c, + 'num_critic': num_critic_c, + 'shot': shot_c, + 'openai_api_key': openai_api_key + } + args_c = dotdict(args_c_dict) + st.session_state.args_c = args_c + st.write("Starting critic code!") + run_critic_user_defined.mainfnc(args_c) + st.write(f"Critic files processed successfully to folder ./src/logs/{args_c.auditor_dir}/critic_{args_c.backend}_{args_c.temperature}_{args_c.num_critic}_{args_c.shot}!") + end_critic() + time.sleep(2) + # st.session_state.section_active_critic = False + st.session_state.section_active_ranking = True + # else: + # st.stop() + + + +if st.session_state.section_active_ranking: + st.header("Ranking Step", divider=True) + st.divider() + + col1, col2 = st.columns(2) + + args = st.session_state.args + args_c = st.session_state.args_c + + with col1: + + auditor_dir_r = st.text_input( + "Auditor Dir location", + value=f"auditor_{args.backend}_{args.temperature}_top{args.topk}_{args.num_auditor}" + ) + + critic_dir_r = st.text_input( + "Critic Directory location", + value=f"critic_{args_c.backend}_{args_c.temperature}_{args_c.num_critic}_{args_c.shot}" + ) + + with col2: + + strategy_r = st.radio( + "Set the strategy (default/custom) 👉", + key="strategy_r", + options=["default", "custom"], + index=0 + ) + + + rank_button = st.button("Start Ranking", key="ranking", on_click=start_ranking) + + if rank_button and st.session_state.start_ranking: + args_r_dict = { + 'auditor_dir': auditor_dir_r, + 'critic_dir': critic_dir_r, + 'strategy': strategy_r + } + args_r = dotdict(args_r_dict) + st.session_state.args_r = args_r + st.write(f"Starting ranking code!") + run_rank.mainfnc(args_r) + st.write(f"Ranking files processed successfully to folder ./src/logs/{args_c.auditor_dir}/critic_{args_c.backend}_{args_c.temperature}_{args_c.num_critic}_{args_c.shot}/ranker_{args_r.strategy}!") + end_critic() + else: + st.stop() + + shutil.make_archive('results', 'zip', "src/logs") + + st.divider() + + with open("results.zip", "rb") as fp: + download_btn = st.download_button( + label="Download Results zip", + data=fp, + file_name="results.zip", + mime="application/zip" + ) diff --git a/src/UI_demo.py b/src/UI_demo.py new file mode 100644 index 0000000000000000000000000000000000000000..3062ed586f9fdb60ea5afd9255db2bf7d3437146 --- /dev/null +++ b/src/UI_demo.py @@ -0,0 +1,400 @@ +import streamlit as st +import os +import zipfile +import run_auditor_user_defined +import run_critic_user_defined +import run_rank +import shutil +import time +import pre_process +from utils import dotdict, clean_folder +from streamlit_js_eval import streamlit_js_eval + +os.environ['DISPLAY'] = ':0' + +# Store the initial value of widgets in session state +if "visibility" not in st.session_state: + st.session_state.visibility = "visible" + st.session_state.disabled = False + +if "start_preprocess" not in st.session_state: + st.session_state.start_preprocess = False + +if "start_critic" not in st.session_state: + st.session_state.start_critic = False + +if "start_auditor" not in st.session_state: + st.session_state.start_auditor = False + +if "start_ranking" not in st.session_state: + st.session_state.start_ranking = False + +if "section_active_preprocess" not in st.session_state: + st.session_state.section_active_preprocess = True + +if "section_active_auditor" not in st.session_state: + st.session_state.section_active_auditor = False + +if "section_active_critic" not in st.session_state: + st.session_state.section_active_critic = False + +if "section_active_ranking" not in st.session_state: + st.session_state.section_active_ranking = False + +if "args" not in st.session_state: + st.session_state.args = None + +if "args_c" not in st.session_state: + st.session_state.args_c = None + +if "args_r" not in st.session_state: + st.session_state.args_r = None + +def start_preprocess(): + st.session_state.start_preprocess = True +def end_preprocess(): + st.session_state.end_preprocess = False + + +def start_auditor(): + st.session_state.start_auditor = True +def end_auditor(): + st.session_state.start_auditor = False + +def start_critic(): + st.session_state.start_critic = True +def end_critic(): + st.session_state.start_critic = False + +def start_ranking(): + st.session_state.start_ranking = True +def end_ranking(): + st.session_state.start_ranking = False + + + +with st.sidebar: + openai_api_key = st.text_input("OpenAI API Key", key="chatbot_api_key", type="password") + "[Get an OpenAI API key (not needed for demo)](https://platform.openai.com/account/api-keys)" + "[View the source code](https://github.com/sciencepal/GPTLens/blob/aditya-test/src/UI.py)" + "[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/sciencepal/GPTLens?quickstart=1)" + st.divider() + if st.button("Reset App"): + st.session_state.section_active_critic = False + st.session_state.section_active_ranking = False + st.session_state.section_active_auditor = False + end_critic() + end_ranking() + end_auditor() + # streamlit_js_eval(js_expressions="parent.window.location.reload()") + + +st.title("💬 GPTLens Demo") +st.caption("🚀 Smart Contract Vulnerability Detection powered by OpenAI LLM") + +if not openai_api_key: + st.warning("In GPTlens, you must enter OpenAI API key to continue. Not needed for this demo") + # st.stop() +else: + os.environ["OPENAI_API_KEY"] = openai_api_key + +st.info("Note that this demo uses only dummy data") + + +with open("data_sample/CVE/2018-13071.sol") as f: + raw1 = f.read() +with open("data_sample/CVE/2018-13072.sol") as f: + raw2 = f.read() +with open("data_sample/CVE/2018-13073.sol") as f: + raw3 = f.read() +with open("data_sample/CVE/2018-13074.sol") as f: + raw4 = f.read() + +with open("data_sample/CVE_clean/2018-13071.sol") as f: + clean1 = f.read() +with open("data_sample/CVE_clean/2018-13072.sol") as f: + clean2 = f.read() +with open("data_sample/CVE_clean/2018-13073.sol") as f: + clean3 = f.read() +with open("data_sample/CVE_clean/2018-13074.sol") as f: + clean4 = f.read() + +with open("data_sample/prompts.py") as f: + prompt = f.read() + + +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13071.json") as f: + audit1 = f.read() +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13072.json") as f: + audit2 = f.read() +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13073.json") as f: + audit3 = f.read() +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13074.json") as f: + audit4 = f.read() + + +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13071.json") as f: + critic1 = f.read() +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13072.json") as f: + critic2 = f.read() +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13073.json") as f: + critic3 = f.read() +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/2018-13074.json") as f: + critic4 = f.read() + + +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13071.json") as f: + ranker1 = f.read() +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13072.json") as f: + ranker2 = f.read() +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13073.json") as f: + ranker3 = f.read() +with open("results/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.0_1_few/ranker_default/2018-13074.json") as f: + ranker4 = f.read() + + +# if st.session_state.section_active_preprocess: + +st.header("1. Preprocessing Step", divider=True) + +tab4, tab3, tab2, tab1 = st.tabs(["File 1", "File 2", "File 3", "File 4"]) + +with tab1: + with st.container(height=400): + st.code(raw1, language='solidity') + +with tab2: + with st.container(height=400): + st.code(raw2, language='solidity') + +with tab3: + with st.container(height=400): + st.code(raw3, language='solidity') + +with tab4: + with st.container(height=400): + st.code(raw4, language='solidity') + +# preprocess_button = st.button("Start Preprocessing", key="preprocess", on_click=start_auditor) + + +# if st.session_state.start_auditor: + +st.subheader("Result 1.1 - Processed Files", divider=True) + +tab4, tab3, tab2, tab1 = st.tabs(["File 1", "File 2", "File 3", "File 4"]) + +with tab1: + with st.container(height=400): + st.code(clean1, language='solidity') + +with tab2: + with st.container(height=400): + st.code(clean2, language='solidity') + +with tab3: + with st.container(height=400): + st.code(clean3, language='solidity') + +with tab4: + with st.container(height=400): + st.code(clean4, language='solidity') + +st.divider() + +st.header("2. Auditor Step", divider=True) + +col1, col2 = st.columns(2) + +with col1: + model = st.radio( + "Set the GPT model 👉", + key="model", + options=["gpt-3.5-turbo", "gpt-4", "gpt-4-turbo-preview"], + index=2 + ) + + topk = st.number_input( + "Set the topk auditor responses 👉", + key="topk", + min_value=1, + max_value=10, + value=3, + format="%d" + ) + +with col2: + + temperature = st.number_input( + "Set the temperature 👉", + key="temperature", + min_value=0.0, + max_value=1.0, + value=0.7, + format="%f" + ) + + num_auditors = st.number_input( + "Set the num auditors 👉", + key="num_auditors", + min_value=1, + max_value=10, + value=1, + format="%d" + ) + +st.subheader("Prompt File") +with st.container(height=400): + st.code(prompt, language='python') + + +st.subheader("Result 2.1 - Auditor Results", divider=True) + +tab4, tab3, tab2, tab1 = st.tabs(["File 1", "File 2", "File 3", "File 4"]) + +with tab1: + with st.container(height=400): + st.code(audit1, language='json') + +with tab2: + with st.container(height=400): + st.code(audit2, language='json') + +with tab3: + with st.container(height=400): + st.code(audit3, language='json') + +with tab4: + with st.container(height=400): + st.code(audit4, language='json') + +st.divider() + + + +st.header("3. Critic Step", divider=True) + +col1, col2 = st.columns(2) + +args = st.session_state.args + +with col1: + model_c = st.radio( + "Set the GPT model 👉", + key="model_c", + options=["gpt-3.5-turbo", "gpt-4", "gpt-4-turbo-preview"], + index=2 + ) + + auditor_dir_c = st.text_input( + "Auditor Directory location", + value=f"temporary_dir/path/to/data" + ) + +with col2: + + temperature_c = st.number_input( + "Set the temperature 👉", + key="temperature_c", + min_value=0.0, + max_value=1.0, + value=0.0, + format="%f" + ) + + num_critic_c = st.number_input( + "Set the num critics 👉", + key="num_critic_c", + min_value=1, + max_value=10, + value=1, + format="%d" + ) + + shot_c = st.radio( + "Set the num shots (few/one) 👉", + key="shot_c", + options=["one", "few"], + index=1 + ) + + +st.subheader("Result 3.1 - Critic Results", divider=True) + +tab4, tab3, tab2, tab1 = st.tabs(["File 1", "File 2", "File 3", "File 4"]) + +with tab1: + with st.container(height=400): + st.code(critic1, language='json') + +with tab2: + with st.container(height=400): + st.code(critic2, language='json') + +with tab3: + with st.container(height=400): + st.code(critic3, language='json') + +with tab4: + with st.container(height=400): + st.code(critic4, language='json') + +st.divider() + + + + + + + + +st.header("4. Ranking Step", divider=True) + +col1, col2 = st.columns(2) + +args = st.session_state.args +args_c = st.session_state.args_c + +with col1: + + auditor_dir_r = st.text_input( + "Auditor Dir location", + value=f"temporary_dir/path/to/data" + ) + + critic_dir_r = st.text_input( + "Critic Directory location", + value=f"temporary_dir/path/to/data" + ) + +with col2: + + strategy_r = st.radio( + "Set the strategy (default/custom) 👉", + key="strategy_r", + options=["default", "custom"], + index=0 + ) + + +st.subheader("Result 4.1 - Ranking Results", divider=True) + +tab4, tab3, tab2, tab1 = st.tabs(["File 1", "File 2", "File 3", "File 4"]) + +with tab1: + with st.container(height=400): + st.code(ranker1, language='json') + +with tab2: + with st.container(height=400): + st.code(ranker2, language='json') + +with tab3: + with st.container(height=400): + st.code(ranker3, language='json') + +with tab4: + with st.container(height=400): + st.code(ranker4, language='json') + +st.divider() \ No newline at end of file diff --git a/src/UI_gradio.py b/src/UI_gradio.py new file mode 100644 index 0000000000000000000000000000000000000000..f39c70b75b5e9423dbab3300e2bcdc773f4c8114 --- /dev/null +++ b/src/UI_gradio.py @@ -0,0 +1,199 @@ +import gradio as gr +import os +import run_auditor_user_defined +import run_critic_user_defined +import run_rank +import pre_process +from utils import dotdict, clean_folder + +os.environ['DISPLAY'] = ':0' + +def openAIKey(key): + if key: + os.environ["OPENAI_API_KEY"] = key + return "Let's get you started" + else: + return "Please add your OpenAI API key to continue." + + +def auditor(key, audit_model, audit_top_k, audit_temperature, audit_number, audit_contract_file, audit_prompt_file): + if audit_contract_file: + args = { + 'backend': audit_model.lower(), + 'temperature': audit_temperature, + 'data_dir': "data/CVE_clean", + 'topk': audit_top_k, + 'num_auditor': audit_number, + 'openai_api_key': key + } + args = dotdict(args) + + if os.path.exists("data/CVE"): + clean_folder("data/CVE") + if os.path.exists("data/CVE_clean"): + clean_folder("data/CVE_clean") + if os.path.exists(f"src/logs/auditor_{args.backend}_{args.temperature}_top{args.topk}_{args.num_auditor}"): + clean_folder(f"src/logs/auditor_{args.backend}_{args.temperature}_top{args.topk}_{args.num_auditor}") + + for uploaded_file in audit_contract_file: + file_name_int = uploaded_file.rfind("/") + 1 + name = uploaded_file[file_name_int:len(uploaded_file)] + fp = open(uploaded_file, 'rb') + bytes_data = fp.read() + with open(f"data/CVE/{name}", "wb") as f: + f.write(bytes_data) + + ## Pre processing the data + pre_process.mainfnc(args.data_dir) + + if audit_prompt_file: + for uploaded_file in audit_prompt_file: + file_name_int = uploaded_file.rfind("/") + 1 + name = uploaded_file[file_name_int:len(uploaded_file)] + fp = open(uploaded_file, 'rb') + bytes_data = fp.read() + with open(f"src/prompt.py", "wb") as f: + f.write(bytes_data) + + ## Running the auditor code + run_auditor_user_defined.mainfnc(args) + + message = f"You can find your processed Audit files at ./src/logs/auditor_{args.backend}_{args.temperature}_top{args.topk}_{args.num_auditor}" + else: + message = "Please Upload the Contract Files to proceed" + + return message + + + +def critic(key, critic_model, critic_shots, critic_temperature, critic_number, critic_auit_directory): + if critic_auit_directory: + args = { + 'backend': critic_model.lower(), + 'temperature': critic_temperature, + 'dataset': "CVE", + 'auditor_dir': critic_auit_directory, + 'num_critic': critic_number, + 'shot': critic_shots.lower(), + 'openai_api_key': key + } + args = dotdict(args) + + run_critic_user_defined.mainfnc(args) + message = f"Critic files processed successfully to folder ./src/logs/{args.auditor_dir}/critic_{args.backend}_{args.temperature}_{args.num_critic}_{args.shot}" + else: + message = "Please add the Audit Directory value to proceed" + + return message + + +def ranker(critic_model, critic_shots, critic_temperature, critic_number, critic_auit_directory, ranker_strategy, ranker_audit_location, ranker_critic_location): + if critic_auit_directory and ranker_audit_location: + args_c = { + 'auditor_dir': critic_auit_directory, + 'backend':critic_model.lower(), + 'temperature':critic_temperature, + 'num_critic': critic_number, + 'shot': critic_shots.lower() + } + + args_r = { + 'auditor_dir': ranker_audit_location, + 'critic_dir': ranker_critic_location, + 'strategy': ranker_strategy.lower() + } + args_r = dotdict(args_r) + args_c = dotdict(args_c) + + run_rank.mainfnc(args_r) + message = f"Ranking files processed successfully to folder ./src/logs/{args_c.auditor_dir}/critic_{args_c.backend}_{args_c.temperature}_{args_c.num_critic}_{args_c.shot}/ranker_{args_r.strategy}" + else: + message = "Please enter the Audit directory locations to proceed." + + return message + + + +with gr.Blocks() as ui: + gr.Image("src/images/header.png", min_width=1500, height=80, show_download_button=False, show_label=False) + message = "Hello, Welcome to GPTLens GUI by Aishwarya Solanki..." + audit_output = "Auditor hasn't run yet." + critic_output = "Critic hasn't run yet." + ranker_output = "Ranker hasn't run yet." + + with gr.Row(equal_height=500): + with gr.Column(scale=1, min_width=300): + key = gr.Textbox(label="Please input your openAi key", type="password") + gr.Button(value="Don't have an openAi key? Get one here.", link="https://platform.openai.com/account/api-keys") + gr.ClearButton(key, message, variant="primary") + + + with gr.Column(scale=2, min_width=600): + message = gr.Textbox(label="", value=message, interactive=False, visible=True) + gr.Markdown("### Auditor") + + audit_model = gr.Radio(label="GPT Model", value="GPT-4", choices=["GPT-3.5-Turbo", "GPT-4", "GPT-4-Turbo-Preview"]) + audit_top_k = gr.Slider(1, 10, value=3, step = 1, label="top-k value", info="Set the 'k' for top-k auditor responses") + audit_temperature = gr.Slider(0.0, 1.0, value=0.7, step = 0.01, label="Temperature", info="Set the Temperature") + audit_number = gr.Slider(1, 10, value=1, step = 1, label="Number of Auditors", info="Set the number of auditors") + + with gr.Row(): + with gr.Column(min_width=300, scale=2): + gr.Markdown("### Upload smart contract files (.sol)") + audit_contract_file = gr.Files() + audit_btn = gr.Button(value="Start Auditor", variant="primary", elem_id="audit") + + with gr.Column(min_width=300, scale=2): + gr.Markdown("### Upload prompt file (optional, .py)") + audit_prompt_file = gr.Files() + + audit_output = gr.Textbox(label="Auditor Status", value=audit_output, interactive=False, visible=True, elem_id="auditor_output") + + audit_btn.click(fn=auditor, inputs=[key, audit_model, audit_top_k, audit_temperature, + audit_number, audit_contract_file, audit_prompt_file], + outputs=audit_output, api_name="auditor") + gr.Markdown("### Critic") + critic_model = gr.Radio(label="GPT Model", value="GPT-4", choices=["GPT-3.5-Turbo", "GPT-4", "GPT-4-Turbo-Preview"]) + critic_shots= gr.Radio(label="Set the num of shots", value="Few", choices=["One", "Few"]) + critic_temperature = gr.Slider(0.0, 1.0, value=0.7, step = 0.01, label="Temperature", info="Set the Temperature") + critic_number = gr.Slider(1, 10, value=1, step = 1, label="Number of Critics", info="Set the number of critics") + critic_auit_directory = gr.Textbox(label="Auditor Directory Location", + info="Example = auditor_{audit_model}_{audit_temperature}_top{audit_top_k}_{audit_number}", + value="") + + with gr.Row(): + with gr.Column(min_width=300, scale=2): + critic_btn = gr.Button(value="Start Critic", variant="primary", elem_id="critic") + with gr.Column(min_width=300, scale=2): + gr.Button(value="Start Ranker", variant="primary", visible=False) + + critic_output = gr.Textbox(label="Critic Status", value=critic_output, interactive=False, visible=True, elem_id="criticor_output") + + critic_btn.click(fn=critic, inputs=[key, critic_model, critic_shots, critic_temperature, critic_number, critic_auit_directory], + outputs=critic_output, api_name="criticor") + + gr.Markdown("### Ranker") + ranker_strategy = gr.Radio(label="Strategy", value="Default", choices=["Custom", "Default"]) + ranker_audit_location = gr.Textbox(label="Auditor Directory Location", value="", + info="Example = auditor_{audit_model}_{audit_temperature}_top{audit_top_k}_{audit_number}") + ranker_critic_location = gr.Textbox(label="Critic Directory Location",value="", + info="Example = critic_{critic_model}_{critic_temperature}_{critic_number}_{critic_shots}") + with gr.Row(): + with gr.Column(min_width=300, scale=2): + ranker_btn = gr.Button(value="Start Ranker", variant="primary", elem_id="ranker") + with gr.Column(min_width=300, scale=2): + gr.Button(value="Start Ranker", variant="primary", visible=False) + + ranker_output = gr.Textbox(label="Ranker Status", value=ranker_output, interactive=False, visible=True, elem_id="ranker_output") + + ranker_btn.click(fn=ranker, inputs=[critic_model, critic_shots, critic_temperature, critic_number, critic_auit_directory, + ranker_strategy, ranker_audit_location, ranker_critic_location], + outputs=ranker_output, api_name="ranker") + + + gr.Button(value="You can checkout the results at path - ./src/logs/", link="https://github.com/git-disl/GPTLens/tree/main/src/logs") + key.change(fn=openAIKey, inputs=key, outputs=message) + + + +ui.launch(share=True) diff --git a/src/UI_static_gradio.py b/src/UI_static_gradio.py new file mode 100644 index 0000000000000000000000000000000000000000..1e1fa00ec7e89595c5ac36d2aaa2f8fbdcb6593e --- /dev/null +++ b/src/UI_static_gradio.py @@ -0,0 +1,61 @@ +import gradio as gr +import os + + +os.environ['DISPLAY'] = ':0' + +css = """""" + +with gr.Blocks(css=css) as ui: + gr.Image("src/images/header.png", min_width=1500, height=80, show_download_button=False, show_label=False) + gr.HTML(value="

Harnessing Large Language Models to Secure Smart Contracts

") + gr.HTML(value="

Smart contracts are revolutionizing many industries, but vulnerabilities in their code can lead to significant financial losses. The paper explores how Large Language Models (LLMs) can be used to detect these vulnerabilities in smart contracts. In this static webpage, we discuss the same briefly, and link to a GUI that can help visualise the flow in a much lucid way along with a report that entends the ideas presented in the paper. To continue, LLMs are a type of artificial intelligence that can process and understand massive amounts of text data. The authors propose a new approach, GPTLENS, that leverages LLMs to identify potential weaknesses in smart contract code.

") + gr.HTML(value="

The main thing to keep in mind in order to successfully discover as many vulnerabilities as possible is to maximize the true positives and minimize the false positives. To tackle this imbalance, GPTLens proposes an adverserial model that consists of two stages - Generative and Discriminative. In the mentioned stages, the GPT, most commonly GPT 4, plays both the roles of an AUDITOR and a CRITIC. The goal of AUDITOR is to yield a broad spectrum of vulnerabilities with the hope of encompassing the correct answer, whereas the goal of CRITIC that evaluates the validity of identified vulnerabilities is to minimize the number of false positives. Compared to exisitng models in the market, GPTLens has some key advantages, some of the key benefits of using LLMs for smart contract vulnerability detection are as below :

") + gr.HTML(value="
  • Generality: Unlike traditional tools that target specific vulnerabilities, LLMs can potentially detect a wider range of issues, including those previously unknown.
  • Interpretability: LLMs can not only identify vulnerabilities but also explain their reasoning, providing valuable insights to developers.
  • Efficiency: LLM services provide efficient online inference, making LLM-powered methods output results much faster than many traditional methods
") + gr.HTML(value="One can imagine how powerful this model looks in theory but there are some challenges to consider:") + gr.HTML(value="
  • False Positives: LLMs may generate a large number of incorrect findings, requiring human effort to sort through them.
  • False Negatives: Not all vulnerabilities may be detected, especially complex ones or those missed due to randomness in the LLM's output.
") + gr.HTML(value="

This two-step adversial detection framework has but one main goal in place - \"to present a simple, effective, and entirely LLM-driven methodology to shed light on the design of LLM-powered approaches\". The two-step model helps to mitigate the trade-off between finding more vulnerabilities and reducing false positives. The primary goal of the generation stage is to enhance the likelihood of true vulnerabilities being identified. To achieve that, we ask an LLM to play the role of multiple auditor agents, and each auditor generates answers (vulnerability and the reasoning) with high randomness, even though it could lead to a plethora of incorrect answers. To realize this, we prompt the LLM to play the role of a critic agent, which evaluates each identified vulnerability on a set of criteria, such as correctness, severity, and profitability, and assigns corresponding scores. The paper demonstrates that GPTLENS can outperform traditional methods in identifying vulnerabilities within smart contracts. Overall, this research suggests that LLMs have the potential to become a powerful tool for safeguarding smart contracts.

") + gr.HTML(value="

Below is an example flow of how the model works :-

") + gr.Image("src/images/model.png", width=700, show_download_button=False, show_label=False) + gr.HTML(value="

Below is an example prompt both from Auditor as well as Critic side :-

") + with gr.Row(): + with gr.Column(scale=1, min_width=500): + gr.Image("src/images/auditor_prompt.png", width=500, show_download_button=False, show_label=False) + with gr.Column(scale=1, min_width=500): + gr.Image("src/images/critic_prompt.png", width=500, show_download_button=False, show_label=False) + gr.HTML(value="

Below is an example response both from Auditor as well as Critic side :-

") + with gr.Row(): + with gr.Column(scale=1, min_width=500): + gr.Image("src/images/auditor_reasoning.png", width=500, show_download_button=False, show_label=False) + with gr.Column(scale=1, min_width=500): + gr.Image("src/images/criticism.png", width=500, show_download_button=False, show_label=False) + gr.HTML(value="

There is an additional stage called Ranking/Discrimination. As we know, the role of a critic is to filter out the correct results from a myriad of false positives. To ascertain what is the best, we consider three distinct factors: correctness, severity and profitability, because although some false positives may be correct, they might possess a diminished level of severity or may not be profitable for attackers. The role of the Ranker is to rank all vulnerabilities descendingly based on these scores and choose the top-k vulnerabilities from the list as the output.

") + + with gr.Row(): + with gr.Column(scale=1, min_width=500): + gr.Button(value="You can browse the GUI by clicking here", link="https://e5f2d87bf4047aa563.gradio.live", variant="primary") + with gr.Column(scale=1, min_width=500): + gr.Button("You can view the explainability report by clicking here", link="https://docs.google.com/document/d/e/2PACX-1vQMRO7rtLrdXchyP1TXOH8jJ0jGS1lw-OcAvmYGDNFve1plgXjm7bBGKaWrlxBC6XdIGpvku3ArNavO/pub", variant="primary") + + gr.Markdown("# Meet the Team") + + with gr.Row(): + with gr.Column(scale=1, min_width=333): + gr.Image("src/images/developer.png", min_width=300, height=300, show_download_button=False, show_label=False, scale=1) + gr.Markdown("### GUI Developer - Aishwarya Solanki") + gr.Button(value="GitHub Profile", link="https://github.com/AishwaryaSolanki") + gr.Button(value="Related Work", link="https://codepen.io/pennywise97") + with gr.Column(scale=1, min_width=333): + gr.Image("src/images/author.png", min_width=300, height=300, show_download_button=False, show_label=False, scale=1) + gr.Markdown("### Paper Author and Creator - Sihao Hu") + gr.Button(value="GitHub Page", link="https://bayi-hu.github.io") + gr.Button(value="Published Paper", link="https://arxiv.org/pdf/2310.01152.pdf") + with gr.Column(scale=1, min_width=333): + gr.Image("src/images/professor.png", min_width=300, height=300, show_download_button=False, show_label=False, scale=1) + gr.Markdown("### Advisor Professor - Ling Liu") + gr.Button(value="Team GitHub Profile", link="https://github.com/git-disl/GPTLens") + gr.Button(value="Profile", link="https://www.cc.gatech.edu/people/ling-liu") + + gr.Markdown("### School of Computer Science, Georgia Institute of Technology, Atlanta, GA 30332, United States") + +ui.launch() \ No newline at end of file diff --git a/src/__pycache__/UI_gradio.cpython-311.pyc b/src/__pycache__/UI_gradio.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..5d8f9ccb61d45826984063ec0fc6ee10bce8e43a Binary files /dev/null and b/src/__pycache__/UI_gradio.cpython-311.pyc differ diff --git a/src/__pycache__/UI_static_gradio.cpython-311.pyc b/src/__pycache__/UI_static_gradio.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..45969f855b2cb70e143043ddea52b597a66a39c5 Binary files /dev/null and b/src/__pycache__/UI_static_gradio.cpython-311.pyc differ diff --git a/src/__pycache__/model.cpython-311.pyc b/src/__pycache__/model.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..d7aa03a490566be12ebcec8d6f81fdc28e45b4ae Binary files /dev/null and b/src/__pycache__/model.cpython-311.pyc differ diff --git a/src/__pycache__/pre_process.cpython-311.pyc b/src/__pycache__/pre_process.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..05a6aea2191e1da77e8d23536e698313b5a3b0b8 Binary files /dev/null and b/src/__pycache__/pre_process.cpython-311.pyc differ diff --git a/src/__pycache__/prompts.cpython-311.pyc b/src/__pycache__/prompts.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..356d7fd942f7488ff44b361e55c1ee7b0105e6fd Binary files /dev/null and b/src/__pycache__/prompts.cpython-311.pyc differ diff --git a/src/__pycache__/run_auditor_user_defined.cpython-311.pyc b/src/__pycache__/run_auditor_user_defined.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..0d6bbc7224663dabc73a6c06ce3e222c73bb457f Binary files /dev/null and b/src/__pycache__/run_auditor_user_defined.cpython-311.pyc differ diff --git a/src/__pycache__/run_critic_user_defined.cpython-311.pyc b/src/__pycache__/run_critic_user_defined.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..a19b0c1a7a24ec454906deb729800eef73de6bd8 Binary files /dev/null and b/src/__pycache__/run_critic_user_defined.cpython-311.pyc differ diff --git a/src/__pycache__/run_rank.cpython-311.pyc b/src/__pycache__/run_rank.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..707cea16776bd7dc223f4e28dcee0428454ac10c Binary files /dev/null and b/src/__pycache__/run_rank.cpython-311.pyc differ diff --git a/src/__pycache__/utils.cpython-311.pyc b/src/__pycache__/utils.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..961022f7b72f29b5d1c7f5203b8962e9397eb3b8 Binary files /dev/null and b/src/__pycache__/utils.cpython-311.pyc differ diff --git a/src/environment_old.yml b/src/environment_old.yml new file mode 100644 index 0000000000000000000000000000000000000000..676e6e64362275dd035938d7d5265faeb5a022b0 --- /dev/null +++ b/src/environment_old.yml @@ -0,0 +1,83 @@ +# name: GPTLens +# channels: +# - defaults +# dependencies: +# - bzip2=1.0.8=he774522_0 +# - ca-certificates=2023.12.12=haa95532_0 +# - libffi=3.4.4=hd77b12b_0 +# - openssl=3.0.13=h2bbff1b_0 +# - pip=23.3.1=py311haa95532_0 +# - python=3.11.7=he1021f5_0 +# - setuptools=68.2.2=py311haa95532_0 +# - sqlite=3.41.2=h2bbff1b_0 +# - tk=8.6.12=h2bbff1b_0 +# - vc=14.2=h21ff451_1 +# - vs2015_runtime=14.27.29016=h5e58377_2 +# # - wheel=0.41.2=py311haa95532_0 +# - xz=5.4.5=h8cc25b3_0 +# - zlib=1.2.13=h8cc25b3_0 +# - pip: +# - aiohttp==3.9.3 +# - aiosignal==1.3.1 +# - altair==5.2.0 +# - annotated-types==0.6.0 +# - anyio==4.2.0 +# - attrs==23.2.0 +# - blinker==1.7.0 +# - cachetools==5.3.2 +# - certifi==2024.2.2 +# - charset-normalizer==3.3.2 +# - click==8.1.7 +# - colorama==0.4.6 +# - distro==1.9.0 +# - frozenlist==1.4.1 +# - gitdb==4.0.11 +# - gitpython==3.1.41 +# - h11==0.14.0 +# - httpcore==1.0.2 +# - httpx==0.26.0 +# - idna==3.6 +# - importlib-metadata==7.0.1 +# - inflection==0.5.1 +# - jinja2==3.1.3 +# - jsonschema==4.21.1 +# - jsonschema-specifications==2023.12.1 +# - markdown-it-py==3.0.0 +# - markupsafe==2.1.5 +# - mdurl==0.1.2 +# - multidict==6.0.5 +# - numpy==1.26.3 +# - openai==1.11.1 +# - openapi==1.1.0 +# - packaging==23.2 +# - pandas==2.2.0 +# - pillow==10.2.0 +# - protobuf==4.25.2 +# - pyarrow==15.0.0 +# - pydantic==2.6.0 +# - pydantic-core==2.16.1 +# - pydeck==0.8.1b0 +# - pygments==2.17.2 +# - python-dateutil==2.8.2 +# - pytz==2024.1 +# - referencing==0.33.0 +# - requests==2.31.0 +# - rich==13.7.0 +# - rpds-py==0.17.1 +# - six==1.16.0 +# - smmap==5.0.1 +# - sniffio==1.3.0 +# - streamlit==1.31.0 +# - tenacity==8.2.3 +# - toml==0.10.2 +# - toolz==0.12.1 +# - tornado==6.4 +# - tqdm==4.66.1 +# - typing-extensions==4.9.0 +# - tzdata==2023.4 +# - tzlocal==5.2 +# - urllib3==2.2.0 +# - validators==0.22.0 +# - watchdog==3.0.0 +# - yarl==1.9.4 +# - zipp==3.17.0 diff --git a/src/images/auditor_prompt.png b/src/images/auditor_prompt.png new file mode 100644 index 0000000000000000000000000000000000000000..87beda3d944cf0425ffd3c3eb45893c9925a7c90 Binary files /dev/null and b/src/images/auditor_prompt.png differ diff --git a/src/images/auditor_reasoning.png b/src/images/auditor_reasoning.png new file mode 100644 index 0000000000000000000000000000000000000000..369add67e4c26d1fec133dfa94ef62809b464d13 Binary files /dev/null and b/src/images/auditor_reasoning.png differ diff --git a/src/images/author.png b/src/images/author.png new file mode 100644 index 0000000000000000000000000000000000000000..85011a7a9f27a0d7b39fb05f298aa4eb6285dca9 Binary files /dev/null and b/src/images/author.png differ diff --git a/src/images/critic_prompt.png b/src/images/critic_prompt.png new file mode 100644 index 0000000000000000000000000000000000000000..80ce5c16e621a0389152adbc8645de9fab54b66e Binary files /dev/null and b/src/images/critic_prompt.png differ diff --git a/src/images/criticism.png b/src/images/criticism.png new file mode 100644 index 0000000000000000000000000000000000000000..499ccfc9e2b2f71d3cb3102e7bc633c95d8a02ae Binary files /dev/null and b/src/images/criticism.png differ diff --git a/src/images/developer.png b/src/images/developer.png new file mode 100644 index 0000000000000000000000000000000000000000..811bf82705b853762e2b217d54be162b9986ad20 Binary files /dev/null and b/src/images/developer.png differ diff --git a/src/images/header.png b/src/images/header.png new file mode 100644 index 0000000000000000000000000000000000000000..13be51b770e033f40564ee931b6c7c0c9f6048d7 Binary files /dev/null and b/src/images/header.png differ diff --git a/src/images/model.png b/src/images/model.png new file mode 100644 index 0000000000000000000000000000000000000000..82bd412bd30ee1183605411fa03e05c5d4cc911f Binary files /dev/null and b/src/images/model.png differ diff --git a/src/images/professor.png b/src/images/professor.png new file mode 100644 index 0000000000000000000000000000000000000000..19984b7f061b8108e8e33b0e559ac606f1487823 Binary files /dev/null and b/src/images/professor.png differ diff --git a/src/logs/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13071.json b/src/logs/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13071.json new file mode 100644 index 0000000000000000000000000000000000000000..06247afa2a5871855776e1950f8fb0a35cdb5a19 --- /dev/null +++ b/src/logs/auditor_gpt-4-turbo-preview_0.7_top3_1/2018-13071.json @@ -0,0 +1,23 @@ +[ + { + "function_name": "transfer", + "code": "function transfer(address _to, uint256 _value) { if (balanceOf[msg.sender] < _value) throw; if (balanceOf[_to] + _value < balanceOf[_to]) throw; if (frozenAccount[msg.sender]) throw; balanceOf[msg.sender] -= _value; balanceOf[_to] += _value; Transfer(msg.sender, _to, _value); if(_value > 0){ if(balanceOf[msg.sender] == 0){ addresses[indexes[msg.sender]] = addresses[lastIndex]; indexes[addresses[lastIndex]] = indexes[msg.sender]; indexes[msg.sender] = 0; delete addresses[lastIndex]; lastIndex--; } if(indexes[_to]==0){ lastIndex++; addresses[lastIndex] = _to; indexes[_to] = lastIndex; } } }", + "vulnerability": "Integer Overflow and Underflow", + "reason": "This function does not properly ensure that `_value` additions/subtractions will not overflow/underflow the uint256 data type, potentially allowing attackers to cause balance inconsistencies or to gain access to unexpectedly large amounts of tokens.", + "file_name": "2018-13071.sol" + }, + { + "function_name": "sell", + "code": "function sell(uint256 amount) { if (balanceOf[msg.sender] < amount ) throw; balanceOf[this] += amount; balanceOf[msg.sender] -= amount; if (!msg.sender.send(amount * sellPrice)) { throw; } else { Transfer(msg.sender, this, amount); } }", + "vulnerability": "Reentrancy", + "reason": "The 'sell' function sends Ether to an address before updating the sender's balance. An attacker can exploit this by creating a fallback function that calls 'sell' again, allowing them to withdraw more Ether than they should be able to.", + "file_name": "2018-13071.sol" + }, + { + "function_name": "mintToken", + "code": "function mintToken(address target, uint256 mintedAmount) onlyOwner { balanceOf[target] += mintedAmount; totalSupply += mintedAmount; Transfer(0, this, mintedAmount); Transfer(this, target, mintedAmount); }", + "vulnerability": "Unchecked Minting", + "reason": "This function allows the contract owner to mint an arbitrary amount of tokens to any address without any checks on the 'mintedAmount'. This can lead to inflation or devaluation of the token by creating tokens out of thin air and distributing them arbitrarily.", + "file_name": "2018-13071.sol" + } +] \ No newline at end of file diff --git a/src/logs/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.7_1_few/2018-13071.json b/src/logs/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.7_1_few/2018-13071.json new file mode 100644 index 0000000000000000000000000000000000000000..bb5bd4cb4e1f67a121d5314a19ac7f70e4d03996 --- /dev/null +++ b/src/logs/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.7_1_few/2018-13071.json @@ -0,0 +1,35 @@ +[ + { + "function_name": "transfer", + "vulnerability": "Integer Overflow and Underflow", + "criticism": "The criticism of potential integer overflow and underflow vulnerabilities in the 'transfer' function is valid, given the absence of explicit checks or the use of SafeMath library functions that prevent such issues. However, modern Solidity compilers (0.8.x onwards) include built-in overflow and underflow checks, which would revert transactions where these issues occur, reducing the risk if the contract uses a recent compiler version. Nevertheless, assuming an older compiler without these protections, the risk is significant since it could allow attackers to manipulate account balances. The severity is high due to the potential impact on token balances, but profitability depends on the ability of an attacker to exploit these vulnerabilities, which can vary.", + "correctness": 6, + "severity": 7, + "profitability": 5, + "reason": "This function does not properly ensure that `_value` additions/subtractions will not overflow/underflow the uint256 data type, potentially allowing attackers to cause balance inconsistencies or to gain access to unexpectedly large amounts of tokens.", + "code": "function transfer(address _to, uint256 _value) { if (balanceOf[msg.sender] < _value) throw; if (balanceOf[_to] + _value < balanceOf[_to]) throw; if (frozenAccount[msg.sender]) throw; balanceOf[msg.sender] -= _value; balanceOf[_to] += _value; Transfer(msg.sender, _to, _value); if(_value > 0){ if(balanceOf[msg.sender] == 0){ addresses[indexes[msg.sender]] = addresses[lastIndex]; indexes[addresses[lastIndex]] = indexes[msg.sender]; indexes[msg.sender] = 0; delete addresses[lastIndex]; lastIndex--; } if(indexes[_to]==0){ lastIndex++; addresses[lastIndex] = _to; indexes[_to] = lastIndex; } } }", + "file_name": "2018-13071.sol" + }, + { + "function_name": "sell", + "vulnerability": "Reentrancy", + "criticism": "The reasoning behind the reentrancy vulnerability is accurate. The 'sell' function's design of sending Ether before updating the sender's balance state is a classic reentrancy attack vector. This could allow an attacker to repeatedly call the 'sell' function, draining the contract's Ether. The severity of this issue is high because it could lead to significant financial losses. The criticism correctly identifies a critical vulnerability, making it both severe and potentially highly profitable for an attacker exploiting this weakness. However, the criticism could have also mentioned defensive programming techniques such as the Checks-Effects-Interactions pattern to prevent such vulnerabilities.", + "correctness": 9, + "severity": 9, + "profitability": 8, + "reason": "The 'sell' function sends Ether to an address before updating the sender's balance. An attacker can exploit this by creating a fallback function that calls 'sell' again, allowing them to withdraw more Ether than they should be able to.", + "code": "function sell(uint256 amount) { if (balanceOf[msg.sender] < amount ) throw; balanceOf[this] += amount; balanceOf[msg.sender] -= amount; if (!msg.sender.send(amount * sellPrice)) { throw; } else { Transfer(msg.sender, this, amount); } }", + "file_name": "2018-13071.sol" + }, + { + "function_name": "mintToken", + "vulnerability": "Unchecked Minting", + "criticism": "The identification of unchecked minting as a vulnerability is somewhat misleading. While the function allows the contract owner to mint tokens freely, this is a feature rather than a flaw, contingent on the contract's intended use case and governance model. It's crucial to differentiate between poor design or governance and actual vulnerabilities. Unchecked minting could indeed lead to inflation and devaluation if abused, but this depends on the trust model with the contract owner. Therefore, the severity is context-dependent, and profitability is non-applicable to external attackers but rather a concern of governance abuse. A more nuanced criticism would consider these factors, adjusting the scores to reflect the potential risk rather than an inherent vulnerability.", + "correctness": 5, + "severity": 3, + "profitability": 0, + "reason": "This function allows the contract owner to mint an arbitrary amount of tokens to any address without any checks on the 'mintedAmount'. This can lead to inflation or devaluation of the token by creating tokens out of thin air and distributing them arbitrarily.", + "code": "function mintToken(address target, uint256 mintedAmount) onlyOwner { balanceOf[target] += mintedAmount; totalSupply += mintedAmount; Transfer(0, this, mintedAmount); Transfer(this, target, mintedAmount); }", + "file_name": "2018-13071.sol" + } +] \ No newline at end of file diff --git a/src/logs/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.7_1_few/ranker_default/2018-13071.json b/src/logs/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.7_1_few/ranker_default/2018-13071.json new file mode 100644 index 0000000000000000000000000000000000000000..2db381378a322b53520a1137bf6fdcb8fd63f2a8 --- /dev/null +++ b/src/logs/auditor_gpt-4-turbo-preview_0.7_top3_1/critic_gpt-4-turbo-preview_0.7_1_few/ranker_default/2018-13071.json @@ -0,0 +1,38 @@ +[ + { + "function_name": "sell", + "vulnerability": "Reentrancy", + "criticism": "The reasoning behind the reentrancy vulnerability is accurate. The 'sell' function's design of sending Ether before updating the sender's balance state is a classic reentrancy attack vector. This could allow an attacker to repeatedly call the 'sell' function, draining the contract's Ether. The severity of this issue is high because it could lead to significant financial losses. The criticism correctly identifies a critical vulnerability, making it both severe and potentially highly profitable for an attacker exploiting this weakness. However, the criticism could have also mentioned defensive programming techniques such as the Checks-Effects-Interactions pattern to prevent such vulnerabilities.", + "correctness": 9, + "severity": 9, + "profitability": 8, + "reason": "The 'sell' function sends Ether to an address before updating the sender's balance. An attacker can exploit this by creating a fallback function that calls 'sell' again, allowing them to withdraw more Ether than they should be able to.", + "code": "function sell(uint256 amount) { if (balanceOf[msg.sender] < amount ) throw; balanceOf[this] += amount; balanceOf[msg.sender] -= amount; if (!msg.sender.send(amount * sellPrice)) { throw; } else { Transfer(msg.sender, this, amount); } }", + "file_name": "2018-13071.sol", + "final_score": 8.75 + }, + { + "function_name": "transfer", + "vulnerability": "Integer Overflow and Underflow", + "criticism": "The criticism of potential integer overflow and underflow vulnerabilities in the 'transfer' function is valid, given the absence of explicit checks or the use of SafeMath library functions that prevent such issues. However, modern Solidity compilers (0.8.x onwards) include built-in overflow and underflow checks, which would revert transactions where these issues occur, reducing the risk if the contract uses a recent compiler version. Nevertheless, assuming an older compiler without these protections, the risk is significant since it could allow attackers to manipulate account balances. The severity is high due to the potential impact on token balances, but profitability depends on the ability of an attacker to exploit these vulnerabilities, which can vary.", + "correctness": 6, + "severity": 7, + "profitability": 5, + "reason": "This function does not properly ensure that `_value` additions/subtractions will not overflow/underflow the uint256 data type, potentially allowing attackers to cause balance inconsistencies or to gain access to unexpectedly large amounts of tokens.", + "code": "function transfer(address _to, uint256 _value) { if (balanceOf[msg.sender] < _value) throw; if (balanceOf[_to] + _value < balanceOf[_to]) throw; if (frozenAccount[msg.sender]) throw; balanceOf[msg.sender] -= _value; balanceOf[_to] += _value; Transfer(msg.sender, _to, _value); if(_value > 0){ if(balanceOf[msg.sender] == 0){ addresses[indexes[msg.sender]] = addresses[lastIndex]; indexes[addresses[lastIndex]] = indexes[msg.sender]; indexes[msg.sender] = 0; delete addresses[lastIndex]; lastIndex--; } if(indexes[_to]==0){ lastIndex++; addresses[lastIndex] = _to; indexes[_to] = lastIndex; } } }", + "file_name": "2018-13071.sol", + "final_score": 6.0 + }, + { + "function_name": "mintToken", + "vulnerability": "Unchecked Minting", + "criticism": "The identification of unchecked minting as a vulnerability is somewhat misleading. While the function allows the contract owner to mint tokens freely, this is a feature rather than a flaw, contingent on the contract's intended use case and governance model. It's crucial to differentiate between poor design or governance and actual vulnerabilities. Unchecked minting could indeed lead to inflation and devaluation if abused, but this depends on the trust model with the contract owner. Therefore, the severity is context-dependent, and profitability is non-applicable to external attackers but rather a concern of governance abuse. A more nuanced criticism would consider these factors, adjusting the scores to reflect the potential risk rather than an inherent vulnerability.", + "correctness": 5, + "severity": 3, + "profitability": 0, + "reason": "This function allows the contract owner to mint an arbitrary amount of tokens to any address without any checks on the 'mintedAmount'. This can lead to inflation or devaluation of the token by creating tokens out of thin air and distributing them arbitrarily.", + "code": "function mintToken(address target, uint256 mintedAmount) onlyOwner { balanceOf[target] += mintedAmount; totalSupply += mintedAmount; Transfer(0, this, mintedAmount); Transfer(this, target, mintedAmount); }", + "file_name": "2018-13071.sol", + "final_score": 3.25 + } +] \ No newline at end of file diff --git a/src/model.py b/src/model.py new file mode 100644 index 0000000000000000000000000000000000000000..bd94fa43e4792eabafa232b36d27d318e7bb704d --- /dev/null +++ b/src/model.py @@ -0,0 +1,42 @@ +import time +import openai +import os +from utils import dotdict + + +OPENAI_API_KEY = os.environ.get('OPENAI_API_KEY') #"Enter your openai API key" +completion_tokens = 0 +prompt_tokens = 0 + +def gpt(prompt, model, temperature=0.7, max_tokens=4000, n=1, stop=None) -> list: + messages = [{"role": "user", "content": prompt}] + if model == "gpt-4": + pass + time.sleep(30) # to prevent speed limitation exception + return chatgpt(messages, model=model, temperature=temperature, max_tokens=max_tokens, n=n, stop=stop) + + +def chatgpt(messages, model, temperature, max_tokens, n, stop) -> list: + global completion_tokens, prompt_tokens + outputs = [] + while n > 0: + cnt = min(n, 20) + n -= cnt + res = openai.chat.completions.create(model=model, messages=messages, temperature=temperature, max_tokens=max_tokens, + n=cnt, stop=stop) + outputs.extend([choice.message.content for choice in res.choices]) + # log completion tokens + completion_tokens += res.usage.completion_tokens + prompt_tokens += res.usage.prompt_tokens + return outputs + + +def gpt_usage(backend="gpt-4"): + global completion_tokens, prompt_tokens + if backend == "gpt-4": + cost = completion_tokens / 1000 * 0.06 + prompt_tokens / 1000 * 0.03 + elif backend == "gpt-4-turbo-preview": + cost = completion_tokens / 1000 * 0.03 + prompt_tokens / 1000 * 0.01 + elif backend == "gpt-3.5-turbo": + cost = completion_tokens / 1000 * 0.002 + prompt_tokens / 1000 * 0.0015 + return {"completion_tokens": completion_tokens, "prompt_tokens": prompt_tokens, "cost": cost} diff --git a/src/pre_process.py b/src/pre_process.py new file mode 100644 index 0000000000000000000000000000000000000000..b932997abd888241eadfa51735513d6a2a893057 --- /dev/null +++ b/src/pre_process.py @@ -0,0 +1,41 @@ +import os +import re +from utils import dotdict + + +def remove_annotations(file_path): + # read the file + with open(file_path, 'r', encoding="utf8") as f: + data = f.read() + + data = re.sub(r"//.*?$", "", data, flags=re.MULTILINE) # remove single-line comments + data = re.sub(r"/\*.*?\*/", "", data, flags=re.DOTALL) # remove multi-line comments + data = re.sub(r"\n\s*\n", "\n", data) # remove empty lines + data = data.strip() # remove leading/trailing whitespace + + return data + +if __name__ == '__main__': + + for filename in os.listdir("data/CVE"): + if not filename.endswith(".sol"): + continue + filepath = f"data/CVE/{filename}" + content = remove_annotations(filepath) + new_filepath = f"data/CVE_clean/{filename}" + + with open(new_filepath, 'w') as f: + f.write(content) + + +def mainfnc(data_dir): + + for filename in os.listdir("data/CVE"): + if not filename.endswith(".sol"): + continue + filepath = f"data/CVE/{filename}" + content = remove_annotations(filepath) + new_filepath = f"{data_dir}/{filename}" + + with open(new_filepath, 'w') as f: + f.write(content) \ No newline at end of file diff --git a/src/prompt.py b/src/prompt.py new file mode 100644 index 0000000000000000000000000000000000000000..530209fea088d232e377c4e8741c1771446a52ec --- /dev/null +++ b/src/prompt.py @@ -0,0 +1,91 @@ + +####### Basic Prompt ######## +topk_prompt1 = '''Output {topk} most severe vulnerabilities.\n''' +topk_prompt2 = '''If no vulnerability is detected, you should only output in this json format {"output_list": []}.\n''' + +####### Auditor Prompt ####### +auditor_prompt = '''You are a smart contract auditor, identify and explain severe vulnerabilities in the provided smart contract. Make sure that they are exploitable in real world and beneficial to attackers. Provide each identified vulnerability with intermediate reasoning and its associated function. Remember, you must provide the entire function code and do not use "...". Make your reasoning comprehensive and detailed. Smart contract code:\n\n''' +auditor_format_constrain = '''\nYou should only output in below json format: +{ + "output_list": [ + { + "function_name": "", + "code": "", + "vulnerability": "", + "reason": "" + }, + { + "function_name": "", + "code": "", + "vulnerability": "", + "reason": "" + } + ] +} +''' + +####### Critic Prompt ####### +critic_zero_shot_prompt = '''Below vulnerabilities and reasoning are likely contain mistakes. As a harsh vulnerability critic, your duty is to scrutinize the function and evaluate the correctness, severity and profitability of given vulnerabilities and associated reasoning with corresponding scores ranging from 0 (lowest) to 9 (highest). Your also need to provide criticism, which must include explanations for your scoring. Make your criticism comprehensive and detailed\n''' +critic_few_shot_prompt = '''Below vulnerabilities and reasoning are likely contain mistakes. As a harsh vulnerability critic, your duty is to scrutinize the function and evaluate the correctness, severity and profitability of given vulnerabilities and associated reasoning with corresponding scores ranging from 0 (lowest) to 9 (highest). Your also need to provide criticism, which must include explanations for your scoring. Make your criticism comprehensive and detailed. Below are three examples:\n +Input: +"function_name": "mintToken", +"code": "function mintToken(address target, uint256 mintedAmount) onlyOwner{ balances[target] += mintedAmount; totalSupply += mintedAmount; Transfer(0,owner,mintedAmount); Transfer(owner,target,mintedAmount); }", +"vulnerability": "Arbitrary Minting". +"reason" +Output: +"function_name": "mintToken", +"criticism": "The reasoning is correct. The owner of the contract can mint arbitrary tokens. This could lead to an arbitrary increase in the token supply, devaluing existing tokens. However, isn't inherently a vulnerability, but rather a design decision that might be questionable. The severity is moderate because it is based on the owner's intention. The profitability is low because an external attacker cannot profit from it.", +"correctness": 7, +"severity": 4, +"profitability": 0 + +Input: +"function_name": "transferFrom", +"code": "function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {require(_value <= allowance[_from][msg.sender]); allowance[_from][msg.sender] -= _value; transfer(_from, _to, _value); return true;}", +"vulnerability": "Unchecked Transfer", +"reason": "The transferFrom function does not check if the _to address is a valid address before transferring tokens. This allows an attacker to send tokens to an invalid address, resulting in a loss of tokens."" +Output: +"function_name": "transferFrom", +"vulnerability": "Unchecked Transfer", +"criticism": "The reasoning is correct that there is no address check in the transferFrom function. However, the severity and profitability of this vulnerability are very low, because it does not cause severe exploitation and an external attacker cannot profit from this vulnerability." +"correctness": 7, +"severity": 2, +"profitability": 0 + +Input: +"function_name": "approve", +"code": "function approve(address _spender, uint256 _value) returns (bool success) { if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } allowed[msg.sender][_spender] = _value; Approval(msg.sender, _spender, _value); return true; }", +"vulnerability": "Race condition (front-running)", +"reason": "The approve function is vulnerable to front-running because it does not require the spender to have a zero allowance before setting a new one. An attacker can call the approve function and then the transferFrom function before the original transaction is mined." +Output: +"function_name": "approve", +"criticism": "The statement is correct in pointing out that this function does not inherently reset the allowance. However, the function does include a check to ensure that if the allowance is non-zero, the new value must be zero (and vice versa). Therefore, the risk is not as serve as stated, and also not profitable.", +"correctness": 3, +"severity": 0, +"profitability": 0 +''' + +critic_format_constrain = '''\nYou should only output in below json format: +{ + "output_list": [ + { + "function_name": "", + "vulnerability": "", + "criticism": "", + "correctness": <0~9>, + "severity": <0~9>, + "profitability": <0~9>, + }, + { + "function_name": "", + "vulnerability": "", + "criticism": "", + "correctness": <0~9>, + "severity": <0~9>, + "profitability": <0~9>, + } + ] +} +''' + + diff --git a/src/prompts.py b/src/prompts.py new file mode 100644 index 0000000000000000000000000000000000000000..530209fea088d232e377c4e8741c1771446a52ec --- /dev/null +++ b/src/prompts.py @@ -0,0 +1,91 @@ + +####### Basic Prompt ######## +topk_prompt1 = '''Output {topk} most severe vulnerabilities.\n''' +topk_prompt2 = '''If no vulnerability is detected, you should only output in this json format {"output_list": []}.\n''' + +####### Auditor Prompt ####### +auditor_prompt = '''You are a smart contract auditor, identify and explain severe vulnerabilities in the provided smart contract. Make sure that they are exploitable in real world and beneficial to attackers. Provide each identified vulnerability with intermediate reasoning and its associated function. Remember, you must provide the entire function code and do not use "...". Make your reasoning comprehensive and detailed. Smart contract code:\n\n''' +auditor_format_constrain = '''\nYou should only output in below json format: +{ + "output_list": [ + { + "function_name": "", + "code": "", + "vulnerability": "", + "reason": "" + }, + { + "function_name": "", + "code": "", + "vulnerability": "", + "reason": "" + } + ] +} +''' + +####### Critic Prompt ####### +critic_zero_shot_prompt = '''Below vulnerabilities and reasoning are likely contain mistakes. As a harsh vulnerability critic, your duty is to scrutinize the function and evaluate the correctness, severity and profitability of given vulnerabilities and associated reasoning with corresponding scores ranging from 0 (lowest) to 9 (highest). Your also need to provide criticism, which must include explanations for your scoring. Make your criticism comprehensive and detailed\n''' +critic_few_shot_prompt = '''Below vulnerabilities and reasoning are likely contain mistakes. As a harsh vulnerability critic, your duty is to scrutinize the function and evaluate the correctness, severity and profitability of given vulnerabilities and associated reasoning with corresponding scores ranging from 0 (lowest) to 9 (highest). Your also need to provide criticism, which must include explanations for your scoring. Make your criticism comprehensive and detailed. Below are three examples:\n +Input: +"function_name": "mintToken", +"code": "function mintToken(address target, uint256 mintedAmount) onlyOwner{ balances[target] += mintedAmount; totalSupply += mintedAmount; Transfer(0,owner,mintedAmount); Transfer(owner,target,mintedAmount); }", +"vulnerability": "Arbitrary Minting". +"reason" +Output: +"function_name": "mintToken", +"criticism": "The reasoning is correct. The owner of the contract can mint arbitrary tokens. This could lead to an arbitrary increase in the token supply, devaluing existing tokens. However, isn't inherently a vulnerability, but rather a design decision that might be questionable. The severity is moderate because it is based on the owner's intention. The profitability is low because an external attacker cannot profit from it.", +"correctness": 7, +"severity": 4, +"profitability": 0 + +Input: +"function_name": "transferFrom", +"code": "function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {require(_value <= allowance[_from][msg.sender]); allowance[_from][msg.sender] -= _value; transfer(_from, _to, _value); return true;}", +"vulnerability": "Unchecked Transfer", +"reason": "The transferFrom function does not check if the _to address is a valid address before transferring tokens. This allows an attacker to send tokens to an invalid address, resulting in a loss of tokens."" +Output: +"function_name": "transferFrom", +"vulnerability": "Unchecked Transfer", +"criticism": "The reasoning is correct that there is no address check in the transferFrom function. However, the severity and profitability of this vulnerability are very low, because it does not cause severe exploitation and an external attacker cannot profit from this vulnerability." +"correctness": 7, +"severity": 2, +"profitability": 0 + +Input: +"function_name": "approve", +"code": "function approve(address _spender, uint256 _value) returns (bool success) { if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; } allowed[msg.sender][_spender] = _value; Approval(msg.sender, _spender, _value); return true; }", +"vulnerability": "Race condition (front-running)", +"reason": "The approve function is vulnerable to front-running because it does not require the spender to have a zero allowance before setting a new one. An attacker can call the approve function and then the transferFrom function before the original transaction is mined." +Output: +"function_name": "approve", +"criticism": "The statement is correct in pointing out that this function does not inherently reset the allowance. However, the function does include a check to ensure that if the allowance is non-zero, the new value must be zero (and vice versa). Therefore, the risk is not as serve as stated, and also not profitable.", +"correctness": 3, +"severity": 0, +"profitability": 0 +''' + +critic_format_constrain = '''\nYou should only output in below json format: +{ + "output_list": [ + { + "function_name": "", + "vulnerability": "", + "criticism": "", + "correctness": <0~9>, + "severity": <0~9>, + "profitability": <0~9>, + }, + { + "function_name": "", + "vulnerability": "", + "criticism": "", + "correctness": <0~9>, + "severity": <0~9>, + "profitability": <0~9>, + } + ] +} +''' + + diff --git a/src/run_auditor.py b/src/run_auditor.py new file mode 100644 index 0000000000000000000000000000000000000000..5794c3466e703d4353d1b03eb10ab85c4fd1aded --- /dev/null +++ b/src/run_auditor.py @@ -0,0 +1,117 @@ +import json +import random +import argparse +import os +from tqdm import tqdm +from utils import dotdict +from stqdm import stqdm + +import openai +from model import gpt, gpt_usage, OPENAI_API_KEY +from prompts import auditor_prompt, auditor_format_constrain +from prompts import topk_prompt1, topk_prompt2 + +completion_tokens = 0 +prompt_tokens = 0 + +def remove_spaces(s): + return ' '.join(s.split()) + +def prompt_wrap(prompt, format_constraint, code, topk): + return prompt + code + format_constraint + topk_prompt1.format(topk=topk) + topk_prompt2 + +def auditor_response_parse(auditor_outputs): + output_list = [] + for auditor_output in auditor_outputs: + try: + start_idx = auditor_output.find("{") + end_idx = auditor_output.rfind("}") + data = json.loads(auditor_output[start_idx: end_idx+1]) + except: + print("parsing json fail.") + continue + try: + output_list += data["output_list"] + except: + print("No vulnerability detected") + continue + + return output_list + +def solve(args, code): + + bug_info_list = [] + auditor_input = prompt_wrap(auditor_prompt, auditor_format_constrain, code, args.topk) + + try: + auditor_outputs = gpt(auditor_input, model=args.backend, temperature=args.temperature, n=args.num_auditor) + bug_info_list = auditor_response_parse(auditor_outputs) + except Exception as e: + print(e) + + return bug_info_list + +def run(args): + + if args.get('openai_api_key') is None: + openai.api_key = OPENAI_API_KEY + else: + openai.api_key = args.openai_api_key + + with open("data/CVE_label/CVE2description.json", "r") as f: + CVE2description = json.load(f) + with open("data/CVE_label/CVE2label.json", "r") as f: + CVE2label = json.load(f) + + # log output file + log_dir = f"./src/logs/auditor_{args.backend}_{args.temperature}_top{args.topk}_{args.num_auditor}" + + for CVE_index, label in stqdm(CVE2label.items()): + + all_bug_info_list = [] + description = CVE2description[CVE_index] + file_name = "-".join(CVE_index.split("-")[1:]) + ".sol" + + with open("data/CVE_clean/" + file_name, "r") as f: + code = f.read() + # remove space + code = remove_spaces(code) + + # auditing + bug_info_list = solve(args, code) + + if len(bug_info_list) == 0: #Sometimes the query fails because the model does not strictly follow the format + print("{index} failed".format(index=CVE_index)) + continue + + for info in bug_info_list: + info.update({"file_name": file_name, "label": label, "description": description}) + all_bug_info_list.append(info) + + file = f"{log_dir}/{CVE_index}.json" + os.makedirs(os.path.dirname(file), exist_ok=True) + + with open(file, 'w') as f: + json.dump(all_bug_info_list, f, indent=4) + +def parse_args(): + args = argparse.ArgumentParser() + args.add_argument('--backend', type=str, choices=['gpt-3.5-turbo','gpt-4', 'gpt-4-turbo-preview'], default='gpt-4-turbo-preview') + args.add_argument('--temperature', type=float, default=0.7) + args.add_argument('--dataset', type=str, default="CVE") + args.add_argument('--topk', type=int, default=5) # the topk per each auditor + args.add_argument('--num_auditor', type=int, default=1) + + args = args.parse_args() + return args + +if __name__ == '__main__': + + args = parse_args() + print(args) + run(args) + +def mainfnc(args=dotdict): + # args = parse_args() + # print(args) + run(args) \ No newline at end of file diff --git a/src/run_auditor_user_defined.py b/src/run_auditor_user_defined.py new file mode 100644 index 0000000000000000000000000000000000000000..edec358c6767c380ab50bf2ff73552845008784b --- /dev/null +++ b/src/run_auditor_user_defined.py @@ -0,0 +1,113 @@ +import json +import random +import argparse +import os +from tqdm import tqdm +from utils import dotdict +from stqdm import stqdm + +import openai +from model import gpt, gpt_usage, OPENAI_API_KEY +from prompts import auditor_prompt, auditor_format_constrain +from prompts import topk_prompt1, topk_prompt2 + +completion_tokens = 0 +prompt_tokens = 0 + +def remove_spaces(s): + return ' '.join(s.split()) + +def prompt_wrap(prompt, format_constraint, code, topk): + return prompt + code + format_constraint + topk_prompt1.format(topk=topk) + topk_prompt2 + +def auditor_response_parse(auditor_outputs): + output_list = [] + for auditor_output in auditor_outputs: + try: + start_idx = auditor_output.find("{") + end_idx = auditor_output.rfind("}") + data = json.loads(auditor_output[start_idx: end_idx+1]) + except: + print("parsing json fail.") + continue + try: + output_list += data["output_list"] + except: + print("No vulnerability detected") + continue + + return output_list + +def solve(args, code): + + bug_info_list = [] + auditor_input = prompt_wrap(auditor_prompt, auditor_format_constrain, code, args.topk) + + try: + auditor_outputs = gpt(auditor_input, model=args.backend, temperature=args.temperature, n=args.num_auditor) + bug_info_list = auditor_response_parse(auditor_outputs) + except Exception as e: + print(e) + + return bug_info_list + +def run(args): + + if args.get('openai_api_key') is None: + openai.api_key = OPENAI_API_KEY + else: + openai.api_key = args.openai_api_key + + # log output file + log_dir = f"./src/logs/auditor_{args.backend}_{args.temperature}_top{args.topk}_{args.num_auditor}" + + for file_name in stqdm(os.listdir(args.data_dir)): + + all_bug_info_list = [] + + if not file_name.endswith(".sol"): + continue + + with open(f"{args.data_dir}/{file_name}", "r") as f: + code = f.read() + # remove space + code = remove_spaces(code) + + # auditing + bug_info_list = solve(args, code) + + if len(bug_info_list) == 0: #Sometimes the query fails because the model does not strictly follow the format + print("{index} failed".format(index=file_name)) + continue + + for info in bug_info_list: + info.update({"file_name": file_name}) + all_bug_info_list.append(info) + + file = f"{log_dir}/{file_name.replace('.sol', '.json')}" + os.makedirs(os.path.dirname(file), exist_ok=True) + + with open(file, 'w') as f: + json.dump(all_bug_info_list, f, indent=4) + +def parse_args(): + args = argparse.ArgumentParser() + args.add_argument('--backend', type=str, choices=['gpt-3.5-turbo','gpt-4', 'gpt-4-turbo-preview'], default='gpt-4-turbo-preview') + args.add_argument('--temperature', type=float, default=0.7) + args.add_argument('--data_dir', type=str, default="data/CVE_clean") + args.add_argument('--topk', type=int, default=5) # the topk per each auditor + args.add_argument('--num_auditor', type=int, default=1) + + args = args.parse_args() + return args + +if __name__ == '__main__': + + args = parse_args() + print(args) + run(args) + +def mainfnc(args=dotdict): + # args = parse_args() + # print(args) + run(args) \ No newline at end of file diff --git a/src/run_critic.py b/src/run_critic.py new file mode 100644 index 0000000000000000000000000000000000000000..3d8ec056c4e07acf17551c1e9c9066116689c446 --- /dev/null +++ b/src/run_critic.py @@ -0,0 +1,108 @@ +import json +import argparse +import os +import openai +from stqdm import stqdm +from utils import dotdict + + +from prompts import critic_zero_shot_prompt, critic_few_shot_prompt, critic_format_constrain +from model import gpt, OPENAI_API_KEY + +completion_tokens = 0 +prompt_tokens = 0 + +def critic_response_parse(critic_outputs): + output_list = [] + for critic_output in critic_outputs: + try: + data = json.loads(critic_output) + output_list += data["output_list"] + except: + continue + return output_list + +def run(args): + + if args.get('openai_api_key') is None: + openai.api_key = OPENAI_API_KEY + else: + openai.api_key = args.openai_api_key + critic_dir = f"src/logs/{args.auditor_dir}/critic_{args.backend}_{args.temperature}_{args.num_critic}_{args.shot}" + + for filename in stqdm(os.listdir(f"src/logs/{args.auditor_dir}")): + if not filename.endswith("json"): + continue + filepath = f"src/logs/{args.auditor_dir}/{filename}" + with open(filepath, "r") as f: + auditor_output_list = json.load(f) + + critic_bug_info_final_list = [] + vul_info_str = '' + for i in range(len(auditor_output_list)): + bug_info = auditor_output_list[i] + function_name = bug_info["function_name"] + function_code = bug_info["code"] + vulnerability = bug_info["vulnerability"] + reason = bug_info["reason"] + vul_info_str = vul_info_str + "function_name: " + function_name + "\n" + "code: " + function_code + "\n" + "vulnerability" + ": " + vulnerability + "\n" + "reason: " + reason + "\n------------------\n" + + # do wrap + if args.shot == "zero": + critic_prompt = critic_zero_shot_prompt + elif args.shot == "few": + critic_prompt = critic_few_shot_prompt # provide three examples to make scoring consistent + else: + raise Exception("Please specify zero or few shots..") + + critic_input = critic_prompt + vul_info_str + critic_format_constrain + + critic_outputs = gpt(critic_input, model=args.backend, temperature=args.temperature, n=args.num_critic) + critic_bug_info_list = critic_response_parse(critic_outputs) + + for i in range(len(critic_bug_info_list)): + function_name = auditor_output_list[i]["function_name"] + label = auditor_output_list[i]["label"] + code = auditor_output_list[i]["code"] + file_name = auditor_output_list[i]["file_name"] + description = auditor_output_list[i]["description"] + reason = auditor_output_list[i]["reason"] + + critic_bug_info = critic_bug_info_list[i] + critic_bug_info.update( + {"reason": reason, "code": code, "label": label, "file_name": file_name, "description": description}) + + critic_bug_info_final_list.append(critic_bug_info) + + filepath = f"{critic_dir}/{filename}" + # dump the file + os.makedirs(os.path.dirname(filepath), exist_ok=True) + + with open(filepath, 'w') as f: + json.dump(critic_bug_info_final_list, f, indent=4) + + +def parse_args(): + args = argparse.ArgumentParser() + args.add_argument('--backend', type=str, choices=['gpt-3.5-turbo','gpt-4', 'gpt-4-turbo-preview'], default='gpt-4-turbo-preview') + args.add_argument('--temperature', type=float, default=0) + args.add_argument('--dataset', type=str, choices=['CVE'], default="CVE") + args.add_argument('--auditor_dir', type=str, default="auditor_gpt-4_0.7_top3_1") #The auditor output directory + args.add_argument('--num_critic', type=int, default=1) + args.add_argument('--shot', type=str, choices=["zero", "few"], default="few") + + args = args.parse_args() + + return args + + +if __name__ == '__main__': + + args = parse_args() + print(args) + run(args) + +def mainfnc(args=dotdict): + # args = parse_args() + # print(args) + run(args) diff --git a/src/run_critic_user_defined.py b/src/run_critic_user_defined.py new file mode 100644 index 0000000000000000000000000000000000000000..c10ecb7431c995e41886ca7741074ed1196b0070 --- /dev/null +++ b/src/run_critic_user_defined.py @@ -0,0 +1,106 @@ +import json +import argparse +import os +import openai +from stqdm import stqdm +from utils import dotdict + + +from prompts import critic_zero_shot_prompt, critic_few_shot_prompt, critic_format_constrain +from model import gpt, OPENAI_API_KEY + +completion_tokens = 0 +prompt_tokens = 0 + +def critic_response_parse(critic_outputs): + output_list = [] + for critic_output in critic_outputs: + try: + data = json.loads(critic_output) + output_list += data["output_list"] + except: + continue + return output_list + +def run(args): + + if args.get('openai_api_key') is None: + openai.api_key = OPENAI_API_KEY + else: + openai.api_key = args.openai_api_key + critic_dir = f"src/logs/{args.auditor_dir}/critic_{args.backend}_{args.temperature}_{args.num_critic}_{args.shot}" + + for filename in stqdm(os.listdir(f"src/logs/{args.auditor_dir}")): + if not filename.endswith("json"): + continue + filepath = f"src/logs/{args.auditor_dir}/{filename}" + with open(filepath, "r") as f: + auditor_output_list = json.load(f) + + critic_bug_info_final_list = [] + vul_info_str = '' + for i in range(len(auditor_output_list)): + bug_info = auditor_output_list[i] + function_name = bug_info["function_name"] + function_code = bug_info["code"] + vulnerability = bug_info["vulnerability"] + reason = bug_info["reason"] + vul_info_str = vul_info_str + "function_name: " + function_name + "\n" + "code: " + function_code + "\n" + "vulnerability" + ": " + vulnerability + "\n" + "reason: " + reason + "\n------------------\n" + + # do wrap + if args.shot == "zero": + critic_prompt = critic_zero_shot_prompt + elif args.shot == "few": + critic_prompt = critic_few_shot_prompt # provide three examples to make scoring consistent + else: + raise Exception("Please specify zero or few shots..") + + critic_input = critic_prompt + vul_info_str + critic_format_constrain + + critic_outputs = gpt(critic_input, model=args.backend, temperature=args.temperature, n=args.num_critic) + critic_bug_info_list = critic_response_parse(critic_outputs) + + for i in range(len(critic_bug_info_list)): + function_name = auditor_output_list[i]["function_name"] + code = auditor_output_list[i]["code"] + file_name = auditor_output_list[i]["file_name"] + reason = auditor_output_list[i]["reason"] + + critic_bug_info = critic_bug_info_list[i] + critic_bug_info.update( + {"reason": reason, "code": code, "file_name": file_name}) + + critic_bug_info_final_list.append(critic_bug_info) + + filepath = f"{critic_dir}/{filename}" + # dump the file + os.makedirs(os.path.dirname(filepath), exist_ok=True) + + with open(filepath, 'w') as f: + json.dump(critic_bug_info_final_list, f, indent=4) + + +def parse_args(): + args = argparse.ArgumentParser() + args.add_argument('--backend', type=str, choices=['gpt-3.5-turbo','gpt-4', 'gpt-4-turbo-preview'], default='gpt-4-turbo-preview') + args.add_argument('--temperature', type=float, default=0) + args.add_argument('--dataset', type=str, choices=['CVE'], default="CVE") + args.add_argument('--auditor_dir', type=str, default="auditor_gpt-4_0.7_top3_1") #The auditor output directory + args.add_argument('--num_critic', type=int, default=1) + args.add_argument('--shot', type=str, choices=["zero", "few"], default="few") + + args = args.parse_args() + + return args + + +if __name__ == '__main__': + + args = parse_args() + print(args) + run(args) + +def mainfnc(args=dotdict): + # args = parse_args() + # print(args) + run(args) diff --git a/src/run_rank.py b/src/run_rank.py new file mode 100644 index 0000000000000000000000000000000000000000..10fa39c0b1ba5bb5413b2e1079cfffbf1ee1fd7b --- /dev/null +++ b/src/run_rank.py @@ -0,0 +1,71 @@ +import json +import argparse +import os +from stqdm import stqdm +from utils import dotdict + + +def rank_by_score(json_list): + return sorted(json_list, key=lambda x: x["final_score"], reverse=True) + +def run(args): + # output file + ranker_dir = f"ranker_{args.strategy}" + + for filename in stqdm(os.listdir(f"src/logs/{args.auditor_dir}/{args.critic_dir}")): + if not filename.endswith("json"): + continue + filepath = f"src/logs/{args.auditor_dir}/{args.critic_dir}/{filename}" + with open(filepath, "r") as f: + critic_output_list = json.load(f) + + for i in range(len(critic_output_list)): + bug_info = critic_output_list[i] + correctness = float(bug_info["correctness"]) + severity = float(bug_info["severity"]) + profitability = float(bug_info["profitability"]) + + # overall score + if args.strategy == "default": + # naive weighted function + final_score = 0.5 * correctness + 0.25 * severity + 0.25 * profitability + + elif args.strategy == "customize": + # TODO: add your scoring function + pass + else: + raise Exception("Please choose correct strategy for scoring...") + + bug_info.update({"final_score": final_score}) + + # Rank based on scores + ranker_output_list = rank_by_score(critic_output_list) + filepath = f"src/logs/{args.auditor_dir}/{args.critic_dir}/{ranker_dir}/{filename}" + # dump the file + os.makedirs(os.path.dirname(filepath), exist_ok=True) + + with open(filepath, 'w') as f: + json.dump(ranker_output_list, f, indent=4) + + print("Ranking finished...") + +def parse_args(): + args = argparse.ArgumentParser() + args.add_argument('--dataset', type=str, choices=['CVE'], default="CVE") + args.add_argument('--auditor_dir', type=str, default="auditor_gpt-4_0.7_top3_1") #The auditor output directory + args.add_argument('--critic_dir', type=str, default="critic_gpt-4_0_1_few_1026") #The critic output directory + args.add_argument('--strategy', type=str, default="default", choices=["default", "customize"]) + + args = args.parse_args() + return args + +if __name__ == '__main__': + args = parse_args() + print(args) + run(args) + + +def mainfnc(args=dotdict): + # args = parse_args() + # print(args) + run(args) \ No newline at end of file diff --git a/src/utils.py b/src/utils.py new file mode 100644 index 0000000000000000000000000000000000000000..58aebc0dc678ae802286302c99c10a77d9489690 --- /dev/null +++ b/src/utils.py @@ -0,0 +1,19 @@ +import os +import shutil + +class dotdict(dict): + """dot.notation access to dictionary attributes""" + __getattr__ = dict.get + __setattr__ = dict.__setitem__ + __delattr__ = dict.__delitem__ + +def clean_folder(folder): + for filename in os.listdir(folder): + file_path = f"{folder}/{filename}" + try: + if os.path.isfile(file_path) or os.path.islink(file_path): + os.unlink(file_path) + elif os.path.isdir(file_path): + shutil.rmtree(file_path) + except Exception as e: + print('Failed to delete %s. Reason: %s' % (file_path, e)) \ No newline at end of file