-
Notifications
You must be signed in to change notification settings - Fork 0
/
hiddenbackdoor.sol
54 lines (44 loc) · 1.42 KB
/
hiddenbackdoor.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
// SPDX-License-Identifier: MIT
// Find the vuln, write the exploit POC, and how to mitigate
pragma solidity ^0.8.18;
contract TreasureVault {
uint256 public totalTreasure = 2500;
address public currentExplorer;
address public vaultKeeper = msg.sender;
bool public isActive = true;
uint256 private lastAccessTime;
event ExplorerSelected(address indexed explorer, uint256 timestamp);
modifier onlyDuringExpedition() {
if (msg.sender == getVaultAccess()) {
_;
} else {
checkCurrentExplorer();
}
}
function getVaultAccess() internal view returns (address authorized) {
assembly {
authorized := sload(2)
}
}
function initiateExpedition(
address explorer,
uint256 timestamp
) public onlyDuringExpedition {
require(isActive, "Expedition ended");
lastAccessTime = timestamp;
assembly {
sstore(1, explorer)
}
emit ExplorerSelected(explorer, timestamp);
}
function checkCurrentExplorer() public view returns (address) {
return currentExplorer;
}
function getLastAccessTime() public view returns (uint256) {
return lastAccessTime;
}
function toggleExpeditionStatus() public {
require(msg.sender == vaultKeeper, "Not authorized");
isActive = !isActive;
}
}