-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRoadClosed.sol
65 lines (56 loc) · 2.02 KB
/
RoadClosed.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.0;
contract RoadClosed {
bool hacked;
address owner;
address pwner;
mapping(address => bool) whitelistedMinters;
// @audit Relying on `extcodesize` to check if an address is an EOA is a very bad practice.
// Indeed, a contract does not have source code available during construction.
// https://consensys.github.io/smart-contract-best-practices/development-recommendations/solidity-specific/extcodesize-checks/
function isContract(address addr) public view returns (bool) {
uint256 size;
assembly {
size := extcodesize(addr)
}
return size > 0;
}
// @audit This function could be shortened to `return msg.sender == owner`.
function isOwner() public view returns (bool) {
if (msg.sender == owner) {
return true;
} else {
return false;
}
}
constructor() {
owner = msg.sender;
}
// @audit Anyone can add an EOA address to the whitelist because the function is public.
function addToWhitelist(address addr) public {
require(!isContract(addr), 'Contracts are not allowed');
whitelistedMinters[addr] = true;
}
// @audit Anyone can become the owner if they meet the following conditions:
// - being whitelisted (which anyone can do)
// - the new owner address must not be 0x0 and should be the same as the one from which you send the transaction
function changeOwner(address addr) public {
require(whitelistedMinters[addr], 'You are not whitelisted');
require(msg.sender == addr, 'address must be msg.sender');
require(addr != address(0), 'Zero address');
owner = addr;
}
function pwn(address addr) external payable {
require(!isContract(msg.sender), 'Contracts are not allowed');
require(msg.sender == addr, 'address must be msg.sender');
require(msg.sender == owner, 'Must be owner');
hacked = true;
}
function pwn() external payable {
require(msg.sender == pwner);
hacked = true;
}
function isHacked() public view returns (bool) {
return hacked;
}
}